Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/03F5221CCE6D11EFA2CDB135C4F9AE02.roa
File: 03F5221CCE6D11EFA2CDB135C4F9AE02.roa (raw, json)
Hash identifier: +uMU/qGxtNEjS1i/eVvfYmsC7ziCYLBBldNlcwSAmuU=
Subject key identifier: FA:F3:00:54:29:C7:25:6A:41:2F:1F:18:EC:AA:61:9F:5D:80:E7:B9
Certificate issuer: /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial: 0BEE
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/03F5221CCE6D11EFA2CDB135C4F9AE02.roa
Signing time: Thu 09 Jan 2025 09:36:00 +0000
ROA not before: Thu 09 Jan 2025 09:36:00 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 43260
IP address blocks: 14.192.134.0/24 maxlen: 24
14.192.144.0/24 maxlen: 24
14.192.151.0/24 maxlen: 24
14.192.152.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 14 Jan 2025 09:44:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3054 (0xbee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915A0CD
Validity
Not Before: Jan 9 09:36:00 2025 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=677f987f-8031
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:53:86:d8:20:57:84:1e:a9:3b:7a:fa:a3:e8:
ac:89:0d:2e:89:76:47:5e:5f:ed:f5:c3:e0:f7:19:
b1:45:68:85:80:78:54:ab:15:62:3b:e4:f3:09:e2:
f8:f1:19:81:f5:02:11:5b:8e:33:36:8c:6b:32:62:
db:2c:96:b1:96:0a:e3:e1:24:5b:f1:36:c8:ec:dc:
c0:8d:a1:9f:79:14:69:bf:e3:d0:0c:bd:51:84:1d:
30:94:6f:d3:32:9e:4f:39:09:44:4b:7d:b7:e2:b6:
91:22:18:cf:15:c3:a4:d8:d1:8d:b3:c0:7a:88:85:
90:ef:e7:5f:6c:a7:24:c2:24:d5:c4:a7:f8:e7:0f:
ff:3b:9e:db:92:00:21:fb:28:80:54:44:5f:30:2a:
94:d0:b8:7f:dc:07:82:c9:20:48:6c:f1:e8:70:3d:
8b:19:07:5e:e7:c0:c4:e1:a6:29:c8:0c:4f:bb:03:
33:5a:41:17:99:00:a0:74:e9:d3:02:35:1c:fb:76:
b8:cc:2d:61:ae:43:e6:09:8e:40:8c:2e:0c:82:e0:
3e:c2:fb:05:2a:6d:a9:1a:f6:4c:75:0e:51:d4:37:
a8:a7:a1:99:63:2a:ce:6f:8f:f2:82:bc:d2:76:f4:
bc:89:72:ec:4b:14:92:a5:dd:2c:ae:09:9f:1c:11:
5f:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:F3:00:54:29:C7:25:6A:41:2F:1F:18:EC:AA:61:9F:5D:80:E7:B9
X509v3 Authority Key Identifier:
keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/03F5221CCE6D11EFA2CDB135C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.192.134.0/24
14.192.144.0/24
14.192.151.0-14.192.152.255
Signature Algorithm: sha256WithRSAEncryption
0d:ab:f7:80:29:bc:01:db:d5:a1:c1:9f:3a:ef:0e:00:ef:c5:
a8:6b:17:b7:9e:66:b0:79:9d:02:69:37:17:54:aa:39:f8:70:
4a:e8:d0:b0:3f:83:81:3a:75:c1:0a:ff:6a:25:76:d8:37:83:
16:3d:49:25:ee:c3:01:70:1e:3b:25:72:4a:29:e8:69:f1:3b:
e4:f1:ed:b0:a7:4f:22:0a:18:00:df:14:60:00:cc:b9:94:96:
cc:17:6b:66:23:54:66:db:fd:89:27:75:e2:76:44:d3:87:46:
d5:c1:1d:83:54:63:b7:6c:e4:0d:66:c5:cc:23:18:e5:3b:a1:
cb:99:ae:e6:8f:98:94:3d:85:95:22:ee:e2:c4:e6:72:99:76:
8e:a8:3e:fc:9b:36:7e:d9:03:57:bc:5f:41:2f:05:4f:a4:9f:
95:af:0b:01:1d:76:e2:8e:b8:41:f5:c7:c9:40:3c:50:8c:2f:
cb:9c:b6:f3:b2:05:65:f3:be:a7:0e:94:3a:7e:57:65:8d:6c:
03:88:9f:16:1e:34:99:4e:dc:4c:8f:58:2e:f2:b3:2d:5c:29:
37:b9:fc:5f:e3:5e:99:9c:39:77:e3:97:ea:4b:5e:92:ee:a1:
4e:17:6f:e3:1d:0d:b8:b2:3b:77:75:27:8b:fc:29:88:bd:f8:
61:6d:dc:b7
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICC+4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjUwMTA5MDkzNjAwWhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzdmOTg3Zi04MDMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA21OG2CBXhB6pO3r6o+isiQ0uiXZHXl/t9cPg9xmxRWiFgHhUqxViO+TzCeL4
8RmB9QIRW44zNoxrMmLbLJaxlgrj4SRb8TbI7NzAjaGfeRRpv+PQDL1RhB0wlG/T
Mp5POQlES3234raRIhjPFcOk2NGNs8B6iIWQ7+dfbKckwiTVxKf45w//O57bkgAh
+yiAVERfMCqU0Lh/3AeCySBIbPHocD2LGQde58DE4aYpyAxPuwMzWkEXmQCgdOnT
AjUc+3a4zC1hrkPmCY5AjC4MguA+wvsFKm2pGvZMdQ5R1Deop6GZYyrOb4/ygrzS
dvS8iXLsSxSSpd0srgmfHBFfMQIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFPrzAFQp
xyVqQS8fGOyqYZ9dgOe5MB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvMDNGNTIyMUND
RTZEMTFFRkEyQ0RCMTM1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBoDBAAOwIYDBAAOwJAwDAMEAA7AlwMEAA7AmDANBgkqhkiG9w0B
AQsFAAOCAQEADav3gCm8AdvVocGfOu8OAO/FqGsXt55msHmdAmk3F1SqOfhwSujQ
sD+DgTp1wQr/aiV22DeDFj1JJe7DAXAeOyVySinoafE75PHtsKdPIgoYAN8UYADM
uZSWzBdrZiNUZtv9iSd14nZE04dG1cEdg1Rjt2zkDWbFzCMY5Tuhy5mu5o+YlD2F
lSLu4sTmcpl2jqg+/Js2ftkDV7xfQS8FT6Sfla8LAR124o64QfXHyUA8UIwvy5y2
87IFZfO+pw6UOn5XZY1sA4ifFh40mU7cTI9YLvKzLVwpN7n8X+NemZw5d+OX6kte
ku6hThdv4x0NuLI7d3Uni/wpiL34YW3ctw==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:45:44 2025 by rpki-client