Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/8B4DE2ECCDF211EF80F69412C4F9AE02.roa
File: 8B4DE2ECCDF211EF80F69412C4F9AE02.roa (raw, json)
Hash identifier: j3Puc2s6PJIJVdDgdz3JqjXp4GZEADNnMKSTZXUzWoA=
Subject key identifier: DF:D7:53:BF:98:39:FB:CA:A8:77:77:88:CB:B1:43:C2:F4:07:88:1C
Certificate issuer: /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial: 0BE3
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/8B4DE2ECCDF211EF80F69412C4F9AE02.roa
Signing time: Wed 08 Jan 2025 18:59:02 +0000
ROA not before: Wed 08 Jan 2025 18:59:02 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 43260
IP address blocks: 14.192.136.0/24 maxlen: 24
14.192.144.0/24 maxlen: 24
14.192.151.0/24 maxlen: 24
14.192.152.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 09 Jan 2025 09:35:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3043 (0xbe3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915A0CD
Validity
Not Before: Jan 8 18:59:02 2025 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=677ecaf6-4d64
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:8b:c1:5f:07:24:4f:a1:f9:ce:c4:8e:50:20:
c2:f5:e4:98:29:61:83:01:ad:bb:62:d3:3a:24:cd:
46:bf:3d:94:12:a9:cf:77:75:05:85:1a:9e:55:c2:
43:87:3a:19:cf:42:84:72:04:b1:00:18:36:b1:58:
cb:15:87:4c:77:c9:98:50:40:68:54:fd:07:71:c7:
b0:dc:bd:2f:b6:17:26:ec:62:0a:eb:35:c3:bf:a8:
8e:ae:5f:a8:a3:a1:2a:af:70:b6:c7:7c:84:51:bd:
fe:75:fa:b4:77:26:31:43:e5:71:5f:50:53:d1:e3:
03:27:39:6c:4b:85:d8:2c:04:e5:16:ca:25:59:30:
ba:55:fa:2b:05:02:2b:d1:84:9d:a7:b8:0f:e3:eb:
16:2a:8c:a4:77:74:d9:84:41:5d:e4:ce:84:64:af:
c4:75:19:fd:eb:73:2d:6c:07:c1:85:7e:87:eb:ba:
1a:a7:a0:4d:df:3a:65:fb:c1:b3:39:cf:9f:d2:82:
66:34:4d:6d:af:2e:fa:ce:7f:b1:c4:0f:5b:a0:22:
ac:d1:6e:1d:0b:ab:94:ad:88:6d:77:e3:7b:12:ba:
91:b4:9a:3d:c5:e0:82:32:1b:d6:75:64:01:57:b2:
17:d0:c7:2c:06:d1:f7:67:79:9d:3d:4b:8b:36:db:
ba:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:D7:53:BF:98:39:FB:CA:A8:77:77:88:CB:B1:43:C2:F4:07:88:1C
X509v3 Authority Key Identifier:
keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/8B4DE2ECCDF211EF80F69412C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.192.136.0/24
14.192.144.0/24
14.192.151.0-14.192.152.255
Signature Algorithm: sha256WithRSAEncryption
50:ec:05:c3:09:20:27:73:e8:41:83:da:14:d4:7b:7b:5a:26:
1b:a6:a1:46:be:5c:9e:5c:b4:b1:dd:ec:c3:f2:e8:61:72:ec:
97:bc:2c:be:8f:60:8a:fe:37:ee:b1:35:b4:d0:b8:f1:97:a7:
7f:fa:94:38:c9:f7:48:c9:97:73:ca:99:67:d6:d4:90:68:2c:
a4:00:59:71:9e:8a:d4:a3:6f:61:5a:0f:c9:37:44:ba:3b:30:
5a:6e:59:39:4a:89:71:ba:bd:7e:d3:94:2b:d3:59:70:c6:fa:
f7:6c:be:5f:c8:37:c3:fd:8d:37:a4:9e:ac:de:95:ad:99:21:
2e:89:c3:55:53:8a:81:df:a7:1d:42:df:99:f9:71:56:51:99:
3d:ff:30:d7:47:40:01:5a:de:c3:21:42:cf:4d:12:71:04:28:
76:76:31:2b:d1:b8:52:e3:12:ed:ac:1d:97:ca:36:15:6d:58:
96:8d:d8:0b:71:28:17:28:db:ad:8a:d1:77:e9:b2:d8:73:e6:
6e:f1:06:3b:71:00:1d:22:4b:23:ca:d6:7a:c7:43:06:4c:49:
3c:50:5c:57:3c:b2:4c:8b:9f:6d:65:8e:53:1b:86:7f:55:44:
9e:e2:7b:78:48:73:18:55:99:aa:a9:72:88:e1:1c:28:4f:b6:
80:36:c9:87
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICC+MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjUwMTA4MTg1OTAyWhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzdlY2FmNi00ZDY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvYvBXwckT6H5zsSOUCDC9eSYKWGDAa27YtM6JM1Gvz2UEqnPd3UFhRqeVcJD
hzoZz0KEcgSxABg2sVjLFYdMd8mYUEBoVP0Hccew3L0vthcm7GIK6zXDv6iOrl+o
o6Eqr3C2x3yEUb3+dfq0dyYxQ+VxX1BT0eMDJzlsS4XYLATlFsolWTC6VforBQIr
0YSdp7gP4+sWKoykd3TZhEFd5M6EZK/EdRn963MtbAfBhX6H67oap6BN3zpl+8Gz
Oc+f0oJmNE1try76zn+xxA9boCKs0W4dC6uUrYhtd+N7ErqRtJo9xeCCMhvWdWQB
V7IX0McsBtH3Z3mdPUuLNtu6LwIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFN/XU7+Y
OfvKqHd3iMuxQ8L0B4gcMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvOEI0REUyRUND
REYyMTFFRjgwRjY5NDEyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBoDBAAOwIgDBAAOwJAwDAMEAA7AlwMEAA7AmDANBgkqhkiG9w0B
AQsFAAOCAQEAUOwFwwkgJ3PoQYPaFNR7e1omG6ahRr5cnly0sd3sw/LoYXLsl7ws
vo9giv437rE1tNC48Zenf/qUOMn3SMmXc8qZZ9bUkGgspABZcZ6K1KNvYVoPyTdE
ujswWm5ZOUqJcbq9ftOUK9NZcMb692y+X8g3w/2NN6SerN6VrZkhLonDVVOKgd+n
HULfmflxVlGZPf8w10dAAVrewyFCz00ScQQodnYxK9G4UuMS7awdl8o2FW1Ylo3Y
C3EoFyjbrYrRd+my2HPmbvEGO3EAHSJLI8rWesdDBkxJPFBcVzyyTIufbWWOUxuG
f1VEnuJ7eEhzGFWZqqlyiOEcKE+2gDbJhw==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:37:37 2025 by rpki-client