Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/42E6C828AB3A11EFB5512E6FC4F9AE02.roa
File: 42E6C828AB3A11EFB5512E6FC4F9AE02.roa (raw, json)
Hash identifier: I9dcuVrxB1dZf0XAwP1tfqN9yKGafbZsf0s/rUX6yy4=
Subject key identifier: FA:82:52:D3:D3:F4:A5:9C:20:91:93:C0:77:78:29:72:5F:B9:B1:5D
Certificate issuer: /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial: 0B8F
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/42E6C828AB3A11EFB5512E6FC4F9AE02.roa
Signing time: Mon 25 Nov 2024 14:33:39 +0000
ROA not before: Mon 25 Nov 2024 14:33:39 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 133933
IP address blocks: 14.192.128.0/24 maxlen: 24
14.192.129.0/24 maxlen: 24
14.192.131.0/24 maxlen: 24
14.192.133.0/24 maxlen: 24
14.192.136.0/24 maxlen: 24
14.192.144.0/24 maxlen: 24
14.192.147.0/24 maxlen: 24
14.192.148.0/24 maxlen: 24
14.192.156.0/24 maxlen: 24
14.192.159.0/24 maxlen: 24
43.247.120.0/24 maxlen: 24
43.247.121.0/24 maxlen: 24
43.247.122.0/24 maxlen: 24
103.20.134.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 06 Dec 2024 13:12:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2959 (0xb8f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915A0CD
Validity
Not Before: Nov 25 14:33:39 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=67448ac3-abbe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:48:e4:8f:00:10:b0:c4:99:f7:af:0f:eb:1f:
cb:ee:56:c6:5d:9c:d2:15:b5:03:8d:1e:e6:8f:32:
7b:39:39:d7:65:0a:1d:1b:77:f8:cc:42:39:0d:fe:
dd:83:82:37:75:5a:56:1e:30:bc:02:0b:26:0d:04:
f9:88:bd:85:b6:e0:e1:13:ec:14:bc:a6:3c:8c:21:
43:2d:d5:55:46:51:7a:4f:00:66:7a:21:62:f1:d4:
be:9d:aa:05:60:9b:51:bf:27:50:fc:15:da:af:c5:
54:c9:47:25:8e:72:de:51:3f:2c:b8:9a:0b:0b:b8:
6f:a6:93:6f:28:4f:9b:de:95:10:39:32:b9:53:74:
45:fa:3d:9c:81:76:98:28:0c:79:1b:7b:ee:a5:14:
e5:a4:fd:44:e9:b8:c7:60:e4:79:2e:d8:ca:1b:ed:
0b:34:8e:e8:e9:68:0f:e7:d2:87:60:99:bf:a8:2b:
2c:80:76:16:b5:17:92:eb:35:14:cd:6f:42:56:ed:
04:9e:59:25:fb:d9:46:f9:a5:7f:ba:ce:cd:cb:a3:
1c:6f:5d:6d:8a:be:c4:7e:f0:01:0b:0f:62:72:c1:
3e:a9:3b:35:b6:0f:26:a8:6a:83:1a:1e:91:82:68:
ad:cc:ee:e8:40:06:68:88:24:b7:33:da:a8:12:9f:
98:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:82:52:D3:D3:F4:A5:9C:20:91:93:C0:77:78:29:72:5F:B9:B1:5D
X509v3 Authority Key Identifier:
keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/42E6C828AB3A11EFB5512E6FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.192.128.0/23
14.192.131.0/24
14.192.133.0/24
14.192.136.0/24
14.192.144.0/24
14.192.147.0-14.192.148.255
14.192.156.0/24
14.192.159.0/24
43.247.120.0-43.247.122.255
103.20.134.0/24
Signature Algorithm: sha256WithRSAEncryption
39:51:31:95:2b:b8:9c:2e:3c:88:5a:c1:15:84:9d:8e:9a:8b:
0e:2f:e6:2d:a3:f8:63:e0:d5:80:20:2c:08:61:94:3e:50:06:
3c:4e:2a:46:3f:e2:3d:5a:97:4e:ec:17:1e:fc:f5:4b:b2:34:
7e:31:17:31:52:f2:5d:aa:3a:e6:d3:2f:1b:b1:e1:4b:64:5f:
3c:49:f0:cd:74:73:d2:14:21:f3:e3:34:9c:63:9e:62:8c:1f:
13:39:6d:40:73:0b:7e:02:9e:96:42:b0:82:a8:65:82:5a:31:
6c:5f:d2:09:a2:0e:4a:65:d7:68:ee:02:ae:29:d0:52:ae:d8:
34:13:19:ff:9f:1a:cb:4c:27:e9:88:fd:0c:cd:0a:8c:4f:25:
eb:67:9c:cf:20:d4:d0:d0:37:e3:b8:54:09:98:e4:8f:c7:b7:
6b:4b:95:66:db:b3:7b:dc:b6:7a:dc:85:02:b8:5f:2d:3a:2a:
c5:fb:13:24:e5:2a:d9:c2:75:1d:49:2a:78:55:f0:16:a7:f5:
44:46:a1:fd:37:fc:13:29:f4:02:2a:5b:89:46:d7:57:05:a4:
b6:95:e2:d6:f7:e0:3e:f5:90:c1:e6:51:27:03:39:57:8c:f7:
e2:d0:4e:96:ea:4a:0b:a8:34:3e:6b:cd:68:4f:87:d8:25:05:
a4:ec:e6:09
-----BEGIN CERTIFICATE-----
MIIFtzCCBJ+gAwIBAgICC48wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjQxMTI1MTQzMzM5WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzQ0OGFjMy1hYmJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwUjkjwAQsMSZ968P6x/L7lbGXZzSFbUDjR7mjzJ7OTnXZQodG3f4zEI5Df7d
g4I3dVpWHjC8AgsmDQT5iL2FtuDhE+wUvKY8jCFDLdVVRlF6TwBmeiFi8dS+naoF
YJtRvydQ/BXar8VUyUcljnLeUT8suJoLC7hvppNvKE+b3pUQOTK5U3RF+j2cgXaY
KAx5G3vupRTlpP1E6bjHYOR5LtjKG+0LNI7o6WgP59KHYJm/qCssgHYWtReS6zUU
zW9CVu0Enlkl+9lG+aV/us7Ny6Mcb11tir7EfvABCw9icsE+qTs1tg8mqGqDGh6R
gmitzO7oQAZoiCS3M9qoEp+YbQIDAQABo4IC2zCCAtcwHQYDVR0OBBYEFPqCUtPT
9KWcIJGTwHd4KXJfubFdMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvNDJFNkM4MjhB
QjNBMTFFRkI1NTEyRTZGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwZQYIKwYBBQUHAQcBAf8E
VjBUMFIEAgABMEwDBAEOwIADBAAOwIMDBAAOwIUDBAAOwIgDBAAOwJAwDAMEAA7A
kwMEAA7AlAMEAA7AnAMEAA7AnzAMAwQDK/d4AwQAK/d6AwQAZxSGMA0GCSqGSIb3
DQEBCwUAA4IBAQA5UTGVK7icLjyIWsEVhJ2OmosOL+Yto/hj4NWAICwIYZQ+UAY8
TipGP+I9WpdO7Bce/PVLsjR+MRcxUvJdqjrm0y8bseFLZF88SfDNdHPSFCHz4zSc
Y55ijB8TOW1Acwt+Ap6WQrCCqGWCWjFsX9IJog5KZddo7gKuKdBSrtg0Exn/nxrL
TCfpiP0MzQqMTyXrZ5zPINTQ0DfjuFQJmOSPx7drS5Vm27N73LZ63IUCuF8tOirF
+xMk5SrZwnUdSSp4VfAWp/VERqH9N/wTKfQCKluJRtdXBaS2leLW9+A+9ZDB5lEn
AzlXjPfi0E6W6koLqDQ+a81oT4fYJQWk7OYJ
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:32:41 2025 by rpki-client