Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911DFB8/85A5D90E453D11EBB55A6225C4F9AE02/B6E44C08454211EBAE62CF6BC4F9AE02.roa
File: B6E44C08454211EBAE62CF6BC4F9AE02.roa (raw, json)
Hash identifier: MP0F9GfPab0fw0dsEjoEfIYN+LcUl9Vs5gZO4he/YCg=
Subject key identifier: FD:46:27:03:2E:A4:84:B3:3D:B6:7A:A0:1B:ED:D0:06:70:A4:79:B8
Certificate issuer: /CN=A911DFB8/serialNumber=0F80F40D3286852C9B9F6E345BE1D5BD2F954832
Certificate serial: 061B
Authority key identifier: 0F:80:F4:0D:32:86:85:2C:9B:9F:6E:34:5B:E1:D5:BD:2F:95:48:32
Authority info access: rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/D4D0DTKGhSybn240W-HVvS-VSDI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911DFB8/85A5D90E453D11EBB55A6225C4F9AE02/B6E44C08454211EBAE62CF6BC4F9AE02.roa
Signing time: Sat 02 Mar 2024 23:42:30 +0000
ROA not before: Sat 02 Mar 2024 23:42:30 +0000
ROA not after: Wed 28 May 2025 00:00:00 +0000
asID: 138995
IP address blocks: 185.203.36.0/24 maxlen: 24
185.203.37.0/24 maxlen: 24
185.203.38.0/24 maxlen: 24
185.203.39.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 09 Jul 2024 07:59:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1563 (0x61b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911DFB8/serialNumber=0F80F40D3286852C9B9F6E345BE1D5BD2F954832
Validity
Not Before: Mar 2 23:42:30 2024 GMT
Not After : May 28 00:00:00 2025 GMT
Subject: CN=65e3b966-dc70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:8e:48:9e:a5:19:1f:5b:e3:04:6c:1e:ee:c8:
cd:72:0e:c3:07:1e:f6:82:96:d5:04:5c:8f:21:75:
10:b7:3b:39:63:a4:9c:37:1e:82:49:aa:8c:d6:8b:
a2:f7:f9:72:65:85:4b:2e:38:ce:57:97:c7:02:9e:
e7:b7:35:09:ee:bd:9f:de:49:5c:ac:80:25:13:aa:
a7:ee:1b:37:09:be:9e:8f:64:f9:79:19:c4:52:47:
cb:c2:85:26:cf:9b:4a:8d:08:03:e5:a4:b4:67:58:
85:2d:b1:e6:33:86:42:9a:1b:b6:4e:63:84:0a:08:
a3:22:58:34:01:fd:d6:f7:e8:7d:f1:3b:58:a5:05:
74:d2:6d:b7:57:e0:ea:45:1a:40:74:e9:03:7d:51:
15:16:64:a3:34:a9:c6:18:4b:26:89:a0:fb:fd:ff:
77:b5:27:68:60:88:7e:2a:cf:fa:f2:65:d2:5c:0d:
d2:11:f2:c8:66:1a:3c:05:6d:65:76:27:9f:36:ae:
c6:79:23:53:8e:e3:ab:95:81:7f:c8:01:b2:ec:10:
95:dc:1e:f8:c5:ce:d9:e8:38:19:b0:70:0d:99:7d:
f2:19:36:19:4d:c3:f9:b5:05:70:80:0e:04:ca:0a:
b7:91:92:47:00:d9:9e:10:be:a3:b4:ef:59:36:dd:
17:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:46:27:03:2E:A4:84:B3:3D:B6:7A:A0:1B:ED:D0:06:70:A4:79:B8
X509v3 Authority Key Identifier:
keyid:0F:80:F4:0D:32:86:85:2C:9B:9F:6E:34:5B:E1:D5:BD:2F:95:48:32
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911DFB8/85A5D90E453D11EBB55A6225C4F9AE02/D4D0DTKGhSybn240W-HVvS-VSDI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/D4D0DTKGhSybn240W-HVvS-VSDI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911DFB8/85A5D90E453D11EBB55A6225C4F9AE02/B6E44C08454211EBAE62CF6BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
185.203.36.0/22
Signature Algorithm: sha256WithRSAEncryption
8b:89:65:ea:56:4f:80:e5:b3:1b:6b:4c:d5:f8:17:58:4b:0e:
75:06:78:31:5c:bd:1a:2c:b7:1e:17:33:19:e8:7b:d7:be:62:
68:bb:69:ad:03:73:88:dd:19:2d:d3:07:c6:e0:7b:d8:12:68:
39:2b:fc:aa:a8:4b:37:7d:a7:16:74:8f:99:df:13:f8:01:ed:
3f:03:70:0f:9e:09:92:d0:2f:70:9b:7f:b0:2e:c2:79:df:8c:
12:76:0c:88:b7:f6:b7:c7:80:43:4a:6c:2c:d6:f1:27:c4:56:
ba:fb:fe:ac:79:1a:65:80:2e:b3:bc:f8:28:40:bc:c1:33:38:
ab:72:4c:2e:7f:60:92:b8:0a:fe:67:26:98:a0:1a:56:fb:75:
c9:21:27:07:48:c4:25:6d:56:67:97:d3:ba:7a:c8:3d:dd:38:
4b:db:a0:66:f1:c9:d8:b3:0c:f6:f4:89:e3:cf:81:b5:c6:61:
ed:b2:d2:b5:3c:8f:a9:94:dd:b8:5f:db:fa:f8:00:50:92:1c:
7b:83:55:7f:7b:71:19:5d:5c:bc:70:b9:d3:03:a6:fb:60:9b:
de:59:d4:11:0b:bb:03:2c:26:95:8e:25:13:86:6d:cd:f7:fd:
3a:c6:e0:9f:fb:1f:97:5c:35:3d:39:c4:db:fe:44:c2:3f:01:
9e:1f:c1:3f
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBhswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MURGQjgxMTAvBgNVBAUTKDBGODBGNDBEMzI4Njg1MkM5QjlGNkUzNDVCRTFENUJE
MkY5NTQ4MzIwHhcNMjQwMzAyMjM0MjMwWhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NWUzYjk2Ni1kYzcwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5I5InqUZH1vjBGwe7sjNcg7DBx72gpbVBFyPIXUQtzs5Y6ScNx6CSaqM1oui
9/lyZYVLLjjOV5fHAp7ntzUJ7r2f3klcrIAlE6qn7hs3Cb6ej2T5eRnEUkfLwoUm
z5tKjQgD5aS0Z1iFLbHmM4ZCmhu2TmOECgijIlg0Af3W9+h98TtYpQV00m23V+Dq
RRpAdOkDfVEVFmSjNKnGGEsmiaD7/f93tSdoYIh+Ks/68mXSXA3SEfLIZho8BW1l
diefNq7GeSNTjuOrlYF/yAGy7BCV3B74xc7Z6DgZsHANmX3yGTYZTcP5tQVwgA4E
ygq3kZJHANmeEL6jtO9ZNt0XwQIDAQABo4IClTCCApEwHQYDVR0OBBYEFP1GJwMu
pISzPbZ6oBvt0AZwpHm4MB8GA1UdIwQYMBaAFA+A9A0yhoUsm59uNFvh1b0vlUgy
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExREZCOC84NUE1RDkwRTQ1
M0QxMUVCQjU1QTYyMjVDNEY5QUUwMi9ENEQwRFRLR2hTeWJuMjQwVy1IVnZTLVZT
REkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL0Q0RDBEVEtHaFN5Ym4yNDBXLUhWdlMtVlNESS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MURGQjgvODVBNUQ5MEU0NTNEMTFFQkI1NUE2MjI1QzRGOUFFMDIvQjZFNDRDMDg0
NTQyMTFFQkFFNjJDRjZCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAK5yyQwDQYJKoZIhvcNAQELBQADggEBAIuJZepWT4Dlsxtr
TNX4F1hLDnUGeDFcvRostx4XMxnoe9e+Ymi7aa0Dc4jdGS3TB8bge9gSaDkr/Kqo
Szd9pxZ0j5nfE/gB7T8DcA+eCZLQL3Cbf7AuwnnfjBJ2DIi39rfHgENKbCzW8SfE
Vrr7/qx5GmWALrO8+ChAvMEzOKtyTC5/YJK4Cv5nJpigGlb7dckhJwdIxCVtVmeX
07p6yD3dOEvboGbxydizDPb0iePPgbXGYe2y0rU8j6mU3bhf2/r4AFCSHHuDVX97
cRldXLxwudMDpvtgm95Z1BELuwMsJpWOJROGbc33/TrG4J/7H5dcNT05xNv+RMI/
AZ4fwT8=
-----END CERTIFICATE-----
Generated at Tue Jul 9 10:17:55 2024 by rpki-client on console-fra.rpki-client.org