Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9143921/E95C7DACB28811EEAA235519C4F9AE02/D4F155E4B6AD11EE90BE1C52C4F9AE02.roa
File: D4F155E4B6AD11EE90BE1C52C4F9AE02.roa (raw, json)
Hash identifier: UAzkZrqrCmoaJpc38gHfFAccOfTXiy05a6OJP+loUHg=
Subject key identifier: B6:C0:94:29:78:2A:00:57:F1:FB:8C:49:1A:A7:06:91:83:5B:4A:96
Certificate issuer: /CN=A9143921/serialNumber=C37568234ABEC7980F6E177D48D0B431640DD33A
Certificate serial: 0B
Authority key identifier: C3:75:68:23:4A:BE:C7:98:0F:6E:17:7D:48:D0:B4:31:64:0D:D3:3A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/w3VoI0q-x5gPbhd9SNC0MWQN0zo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9143921/E95C7DACB28811EEAA235519C4F9AE02/D4F155E4B6AD11EE90BE1C52C4F9AE02.roa
Signing time: Mon 22 Jan 2024 05:19:11 +0000
ROA not before: Mon 22 Jan 2024 05:19:11 +0000
ROA not after: Sun 02 Mar 2025 00:00:00 +0000
asID: 152140
IP address blocks: 210.87.126.0/24 maxlen: 24
210.87.127.0/24 maxlen: 24
2001:df3:4040::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 22 Jan 2024 08:14:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11 (0xb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9143921/serialNumber=C37568234ABEC7980F6E177D48D0B431640DD33A
Validity
Not Before: Jan 22 05:19:11 2024 GMT
Not After : Mar 2 00:00:00 2025 GMT
Subject: CN=65adfacf-8650
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:94:b8:18:9e:44:3a:37:dc:12:14:a5:9c:27:
1f:bb:58:bb:3d:8d:71:bc:94:89:80:3a:7b:18:e3:
9d:5e:52:8a:7f:39:b0:e2:9d:12:ef:dc:e5:1c:02:
2a:da:9d:60:99:97:4a:02:17:90:d3:90:46:be:90:
59:c0:96:8b:16:69:0c:44:93:80:01:b7:c8:41:bc:
62:2b:ba:a6:6a:0e:fd:c0:b0:1e:2c:f7:61:a4:98:
f1:53:0d:39:b4:03:8c:7d:30:10:fd:84:a7:ed:7f:
88:30:46:f3:cd:e6:45:e2:c0:cf:8c:54:1d:c4:11:
20:f2:4c:56:a5:f7:a7:f2:ea:3f:f3:54:36:8e:52:
e8:bc:75:39:4b:76:e4:0a:79:6f:0b:56:81:0e:95:
84:35:e8:ce:d3:8e:dc:84:d8:49:aa:c3:0f:bd:0d:
b1:a5:38:23:a3:ca:45:49:05:94:93:2e:b2:39:46:
16:97:fa:b2:50:48:f5:ef:3d:1c:83:a9:a8:b8:27:
ed:40:0e:ac:b9:4a:f6:08:54:8c:fb:d0:d8:16:41:
d2:71:50:b5:2e:2b:fe:87:a2:af:1e:16:75:07:06:
1d:65:cd:39:a9:f7:0c:93:26:0e:d5:93:c8:02:45:
b7:c5:e6:6d:c9:1f:c4:14:0e:cc:78:a2:93:91:5e:
8f:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:C0:94:29:78:2A:00:57:F1:FB:8C:49:1A:A7:06:91:83:5B:4A:96
X509v3 Authority Key Identifier:
keyid:C3:75:68:23:4A:BE:C7:98:0F:6E:17:7D:48:D0:B4:31:64:0D:D3:3A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9143921/E95C7DACB28811EEAA235519C4F9AE02/w3VoI0q-x5gPbhd9SNC0MWQN0zo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/w3VoI0q-x5gPbhd9SNC0MWQN0zo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9143921/E95C7DACB28811EEAA235519C4F9AE02/D4F155E4B6AD11EE90BE1C52C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
210.87.126.0/23
IPv6:
2001:df3:4040::/48
Signature Algorithm: sha256WithRSAEncryption
a7:8b:ce:ad:69:2c:a9:94:af:cb:75:69:8e:c2:50:af:48:3d:
1c:e8:e7:63:2c:b0:53:fc:9c:26:0a:a1:01:d5:f2:59:07:ce:
2b:35:57:33:20:22:54:a6:88:88:e5:81:5c:47:9c:36:ed:e4:
ee:fa:6d:5d:99:72:08:58:91:93:00:79:a5:31:77:37:b7:20:
a8:e7:b4:7d:7e:de:50:9d:c5:ca:04:dd:62:72:d4:7b:d5:ee:
68:ef:62:4a:7c:a3:e3:14:0d:ae:5b:34:1d:39:06:19:3c:67:
cf:33:ec:a3:a1:c5:33:1a:da:b4:74:9b:96:94:f4:15:7b:6f:
20:f7:f2:7f:6b:46:f2:7f:08:62:1f:cb:0a:72:f2:4d:47:cb:
f2:91:52:cc:13:fe:3c:6a:0c:44:a8:79:74:bd:08:74:bb:32:
df:e6:dc:5b:88:af:04:e5:43:02:aa:13:0c:3f:5b:69:73:c2:
65:9a:99:ec:f1:a6:ef:71:78:94:10:99:30:35:02:51:3a:1f:
98:60:5f:ac:c7:c5:58:64:fe:dc:17:66:12:d4:fc:bd:d3:8a:
2b:fd:78:59:bd:8b:e1:f3:22:84:d2:2e:ad:1e:83:75:34:8a:
92:18:99:5b:90:69:ec:1c:4b:d6:93:c0:ad:ae:c2:46:94:22:
97:cb:1b:70
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBCzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE0
MzkyMTExMC8GA1UEBRMoQzM3NTY4MjM0QUJFQzc5ODBGNkUxNzdENDhEMEI0MzE2
NDBERDMzQTAeFw0yNDAxMjIwNTE5MTFaFw0yNTAzMDIwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1YWRmYWNmLTg2NTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC6lLgYnkQ6N9wSFKWcJx+7WLs9jXG8lImAOnsY451eUop/ObDinRLv3OUcAira
nWCZl0oCF5DTkEa+kFnAlosWaQxEk4ABt8hBvGIruqZqDv3AsB4s92GkmPFTDTm0
A4x9MBD9hKftf4gwRvPN5kXiwM+MVB3EESDyTFal96fy6j/zVDaOUui8dTlLduQK
eW8LVoEOlYQ16M7TjtyE2Emqww+9DbGlOCOjykVJBZSTLrI5RhaX+rJQSPXvPRyD
qai4J+1ADqy5SvYIVIz70NgWQdJxULUuK/6Hoq8eFnUHBh1lzTmp9wyTJg7Vk8gC
RbfF5m3JH8QUDsx4opORXo+BAgMBAAGjggKmMIICojAdBgNVHQ4EFgQUtsCUKXgq
AFfx+4xJGqcGkYNbSpYwHwYDVR0jBBgwFoAUw3VoI0q+x5gPbhd9SNC0MWQN0zow
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTQzOTIxL0U5NUM3REFDQjI4
ODExRUVBQTIzNTUxOUM0RjlBRTAyL3czVm9JMHEteDVnUGJoZDlTTkMwTVdRTjB6
by5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvdzNWb0kwcS14NWdQYmhkOVNOQzBNV1FOMHpvLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0
MzkyMS9FOTVDN0RBQ0IyODgxMUVFQUEyMzU1MTlDNEY5QUUwMi9ENEYxNTVFNEI2
QUQxMUVFOTBCRTFDNTJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAdJXfjAPBAIAAjAJAwcAIAEN80BAMA0GCSqGSIb3DQEBCwUA
A4IBAQCni86taSyplK/LdWmOwlCvSD0c6OdjLLBT/JwmCqEB1fJZB84rNVczICJU
poiI5YFcR5w27eTu+m1dmXIIWJGTAHmlMXc3tyCo57R9ft5QncXKBN1ictR71e5o
72JKfKPjFA2uWzQdOQYZPGfPM+yjocUzGtq0dJuWlPQVe28g9/J/a0byfwhiH8sK
cvJNR8vykVLME/48agxEqHl0vQh0uzLf5txbiK8E5UMCqhMMP1tpc8Jlmpns8abv
cXiUEJkwNQJROh+YYF+sx8VYZP7cF2YS1Py904or/XhZvYvh8yKE0i6tHoN1NIqS
GJlbkGnsHEvWk8CtrsJGlCKXyxtw
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:56 2024 by rpki-client on console-ams.rpki-client.org