Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9183B95/B54A3C34803511EC9ADDA54FC4F9AE02/998B2B3CD45F11EDAA6CD06FC4F9AE02.roa
File: 998B2B3CD45F11EDAA6CD06FC4F9AE02.roa (raw, json)
Hash identifier: QfdVB+C3B24TP76Pzk67HuYNIzLbnHgGC4CArKNDn+A=
Subject key identifier: 2A:86:1B:DD:01:55:C4:1E:66:FD:DF:C1:54:F8:92:C8:23:7D:3E:FC
Certificate issuer: /CN=A9183B95/serialNumber=FAD7ECC9C05CD8EB2056909D6C614715E2C5133E
Certificate serial: 02C9
Authority key identifier: FA:D7:EC:C9:C0:5C:D8:EB:20:56:90:9D:6C:61:47:15:E2:C5:13:3E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-tfsycBc2OsgVpCdbGFHFeLFEz4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9183B95/B54A3C34803511EC9ADDA54FC4F9AE02/998B2B3CD45F11EDAA6CD06FC4F9AE02.roa
Signing time: Mon 23 Oct 2023 06:45:23 +0000
ROA not before: Mon 23 Oct 2023 06:45:23 +0000
ROA not after: Sun 31 Mar 2024 00:00:00 +0000
asID: 9009
IP address blocks: 43.228.158.0/24 maxlen: 24
43.228.159.0/24 maxlen: 24
103.47.144.0/24 maxlen: 24
103.47.146.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 713 (0x2c9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9183B95/serialNumber=FAD7ECC9C05CD8EB2056909D6C614715E2C5133E
Validity
Not Before: Oct 23 06:45:23 2023 GMT
Not After : Mar 31 00:00:00 2024 GMT
Subject: CN=65361683-6ce7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:33:b9:fb:7a:29:b7:60:5b:c5:46:17:17:d7:
1d:ff:65:57:db:28:9c:d8:af:9a:aa:f4:45:38:a2:
11:42:a5:11:8e:9e:3a:26:b1:1d:1f:e4:aa:69:b2:
ba:d7:39:b9:ee:dd:e9:5f:fe:96:f4:14:cb:f4:fe:
cf:ec:bc:28:9a:8c:7d:fe:53:14:38:eb:4d:83:a9:
a9:fb:56:ab:13:c4:1f:d8:e0:93:4e:fe:38:a5:3b:
5e:2d:2f:b7:46:79:26:d1:b4:fc:3e:2e:30:76:57:
92:98:73:24:00:bb:73:67:96:b0:55:c3:4d:52:50:
89:f2:06:cd:b0:e8:c7:8c:e2:d8:6f:f0:88:2c:43:
ff:d7:a7:88:72:8d:e6:0a:28:c2:b7:1a:85:fd:21:
3b:7e:66:f3:cf:eb:05:87:bb:da:f9:e9:35:d1:d1:
bc:c0:04:e5:45:50:70:41:ef:18:ba:40:ac:c8:23:
08:19:ca:1a:be:0e:6e:b0:d8:7c:a0:6e:ab:dc:d0:
5a:f9:c3:da:f0:91:5f:67:57:77:cb:97:80:b7:c8:
44:b4:bb:21:ff:f3:44:49:8b:64:f5:0f:da:c4:17:
f1:03:35:d2:1e:0e:f0:79:46:36:34:96:24:c6:52:
a7:89:87:5e:e9:bf:29:ff:8f:0a:f1:5a:78:6e:a7:
b4:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:86:1B:DD:01:55:C4:1E:66:FD:DF:C1:54:F8:92:C8:23:7D:3E:FC
X509v3 Authority Key Identifier:
keyid:FA:D7:EC:C9:C0:5C:D8:EB:20:56:90:9D:6C:61:47:15:E2:C5:13:3E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9183B95/B54A3C34803511EC9ADDA54FC4F9AE02/-tfsycBc2OsgVpCdbGFHFeLFEz4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-tfsycBc2OsgVpCdbGFHFeLFEz4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9183B95/B54A3C34803511EC9ADDA54FC4F9AE02/998B2B3CD45F11EDAA6CD06FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.228.158.0/23
103.47.144.0/24
103.47.146.0/24
Signature Algorithm: sha256WithRSAEncryption
2a:c3:3a:01:72:f8:07:d9:d1:2b:12:0e:e8:db:16:90:ff:9f:
67:3b:e8:eb:73:d6:dd:26:eb:b4:96:24:05:49:48:3d:a3:14:
b1:22:e2:94:30:93:12:81:78:53:d4:9c:35:ca:52:c1:80:a6:
74:d8:74:01:f7:4e:6b:5c:04:37:dd:cf:35:3c:d0:7a:92:ce:
f5:41:2e:07:57:48:91:80:10:0e:86:e6:90:a8:e5:59:43:71:
b6:86:e9:fc:8b:81:35:2d:9a:62:2e:91:9f:72:f9:38:91:ff:
24:22:a6:7b:83:72:e8:06:4c:e0:e3:6d:32:ff:00:b9:ad:6f:
b8:fb:fd:0d:52:a5:0a:ef:7f:19:fb:e6:28:76:ab:2e:41:7c:
cd:68:b9:a3:ba:2c:32:02:ab:90:5a:6c:c0:96:de:4d:77:df:
49:5e:da:8e:b5:97:64:0c:a4:28:e9:53:33:7e:f4:a9:a7:cd:
ac:c7:e9:77:f4:17:f3:85:9d:3d:0b:c3:fc:bd:85:39:f6:9e:
8e:25:09:2e:c2:63:d4:b2:69:1e:17:63:b4:49:7b:3b:27:95:
6c:96:3e:36:ed:f3:27:9a:84:15:51:5c:21:4a:90:83:de:f0:
93:07:34:46:8c:44:91:3c:b3:0b:f7:a9:8d:b3:18:21:2f:b3:
d9:9d:67:7c
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICAskwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODNCOTUxMTAvBgNVBAUTKEZBRDdFQ0M5QzA1Q0Q4RUIyMDU2OTA5RDZDNjE0NzE1
RTJDNTEzM0UwHhcNMjMxMDIzMDY0NTIzWhcNMjQwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTM2MTY4My02Y2U3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnjO5+3opt2BbxUYXF9cd/2VX2yic2K+aqvRFOKIRQqURjp46JrEdH+SqabK6
1zm57t3pX/6W9BTL9P7P7Lwomox9/lMUOOtNg6mp+1arE8Qf2OCTTv44pTteLS+3
Rnkm0bT8Pi4wdleSmHMkALtzZ5awVcNNUlCJ8gbNsOjHjOLYb/CILEP/16eIco3m
CijCtxqF/SE7fmbzz+sFh7va+ek10dG8wATlRVBwQe8YukCsyCMIGcoavg5usNh8
oG6r3NBa+cPa8JFfZ1d3y5eAt8hEtLsh//NESYtk9Q/axBfxAzXSHg7weUY2NJYk
xlKniYde6b8p/48K8Vp4bqe0lwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFCqGG90B
VcQeZv3fwVT4ksgjfT78MB8GA1UdIwQYMBaAFPrX7MnAXNjrIFaQnWxhRxXixRM+
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4M0I5NS9CNTRBM0MzNDgw
MzUxMUVDOUFEREE1NEZDNEY5QUUwMi8tdGZzeWNCYzJPc2dWcENkYkdGSEZlTEZF
ejQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy10ZnN5Y0JjMk9zZ1ZwQ2RiR0ZIRmVMRkV6NC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODNCOTUvQjU0QTNDMzQ4MDM1MTFFQzlBRERBNTRGQzRGOUFFMDIvOTk4QjJCM0NE
NDVGMTFFREFBNkNEMDZGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAEr5J4DBABnL5ADBABnL5IwDQYJKoZIhvcNAQELBQADggEB
ACrDOgFy+AfZ0SsSDujbFpD/n2c76Otz1t0m67SWJAVJSD2jFLEi4pQwkxKBeFPU
nDXKUsGApnTYdAH3TmtcBDfdzzU80HqSzvVBLgdXSJGAEA6G5pCo5VlDcbaG6fyL
gTUtmmIukZ9y+TiR/yQipnuDcugGTODjbTL/ALmtb7j7/Q1SpQrvfxn75ih2qy5B
fM1ouaO6LDICq5BabMCW3k1330le2o61l2QMpCjpUzN+9KmnzazH6Xf0F/OFnT0L
w/y9hTn2no4lCS7CY9SyaR4XY7RJezsnlWyWPjbt8yeahBVRXCFKkIPe8JMHNEaM
RJE8swv3qY2zGCEvs9mdZ3w=
-----END CERTIFICATE-----
Generated at Tue Nov 14 13:31:35 2023 by rpki-client on console-ams.rpki-client.org