Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/A9657CCAC7C511EDA7A8CD39C4F9AE02.roa
File: A9657CCAC7C511EDA7A8CD39C4F9AE02.roa (raw, json)
Hash identifier: MbjicfkckzLaKwbjCve1jHuaamJEpjP2BCYZyZ/UN9c=
Subject key identifier: F4:5B:4D:04:B8:75:48:CA:90:D8:5B:0F:13:CC:16:D6:9A:41:13:E5
Certificate issuer: /CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
Certificate serial: 052B
Authority key identifier: 87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/A9657CCAC7C511EDA7A8CD39C4F9AE02.roa
Signing time: Fri 13 Oct 2023 00:52:58 +0000
ROA not before: Fri 13 Oct 2023 00:52:58 +0000
ROA not after: Mon 30 Dec 2024 00:00:00 +0000
asID: 136173
IP address blocks: 36.255.192.0/24 maxlen: 24
36.255.193.0/24 maxlen: 24
43.229.155.0/24 maxlen: 24
103.209.234.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1323 (0x52b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
Validity
Not Before: Oct 13 00:52:58 2023 GMT
Not After : Dec 30 00:00:00 2024 GMT
Subject: CN=652894e9-e006
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:30:31:a8:3a:9b:0b:37:bd:14:3f:19:4f:16:
3b:41:3e:2d:4a:9b:da:4b:f9:eb:f1:b7:ab:7c:dd:
fa:4c:b4:ca:6b:d2:80:5a:15:8b:26:4e:73:c2:1e:
6c:9e:50:b8:9f:22:d4:82:4e:95:75:60:06:46:68:
25:33:9f:0b:95:86:88:eb:98:bf:9e:3c:93:0e:24:
64:e4:b3:40:89:c8:cc:37:b5:a8:b4:45:fd:18:30:
2d:c7:6d:b7:53:5e:c1:b5:11:6a:73:a8:b1:99:2c:
cd:8b:b8:8c:6a:aa:ba:b2:9d:2b:d9:bf:30:9b:f7:
6c:42:ba:5a:87:70:67:c5:66:ea:34:26:59:ca:bf:
87:8a:f7:de:34:9f:6a:61:9c:df:8c:47:4b:c3:af:
a7:e3:08:31:8b:95:bc:40:5a:67:03:c8:18:b4:38:
2f:6e:34:a3:ab:52:e0:39:cc:62:b7:91:ce:37:9f:
17:3f:e7:9f:41:83:ea:7c:05:7b:b8:6c:d1:47:ae:
bc:67:e4:fa:bc:bf:0f:f6:56:c5:89:0c:ab:d0:92:
61:46:48:d7:6d:30:28:1e:99:ef:a7:4f:e2:4a:ab:
d0:3a:22:2c:ec:3b:c8:3a:1e:e9:38:fe:6f:90:92:
1e:55:35:8e:6c:27:a8:51:7a:44:31:8d:8a:e0:14:
45:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:5B:4D:04:B8:75:48:CA:90:D8:5B:0F:13:CC:16:D6:9A:41:13:E5
X509v3 Authority Key Identifier:
keyid:87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/A9657CCAC7C511EDA7A8CD39C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
36.255.192.0/23
43.229.155.0/24
103.209.234.0/24
Signature Algorithm: sha256WithRSAEncryption
42:4b:02:45:94:a9:30:67:0c:6d:c5:ab:5c:e3:f8:c0:07:be:
09:e0:08:f6:d0:ef:92:b4:90:18:97:70:8a:8e:f1:e0:8a:e6:
91:9c:cb:6a:d5:14:3f:c7:60:70:34:be:8e:f4:c7:12:ce:a5:
ec:e9:44:2a:6f:cd:77:9a:fc:ee:ca:49:42:11:97:7b:fa:7f:
3a:ba:8e:fd:b6:9c:3d:70:b6:64:32:6b:6a:3d:45:20:f1:d1:
1c:2f:54:d6:89:0e:91:f6:b1:b6:3a:86:12:d5:89:a5:69:7d:
ee:3e:72:a5:e4:c8:3e:2c:63:54:b2:37:69:a8:30:50:94:38:
c5:bb:db:60:a0:b3:e1:e1:b7:e4:c4:1b:7d:e9:55:12:23:a8:
b7:3e:99:72:27:13:c6:b2:f7:dd:45:bc:38:44:ad:64:2b:c7:
1d:42:95:bf:f7:ee:6d:a9:49:d2:28:a2:5d:2f:23:16:fb:4a:
46:8d:2f:c3:d6:6d:b3:f8:6d:88:62:c1:79:8a:42:b1:f2:d3:
2c:e9:5c:aa:c7:a3:36:c6:40:4e:59:9d:f1:cc:d9:59:5f:f0:
0c:ac:08:17:16:f1:2c:70:3b:d6:12:ff:91:ec:ea:6f:da:8d:
f0:1c:8b:b1:2c:c2:cc:bb:e3:33:e4:95:a3:c1:72:6c:58:c8:
20:b5:0c:64
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICBSswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUI0MTIxMTAvBgNVBAUTKDg3M0Q1OTVBRjU1NjlDMjAyMzlGNTNERDgwRUIxMTc3
RDgwQjA5MzQwHhcNMjMxMDEzMDA1MjU4WhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTI4OTRlOS1lMDA2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwjAxqDqbCze9FD8ZTxY7QT4tSpvaS/nr8berfN36TLTKa9KAWhWLJk5zwh5s
nlC4nyLUgk6VdWAGRmglM58LlYaI65i/njyTDiRk5LNAicjMN7WotEX9GDAtx223
U17BtRFqc6ixmSzNi7iMaqq6sp0r2b8wm/dsQrpah3BnxWbqNCZZyr+HivfeNJ9q
YZzfjEdLw6+n4wgxi5W8QFpnA8gYtDgvbjSjq1LgOcxit5HON58XP+efQYPqfAV7
uGzRR668Z+T6vL8P9lbFiQyr0JJhRkjXbTAoHpnvp0/iSqvQOiIs7DvIOh7pOP5v
kJIeVTWObCeoUXpEMY2K4BRF6wIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFPRbTQS4
dUjKkNhbDxPMFtaaQRPlMB8GA1UdIwQYMBaAFIc9WVr1VpwgI59T3YDrEXfYCwk0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQjQxMi9DMUVBMDMzQ0Qy
RUExMUVCQTIwNkIxNzhDNEY5QUUwMi9oejFaV3ZWV25DQWpuMVBkZ09zUmQ5Z0xD
VFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2h6MVpXdlZXbkNBam4xUGRnT3NSZDlnTENUUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUI0MTIvQzFFQTAzM0NEMkVBMTFFQkEyMDZCMTc4QzRGOUFFMDIvQTk2NTdDQ0FD
N0M1MTFFREE3QThDRDM5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAEk/8ADBAAr5ZsDBABn0eowDQYJKoZIhvcNAQELBQADggEB
AEJLAkWUqTBnDG3Fq1zj+MAHvgngCPbQ75K0kBiXcIqO8eCK5pGcy2rVFD/HYHA0
vo70xxLOpezpRCpvzXea/O7KSUIRl3v6fzq6jv22nD1wtmQya2o9RSDx0RwvVNaJ
DpH2sbY6hhLViaVpfe4+cqXkyD4sY1SyN2moMFCUOMW722Cgs+Hht+TEG33pVRIj
qLc+mXInE8ay991FvDhErWQrxx1Clb/37m2pSdIool0vIxb7SkaNL8PWbbP4bYhi
wXmKQrHy0yzpXKrHozbGQE5ZnfHM2Vlf8AysCBcW8SxwO9YS/5Hs6m/ajfAci7Es
wsy74zPklaPBcmxYyCC1DGQ=
-----END CERTIFICATE-----
Generated at Tue Nov 7 13:50:41 2023 by rpki-client on console-fra.rpki-client.org