Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/41F495F6450C11EFBD7B1642C4F9AE02.roa
File: 41F495F6450C11EFBD7B1642C4F9AE02.roa (raw, json)
Hash identifier: ZURrvPszGlsmfloMCT0jEJEsuSqnTi1cjCNgOy8U2Zc=
Subject key identifier: BE:D9:6F:96:22:72:6B:73:4D:BD:0D:FB:62:F8:58:47:12:C1:07:8A
Certificate issuer: /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial: 0A29
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/41F495F6450C11EFBD7B1642C4F9AE02.roa
Signing time: Thu 18 Jul 2024 13:47:22 +0000
ROA not before: Thu 18 Jul 2024 13:47:22 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 133933
IP address blocks: 14.192.129.0/24 maxlen: 24
14.192.145.0/24 maxlen: 24
43.247.120.0/24 maxlen: 24
43.247.121.0/24 maxlen: 24
43.247.122.0/24 maxlen: 24
43.247.123.0/24 maxlen: 24
103.20.132.0/24 maxlen: 24
103.20.133.0/24 maxlen: 24
103.20.134.0/24 maxlen: 24
103.20.135.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 16 Aug 2024 06:57:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2601 (0xa29)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915A0CD
Validity
Not Before: Jul 18 13:47:22 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=66991cea-2119
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:74:97:e2:70:18:ff:c7:9d:53:ed:ae:44:f3:
a5:ff:92:79:79:1e:86:45:9a:d1:fb:52:bb:49:ef:
87:7d:23:57:a8:87:7a:58:13:3b:e9:a3:93:67:ed:
0c:4b:73:47:ee:58:f1:4e:e0:c8:39:63:05:d0:3d:
e6:a0:f6:12:9d:cc:80:a8:be:83:d7:1b:a3:be:f5:
60:a8:50:8c:85:28:1d:ea:02:6f:25:ad:8a:ce:4c:
6f:11:2a:6e:5c:20:1c:fe:22:43:b9:bb:cb:d6:b8:
af:df:aa:5b:c1:19:59:b6:e9:f3:ec:fd:70:52:f6:
a4:51:58:f9:4a:05:cc:ef:39:e2:8f:d6:0c:b2:1b:
f5:77:a4:80:d5:11:df:15:b6:3d:a0:b6:29:13:e0:
0c:44:6b:3c:4e:19:09:0f:00:4b:49:19:d9:94:02:
29:61:ef:95:4f:22:10:b6:d5:3e:de:32:13:d6:01:
4c:4e:2f:b9:1e:67:1f:63:55:b8:f1:70:a7:7a:f8:
27:d2:52:93:34:41:ff:63:9b:5a:f0:cd:9e:a2:3d:
69:6f:88:72:85:4c:a6:83:10:4c:16:46:28:48:d8:
ec:9f:e1:76:5c:b8:b4:43:35:14:e5:d3:cb:f9:97:
1a:6a:bb:51:e8:62:6d:f7:88:00:43:f4:d7:1c:27:
3e:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:D9:6F:96:22:72:6B:73:4D:BD:0D:FB:62:F8:58:47:12:C1:07:8A
X509v3 Authority Key Identifier:
keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/41F495F6450C11EFBD7B1642C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.192.129.0/24
14.192.145.0/24
43.247.120.0/22
103.20.132.0/22
Signature Algorithm: sha256WithRSAEncryption
4e:50:74:bc:49:ee:38:81:65:92:cf:0a:1b:ed:7b:12:5e:c6:
f2:91:6f:e9:af:d9:4d:12:22:fb:26:3b:14:cd:a5:12:a1:57:
c9:af:47:4e:52:18:75:1f:38:26:98:f6:ac:fe:62:63:56:ec:
71:8d:55:6d:9e:15:6d:41:1f:c1:47:9c:6e:3e:9c:dd:10:32:
0b:64:3b:a8:da:c9:6c:c2:3b:6f:88:9d:8d:2d:1a:3f:fa:a4:
b5:8a:d0:f7:fa:1f:3c:c5:64:e9:ad:36:24:ca:47:86:e0:9f:
72:36:e2:74:a5:d8:d7:8f:8f:af:00:42:9c:fe:f2:04:50:64:
4b:5c:5f:ce:a5:3c:96:0c:55:f5:4f:45:4b:b7:6b:04:da:81:
c0:b5:2e:c0:30:02:0e:cb:26:10:26:b6:51:20:28:ab:2c:4e:
bc:d1:3c:c7:7d:df:b6:ce:35:32:3d:c7:dd:36:96:cc:53:72:
f0:49:ac:80:06:ae:25:d8:b6:08:4b:72:a5:de:af:0d:61:95:
1d:cf:f4:bd:69:25:ea:76:fb:9a:0e:67:cf:0d:b7:6c:3d:c6:
13:c8:26:72:bc:4e:1a:84:1d:bd:ef:aa:ef:44:63:6e:f2:38:
1d:f8:6c:88:0f:58:d7:97:d9:64:21:bf:92:14:24:fe:1a:92:
5c:d2:ec:d8
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICCikwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjQwNzE4MTM0NzIyWhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Njk5MWNlYS0yMTE5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyXSX4nAY/8edU+2uRPOl/5J5eR6GRZrR+1K7Se+HfSNXqId6WBM76aOTZ+0M
S3NH7ljxTuDIOWMF0D3moPYSncyAqL6D1xujvvVgqFCMhSgd6gJvJa2KzkxvESpu
XCAc/iJDubvL1riv36pbwRlZtunz7P1wUvakUVj5SgXM7znij9YMshv1d6SA1RHf
FbY9oLYpE+AMRGs8ThkJDwBLSRnZlAIpYe+VTyIQttU+3jIT1gFMTi+5HmcfY1W4
8XCnevgn0lKTNEH/Y5ta8M2eoj1pb4hyhUymgxBMFkYoSNjsn+F2XLi0QzUU5dPL
+ZcaartR6GJt94gAQ/TXHCc+kQIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFL7Zb5Yi
cmtzTb0N+2L4WEcSwQeKMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvNDFGNDk1RjY0
NTBDMTFFRkJEN0IxNjQyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBAAOwIEDBAAOwJEDBAIr93gDBAJnFIQwDQYJKoZIhvcNAQEL
BQADggEBAE5QdLxJ7jiBZZLPChvtexJexvKRb+mv2U0SIvsmOxTNpRKhV8mvR05S
GHUfOCaY9qz+YmNW7HGNVW2eFW1BH8FHnG4+nN0QMgtkO6jayWzCO2+InY0tGj/6
pLWK0Pf6HzzFZOmtNiTKR4bgn3I24nSl2NePj68AQpz+8gRQZEtcX86lPJYMVfVP
RUu3awTagcC1LsAwAg7LJhAmtlEgKKssTrzRPMd937bONTI9x902lsxTcvBJrIAG
riXYtghLcqXerw1hlR3P9L1pJep2+5oOZ88Nt2w9xhPIJnK8ThqEHb3vqu9EY27y
OB34bIgPWNeX2WQhv5IUJP4aklzS7Ng=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:40:34 2025 by rpki-client