Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A64F6/E1CF3C5690DB11EEB9CD2A76C4F9AE02/DAC215B890DC11EE955F1315C4F9AE02.roa
File: DAC215B890DC11EE955F1315C4F9AE02.roa (raw, json)
Hash identifier: L2QtAXNNc8pVHwTKWFV8/FpayrgVWHuffadZ/Q1V2T0=
Subject key identifier: 8D:FB:49:43:3D:94:4D:C9:94:1E:71:BC:51:0C:63:DF:98:A6:BC:41
Certificate issuer: /CN=A91A64F6/serialNumber=8CC3043D4B46C48F126C06E82970EBB48B6463C8
Certificate serial: 25
Authority key identifier: 8C:C3:04:3D:4B:46:C4:8F:12:6C:06:E8:29:70:EB:B4:8B:64:63:C8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jMMEPUtGxI8SbAboKXDrtItkY8g.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A64F6/E1CF3C5690DB11EEB9CD2A76C4F9AE02/DAC215B890DC11EE955F1315C4F9AE02.roa
Signing time: Wed 31 Jan 2024 08:09:01 +0000
ROA not before: Wed 31 Jan 2024 08:09:01 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 133217
IP address blocks: 103.127.120.0/22 maxlen: 22
103.127.122.0/24 maxlen: 24
2404:1fc0::/32 maxlen: 32
Validation: Failed, certificate revoked on Fri 02 Feb 2024 02:01:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 37 (0x25)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A64F6/serialNumber=8CC3043D4B46C48F126C06E82970EBB48B6463C8
Validity
Not Before: Jan 31 08:09:01 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=65ba001d-3abb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:cf:83:5f:53:a1:62:98:2a:e0:46:53:4a:77:
84:62:b2:87:86:1a:d2:dc:75:6b:c7:dd:ac:f2:5c:
02:d6:27:fa:b2:cb:51:1f:9f:e5:aa:b3:3f:8d:8f:
7f:5f:4d:fc:66:d1:2e:44:37:68:75:eb:96:9f:1f:
77:81:e3:d3:4e:e8:5b:0f:f7:1e:71:f3:b3:c6:f9:
ae:85:95:fc:57:d3:16:6b:c3:f8:c9:33:9c:65:d0:
7e:75:60:53:43:b5:6e:ac:47:c7:7e:c3:1a:0f:fb:
cd:11:ba:10:ca:94:34:ec:b5:5c:73:28:c9:e7:e6:
9f:ff:10:7b:f8:1b:bd:02:20:ae:f5:05:52:d0:c4:
bb:d3:92:d8:b8:c2:f0:fa:b9:b1:92:35:1f:78:b8:
ea:3c:62:28:e2:a1:bb:92:57:aa:0d:0b:0e:93:23:
c2:39:fe:df:07:49:26:5c:90:c4:84:11:8b:a8:29:
c1:a8:f1:52:55:df:39:ce:65:e1:5a:ea:0f:0a:11:
fd:95:11:d7:ec:67:6e:fc:3b:fc:05:06:cb:60:97:
a6:f8:1c:43:be:79:22:66:c9:8a:67:89:bd:55:6e:
0d:19:1e:2f:a6:b5:3e:b4:b8:54:10:cc:8e:50:88:
a3:d6:94:c5:77:41:79:e5:7d:d8:d8:02:8d:d0:86:
66:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:FB:49:43:3D:94:4D:C9:94:1E:71:BC:51:0C:63:DF:98:A6:BC:41
X509v3 Authority Key Identifier:
keyid:8C:C3:04:3D:4B:46:C4:8F:12:6C:06:E8:29:70:EB:B4:8B:64:63:C8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A64F6/E1CF3C5690DB11EEB9CD2A76C4F9AE02/jMMEPUtGxI8SbAboKXDrtItkY8g.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jMMEPUtGxI8SbAboKXDrtItkY8g.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A64F6/E1CF3C5690DB11EEB9CD2A76C4F9AE02/DAC215B890DC11EE955F1315C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.127.120.0/22
IPv6:
2404:1fc0::/32
Signature Algorithm: sha256WithRSAEncryption
97:47:6f:1e:36:3f:55:c3:9a:53:03:83:75:2d:9e:e4:5c:fb:
41:6b:a8:10:0d:0b:1e:de:81:13:60:b9:4f:e2:e7:c2:a5:92:
f6:e6:b5:50:97:ac:46:f1:61:cc:ac:10:53:8f:1b:25:68:3d:
17:ad:1d:1a:3d:8f:0d:2e:8f:a5:4d:62:fd:9c:cb:a6:95:e9:
c3:89:f7:62:d6:df:8d:2f:67:82:ae:df:aa:94:07:1d:16:ae:
f6:40:c3:33:6e:37:21:cc:45:ad:2a:24:2e:e7:97:50:22:30:
bd:e3:0a:e0:17:6f:cd:0b:87:7f:86:69:45:9f:a3:3c:1c:3b:
e3:ef:2b:e5:ca:67:61:c3:1b:dc:49:3b:5a:5f:dc:0b:3c:ba:
1b:78:3f:b2:90:96:dd:cf:e6:69:dd:a5:be:9a:99:71:54:f8:
11:a7:5e:5b:79:52:9a:3d:fb:ad:9f:60:c6:29:85:ff:2b:bc:
bb:b2:2a:6a:60:14:c3:98:6f:85:2b:d8:24:7b:be:46:de:e3:
da:de:fa:6e:9b:e5:ae:a3:54:f5:0c:42:40:2d:3f:e9:aa:f3:
d0:fa:0b:4f:0e:b8:0f:96:09:07:4d:95:3b:4b:19:22:94:e4:
74:02:1d:cc:40:01:22:84:0b:21:ac:29:09:d7:fc:2d:f9:18:
b5:7d:2a:16
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBJTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFB
NjRGNjExMC8GA1UEBRMoOENDMzA0M0Q0QjQ2QzQ4RjEyNkMwNkU4Mjk3MEVCQjQ4
QjY0NjNDODAeFw0yNDAxMzEwODA5MDFaFw0yNTAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1YmEwMDFkLTNhYmIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDVz4NfU6FimCrgRlNKd4RisoeGGtLcdWvH3azyXALWJ/qyy1Efn+Wqsz+Nj39f
Tfxm0S5EN2h165afH3eB49NO6FsP9x5x87PG+a6FlfxX0xZrw/jJM5xl0H51YFND
tW6sR8d+wxoP+80RuhDKlDTstVxzKMnn5p//EHv4G70CIK71BVLQxLvTkti4wvD6
ubGSNR94uOo8YijiobuSV6oNCw6TI8I5/t8HSSZckMSEEYuoKcGo8VJV3znOZeFa
6g8KEf2VEdfsZ278O/wFBstgl6b4HEO+eSJmyYpnib1Vbg0ZHi+mtT60uFQQzI5Q
iKPWlMV3QXnlfdjYAo3QhmZLAgMBAAGjggKkMIICoDAdBgNVHQ4EFgQUjftJQz2U
TcmUHnG8UQxj35imvEEwHwYDVR0jBBgwFoAUjMMEPUtGxI8SbAboKXDrtItkY8gw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUE2NEY2L0UxQ0YzQzU2OTBE
QjExRUVCOUNEMkE3NkM0RjlBRTAyL2pNTUVQVXRHeEk4U2JBYm9LWERydEl0a1k4
Zy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvak1NRVBVdEd4SThTYkFib0tYRHJ0SXRrWThnLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFB
NjRGNi9FMUNGM0M1NjkwREIxMUVFQjlDRDJBNzZDNEY5QUUwMi9EQUMyMTVCODkw
REMxMUVFOTU1RjEzMTVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAuBggrBgEFBQcBBwEB/wQf
MB0wDAQCAAEwBgMEAmd/eDANBAIAAjAHAwUAJAQfwDANBgkqhkiG9w0BAQsFAAOC
AQEAl0dvHjY/VcOaUwODdS2e5Fz7QWuoEA0LHt6BE2C5T+LnwqWS9ua1UJesRvFh
zKwQU48bJWg9F60dGj2PDS6PpU1i/ZzLppXpw4n3YtbfjS9ngq7fqpQHHRau9kDD
M243IcxFrSokLueXUCIwveMK4BdvzQuHf4ZpRZ+jPBw74+8r5cpnYcMb3Ek7Wl/c
Czy6G3g/spCW3c/mad2lvpqZcVT4EadeW3lSmj37rZ9gximF/yu8u7IqamAUw5hv
hSvYJHu+Rt7j2t76bpvlrqNU9QxCQC0/6arz0PoLTw64D5YJB02VO0sZIpTkdAId
zEABIoQLIawpCdf8LfkYtX0qFg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:54 2024 by rpki-client on console-ams.rpki-client.org