Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9178AF2/73C88792E06711ECB9D2FF81C4F9AE02/C2B21172B44911EE8BBE000BC4F9AE02.roa
File: C2B21172B44911EE8BBE000BC4F9AE02.roa (raw, json)
Hash identifier: X1ppRFkHorpVnhIZbQTnTKK0VgJy6r00o/m0dABvv/A=
Subject key identifier: AF:25:99:CD:E6:B0:3E:08:F3:B5:DA:D2:A3:6D:50:60:59:56:F0:ED
Certificate issuer: /CN=A9178AF2/serialNumber=1005CCD5E18230FBA9ADD3D27F85DA38F13E4172
Certificate serial: 0267
Authority key identifier: 10:05:CC:D5:E1:82:30:FB:A9:AD:D3:D2:7F:85:DA:38:F1:3E:41:72
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/EAXM1eGCMPuprdPSf4XaOPE-QXI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9178AF2/73C88792E06711ECB9D2FF81C4F9AE02/C2B21172B44911EE8BBE000BC4F9AE02.roa
Signing time: Sat 03 Feb 2024 02:03:31 +0000
ROA not before: Sat 03 Feb 2024 02:03:31 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 43.243.193.0/24 maxlen: 24
45.113.82.0/24 maxlen: 24
103.229.118.0/24 maxlen: 24
Validation: Failed, certificate revoked on Sun 25 Feb 2024 08:50:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 615 (0x267)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9178AF2/serialNumber=1005CCD5E18230FBA9ADD3D27F85DA38F13E4172
Validity
Not Before: Feb 3 02:03:31 2024 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=65bd9ef3-7bcc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:9e:a8:55:ce:75:3c:90:f9:a7:78:01:80:bc:
02:db:5c:7a:18:fc:0a:dd:5f:6b:61:e5:16:99:b7:
3f:b4:d0:3c:20:78:24:83:dc:1e:45:f7:de:82:57:
32:86:0f:2b:d3:a4:fc:20:f6:0c:69:2d:c0:20:f0:
0e:ea:6c:d0:62:6b:26:4b:0e:89:ab:7b:d3:5b:68:
62:16:79:8a:88:bb:58:d2:88:12:14:df:59:90:5d:
ff:f0:b8:30:fe:14:88:d9:e6:56:3e:26:a2:ef:33:
88:0d:65:76:c6:34:16:1d:2e:97:e7:d4:8c:40:e2:
19:cb:16:0e:7d:5c:cf:2b:8a:27:37:af:64:bf:9c:
7e:1d:12:f0:94:b6:47:59:4b:62:49:e6:48:29:c0:
61:ca:a6:7d:65:2d:b5:4c:64:e0:fe:a4:f1:ae:37:
e9:8d:b4:55:1e:44:83:4b:7e:37:cd:99:58:b5:32:
c8:46:25:95:b2:ae:12:32:4e:a4:67:fe:a3:7a:d7:
b2:5b:20:0a:29:9e:8c:08:3a:b0:5e:f6:72:97:7d:
68:df:48:b2:aa:04:55:17:02:f2:da:f7:91:fc:df:
5e:fe:fc:44:b4:a4:0b:5e:08:a4:42:40:bc:b9:b4:
f2:49:4a:ce:65:47:a1:5c:1e:2e:e7:4d:ab:50:90:
fc:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:25:99:CD:E6:B0:3E:08:F3:B5:DA:D2:A3:6D:50:60:59:56:F0:ED
X509v3 Authority Key Identifier:
keyid:10:05:CC:D5:E1:82:30:FB:A9:AD:D3:D2:7F:85:DA:38:F1:3E:41:72
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9178AF2/73C88792E06711ECB9D2FF81C4F9AE02/EAXM1eGCMPuprdPSf4XaOPE-QXI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/EAXM1eGCMPuprdPSf4XaOPE-QXI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9178AF2/73C88792E06711ECB9D2FF81C4F9AE02/C2B21172B44911EE8BBE000BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.243.193.0/24
45.113.82.0/24
103.229.118.0/24
Signature Algorithm: sha256WithRSAEncryption
05:d2:cb:14:f8:2a:4e:d3:6b:94:b9:f9:a6:3f:15:67:b1:6a:
36:52:80:d4:bd:8b:a8:19:06:c2:90:8d:6c:f1:77:f1:82:46:
8f:a2:96:50:f2:0a:ee:b2:56:46:20:ef:b1:77:36:31:f2:41:
e7:af:5c:ad:e1:48:cd:81:2d:e1:ba:87:fd:fc:dd:66:09:71:
b5:fe:2b:43:33:29:7a:74:04:a8:e6:3c:ae:6e:6e:4a:50:0a:
67:54:52:5a:40:a0:94:4d:68:ac:4d:b0:f9:09:d3:ee:fb:49:
48:8a:8a:a2:07:cd:21:47:21:8e:16:e0:13:cf:b4:c1:09:a7:
3c:55:4a:30:8d:e5:24:68:71:b4:89:f8:39:e2:63:cc:88:d9:
64:05:45:08:15:fe:3c:b3:f0:61:8a:74:9e:19:38:17:d0:ac:
25:f7:5d:c6:f0:77:c2:1b:0c:d2:65:0c:7a:ff:83:f6:43:a7:
aa:8d:bf:58:ec:9a:8b:56:07:95:a2:fa:75:34:cd:80:06:b8:
7b:0d:e1:7e:51:d8:ab:19:e9:a6:25:89:69:af:d2:8c:cc:ca:
d9:10:6e:48:d1:c1:b0:18:4b:6b:0d:fe:9c:6b:84:94:c0:d3:
e4:c3:02:23:70:0b:0c:40:3c:6b:53:96:72:e9:19:c6:05:ec:
9a:68:9d:52
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICAmcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzhBRjIxMTAvBgNVBAUTKDEwMDVDQ0Q1RTE4MjMwRkJBOUFERDNEMjdGODVEQTM4
RjEzRTQxNzIwHhcNMjQwMjAzMDIwMzMxWhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWJkOWVmMy03YmNjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsZ6oVc51PJD5p3gBgLwC21x6GPwK3V9rYeUWmbc/tNA8IHgkg9weRffeglcy
hg8r06T8IPYMaS3AIPAO6mzQYmsmSw6Jq3vTW2hiFnmKiLtY0ogSFN9ZkF3/8Lgw
/hSI2eZWPiai7zOIDWV2xjQWHS6X59SMQOIZyxYOfVzPK4onN69kv5x+HRLwlLZH
WUtiSeZIKcBhyqZ9ZS21TGTg/qTxrjfpjbRVHkSDS343zZlYtTLIRiWVsq4SMk6k
Z/6jeteyWyAKKZ6MCDqwXvZyl31o30iyqgRVFwLy2veR/N9e/vxEtKQLXgikQkC8
ubTySUrOZUehXB4u502rUJD8QQIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFK8lmc3m
sD4I87Xa0qNtUGBZVvDtMB8GA1UdIwQYMBaAFBAFzNXhgjD7qa3T0n+F2jjxPkFy
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3OEFGMi83M0M4ODc5MkUw
NjcxMUVDQjlEMkZGODFDNEY5QUUwMi9FQVhNMWVHQ01QdXByZFBTZjRYYU9QRS1R
WEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0VBWE0xZUdDTVB1cHJkUFNmNFhhT1BFLVFYSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzhBRjIvNzNDODg3OTJFMDY3MTFFQ0I5RDJGRjgxQzRGOUFFMDIvQzJCMjExNzJC
NDQ5MTFFRThCQkUwMDBCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAAr88EDBAAtcVIDBABn5XYwDQYJKoZIhvcNAQELBQADggEB
AAXSyxT4Kk7Ta5S5+aY/FWexajZSgNS9i6gZBsKQjWzxd/GCRo+illDyCu6yVkYg
77F3NjHyQeevXK3hSM2BLeG6h/383WYJcbX+K0MzKXp0BKjmPK5ubkpQCmdUUlpA
oJRNaKxNsPkJ0+77SUiKiqIHzSFHIY4W4BPPtMEJpzxVSjCN5SRocbSJ+DniY8yI
2WQFRQgV/jyz8GGKdJ4ZOBfQrCX3Xcbwd8IbDNJlDHr/g/ZDp6qNv1jsmotWB5Wi
+nU0zYAGuHsN4X5R2KsZ6aYliWmv0ozMytkQbkjRwbAYS2sN/pxrhJTA0+TDAiNw
CwxAPGtTlnLpGcYF7JponVI=
-----END CERTIFICATE-----
Generated at Sun Feb 25 10:07:03 2024 by rpki-client on console-ams.rpki-client.org