Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/8D2ACF9A39CC11EFA1C9A46AC4F9AE02.roa
File: 8D2ACF9A39CC11EFA1C9A46AC4F9AE02.roa (raw, json)
Hash identifier: wNaahpzboAT1mvUp3iMkMxoMYAMP30lU52dzT3fUPDI=
Subject key identifier: 8A:46:57:E8:3D:64:1B:53:06:F8:D4:B2:9C:41:B3:65:EA:9F:84:72
Certificate issuer: /CN=A91402DC/serialNumber=C2B9F5F3C68C576727239B92A93B36297D1B1653
Certificate serial: 123A
Authority key identifier: C2:B9:F5:F3:C6:8C:57:67:27:23:9B:92:A9:3B:36:29:7D:1B:16:53
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/8D2ACF9A39CC11EFA1C9A46AC4F9AE02.roa
Signing time: Thu 04 Jul 2024 06:13:38 +0000
ROA not before: Thu 04 Jul 2024 06:13:38 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 138345
IP address blocks: 27.54.32.0/22 maxlen: 22
27.54.37.0/24 maxlen: 24
101.127.200.0/22 maxlen: 22
101.127.204.0/23 maxlen: 23
113.10.64.0/18 maxlen: 24
117.20.128.0/23 maxlen: 24
117.20.130.0/23 maxlen: 24
117.20.140.0/22 maxlen: 24
117.20.144.0/22 maxlen: 24
117.20.150.0/23 maxlen: 24
117.20.152.0/23 maxlen: 24
117.20.154.0/24 maxlen: 24
117.20.160.0/19 maxlen: 24
122.11.150.0/23 maxlen: 23
122.11.152.0/21 maxlen: 21
122.11.169.0/24 maxlen: 24
122.11.170.0/23 maxlen: 23
122.11.172.0/24 maxlen: 24
122.11.212.0/24 maxlen: 24
122.11.213.0/24 maxlen: 24
122.11.214.0/24 maxlen: 24
122.11.215.0/24 maxlen: 24
122.11.216.0/24 maxlen: 24
122.11.217.0/24 maxlen: 24
122.11.218.0/24 maxlen: 24
122.11.219.0/24 maxlen: 24
122.11.245.0/25 maxlen: 32
122.11.245.128/25 maxlen: 32
122.11.246.0/25 maxlen: 32
122.11.246.128/25 maxlen: 32
171.0.0.0/15 maxlen: 15
171.0.0.0/16 maxlen: 24
171.1.0.0/16 maxlen: 24
171.207.0.0/16 maxlen: 24
203.116.107.0/24 maxlen: 24
203.116.116.0/24 maxlen: 24
203.116.119.0/24 maxlen: 24
203.116.181.0/24 maxlen: 32
203.117.40.0/23 maxlen: 23
203.117.246.0/24 maxlen: 24
203.117.247.0/24 maxlen: 32
203.117.248.0/22 maxlen: 22
203.117.252.0/24 maxlen: 24
203.117.253.0/24 maxlen: 24
2406:3000:5a::/48 maxlen: 56
2406:3000:5b::/48 maxlen: 56
2406:3000:5c::/48 maxlen: 56
2406:3000:5d::/48 maxlen: 56
2406:3002:40::/48 maxlen: 56
2406:3002:50::/48 maxlen: 56
Validation: Failed, certificate revoked on Thu 04 Jul 2024 07:43:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4666 (0x123a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91402DC/serialNumber=C2B9F5F3C68C576727239B92A93B36297D1B1653
Validity
Not Before: Jul 4 06:13:38 2024 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=66863d91-4a33
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:1e:bc:d8:bc:5d:16:d3:6c:f3:de:a4:a7:00:
ab:e4:9f:f5:5f:be:e2:be:46:0b:3b:12:cb:f5:ef:
1e:17:53:92:19:0f:5c:c4:95:1c:59:37:b6:40:bf:
80:2e:8d:9e:67:a3:a6:09:36:df:bc:66:0d:92:26:
29:80:6c:8b:ea:9a:81:8f:c0:38:48:3d:0d:db:b3:
69:73:4d:2a:1d:a1:88:31:ed:56:7f:5c:d4:ba:09:
f9:3c:a8:06:3e:07:c1:f9:1b:45:ef:98:a2:c1:1d:
22:2b:d2:a7:44:23:4f:b9:3f:b8:a7:e6:1d:21:dd:
f9:72:17:2a:05:5f:6a:03:b6:1f:4a:de:a7:fc:3b:
c0:43:e7:17:6e:33:58:7d:c4:d3:c5:0f:91:b3:05:
ad:dd:26:94:ed:2b:56:28:ff:75:77:f4:db:b3:26:
f4:c2:8c:c7:2b:4d:89:02:52:96:b1:85:cc:74:eb:
39:4e:a2:26:87:61:05:21:cc:41:c3:07:49:ef:b0:
be:6d:b2:0f:8f:1d:66:38:b9:72:77:64:69:a9:f9:
a7:df:e5:31:27:a9:e2:d3:bd:01:98:66:93:f1:06:
f6:1f:26:f2:c6:60:8e:01:ef:7e:4f:ba:23:a4:a2:
0a:81:8a:4e:31:e1:18:7f:b7:a3:f9:0b:ce:15:5b:
38:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:46:57:E8:3D:64:1B:53:06:F8:D4:B2:9C:41:B3:65:EA:9F:84:72
X509v3 Authority Key Identifier:
keyid:C2:B9:F5:F3:C6:8C:57:67:27:23:9B:92:A9:3B:36:29:7D:1B:16:53
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/8D2ACF9A39CC11EFA1C9A46AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.54.32.0/22
27.54.37.0/24
101.127.200.0-101.127.205.255
113.10.64.0/18
117.20.128.0/22
117.20.140.0-117.20.147.255
117.20.150.0-117.20.154.255
117.20.160.0/19
122.11.150.0-122.11.159.255
122.11.169.0-122.11.172.255
122.11.212.0-122.11.219.255
122.11.245.0-122.11.246.255
171.0.0.0/15
171.207.0.0/16
203.116.107.0/24
203.116.116.0/24
203.116.119.0/24
203.116.181.0/24
203.117.40.0/23
203.117.246.0-203.117.253.255
IPv6:
2406:3000:5a::-2406:3000:5d:ffff:ffff:ffff:ffff:ffff
2406:3002:40::/48
2406:3002:50::/48
Signature Algorithm: sha256WithRSAEncryption
01:b1:3d:b5:c6:8a:d8:9f:94:89:3e:f7:d7:e5:2e:86:a6:c8:
09:fa:47:fe:fe:9b:86:ce:aa:dc:06:35:3b:49:5b:7f:32:dd:
9b:3d:66:81:9f:96:d1:66:c6:82:9b:43:21:d8:4e:5f:33:a7:
03:ce:fb:f3:b4:8e:80:ab:67:01:bc:93:45:47:4b:45:3f:fb:
60:ef:09:e3:03:eb:a1:cc:c8:ee:d9:8b:27:4c:93:7b:10:e7:
11:fd:b9:09:ba:9b:59:77:48:78:73:ec:f4:9c:d1:50:89:ff:
6d:49:10:78:21:02:49:cd:a0:b0:5d:b7:e1:8a:ab:79:a4:85:
0e:2c:c6:51:f4:1e:dd:5b:76:9a:bd:23:82:54:de:d5:db:3d:
e0:28:61:bc:97:cc:27:d6:0e:dc:51:67:37:66:df:de:82:4c:
11:b1:c8:8c:31:9f:22:7c:5a:10:aa:3d:97:cd:1b:a7:96:1d:
3f:66:a9:5d:d6:18:5e:c2:bb:13:26:d4:99:88:32:99:bf:76:
e2:fb:97:d6:25:45:93:c1:6b:0c:fa:6b:fb:d3:a3:9c:63:b2:
f2:be:1d:4e:f6:d8:7c:a8:2a:29:13:f1:2a:2e:5a:9e:a7:2e:
ef:d8:93:23:e5:3e:3f:45:55:7e:87:8a:0b:0b:33:ef:b7:f5:
54:8b:2e:bd
-----BEGIN CERTIFICATE-----
MIIGVTCCBT2gAwIBAgICEjowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDAyREMxMTAvBgNVBAUTKEMyQjlGNUYzQzY4QzU3NjcyNzIzOUI5MkE5M0IzNjI5
N0QxQjE2NTMwHhcNMjQwNzA0MDYxMzM4WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Njg2M2Q5MS00YTMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8B682LxdFtNs896kpwCr5J/1X77ivkYLOxLL9e8eF1OSGQ9cxJUcWTe2QL+A
Lo2eZ6OmCTbfvGYNkiYpgGyL6pqBj8A4SD0N27Npc00qHaGIMe1Wf1zUugn5PKgG
PgfB+RtF75iiwR0iK9KnRCNPuT+4p+YdId35chcqBV9qA7YfSt6n/DvAQ+cXbjNY
fcTTxQ+RswWt3SaU7StWKP91d/Tbsyb0wozHK02JAlKWsYXMdOs5TqImh2EFIcxB
wwdJ77C+bbIPjx1mOLlyd2Rpqfmn3+UxJ6ni070BmGaT8Qb2HybyxmCOAe9+T7oj
pKIKgYpOMeEYf7ej+QvOFVs40QIDAQABo4IDeTCCA3UwHQYDVR0OBBYEFIpGV+g9
ZBtTBvjUspxBs2Xqn4RyMB8GA1UdIwQYMBaAFMK59fPGjFdnJyObkqk7Nil9GxZT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MDJEQy8yRDUxQUY0MkZE
M0UxMUU4ODhDNTM5NDRDNEY5QUUwMi93cm4xODhhTVYyY25JNXVTcVRzMktYMGJG
bE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3dybjE4OGFNVjJjbkk1dVNxVHMyS1gwYkZsTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDAyREMvMkQ1MUFGNDJGRDNFMTFFODg4QzUzOTQ0QzRGOUFFMDIvOEQyQUNGOUEz
OUNDMTFFRkExQzlBNDZBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwggEBBggrBgEFBQcBBwEB
/wSB8TCB7jCBvQQCAAEwgbYDBAIbNiADBAAbNiUwDAMEA2V/yAMEAWV/zAMEBnEK
QAMEAnUUgDAMAwQCdRSMAwQCdRSQMAwDBAF1FJYDBAB1FJoDBAV1FKAwDAMEAXoL
lgMEBXoLgDAMAwQAegupAwQAegusMAwDBAJ6C9QDBAJ6C9gwDAMEAHoL9QMEAHoL
9gMDAasAAwMAq88DBADLdGsDBADLdHQDBADLdHcDBADLdLUDBAHLdSgwDAMEAct1
9gMEAct1/DAsBAIAAjAmMBIDBwEkBjAAAFoDBwEkBjAAAFwDBwAkBjACAEADBwAk
BjACAFAwDQYJKoZIhvcNAQELBQADggEBAAGxPbXGitiflIk+99flLoamyAn6R/7+
m4bOqtwGNTtJW38y3Zs9ZoGfltFmxoKbQyHYTl8zpwPO+/O0joCrZwG8k0VHS0U/
+2DvCeMD66HMyO7ZiydMk3sQ5xH9uQm6m1l3SHhz7PSc0VCJ/21JEHghAknNoLBd
t+GKq3mkhQ4sxlH0Ht1bdpq9I4JU3tXbPeAoYbyXzCfWDtxRZzdm396CTBGxyIwx
nyJ8WhCqPZfNG6eWHT9mqV3WGF7CuxMm1JmIMpm/duL7l9YlRZPBawz6a/vTo5xj
svK+HU722HyoKikT8SouWp6nLu/YkyPlPj9FVX6HigsLM++39VSLLr0=
-----END CERTIFICATE-----
Generated at Thu Jul 4 10:25:21 2024 by rpki-client on console-ams.rpki-client.org