Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B65AC/CB74F8BEE1E011EEAF6E1E68C4F9AE02/5DDE3350E1E111EEA5431A21C4F9AE02.roa
File: 5DDE3350E1E111EEA5431A21C4F9AE02.roa (raw, json)
Hash identifier: EAU1ZNuZW1TsrQFwuMPw8kcVONcUDc9OMrJsAkrvqEQ=
Subject key identifier: D2:06:64:06:CD:27:1F:8E:59:91:59:79:C6:4C:32:8F:75:A2:B5:52
Certificate issuer: /CN=A91B65AC/serialNumber=A10F5783C8F9A6D94D29B4AA90C56E016BB51456
Certificate serial: 02
Authority key identifier: A1:0F:57:83:C8:F9:A6:D9:4D:29:B4:AA:90:C5:6E:01:6B:B5:14:56
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/oQ9Xg8j5ptlNKbSqkMVuAWu1FFY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B65AC/CB74F8BEE1E011EEAF6E1E68C4F9AE02/5DDE3350E1E111EEA5431A21C4F9AE02.roa
Signing time: Thu 14 Mar 2024 09:00:56 +0000
ROA not before: Thu 14 Mar 2024 09:00:56 +0000
ROA not after: Wed 28 May 2025 00:00:00 +0000
asID: 152594
IP address blocks: 157.20.129.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 19 Mar 2024 05:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B65AC/serialNumber=A10F5783C8F9A6D94D29B4AA90C56E016BB51456
Validity
Not Before: Mar 14 09:00:56 2024 GMT
Not After : May 28 00:00:00 2025 GMT
Subject: CN=65f2bcc7-3226
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:34:1a:8a:11:9c:db:e7:f8:bc:61:15:b0:9e:
d0:f2:9d:e4:5b:ed:cf:fa:20:1b:31:a3:4c:15:e6:
15:81:21:55:86:c9:61:97:1e:28:0b:19:0d:13:46:
47:ee:17:61:80:77:f8:93:62:06:38:18:56:89:5c:
31:ce:05:f0:b4:f7:ed:af:85:1a:79:ce:b9:82:9f:
72:c6:21:7b:87:62:eb:15:73:c0:5d:3a:2c:34:2a:
49:88:98:8a:4f:14:54:4e:3d:56:ae:89:a3:b1:87:
0e:60:54:bc:7c:73:60:c8:6e:aa:0a:fb:ce:2e:8d:
4c:d9:99:8d:dc:65:59:3c:04:89:e1:b2:d1:5b:dc:
80:08:a4:0c:14:07:a5:26:88:1b:f0:56:d4:c3:84:
be:0d:c5:43:0d:97:d0:fc:50:a2:e0:4d:40:fe:8f:
78:3c:a7:60:36:88:33:5d:78:34:a7:16:9d:d9:45:
40:02:de:39:ad:28:ed:37:c3:b4:98:3e:9f:28:c9:
7f:0b:02:e8:b0:87:d5:39:c1:8f:61:17:b2:36:33:
47:b5:f7:51:cb:a6:fd:76:f3:fd:05:f2:9c:00:37:
0e:00:74:15:08:1e:b5:84:81:6b:14:12:45:28:d2:
08:12:1d:81:e9:8d:f6:d3:f7:c4:8c:b0:9d:ff:c8:
0d:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:06:64:06:CD:27:1F:8E:59:91:59:79:C6:4C:32:8F:75:A2:B5:52
X509v3 Authority Key Identifier:
keyid:A1:0F:57:83:C8:F9:A6:D9:4D:29:B4:AA:90:C5:6E:01:6B:B5:14:56
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B65AC/CB74F8BEE1E011EEAF6E1E68C4F9AE02/oQ9Xg8j5ptlNKbSqkMVuAWu1FFY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/oQ9Xg8j5ptlNKbSqkMVuAWu1FFY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B65AC/CB74F8BEE1E011EEAF6E1E68C4F9AE02/5DDE3350E1E111EEA5431A21C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
157.20.129.0/24
Signature Algorithm: sha256WithRSAEncryption
8a:fa:59:bd:27:73:69:c6:5f:51:4b:ad:2b:7a:0b:55:e3:26:
a0:09:e2:39:14:dc:5e:43:72:d7:34:3a:6c:a2:43:ce:2c:d2:
63:11:4d:b7:79:1e:aa:cb:62:eb:86:07:91:c2:3c:36:9d:b1:
af:38:b3:8b:79:25:6a:f6:7b:a6:97:1a:f5:6e:f6:6d:91:48:
de:fe:a4:8a:c4:6d:07:f6:d3:0e:73:f6:f5:7d:9a:73:a4:3c:
ef:f4:95:66:8a:e6:7d:a5:ff:10:39:9d:3e:60:ee:0c:6f:2a:
c1:f0:b5:f2:fd:e7:e9:8c:17:a6:26:68:a2:de:1a:48:d7:72:
8a:0f:43:07:9c:88:ed:1f:fe:74:98:66:58:24:82:e4:f4:65:
ce:a7:29:06:e4:12:27:f9:f8:d9:93:ca:21:02:18:8d:aa:9b:
d1:a0:8e:d0:79:35:fd:af:ee:8a:b9:0e:87:cf:98:a5:94:a9:
5c:fd:e4:2f:aa:30:ae:e3:7e:24:91:4a:3d:9a:b2:9f:6e:8f:
ee:5b:c0:ca:ad:c1:b0:a9:a0:27:3e:9b:e6:a0:09:fc:6c:ae:
5a:e7:c9:ff:eb:78:25:e1:bd:3f:8c:73:92:8b:bc:ae:a6:17:
54:3d:00:99:e6:9c:5a:90:1e:a8:77:00:84:49:97:ac:d6:ae:
7e:fe:ea:3a
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
NjVBQzExMC8GA1UEBRMoQTEwRjU3ODNDOEY5QTZEOTREMjlCNEFBOTBDNTZFMDE2
QkI1MTQ1NjAeFw0yNDAzMTQwOTAwNTZaFw0yNTA1MjgwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1ZjJiY2M3LTMyMjYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCgNBqKEZzb5/i8YRWwntDyneRb7c/6IBsxo0wV5hWBIVWGyWGXHigLGQ0TRkfu
F2GAd/iTYgY4GFaJXDHOBfC09+2vhRp5zrmCn3LGIXuHYusVc8BdOiw0KkmImIpP
FFROPVauiaOxhw5gVLx8c2DIbqoK+84ujUzZmY3cZVk8BInhstFb3IAIpAwUB6Um
iBvwVtTDhL4NxUMNl9D8UKLgTUD+j3g8p2A2iDNdeDSnFp3ZRUAC3jmtKO03w7SY
Pp8oyX8LAuiwh9U5wY9hF7I2M0e191HLpv128/0F8pwANw4AdBUIHrWEgWsUEkUo
0ggSHYHpjfbT98SMsJ3/yA0PAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQU0gZkBs0n
H45ZkVl5xkwyj3WitVIwHwYDVR0jBBgwFoAUoQ9Xg8j5ptlNKbSqkMVuAWu1FFYw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUI2NUFDL0NCNzRGOEJFRTFF
MDExRUVBRjZFMUU2OEM0RjlBRTAyL29ROVhnOGo1cHRsTktiU3FrTVZ1QVd1MUZG
WS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvb1E5WGc4ajVwdGxOS2JTcWtNVnVBV3UxRkZZLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
NjVBQy9DQjc0RjhCRUUxRTAxMUVFQUY2RTFFNjhDNEY5QUUwMi81RERFMzM1MEUx
RTExMUVFQTU0MzFBMjFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAJ0UgTANBgkqhkiG9w0BAQsFAAOCAQEAivpZvSdzacZfUUut
K3oLVeMmoAniORTcXkNy1zQ6bKJDzizSYxFNt3keqsti64YHkcI8Np2xrzizi3kl
avZ7ppca9W72bZFI3v6kisRtB/bTDnP29X2ac6Q87/SVZormfaX/EDmdPmDuDG8q
wfC18v3n6YwXpiZoot4aSNdyig9DB5yI7R/+dJhmWCSC5PRlzqcpBuQSJ/n42ZPK
IQIYjaqb0aCO0Hk1/a/uirkOh8+YpZSpXP3kL6owruN+JJFKPZqyn26P7lvAyq3B
sKmgJz6b5qAJ/GyuWufJ/+t4JeG9P4xzkou8rqYXVD0AmeacWpAeqHcAhEmXrNau
fv7qOg==
-----END CERTIFICATE-----
Generated at Tue Mar 19 05:37:31 2024 by rpki-client on console-ams.rpki-client.org