Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A4402/FDBFD0203D9611EA8EA0702FC4F9AE02/4A1F1BDE70C211EFB4F42A53C4F9AE02.roa
File: 4A1F1BDE70C211EFB4F42A53C4F9AE02.roa (raw, json)
Hash identifier: sW/BpnzszObqaPh6ASUxboFeW6Ojx4+s2JXYndP/Lyk=
Subject key identifier: 64:71:D2:04:51:19:9E:64:2B:BC:57:A2:A8:AF:2C:60:19:46:D9:9E
Certificate issuer: /CN=A91A4402/serialNumber=B4116A8E6DA991FDCF71626E7BEA11FF69CBA846
Certificate serial: 0AEE
Authority key identifier: B4:11:6A:8E:6D:A9:91:FD:CF:71:62:6E:7B:EA:11:FF:69:CB:A8:46
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tBFqjm2pkf3PcWJue-oR_2nLqEY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A4402/FDBFD0203D9611EA8EA0702FC4F9AE02/4A1F1BDE70C211EFB4F42A53C4F9AE02.roa
Signing time: Thu 12 Sep 2024 04:48:45 +0000
ROA not before: Thu 12 Sep 2024 04:48:45 +0000
ROA not after: Wed 28 May 2025 00:00:00 +0000
asID: 9311
IP address blocks: 43.246.128.0/24 maxlen: 24
43.246.130.0/24 maxlen: 24
43.246.196.0/24 maxlen: 24
43.246.198.0/24 maxlen: 24
103.8.85.0/24 maxlen: 24
103.15.32.0/24 maxlen: 24
103.15.79.0/24 maxlen: 24
103.248.150.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 14 Nov 2024 01:45:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2798 (0xaee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A4402/serialNumber=B4116A8E6DA991FDCF71626E7BEA11FF69CBA846
Validity
Not Before: Sep 12 04:48:45 2024 GMT
Not After : May 28 00:00:00 2025 GMT
Subject: CN=66e272ac-1cd1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:d6:fb:d0:f0:cb:40:5d:f5:4b:3b:2f:bb:4c:
de:9a:19:39:1f:c7:4c:ad:78:73:f6:84:4a:03:38:
8b:07:0d:a4:9c:28:e4:92:af:9c:e7:a2:15:00:21:
9f:a3:2f:27:eb:86:a0:73:d3:1d:7c:01:32:2c:16:
4d:c7:38:0a:ce:a4:eb:d1:21:c7:8a:2b:14:1a:2e:
4b:df:c2:1d:3b:ef:60:af:28:2e:4b:00:c7:f8:9c:
9e:76:83:4f:a4:f9:5e:a9:24:74:54:ec:aa:ac:57:
7e:ec:3c:84:9c:d1:2d:5e:a4:93:ec:f0:6c:90:a1:
fe:1b:16:4a:40:b4:5c:8d:9a:30:8f:c6:5e:f4:cb:
43:6e:1f:f8:09:bd:02:c2:74:16:73:69:55:4d:10:
05:e7:77:61:76:e7:b1:de:30:72:04:ac:28:47:8a:
04:c5:43:c7:b8:5f:e7:02:62:41:2a:2e:7e:57:d0:
08:47:4a:3c:cf:22:7d:17:5a:5a:0f:8a:8c:74:9a:
c8:ab:8c:81:91:db:06:8b:5e:c7:a3:85:30:3c:2a:
1b:2e:18:cb:fc:81:a7:ff:4a:d5:89:14:00:f5:34:
e9:93:b8:73:7c:c8:d1:48:be:62:58:93:c1:4a:33:
f7:0e:a2:e9:94:c5:09:2f:61:6c:bb:fa:ac:7d:1c:
5c:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:71:D2:04:51:19:9E:64:2B:BC:57:A2:A8:AF:2C:60:19:46:D9:9E
X509v3 Authority Key Identifier:
keyid:B4:11:6A:8E:6D:A9:91:FD:CF:71:62:6E:7B:EA:11:FF:69:CB:A8:46
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A4402/FDBFD0203D9611EA8EA0702FC4F9AE02/tBFqjm2pkf3PcWJue-oR_2nLqEY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tBFqjm2pkf3PcWJue-oR_2nLqEY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A4402/FDBFD0203D9611EA8EA0702FC4F9AE02/4A1F1BDE70C211EFB4F42A53C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.246.128.0/24
43.246.130.0/24
43.246.196.0/24
43.246.198.0/24
103.8.85.0/24
103.15.32.0/24
103.15.79.0/24
103.248.150.0/24
Signature Algorithm: sha256WithRSAEncryption
3a:0d:15:c2:22:0a:11:76:4d:2a:ab:9a:3d:28:8a:8a:33:64:
39:91:1e:f7:9d:79:8e:3b:e9:31:c7:fe:48:2e:73:3b:ab:6a:
0f:93:06:58:cd:42:75:fd:ff:05:77:b1:0e:74:5e:34:2c:6f:
0c:f9:aa:5d:05:39:0f:5e:8e:82:6a:34:f4:ab:ae:47:85:7e:
20:d2:d9:7b:47:0f:fb:65:c6:13:14:eb:20:dc:3c:40:af:0f:
d8:2c:98:98:a9:9e:bb:ff:0c:4b:8b:80:22:2a:49:72:d4:89:
9e:dc:a8:13:90:79:f2:ca:33:b5:e2:d8:9d:4d:5a:f7:7a:bb:
29:1e:5e:d2:b5:04:61:bc:d6:9a:b2:89:36:68:e8:72:dd:66:
3d:c4:f8:5a:00:92:16:c4:e7:dd:33:42:ea:ab:e7:39:e9:57:
2c:09:a1:69:bc:cb:c0:dc:b6:93:8a:28:9f:eb:71:86:c3:7e:
66:b2:70:3e:62:f5:0a:61:45:25:78:ee:95:37:72:40:51:6a:
aa:c9:8d:d2:d5:6b:2c:ee:32:38:0b:bb:51:8f:20:2e:61:c5:
a8:dd:5c:75:46:09:41:ee:6d:a2:b4:7f:90:c7:21:72:00:19:
cc:af:83:9d:2d:ac:fb:56:cc:9f:23:00:2b:4f:d1:22:2d:d9:
ab:19:0d:d7
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgICCu4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTQ0MDIxMTAvBgNVBAUTKEI0MTE2QThFNkRBOTkxRkRDRjcxNjI2RTdCRUExMUZG
NjlDQkE4NDYwHhcNMjQwOTEyMDQ0ODQ1WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NmUyNzJhYy0xY2QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoNb70PDLQF31Szsvu0zemhk5H8dMrXhz9oRKAziLBw2knCjkkq+c56IVACGf
oy8n64agc9MdfAEyLBZNxzgKzqTr0SHHiisUGi5L38IdO+9gryguSwDH+JyedoNP
pPleqSR0VOyqrFd+7DyEnNEtXqST7PBskKH+GxZKQLRcjZowj8Ze9MtDbh/4Cb0C
wnQWc2lVTRAF53dhduex3jByBKwoR4oExUPHuF/nAmJBKi5+V9AIR0o8zyJ9F1pa
D4qMdJrIq4yBkdsGi17Ho4UwPCobLhjL/IGn/0rViRQA9TTpk7hzfMjRSL5iWJPB
SjP3DqLplMUJL2Fsu/qsfRxcJwIDAQABo4ICvzCCArswHQYDVR0OBBYEFGRx0gRR
GZ5kK7xXoqivLGAZRtmeMB8GA1UdIwQYMBaAFLQRao5tqZH9z3FibnvqEf9py6hG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNDQwMi9GREJGRDAyMDNE
OTYxMUVBOEVBMDcwMkZDNEY5QUUwMi90QkZxam0ycGtmM1BjV0p1ZS1vUl8ybkxx
RVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3RCRnFqbTJwa2YzUGNXSnVlLW9SXzJuTHFFWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTQ0MDIvRkRCRkQwMjAzRDk2MTFFQThFQTA3MDJGQzRGOUFFMDIvNEExRjFCREU3
MEMyMTFFRkI0RjQyQTUzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSQYIKwYBBQUHAQcBAf8E
OjA4MDYEAgABMDADBAAr9oADBAAr9oIDBAAr9sQDBAAr9sYDBABnCFUDBABnDyAD
BABnD08DBABn+JYwDQYJKoZIhvcNAQELBQADggEBADoNFcIiChF2TSqrmj0oiooz
ZDmRHvedeY476THH/kguczurag+TBljNQnX9/wV3sQ50XjQsbwz5ql0FOQ9ejoJq
NPSrrkeFfiDS2XtHD/tlxhMU6yDcPECvD9gsmJipnrv/DEuLgCIqSXLUiZ7cqBOQ
efLKM7Xi2J1NWvd6uykeXtK1BGG81pqyiTZo6HLdZj3E+FoAkhbE590zQuqr5znp
VywJoWm8y8DctpOKKJ/rcYbDfmaycD5i9QphRSV47pU3ckBRaqrJjdLVayzuMjgL
u1GPIC5hxajdXHVGCUHubaK0f5DHIXIAGcyvg50trPtWzJ8jACtP0SIt2asZDdc=
-----END CERTIFICATE-----
Generated at Thu Nov 14 03:49:17 2024 by rpki-client on console-fra.rpki-client.org