Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A916600A/9EA2BB7E3CD011EEAE554E73C4F9AE02/852CF9E23E0711EEB8D6DC71C4F9AE02.roa
File: 852CF9E23E0711EEB8D6DC71C4F9AE02.roa (raw, json)
Hash identifier: mD5W/XxYcRTuT9fUD9QmW3E5aoeN4isCYPpUh4QysMg=
Subject key identifier: B2:42:3A:D3:82:C4:13:76:B7:F7:2B:1B:37:7F:79:2D:D6:9A:ED:BB
Certificate issuer: /CN=A916600A/serialNumber=38EC19DACA58C45D91C659D35FE4F26DD824ACE4
Certificate serial: 09
Authority key identifier: 38:EC:19:DA:CA:58:C4:5D:91:C6:59:D3:5F:E4:F2:6D:D8:24:AC:E4
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OOwZ2spYxF2RxlnTX-TybdgkrOQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A916600A/9EA2BB7E3CD011EEAE554E73C4F9AE02/852CF9E23E0711EEB8D6DC71C4F9AE02.roa
Signing time: Fri 18 Aug 2023 20:42:00 +0000
ROA not before: Fri 18 Aug 2023 20:42:00 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 151668
IP address blocks: 103.216.158.0/24 maxlen: 24
103.216.159.0/24 maxlen: 24
2001:df2:d3c0::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 28 Aug 2023 17:54:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9 (0x9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A916600A/serialNumber=38EC19DACA58C45D91C659D35FE4F26DD824ACE4
Validity
Not Before: Aug 18 20:42:00 2023 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=64dfd798-3312
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:29:12:1f:d8:53:fc:f4:2e:ac:f1:04:d7:5e:
41:41:a4:40:3e:35:f0:89:39:f9:9c:67:f0:0e:6a:
d7:6d:5b:6d:80:ce:52:79:28:9b:21:c0:a8:5e:83:
7e:b9:15:8a:25:31:ea:c8:e5:59:2b:5a:9d:00:52:
4a:28:16:b8:99:eb:31:f8:92:1b:ac:e9:3c:6a:aa:
1d:8f:42:e6:c8:c1:d0:c1:de:97:42:b9:b2:4f:88:
d9:ac:4d:ca:32:14:3f:ac:9b:9e:46:eb:75:d4:e9:
80:df:51:d8:88:f5:05:c6:66:3a:17:e1:a6:c6:b1:
c7:a3:1d:09:82:11:c6:22:71:0e:81:ad:3c:9e:68:
53:86:73:d5:b5:c0:e8:f3:49:74:49:b5:ea:ea:fd:
78:95:1e:d6:63:28:b1:fe:fc:1c:c3:9a:09:ce:18:
92:ea:87:55:d2:c6:c2:21:b4:b4:ac:3b:ba:68:54:
b9:ac:fe:d4:67:80:7b:e9:e5:9b:70:7c:a6:cb:c5:
05:e9:e4:45:7c:10:0b:28:c4:39:06:0b:b4:c4:77:
6e:8b:0c:89:97:79:61:50:8e:e5:19:24:10:e3:c5:
d0:5a:8e:4c:ee:ed:69:75:e7:c3:9b:ac:ae:39:19:
da:aa:a5:70:97:ec:71:4b:da:ee:7d:6e:e2:7d:93:
af:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:42:3A:D3:82:C4:13:76:B7:F7:2B:1B:37:7F:79:2D:D6:9A:ED:BB
X509v3 Authority Key Identifier:
keyid:38:EC:19:DA:CA:58:C4:5D:91:C6:59:D3:5F:E4:F2:6D:D8:24:AC:E4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A916600A/9EA2BB7E3CD011EEAE554E73C4F9AE02/OOwZ2spYxF2RxlnTX-TybdgkrOQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OOwZ2spYxF2RxlnTX-TybdgkrOQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916600A/9EA2BB7E3CD011EEAE554E73C4F9AE02/852CF9E23E0711EEB8D6DC71C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.216.158.0/23
IPv6:
2001:df2:d3c0::/48
Signature Algorithm: sha256WithRSAEncryption
7c:f4:67:fc:a5:d7:1d:52:9b:62:ae:ed:80:d0:91:4a:96:ac:
45:f5:d1:18:d0:ce:90:29:f1:53:ae:a7:3b:ca:66:38:ad:42:
5e:63:d5:0a:9f:81:f3:e0:8a:85:0c:18:18:29:8c:95:f0:ef:
6a:dc:eb:b6:ed:a5:50:c9:e6:61:62:42:44:d1:7d:dc:51:08:
21:60:83:af:18:d1:03:f5:97:34:a1:01:cd:dc:b1:fe:cc:bf:
57:1c:c7:a9:13:3b:4d:7d:47:67:a7:8f:31:b3:81:e5:9d:70:
0b:d3:07:5c:b5:87:51:15:0d:8e:e6:eb:82:da:c9:cf:e2:07:
ba:a7:03:2f:d6:f2:72:b8:01:39:63:58:71:93:6a:14:73:f4:
ca:c0:07:e7:40:dd:d4:90:f8:6a:c5:1b:3f:24:73:09:bc:f9:
73:e3:6c:aa:b6:c5:6f:2a:09:19:dc:ef:55:c0:f4:80:11:6f:
cc:59:69:c4:02:03:e0:d2:4b:b7:44:b7:c7:29:de:49:cd:7b:
92:41:c4:46:fc:99:d5:e6:e8:2a:76:0a:6b:9e:20:fb:03:7c:
ef:dd:a2:6e:09:5e:5c:c1:ee:f9:71:94:cc:ac:53:f7:db:af:
2b:c4:bb:3c:b4:30:a7:a5:3e:c2:08:1f:2c:8e:bb:04:b5:2f:
e0:71:13:82
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE2
NjAwQTExMC8GA1UEBRMoMzhFQzE5REFDQTU4QzQ1RDkxQzY1OUQzNUZFNEYyNkRE
ODI0QUNFNDAeFw0yMzA4MTgyMDQyMDBaFw0yNDEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0ZGZkNzk4LTMzMTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCgKRIf2FP89C6s8QTXXkFBpEA+NfCJOfmcZ/AOatdtW22AzlJ5KJshwKheg365
FYolMerI5VkrWp0AUkooFriZ6zH4khus6Txqqh2PQubIwdDB3pdCubJPiNmsTcoy
FD+sm55G63XU6YDfUdiI9QXGZjoX4abGscejHQmCEcYicQ6BrTyeaFOGc9W1wOjz
SXRJterq/XiVHtZjKLH+/BzDmgnOGJLqh1XSxsIhtLSsO7poVLms/tRngHvp5Ztw
fKbLxQXp5EV8EAsoxDkGC7TEd26LDImXeWFQjuUZJBDjxdBajkzu7Wl158ObrK45
GdqqpXCX7HFL2u59buJ9k6+FAgMBAAGjggKmMIICojAdBgNVHQ4EFgQUskI604LE
E3a39ysbN395Ldaa7bswHwYDVR0jBBgwFoAUOOwZ2spYxF2RxlnTX+TybdgkrOQw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTY2MDBBLzlFQTJCQjdFM0NE
MDExRUVBRTU1NEU3M0M0RjlBRTAyL09Pd1oyc3BZeEYyUnhsblRYLVR5YmRna3JP
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvT093WjJzcFl4RjJSeGxuVFgtVHliZGdrck9RLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2
NjAwQS85RUEyQkI3RTNDRDAxMUVFQUU1NTRFNzNDNEY5QUUwMi84NTJDRjlFMjNF
MDcxMUVFQjhENkRDNzFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAWfYnjAPBAIAAjAJAwcAIAEN8tPAMA0GCSqGSIb3DQEBCwUA
A4IBAQB89Gf8pdcdUptiru2A0JFKlqxF9dEY0M6QKfFTrqc7ymY4rUJeY9UKn4Hz
4IqFDBgYKYyV8O9q3Ou27aVQyeZhYkJE0X3cUQghYIOvGNED9Zc0oQHN3LH+zL9X
HMepEztNfUdnp48xs4HlnXAL0wdctYdRFQ2O5uuC2snP4ge6pwMv1vJyuAE5Y1hx
k2oUc/TKwAfnQN3UkPhqxRs/JHMJvPlz42yqtsVvKgkZ3O9VwPSAEW/MWWnEAgPg
0ku3RLfHKd5JzXuSQcRG/JnV5ugqdgprniD7A3zv3aJuCV5cwe75cZTMrFP3268r
xLs8tDCnpT7CCB8sjrsEtS/gcROC
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:10 2024 by rpki-client on console-fra.rpki-client.org