Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917B520/161D4C0AE4CA11EDA414E259C4F9AE02/9E2DB7F0E50711EDAFDF2556C4F9AE02.roa
File: 9E2DB7F0E50711EDAFDF2556C4F9AE02.roa (raw, json)
Hash identifier: J/eMoNH9cE1EJUvew0SJSDl1eTSGDijOTGjq8VbK3uE=
Subject key identifier: F0:B9:77:CC:D5:ED:EE:C6:F8:54:5E:91:C3:CC:45:F6:8A:C2:FC:D4
Certificate issuer: /CN=A917B520/serialNumber=542B94D8625CF711964FD13741295D27AD7A9004
Certificate serial: 71
Authority key identifier: 54:2B:94:D8:62:5C:F7:11:96:4F:D1:37:41:29:5D:27:AD:7A:90:04
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VCuU2GJc9xGWT9E3QSldJ616kAQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917B520/161D4C0AE4CA11EDA414E259C4F9AE02/9E2DB7F0E50711EDAFDF2556C4F9AE02.roa
Signing time: Tue 21 Nov 2023 03:10:06 +0000
ROA not before: Tue 21 Nov 2023 03:10:06 +0000
ROA not after: Tue 30 Jul 2024 00:00:00 +0000
asID: 150436
IP address blocks: 101.47.0.0/18 maxlen: 24
101.47.64.0/20 maxlen: 24
101.47.80.0/20 maxlen: 24
2401:4c20::/40 maxlen: 40
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 113 (0x71)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917B520/serialNumber=542B94D8625CF711964FD13741295D27AD7A9004
Validity
Not Before: Nov 21 03:10:06 2023 GMT
Not After : Jul 30 00:00:00 2024 GMT
Subject: CN=655c1f8e-0e58
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:e4:4d:eb:8f:9e:33:85:93:52:b4:84:6b:70:
c1:cc:fc:02:93:8c:a7:67:b0:2b:9e:36:02:40:a9:
0a:9a:f2:11:cf:ab:36:6c:f7:89:10:2f:e9:87:5d:
17:c1:73:e8:4a:02:29:e2:c5:9e:eb:45:94:2d:74:
8d:86:16:37:27:48:67:d7:2a:21:85:26:1f:80:43:
f0:ad:37:9e:6b:17:ac:67:d1:ff:ee:9f:77:ad:b1:
5f:d0:c9:52:cd:f3:ea:4d:8c:9e:1b:fc:55:66:b7:
c7:1f:c4:04:28:3c:e9:76:86:7f:a5:2d:6f:51:09:
6d:39:63:e7:7d:f9:6b:ae:f4:66:59:b0:74:0e:84:
f1:64:af:85:52:68:6d:54:39:68:df:f0:15:9c:1d:
ab:47:6b:44:a6:b5:e9:1a:a7:fd:f0:5a:35:bb:9f:
48:85:53:76:d0:33:0c:62:c4:c5:d3:9d:49:be:22:
c7:66:58:11:51:5a:ee:66:20:d8:1d:ca:38:11:1e:
36:6a:b9:93:38:c2:24:e1:77:05:c0:02:70:49:fe:
7f:79:b2:ca:55:09:1e:1d:27:d4:05:bd:4e:62:b9:
d1:86:82:59:ac:5b:8d:7b:1b:96:08:01:7c:fc:52:
22:7f:3c:49:a8:64:4c:52:96:a8:6b:70:50:13:48:
d1:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:B9:77:CC:D5:ED:EE:C6:F8:54:5E:91:C3:CC:45:F6:8A:C2:FC:D4
X509v3 Authority Key Identifier:
keyid:54:2B:94:D8:62:5C:F7:11:96:4F:D1:37:41:29:5D:27:AD:7A:90:04
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917B520/161D4C0AE4CA11EDA414E259C4F9AE02/VCuU2GJc9xGWT9E3QSldJ616kAQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VCuU2GJc9xGWT9E3QSldJ616kAQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917B520/161D4C0AE4CA11EDA414E259C4F9AE02/9E2DB7F0E50711EDAFDF2556C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
101.47.0.0-101.47.95.255
IPv6:
2401:4c20::/40
Signature Algorithm: sha256WithRSAEncryption
56:12:94:a8:ae:ac:fc:17:7a:73:17:b2:a8:40:72:d5:26:13:
28:50:d6:6b:70:7e:1f:b2:1a:c7:fa:f0:98:0e:8d:9e:e7:31:
c1:95:5a:d0:f2:03:df:42:89:be:20:0c:2d:a3:e2:40:18:1f:
d4:88:65:73:d6:23:2a:99:a2:3c:d8:d8:74:41:33:85:24:a1:
70:55:47:5b:b3:04:9c:c9:8c:74:26:7b:0f:00:c6:fe:71:95:
5f:59:28:17:0d:a8:63:2c:7c:12:1c:57:bc:c9:2d:25:4e:c2:
b0:e6:7c:09:73:61:c8:4c:ee:0c:27:a6:2f:96:19:86:b3:65:
b1:7f:3a:ad:b3:14:55:cf:d8:fc:63:86:b6:29:57:92:e0:7b:
46:ce:0b:71:80:99:0d:7c:3c:a9:81:0c:4a:a7:ce:a3:95:b7:
88:db:96:b9:45:35:c9:87:a1:6a:80:ac:cb:20:de:2b:98:a3:
5e:ec:40:66:9d:27:98:32:5b:c3:c5:0e:25:4b:e9:ac:86:e0:
80:81:b8:62:4d:4d:c5:42:e7:cd:89:0f:66:10:f8:04:67:a2:
3b:be:21:5d:01:f3:b8:ec:e8:e2:73:29:a2:63:6f:e7:06:1c:
fb:7e:56:20:4d:70:73:de:92:59:e5:51:42:76:c1:39:21:c4:
dd:64:10:c5
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgIBcTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE3
QjUyMDExMC8GA1UEBRMoNTQyQjk0RDg2MjVDRjcxMTk2NEZEMTM3NDEyOTVEMjdB
RDdBOTAwNDAeFw0yMzExMjEwMzEwMDZaFw0yNDA3MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1NWMxZjhlLTBlNTgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC25E3rj54zhZNStIRrcMHM/AKTjKdnsCueNgJAqQqa8hHPqzZs94kQL+mHXRfB
c+hKAinixZ7rRZQtdI2GFjcnSGfXKiGFJh+AQ/CtN55rF6xn0f/un3etsV/QyVLN
8+pNjJ4b/FVmt8cfxAQoPOl2hn+lLW9RCW05Y+d9+Wuu9GZZsHQOhPFkr4VSaG1U
OWjf8BWcHatHa0Smtekap/3wWjW7n0iFU3bQMwxixMXTnUm+IsdmWBFRWu5mINgd
yjgRHjZquZM4wiThdwXAAnBJ/n95sspVCR4dJ9QFvU5iudGGglmsW417G5YIAXz8
UiJ/PEmoZExSlqhrcFATSNH1AgMBAAGjggKsMIICqDAdBgNVHQ4EFgQU8Ll3zNXt
7sb4VF6Rw8xF9orC/NQwHwYDVR0jBBgwFoAUVCuU2GJc9xGWT9E3QSldJ616kAQw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTdCNTIwLzE2MUQ0QzBBRTRD
QTExRURBNDE0RTI1OUM0RjlBRTAyL1ZDdVUyR0pjOXhHV1Q5RTNRU2xkSjYxNmtB
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvVkN1VTJHSmM5eEdXVDlFM1FTbGRKNjE2a0FRLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3
QjUyMC8xNjFENEMwQUU0Q0ExMUVEQTQxNEUyNTlDNEY5QUUwMi85RTJEQjdGMEU1
MDcxMUVEQUZERjI1NTZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA2BggrBgEFBQcBBwEB/wQn
MCUwEwQCAAEwDTALAwMAZS8DBAVlL0AwDgQCAAIwCAMGACQBTCAAMA0GCSqGSIb3
DQEBCwUAA4IBAQBWEpSorqz8F3pzF7KoQHLVJhMoUNZrcH4fshrH+vCYDo2e5zHB
lVrQ8gPfQom+IAwto+JAGB/UiGVz1iMqmaI82Nh0QTOFJKFwVUdbswScyYx0JnsP
AMb+cZVfWSgXDahjLHwSHFe8yS0lTsKw5nwJc2HITO4MJ6YvlhmGs2WxfzqtsxRV
z9j8Y4a2KVeS4HtGzgtxgJkNfDypgQxKp86jlbeI25a5RTXJh6FqgKzLIN4rmKNe
7EBmnSeYMlvDxQ4lS+mshuCAgbhiTU3FQufNiQ9mEPgEZ6I7viFdAfO47Ojicymi
Y2/nBhz7flYgTXBz3pJZ5VFCdsE5IcTdZBDF
-----END CERTIFICATE-----
Generated at Thu Nov 23 09:28:11 2023 by rpki-client on console-fra.rpki-client.org