Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91964B3/2A5940F24BB311E9AB151C17C4F9AE02/246FF7A2E1CD11EE88C91543C4F9AE02.roa
File: 246FF7A2E1CD11EE88C91543C4F9AE02.roa (raw, json)
Hash identifier: 8KsSbC7Qozvk8S0t70u8vwkOhfQMJcMeQvBM7K44L1g=
Subject key identifier: 02:80:B8:21:9A:C1:3E:6A:A8:E8:02:43:54:98:13:05:61:49:8D:9F
Certificate issuer: /CN=A91964B3/serialNumber=464854FB50A9903C5253418C583D0F31B841D597
Certificate serial: 0F63
Authority key identifier: 46:48:54:FB:50:A9:90:3C:52:53:41:8C:58:3D:0F:31:B8:41:D5:97
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/RkhU-1CpkDxSU0GMWD0PMbhB1Zc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91964B3/2A5940F24BB311E9AB151C17C4F9AE02/246FF7A2E1CD11EE88C91543C4F9AE02.roa
Signing time: Sat 20 Jul 2024 14:49:07 +0000
ROA not before: Sat 20 Jul 2024 14:49:07 +0000
ROA not after: Sun 02 Mar 2025 00:00:00 +0000
asID: 9498
IP address blocks: 128.185.0.0/16 maxlen: 24
152.52.0.0/16 maxlen: 24
Validation: Failed, certificate revoked on Mon 22 Jul 2024 12:26:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3939 (0xf63)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91964B3
Validity
Not Before: Jul 20 14:49:07 2024 GMT
Not After : Mar 2 00:00:00 2025 GMT
Subject: CN=669bce63-9aef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:a8:5d:c1:3f:94:f4:66:84:7f:13:24:d9:0f:
6a:96:67:5c:f9:42:ec:c3:cc:e0:9d:f4:42:3d:6d:
5d:61:a9:75:b7:34:76:2d:f5:6d:0b:e7:d9:05:e3:
d3:a5:94:19:6b:a2:05:50:51:fe:66:69:06:cc:9d:
49:0b:c1:5e:3a:b4:6c:98:1c:51:00:27:5a:29:d2:
88:f8:fb:ce:64:d6:21:c8:75:ed:59:70:ad:26:73:
ef:0d:f9:9f:01:ce:9e:09:52:1f:f9:9c:45:de:f1:
d4:72:59:6d:5d:0d:4c:b3:90:f7:79:f5:a3:e3:4e:
61:c4:c1:e2:e1:50:d5:2c:59:16:c2:d4:93:03:db:
11:0d:d3:7e:33:22:f7:a4:83:cb:25:41:9b:2f:37:
47:29:9d:1a:8c:6a:56:e9:95:ea:8a:4f:0b:d8:f6:
cf:53:dc:20:53:96:7b:b0:55:e5:77:48:ff:c6:c7:
ca:de:2f:26:c3:c7:08:ec:60:dc:a0:c7:64:27:d3:
26:60:ec:a0:33:32:71:ef:1d:c2:66:6c:0b:6f:f7:
64:39:7f:71:e5:b5:a5:bf:09:27:20:c0:b5:5d:e7:
44:3b:9f:39:13:c8:79:0d:d6:eb:4b:dd:85:da:6b:
7e:29:1d:4f:74:75:64:65:b3:bd:3f:92:39:8a:ad:
3c:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:80:B8:21:9A:C1:3E:6A:A8:E8:02:43:54:98:13:05:61:49:8D:9F
X509v3 Authority Key Identifier:
keyid:46:48:54:FB:50:A9:90:3C:52:53:41:8C:58:3D:0F:31:B8:41:D5:97
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91964B3/2A5940F24BB311E9AB151C17C4F9AE02/RkhU-1CpkDxSU0GMWD0PMbhB1Zc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/RkhU-1CpkDxSU0GMWD0PMbhB1Zc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91964B3/2A5940F24BB311E9AB151C17C4F9AE02/246FF7A2E1CD11EE88C91543C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
128.185.0.0/16
152.52.0.0/16
Signature Algorithm: sha256WithRSAEncryption
72:60:4a:6e:2d:23:e4:05:d6:2c:01:a4:cf:8a:20:90:36:af:
c1:6a:ca:5d:2b:97:fc:5a:0d:bc:0e:8a:de:f7:99:09:03:07:
c5:45:f3:b4:46:f0:e6:61:69:79:13:df:ef:db:a8:04:8d:b7:
6e:88:76:e3:a1:b5:a5:a9:28:07:e8:bc:b2:34:dd:8b:ea:66:
1d:0c:ec:ff:af:1a:d4:ac:36:4f:e3:1a:18:77:eb:9b:a8:cc:
80:87:b1:38:83:a1:58:af:53:05:a1:19:4a:e1:13:76:04:66:
1f:34:4e:ac:15:82:e6:7b:bc:b4:bc:ce:05:61:bd:2b:ae:00:
70:d9:2f:35:4d:f3:2e:ce:71:4d:7a:90:8c:d3:7c:a0:c2:cb:
e8:27:8f:6a:6e:1b:14:bd:dc:da:6a:72:fb:15:59:33:ac:2b:
5b:00:42:79:f7:a4:01:10:67:25:3f:89:1a:db:cb:2a:a5:cb:
ad:9b:62:29:d3:bd:b9:ba:a5:29:9c:1f:4a:5e:20:e9:a1:5d:
78:70:71:bb:1a:b4:76:fe:22:39:e2:25:a7:79:e3:8a:a0:2e:
c1:0a:84:47:80:93:b3:0a:0a:96:a0:31:7b:40:23:25:26:27:
ca:8d:9d:66:c2:74:5f:c7:01:83:97:71:b6:31:60:c7:f2:43:
58:83:bf:62
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgICD2MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTY0QjMxMTAvBgNVBAUTKDQ2NDg1NEZCNTBBOTkwM0M1MjUzNDE4QzU4M0QwRjMx
Qjg0MUQ1OTcwHhcNMjQwNzIwMTQ0OTA3WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjliY2U2My05YWVmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsqhdwT+U9GaEfxMk2Q9qlmdc+ULsw8zgnfRCPW1dYal1tzR2LfVtC+fZBePT
pZQZa6IFUFH+ZmkGzJ1JC8FeOrRsmBxRACdaKdKI+PvOZNYhyHXtWXCtJnPvDfmf
Ac6eCVIf+ZxF3vHUclltXQ1Ms5D3efWj405hxMHi4VDVLFkWwtSTA9sRDdN+MyL3
pIPLJUGbLzdHKZ0ajGpW6ZXqik8L2PbPU9wgU5Z7sFXld0j/xsfK3i8mw8cI7GDc
oMdkJ9MmYOygMzJx7x3CZmwLb/dkOX9x5bWlvwknIMC1XedEO585E8h5DdbrS92F
2mt+KR1PdHVkZbO9P5I5iq08QQIDAQABo4ICmTCCApUwHQYDVR0OBBYEFAKAuCGa
wT5qqOgCQ1SYEwVhSY2fMB8GA1UdIwQYMBaAFEZIVPtQqZA8UlNBjFg9DzG4QdWX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NjRCMy8yQTU5NDBGMjRC
QjMxMUU5QUIxNTFDMTdDNEY5QUUwMi9Sa2hVLTFDcGtEeFNVMEdNV0QwUE1iaEIx
WmMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL1JraFUtMUNwa0R4U1UwR01XRDBQTWJoQjFaYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTY0QjMvMkE1OTQwRjI0QkIzMTFFOUFCMTUxQzE3QzRGOUFFMDIvMjQ2RkY3QTJF
MUNEMTFFRTg4QzkxNTQzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIwYIKwYBBQUHAQcBAf8E
FDASMBAEAgABMAoDAwCAuQMDAJg0MA0GCSqGSIb3DQEBCwUAA4IBAQByYEpuLSPk
BdYsAaTPiiCQNq/BaspdK5f8Wg28Dore95kJAwfFRfO0RvDmYWl5E9/v26gEjbdu
iHbjobWlqSgH6LyyNN2L6mYdDOz/rxrUrDZP4xoYd+ubqMyAh7E4g6FYr1MFoRlK
4RN2BGYfNE6sFYLme7y0vM4FYb0rrgBw2S81TfMuznFNepCM03ygwsvoJ49qbhsU
vdzaanL7FVkzrCtbAEJ596QBEGclP4ka28sqpcutm2Ip0725uqUpnB9KXiDpoV14
cHG7GrR2/iI54iWneeOKoC7BCoRHgJOzCgqWoDF7QCMlJifKjZ1mwnRfxwGDl3G2
MWDH8kNYg79i
-----END CERTIFICATE-----
Generated at Wed Feb 19 20:44:06 2025 by rpki-client