Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91756B7/95EF7DBA967D11EBADD50D2CC4F9AE02/AFE48DA8BA2B11EEAEE1773FC4F9AE02.roa
File: AFE48DA8BA2B11EEAEE1773FC4F9AE02.roa (raw, json)
Hash identifier: rWQD7IFvl83rxc3CJN1+N/vCPZN9yQacWbKPNxtpnjk=
Subject key identifier: 49:F4:50:58:F4:E2:0F:55:C7:5A:AC:5A:DF:DD:6E:37:39:0C:3D:04
Certificate issuer: /CN=A91756B7/serialNumber=83D96F1DEA72A99D234B4456D6F6675DC7E6061E
Certificate serial: 05F9
Authority key identifier: 83:D9:6F:1D:EA:72:A9:9D:23:4B:44:56:D6:F6:67:5D:C7:E6:06:1E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g9lvHepyqZ0jS0RW1vZnXcfmBh4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91756B7/95EF7DBA967D11EBADD50D2CC4F9AE02/AFE48DA8BA2B11EEAEE1773FC4F9AE02.roa
Signing time: Tue 23 Jan 2024 20:15:14 +0000
ROA not before: Tue 23 Jan 2024 20:15:14 +0000
ROA not after: Tue 30 Jul 2024 00:00:00 +0000
asID: 58717
IP address blocks: 103.165.159.0/24 maxlen: 24
202.94.164.0/24 maxlen: 24
202.94.165.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 23 Jan 2024 21:12:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1529 (0x5f9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91756B7/serialNumber=83D96F1DEA72A99D234B4456D6F6675DC7E6061E
Validity
Not Before: Jan 23 20:15:14 2024 GMT
Not After : Jul 30 00:00:00 2024 GMT
Subject: CN=65b01e52-4e31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:5e:ba:01:ed:8d:36:68:a4:79:af:4e:cf:9f:
08:08:59:4f:ad:1c:a0:ca:b7:f5:3a:4d:2e:ff:b8:
9a:53:dd:8d:f6:ef:fc:ca:e1:21:c7:41:98:8a:18:
2c:98:8f:ae:5b:91:73:63:d9:d7:6f:12:8f:82:0f:
02:e8:23:59:c1:e3:75:97:4a:3f:f1:21:99:5d:c8:
2d:bf:0e:2d:d4:b8:57:0d:15:bc:b5:93:0e:8f:47:
04:30:62:ea:1b:fa:95:2c:09:91:01:c6:ef:b0:0e:
f5:44:fb:dd:b4:ec:a0:13:65:86:fc:04:59:ed:e5:
31:36:e8:c5:60:32:c3:bf:bc:1a:2c:44:ca:05:d7:
f9:e2:6e:c7:25:df:1f:9a:77:fb:9f:ea:ff:50:e1:
e1:43:25:2c:14:73:2d:12:c9:8b:64:0c:7a:e6:ac:
0d:59:ea:a5:ce:d5:2a:93:2b:fa:66:e7:14:3c:35:
8b:d6:c9:86:4a:96:8c:ee:d7:ad:ea:2f:d0:7f:8a:
f7:a9:e2:78:9c:42:86:6d:46:03:86:81:4b:80:fd:
55:44:b2:71:6f:78:57:e6:a8:ad:b3:ee:2a:62:7f:
0a:af:79:66:35:f4:38:e8:11:53:65:0c:8a:1b:28:
ef:40:d9:74:3b:ee:6c:cb:c8:f6:b6:fd:fc:4c:e8:
a2:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:F4:50:58:F4:E2:0F:55:C7:5A:AC:5A:DF:DD:6E:37:39:0C:3D:04
X509v3 Authority Key Identifier:
keyid:83:D9:6F:1D:EA:72:A9:9D:23:4B:44:56:D6:F6:67:5D:C7:E6:06:1E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91756B7/95EF7DBA967D11EBADD50D2CC4F9AE02/g9lvHepyqZ0jS0RW1vZnXcfmBh4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g9lvHepyqZ0jS0RW1vZnXcfmBh4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91756B7/95EF7DBA967D11EBADD50D2CC4F9AE02/AFE48DA8BA2B11EEAEE1773FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.165.159.0/24
202.94.164.0/23
Signature Algorithm: sha256WithRSAEncryption
88:83:b0:7a:1a:a9:00:43:3a:28:4a:99:aa:1b:6f:57:fd:ed:
45:df:ab:09:e1:81:ae:3e:4e:76:1b:71:e9:29:2d:de:86:8f:
3c:30:2d:e4:70:1b:2f:a7:36:ab:85:20:da:94:e9:89:82:f2:
f1:f9:2c:74:8a:31:b5:a1:f1:d6:b3:26:59:9f:dd:6e:d4:44:
85:4e:60:ff:e9:26:fe:d1:a3:9e:dd:08:90:c6:97:c8:3a:4b:
24:c0:a9:2c:d7:8a:ed:73:20:9b:b6:16:b8:30:9f:2e:4c:4b:
08:43:9a:f5:18:e9:59:dc:d9:d8:4e:a0:a0:ae:fa:3e:07:70:
f8:ff:43:d5:3b:2e:ff:a0:98:25:ce:79:ad:dd:0d:9d:78:b6:
5f:0a:2c:1e:1a:13:e1:44:31:c2:15:8e:b4:c3:82:c2:4e:5b:
67:ba:12:5f:69:eb:bf:52:0f:80:9c:cf:72:6a:e2:1d:04:7d:
71:60:a6:c5:07:0e:77:a1:e0:9f:c9:b6:9f:69:de:aa:c2:b2:
0e:ba:3a:14:89:f1:93:c1:68:53:6a:6b:58:8a:0c:b1:d7:f3:
64:1a:da:30:ea:53:dd:6e:bb:40:18:00:b6:ae:48:2d:b5:28:
5b:71:d3:3e:65:e3:09:e7:a0:46:4e:e5:4f:78:2d:cc:bd:90:
5d:3a:14:87
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBfkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzU2QjcxMTAvBgNVBAUTKDgzRDk2RjFERUE3MkE5OUQyMzRCNDQ1NkQ2RjY2NzVE
QzdFNjA2MUUwHhcNMjQwMTIzMjAxNTE0WhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWIwMWU1Mi00ZTMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxF66Ae2NNmikea9Oz58ICFlPrRygyrf1Ok0u/7iaU92N9u/8yuEhx0GYihgs
mI+uW5FzY9nXbxKPgg8C6CNZweN1l0o/8SGZXcgtvw4t1LhXDRW8tZMOj0cEMGLq
G/qVLAmRAcbvsA71RPvdtOygE2WG/ARZ7eUxNujFYDLDv7waLETKBdf54m7HJd8f
mnf7n+r/UOHhQyUsFHMtEsmLZAx65qwNWeqlztUqkyv6ZucUPDWL1smGSpaM7tet
6i/Qf4r3qeJ4nEKGbUYDhoFLgP1VRLJxb3hX5qits+4qYn8Kr3lmNfQ46BFTZQyK
GyjvQNl0O+5sy8j2tv38TOiiYQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFEn0UFj0
4g9Vx1qsWt/dbjc5DD0EMB8GA1UdIwQYMBaAFIPZbx3qcqmdI0tEVtb2Z13H5gYe
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3NTZCNy85NUVGN0RCQTk2
N0QxMUVCQURENTBEMkNDNEY5QUUwMi9nOWx2SGVweXFaMGpTMFJXMXZablhjZm1C
aDQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2c5bHZIZXB5cVowalMwUlcxdlpuWGNmbUJoNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzU2QjcvOTVFRjdEQkE5NjdEMTFFQkFERDUwRDJDQzRGOUFFMDIvQUZFNDhEQThC
QTJCMTFFRUFFRTE3NzNGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnpZ8DBAHKXqQwDQYJKoZIhvcNAQELBQADggEBAIiDsHoa
qQBDOihKmaobb1f97UXfqwnhga4+TnYbcekpLd6GjzwwLeRwGy+nNquFINqU6YmC
8vH5LHSKMbWh8dazJlmf3W7URIVOYP/pJv7Ro57dCJDGl8g6SyTAqSzXiu1zIJu2
Frgwny5MSwhDmvUY6Vnc2dhOoKCu+j4HcPj/Q9U7Lv+gmCXOea3dDZ14tl8KLB4a
E+FEMcIVjrTDgsJOW2e6El9p679SD4Ccz3Jq4h0EfXFgpsUHDneh4J/Jtp9p3qrC
sg66OhSJ8ZPBaFNqa1iKDLHX82Qa2jDqU91uu0AYALauSC21KFtx0z5l4wnnoEZO
5U94Lcy9kF06FIc=
-----END CERTIFICATE-----
Generated at Wed Jan 24 00:29:21 2024 by rpki-client on console-ams.rpki-client.org