Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/5B4E0C704BEE11EEA17CCC80C4F9AE02.roa
File: 5B4E0C704BEE11EEA17CCC80C4F9AE02.roa (raw, json)
Hash identifier: LPTraq7LpEe2GFwOQtrMnei664qWsbQbAYxXv1FLd5Y=
Subject key identifier: C7:BA:D8:25:DC:5A:E6:F4:D9:A7:86:89:51:B8:D4:08:09:0C:F4:01
Certificate issuer: /CN=A9139322/serialNumber=EDC547BD0E6C0C0706A185833835F65EA3C71013
Certificate serial: 063B
Authority key identifier: ED:C5:47:BD:0E:6C:0C:07:06:A1:85:83:38:35:F6:5E:A3:C7:10:13
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7cVHvQ5sDAcGoYWDODX2XqPHEBM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/5B4E0C704BEE11EEA17CCC80C4F9AE02.roa
Signing time: Tue 03 Sep 2024 01:14:25 +0000
ROA not before: Tue 03 Sep 2024 01:14:25 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 932
IP address blocks: 43.247.134.0/23 maxlen: 24
43.255.158.0/23 maxlen: 24
103.30.76.0/22 maxlen: 24
2401:2660:1000::/36 maxlen: 36
Validation: Failed, certificate revoked on Tue 15 Oct 2024 06:23:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1595 (0x63b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9139322/serialNumber=EDC547BD0E6C0C0706A185833835F65EA3C71013
Validity
Not Before: Sep 3 01:14:25 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=66d662f1-a04b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:49:da:50:3b:2e:a9:c7:6e:a2:75:eb:87:9c:
67:eb:aa:ff:42:e1:09:d1:b1:34:17:bf:cf:bd:30:
87:e0:2d:84:83:61:4c:9d:d1:b7:f7:e3:ad:67:50:
94:7a:a7:48:7b:2c:31:12:ae:9c:fe:70:48:ea:48:
89:98:4d:90:c2:dc:92:0f:44:f0:84:53:3d:a8:27:
ce:27:0c:b1:8a:a3:52:6f:bb:9c:fa:6c:56:14:58:
c3:57:9f:4e:d5:17:72:81:67:bd:c6:32:9a:62:92:
8d:9f:97:f2:15:a4:2b:39:ad:0f:e9:96:16:8f:57:
48:9d:44:ba:58:e3:f2:75:18:63:79:cc:9b:09:1f:
24:6e:eb:dd:62:13:69:95:bf:cb:55:bb:10:1c:ce:
4f:6d:f6:07:02:9d:97:e1:b8:26:ef:60:db:b1:12:
96:a9:b9:e9:05:16:98:fe:41:8b:e4:93:46:6f:9b:
f7:3b:33:bb:9e:cb:bc:35:28:3a:81:be:48:35:22:
1c:d5:09:42:43:64:a3:82:d4:b2:51:4c:3e:fb:0a:
c9:f6:86:e1:d9:75:f3:af:dc:23:62:1e:41:1b:98:
31:42:20:79:45:54:6e:de:c9:75:84:84:ad:1f:60:
05:25:4a:bd:49:5f:91:c0:90:06:ee:b1:d5:ac:9c:
ee:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:BA:D8:25:DC:5A:E6:F4:D9:A7:86:89:51:B8:D4:08:09:0C:F4:01
X509v3 Authority Key Identifier:
keyid:ED:C5:47:BD:0E:6C:0C:07:06:A1:85:83:38:35:F6:5E:A3:C7:10:13
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/7cVHvQ5sDAcGoYWDODX2XqPHEBM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7cVHvQ5sDAcGoYWDODX2XqPHEBM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/5B4E0C704BEE11EEA17CCC80C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.247.134.0/23
43.255.158.0/23
103.30.76.0/22
IPv6:
2401:2660:1000::/36
Signature Algorithm: sha256WithRSAEncryption
93:f8:0b:81:a7:8d:5a:ba:a3:58:72:f8:c6:2a:ad:ec:64:86:
9a:ad:96:e3:42:e1:0c:2f:de:12:57:a0:72:7a:ec:17:26:80:
70:06:5c:89:be:bc:0c:df:40:1b:82:f9:e7:58:40:c1:8b:ca:
b9:1b:42:39:56:6a:80:0d:50:08:3d:05:96:16:3c:f4:5a:de:
58:58:b0:71:d5:53:26:ca:e0:4d:d5:02:da:e8:46:04:63:9e:
57:34:ab:dc:e5:4c:58:fa:24:50:79:76:9a:77:30:e0:a5:ee:
9d:94:77:c7:d6:7a:f7:58:87:15:88:23:29:f5:4b:b3:57:2b:
b0:b8:01:21:e7:c0:88:7b:cb:ac:e3:21:af:81:d2:0b:c5:92:
88:b4:fb:0b:a0:8a:5b:4d:27:84:ed:7a:d0:7f:11:a1:04:64:
8c:1a:23:a7:46:51:87:39:43:30:87:f7:03:30:3f:ca:46:3a:
b0:d8:de:ab:fa:84:e8:de:e2:b2:6c:6e:90:fb:88:e6:ff:6c:
4b:33:d3:e5:3f:f0:7e:c4:8c:fc:86:33:f9:e8:25:45:0f:d8:
73:b6:08:75:c8:90:fd:99:20:aa:2b:c7:8a:1a:cf:19:70:de:
90:46:07:83:3e:bf:c3:e9:7f:10:de:a3:b2:de:62:60:97:93:
82:62:00:27
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgICBjswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzkzMjIxMTAvBgNVBAUTKEVEQzU0N0JEMEU2QzBDMDcwNkExODU4MzM4MzVGNjVF
QTNDNzEwMTMwHhcNMjQwOTAzMDExNDI1WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmQ2NjJmMS1hMDRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4UnaUDsuqcduonXrh5xn66r/QuEJ0bE0F7/PvTCH4C2Eg2FMndG39+OtZ1CU
eqdIeywxEq6c/nBI6kiJmE2QwtySD0TwhFM9qCfOJwyxiqNSb7uc+mxWFFjDV59O
1RdygWe9xjKaYpKNn5fyFaQrOa0P6ZYWj1dInUS6WOPydRhjecybCR8kbuvdYhNp
lb/LVbsQHM5PbfYHAp2X4bgm72DbsRKWqbnpBRaY/kGL5JNGb5v3OzO7nsu8NSg6
gb5INSIc1QlCQ2SjgtSyUUw++wrJ9obh2XXzr9wjYh5BG5gxQiB5RVRu3sl1hISt
H2AFJUq9SV+RwJAG7rHVrJzuHQIDAQABo4ICsTCCAq0wHQYDVR0OBBYEFMe62CXc
Wub02aeGiVG41AgJDPQBMB8GA1UdIwQYMBaAFO3FR70ObAwHBqGFgzg19l6jxxAT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzOTMyMi8yQ0IxRUVCQUY2
NTMxMUVCQTFCNEE2MUFDNEY5QUUwMi83Y1ZIdlE1c0RBY0dvWVdET0RYMlhxUEhF
Qk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzdjVkh2UTVzREFjR29ZV0RPRFgyWHFQSEVCTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzkzMjIvMkNCMUVFQkFGNjUzMTFFQkExQjRBNjFBQzRGOUFFMDIvNUI0RTBDNzA0
QkVFMTFFRUExN0NDQzgwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOwYIKwYBBQUHAQcBAf8E
LDAqMBgEAgABMBIDBAEr94YDBAEr/54DBAJnHkwwDgQCAAIwCAMGBCQBJmAQMA0G
CSqGSIb3DQEBCwUAA4IBAQCT+AuBp41auqNYcvjGKq3sZIaarZbjQuEML94SV6By
euwXJoBwBlyJvrwM30AbgvnnWEDBi8q5G0I5VmqADVAIPQWWFjz0Wt5YWLBx1VMm
yuBN1QLa6EYEY55XNKvc5UxY+iRQeXaadzDgpe6dlHfH1nr3WIcViCMp9UuzVyuw
uAEh58CIe8us4yGvgdILxZKItPsLoIpbTSeE7XrQfxGhBGSMGiOnRlGHOUMwh/cD
MD/KRjqw2N6r+oTo3uKybG6Q+4jm/2xLM9PlP/B+xIz8hjP56CVFD9hztgh1yJD9
mSCqK8eKGs8ZcN6QRgeDPr/D6X8Q3qOy3mJgl5OCYgAn
-----END CERTIFICATE-----
Generated at Tue Oct 15 07:36:29 2024 by rpki-client on console-ams.rpki-client.org