Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/5A3E7C2C7F5811EFA0391F48C4F9AE02.roa
File: 5A3E7C2C7F5811EFA0391F48C4F9AE02.roa (raw, json)
Hash identifier: 4TGwTqKANbcaYMfmOLbZSosngGMh1jx2n85+gVRenMU=
Subject key identifier: 3A:F0:B8:52:70:DD:44:5A:01:9F:2C:3B:8E:21:5E:23:FB:80:65:6F
Certificate issuer: /CN=A917A84A/serialNumber=8A1A10EB8FBA45C2152CA8956F432F9A8139603A
Certificate serial: 1C6E
Authority key identifier: 8A:1A:10:EB:8F:BA:45:C2:15:2C:A8:95:6F:43:2F:9A:81:39:60:3A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ihoQ64-6RcIVLKiVb0MvmoE5YDo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/5A3E7C2C7F5811EFA0391F48C4F9AE02.roa
Signing time: Wed 02 Oct 2024 14:59:07 +0000
ROA not before: Wed 02 Oct 2024 14:59:07 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 55154
IP address blocks: 115.42.68.0/24 maxlen: 24
115.42.69.0/24 maxlen: 24
115.42.71.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 07 Oct 2024 16:14:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7278 (0x1c6e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917A84A/serialNumber=8A1A10EB8FBA45C2152CA8956F432F9A8139603A
Validity
Not Before: Oct 2 14:59:07 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=66fd5fbb-a9e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:e9:12:6f:3f:58:b0:52:66:df:76:d8:f7:df:
4f:34:50:a0:16:76:e6:2a:f0:40:ee:2e:29:1e:59:
b0:c0:62:3c:0f:f9:78:a0:bc:e8:5c:a3:1c:39:cc:
23:76:29:cc:85:89:87:f7:76:94:1d:f8:9f:d3:89:
de:29:ba:60:d6:9a:e2:63:df:db:cd:13:c0:89:fe:
51:9c:66:16:2b:05:66:2b:17:f2:a4:92:30:1a:34:
df:25:b6:9a:ce:8c:83:c8:4d:a7:b8:d1:88:b4:a1:
0a:e3:a6:f6:b2:b5:3f:20:53:74:56:df:ea:d2:ec:
c5:e9:45:80:a0:41:27:55:cf:5e:f2:d2:10:a5:f1:
f0:fc:07:51:27:19:ef:3a:61:c1:94:ce:01:f3:f2:
ad:4f:94:73:ca:7c:02:3c:a0:2b:84:25:57:c7:fa:
12:be:0f:12:40:63:03:51:ab:bf:b1:03:6f:67:64:
bc:2a:06:78:7f:df:ec:f0:90:49:f2:2b:26:f5:3d:
68:b7:f0:1b:a1:a3:39:3a:3e:3a:ca:cb:bf:74:6c:
34:ed:23:91:2e:78:84:3d:d3:1c:97:45:3a:4e:0b:
d4:6c:91:dd:3c:4d:71:54:c5:0a:ca:8d:9a:f4:11:
64:73:25:6d:ea:e8:7e:bb:5c:e5:a8:8a:30:97:6d:
f4:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:F0:B8:52:70:DD:44:5A:01:9F:2C:3B:8E:21:5E:23:FB:80:65:6F
X509v3 Authority Key Identifier:
keyid:8A:1A:10:EB:8F:BA:45:C2:15:2C:A8:95:6F:43:2F:9A:81:39:60:3A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/ihoQ64-6RcIVLKiVb0MvmoE5YDo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ihoQ64-6RcIVLKiVb0MvmoE5YDo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/5A3E7C2C7F5811EFA0391F48C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
115.42.68.0/23
115.42.71.0/24
Signature Algorithm: sha256WithRSAEncryption
0b:6b:a6:2d:0b:3f:d2:cd:c6:21:3e:ef:4f:72:98:1d:9e:e7:
74:f5:31:a7:53:38:f6:70:b4:ef:10:02:af:c2:34:18:1d:99:
b2:76:58:01:06:f9:0d:44:be:af:ec:07:ca:63:16:5b:20:c1:
8b:45:ca:e3:f9:8e:74:a6:3d:93:b9:bb:cd:7c:55:c6:1d:c8:
eb:9a:f1:1d:eb:16:7b:30:50:c6:6d:12:7e:2d:11:66:d2:6f:
3f:7d:1e:89:5a:1b:b8:d6:3c:dc:80:cf:26:e7:f6:f0:eb:0f:
c7:86:00:b3:4e:6d:76:1f:fd:25:0b:c7:9b:98:1c:db:a5:e4:
19:7e:58:bc:7e:70:2e:14:26:c3:dc:87:66:5a:3a:1c:fa:3e:
8d:28:23:e6:b6:3d:1a:63:e9:b7:09:f1:b4:f8:f0:92:a6:2e:
4d:38:42:b7:84:01:b1:e7:16:f3:cc:03:47:20:f6:08:9b:87:
59:e4:ec:1f:96:0b:c7:f1:51:c8:ef:b8:a1:ca:64:4e:06:62:
1e:e5:a8:8b:94:26:74:5a:0c:9c:10:83:f0:ed:ba:24:6b:67:
1a:eb:04:58:49:3e:95:f3:fc:c5:f5:39:97:14:ad:c1:fa:af:
cb:44:60:23:cb:a8:d9:3b:53:f2:29:d6:bb:5f:49:e0:c9:6f:
17:5c:14:45
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICHG4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0E4NEExMTAvBgNVBAUTKDhBMUExMEVCOEZCQTQ1QzIxNTJDQTg5NTZGNDMyRjlB
ODEzOTYwM0EwHhcNMjQxMDAyMTQ1OTA3WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmZkNWZiYi1hOWU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6+kSbz9YsFJm33bY999PNFCgFnbmKvBA7i4pHlmwwGI8D/l4oLzoXKMcOcwj
dinMhYmH93aUHfif04neKbpg1priY9/bzRPAif5RnGYWKwVmKxfypJIwGjTfJbaa
zoyDyE2nuNGItKEK46b2srU/IFN0Vt/q0uzF6UWAoEEnVc9e8tIQpfHw/AdRJxnv
OmHBlM4B8/KtT5RzynwCPKArhCVXx/oSvg8SQGMDUau/sQNvZ2S8KgZ4f9/s8JBJ
8ism9T1ot/AboaM5Oj46ysu/dGw07SORLniEPdMcl0U6TgvUbJHdPE1xVMUKyo2a
9BFkcyVt6uh+u1zlqIowl230CwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFDrwuFJw
3URaAZ8sO44hXiP7gGVvMB8GA1UdIwQYMBaAFIoaEOuPukXCFSyolW9DL5qBOWA6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QTg0QS8xODA1MTkxQUUx
RUYxMUU2OUQzNjUwMUJDNEY5QUUwMi9paG9RNjQtNlJjSVZMS2lWYjBNdm1vRTVZ
RG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2lob1E2NC02UmNJVkxLaVZiME12bW9FNVlEby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0E4NEEvMTgwNTE5MUFFMUVGMTFFNjlEMzY1MDFCQzRGOUFFMDIvNUEzRTdDMkM3
RjU4MTFFRkEwMzkxRjQ4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAFzKkQDBABzKkcwDQYJKoZIhvcNAQELBQADggEBAAtrpi0L
P9LNxiE+709ymB2e53T1MadTOPZwtO8QAq/CNBgdmbJ2WAEG+Q1Evq/sB8pjFlsg
wYtFyuP5jnSmPZO5u818VcYdyOua8R3rFnswUMZtEn4tEWbSbz99HolaG7jWPNyA
zybn9vDrD8eGALNObXYf/SULx5uYHNul5Bl+WLx+cC4UJsPch2ZaOhz6Po0oI+a2
PRpj6bcJ8bT48JKmLk04QreEAbHnFvPMA0cg9gibh1nk7B+WC8fxUcjvuKHKZE4G
Yh7lqIuUJnRaDJwQg/DtuiRrZxrrBFhJPpXz/MX1OZcUrcH6r8tEYCPLqNk7U/Ip
1rtfSeDJbxdcFEU=
-----END CERTIFICATE-----
Generated at Mon Oct 7 20:37:56 2024 by rpki-client on console-fra.rpki-client.org