Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/004252367FF111EFB2CDF157C4F9AE02.roa
File: 004252367FF111EFB2CDF157C4F9AE02.roa (raw, json)
Hash identifier: 2Tz/5N+ppxt1+prQnJeBEsMcaakELVIPGUA3/2G6ur4=
Subject key identifier: D4:B2:48:4A:B0:EB:5F:F9:1A:18:14:D5:14:5B:17:E2:95:91:97:6B
Certificate issuer: /CN=A917DEA4/serialNumber=B4D6FFD5DFF9EAC413AB4408E09637B09494DBC8
Certificate serial: 0651
Authority key identifier: B4:D6:FF:D5:DF:F9:EA:C4:13:AB:44:08:E0:96:37:B0:94:94:DB:C8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tNb_1d_56sQTq0QI4JY3sJSU28g.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/004252367FF111EFB2CDF157C4F9AE02.roa
Signing time: Tue 01 Oct 2024 16:37:23 +0000
ROA not before: Tue 01 Oct 2024 16:37:23 +0000
ROA not after: Fri 31 Oct 2025 00:00:00 +0000
asID: 55740
IP address blocks: 14.97.20.0/24 maxlen: 24
2406:e00:800::/48 maxlen: 48
Validation: Failed, certificate revoked on Fri 04 Oct 2024 11:42:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1617 (0x651)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917DEA4/serialNumber=B4D6FFD5DFF9EAC413AB4408E09637B09494DBC8
Validity
Not Before: Oct 1 16:37:23 2024 GMT
Not After : Oct 31 00:00:00 2025 GMT
Subject: CN=66fc2543-f8ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:64:ce:d3:dc:b8:68:56:52:69:bf:fe:18:da:
3c:86:2a:46:2b:42:a3:66:52:24:78:0e:5d:19:4b:
78:7d:1c:1b:f9:1e:4e:83:ba:9a:15:f8:a6:ed:7a:
c0:bd:37:3a:c7:3b:ea:50:da:49:05:bb:ad:d9:4f:
01:fa:97:18:d7:44:d1:f9:dd:b7:5c:2d:d8:6d:e0:
67:48:0a:55:cf:63:37:e7:6c:4d:7d:e7:ae:b8:91:
a1:93:80:e3:d1:73:70:92:d4:70:68:f8:49:0b:30:
9c:e0:42:da:b2:ef:5e:2c:45:dd:49:e2:5e:aa:48:
8b:6c:d6:62:96:ef:03:9f:02:57:ae:bf:f1:05:f7:
1e:5f:cf:44:61:32:a3:82:fa:80:d7:14:9a:e7:71:
7d:17:3f:c6:f6:c7:46:d5:41:3e:b9:ab:9c:e5:14:
ec:57:7e:41:78:1f:d8:a7:a3:fd:15:09:ec:5f:6a:
b5:01:c0:5e:9d:79:2d:ae:62:3c:33:2b:44:23:14:
ad:e9:d0:86:6b:e0:ac:2a:f4:cb:c1:d3:ba:e7:64:
fa:2a:c0:58:ea:a9:4e:0e:8e:76:ea:7f:cc:a0:71:
9d:e0:3c:2f:b2:11:d7:c7:ed:ab:3d:18:90:db:40:
c6:e9:3a:7b:40:0a:b5:c1:78:31:83:62:63:ed:b6:
0f:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:B2:48:4A:B0:EB:5F:F9:1A:18:14:D5:14:5B:17:E2:95:91:97:6B
X509v3 Authority Key Identifier:
keyid:B4:D6:FF:D5:DF:F9:EA:C4:13:AB:44:08:E0:96:37:B0:94:94:DB:C8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/tNb_1d_56sQTq0QI4JY3sJSU28g.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tNb_1d_56sQTq0QI4JY3sJSU28g.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/004252367FF111EFB2CDF157C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.97.20.0/24
IPv6:
2406:e00:800::/48
Signature Algorithm: sha256WithRSAEncryption
c3:d1:e1:15:31:c4:3f:27:2b:95:ea:43:c2:5b:9f:41:44:83:
82:21:a2:9b:ac:76:8b:25:54:dc:ff:e5:ac:32:bc:69:a6:79:
8b:e0:0e:94:f4:a9:aa:69:37:80:c8:f6:7b:cd:bf:02:df:06:
e8:95:8f:f1:8a:0b:43:b5:b0:46:92:9e:a2:8c:e4:f4:02:ec:
82:b3:c7:52:0d:07:c2:ac:d6:36:9a:9c:e7:9d:7c:2d:bb:ec:
32:da:be:bd:0f:60:ac:2c:d5:68:65:d7:46:a8:7f:43:0f:55:
72:94:37:d8:22:a5:8d:22:8b:e6:3d:c7:0f:f1:d6:af:c7:03:
dd:f5:eb:06:dc:c3:9f:6c:e3:84:8a:72:27:e6:76:88:f5:8c:
26:7d:bc:4c:2e:94:7c:d6:48:73:66:91:0b:44:79:b7:eb:aa:
70:bf:75:cb:07:54:74:66:b1:92:3a:20:df:51:dd:a0:d9:ff:
57:70:14:19:39:86:8f:b8:8b:0b:5c:bc:6a:54:24:ac:6a:27:
4f:dd:ed:25:9b:c8:d3:60:c2:52:f8:48:6c:29:cd:44:4a:aa:
48:57:77:19:b6:b6:73:bd:b6:dd:bd:49:01:df:d0:45:e3:e3:
0b:26:07:09:73:f4:6f:cc:64:e9:62:91:e4:be:65:ef:a8:7c:
6a:42:ef:4e
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICBlEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0RFQTQxMTAvBgNVBAUTKEI0RDZGRkQ1REZGOUVBQzQxM0FCNDQwOEUwOTYzN0Iw
OTQ5NERCQzgwHhcNMjQxMDAxMTYzNzIzWhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmZjMjU0My1mOGVhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA12TO09y4aFZSab/+GNo8hipGK0KjZlIkeA5dGUt4fRwb+R5Og7qaFfim7XrA
vTc6xzvqUNpJBbut2U8B+pcY10TR+d23XC3YbeBnSApVz2M352xNfeeuuJGhk4Dj
0XNwktRwaPhJCzCc4ELasu9eLEXdSeJeqkiLbNZilu8DnwJXrr/xBfceX89EYTKj
gvqA1xSa53F9Fz/G9sdG1UE+uauc5RTsV35BeB/Yp6P9FQnsX2q1AcBenXktrmI8
MytEIxSt6dCGa+CsKvTLwdO652T6KsBY6qlODo526n/MoHGd4DwvshHXx+2rPRiQ
20DG6Tp7QAq1wXgxg2Jj7bYP8wIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFNSySEqw
61/5GhgU1RRbF+KVkZdrMB8GA1UdIwQYMBaAFLTW/9Xf+erEE6tECOCWN7CUlNvI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3REVBNC9BMjQyNkI2MDk4
MjkxMUVCQjc4ODIwODFDNEY5QUUwMi90TmJfMWRfNTZzUVRxMFFJNEpZM3NKU1Uy
OGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ROYl8xZF81NnNRVHEwUUk0Slkzc0pTVTI4Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0RFQTQvQTI0MjZCNjA5ODI5MTFFQkI3ODgyMDgxQzRGOUFFMDIvMDA0MjUyMzY3
RkYxMTFFRkIyQ0RGMTU3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAAOYRQwDwQCAAIwCQMHACQGDgAIADANBgkqhkiG9w0BAQsF
AAOCAQEAw9HhFTHEPycrlepDwlufQUSDgiGim6x2iyVU3P/lrDK8aaZ5i+AOlPSp
qmk3gMj2e82/At8G6JWP8YoLQ7WwRpKeoozk9ALsgrPHUg0HwqzWNpqc5518Lbvs
Mtq+vQ9grCzVaGXXRqh/Qw9VcpQ32CKljSKL5j3HD/HWr8cD3fXrBtzDn2zjhIpy
J+Z2iPWMJn28TC6UfNZIc2aRC0R5t+uqcL91ywdUdGaxkjog31HdoNn/V3AUGTmG
j7iLC1y8alQkrGonT93tJZvI02DCUvhIbCnNREqqSFd3Gba2c7223b1JAd/QRePj
CyYHCXP0b8xk6WKR5L5l76h8akLvTg==
-----END CERTIFICATE-----
Generated at Fri Oct 4 18:58:31 2024 by rpki-client on console-ams.rpki-client.org