Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91BA164/AFC592ECF31E11E883EB7B79C4F9AE02/2AB724E0022A11EB842ADA11C4F9AE02.roa
File: 2AB724E0022A11EB842ADA11C4F9AE02.roa (raw, json)
Hash identifier: coDw1c1KWOzY/b1KGhRTUTPGNKdQPfrUbZIgh5+0jPo=
Subject key identifier: 7D:00:7B:C7:98:52:DD:54:F6:B2:DC:6F:68:2F:22:B6:87:FA:A5:AB
Certificate issuer: /CN=A91BA164/serialNumber=2EC44B9FC165C3BC8285812C313CC7801988FF31
Certificate serial: 1090
Authority key identifier: 2E:C4:4B:9F:C1:65:C3:BC:82:85:81:2C:31:3C:C7:80:19:88:FF:31
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LsRLn8Flw7yChYEsMTzHgBmI_zE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91BA164/AFC592ECF31E11E883EB7B79C4F9AE02/2AB724E0022A11EB842ADA11C4F9AE02.roa
Signing time: Fri 04 Aug 2023 17:55:11 +0000
ROA not before: Fri 04 Aug 2023 17:55:11 +0000
ROA not after: Thu 31 Oct 2024 00:00:00 +0000
asID: 137443
IP address blocks: 43.249.3.0/24 maxlen: 24
103.96.150.0/23 maxlen: 23
103.120.82.0/23 maxlen: 23
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4240 (0x1090)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91BA164/serialNumber=2EC44B9FC165C3BC8285812C313CC7801988FF31
Validity
Not Before: Aug 4 17:55:11 2023 GMT
Not After : Oct 31 00:00:00 2024 GMT
Subject: CN=64cd3b7e-191e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:9b:53:42:3d:ea:47:7a:c0:14:c7:18:33:45:
79:d9:55:e0:b7:c6:7f:2f:d5:c8:e1:d3:ab:ef:eb:
59:ff:b5:99:29:dc:38:6d:04:b1:af:9f:e1:5e:0e:
86:d2:53:61:25:14:ab:aa:e7:85:e3:aa:f0:bd:bf:
1d:ce:10:1d:8a:32:4c:32:ec:15:f8:39:46:e8:a9:
78:c6:0f:d8:7b:23:a5:81:3d:df:37:4f:05:24:43:
62:57:70:76:d3:f1:f6:66:20:19:66:04:24:c3:12:
39:39:48:54:f5:8e:64:7b:97:b6:7a:2d:dc:14:93:
62:42:ba:42:ba:6c:c5:71:6d:97:06:06:09:16:86:
28:79:7b:43:79:7b:ad:e5:00:66:1f:eb:a3:c5:19:
74:a5:db:b8:e8:81:f5:cd:5a:84:56:ac:84:ae:5d:
53:47:c8:83:c7:68:f8:62:6b:6c:43:75:02:30:d2:
9f:9d:01:1b:58:c9:83:d8:70:df:5e:d6:67:2b:66:
48:51:d5:cf:b5:c6:cc:e9:a7:0b:cb:55:54:c6:c4:
ff:50:e6:b3:37:64:72:80:35:30:3c:00:64:38:9c:
3c:c2:ca:40:16:7c:3b:1d:9f:d9:4c:c6:0e:4c:49:
99:38:58:e7:5a:33:b0:a8:35:98:5d:b3:4c:bf:e7:
9d:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:00:7B:C7:98:52:DD:54:F6:B2:DC:6F:68:2F:22:B6:87:FA:A5:AB
X509v3 Authority Key Identifier:
keyid:2E:C4:4B:9F:C1:65:C3:BC:82:85:81:2C:31:3C:C7:80:19:88:FF:31
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91BA164/AFC592ECF31E11E883EB7B79C4F9AE02/LsRLn8Flw7yChYEsMTzHgBmI_zE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LsRLn8Flw7yChYEsMTzHgBmI_zE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BA164/AFC592ECF31E11E883EB7B79C4F9AE02/2AB724E0022A11EB842ADA11C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.249.3.0/24
103.96.150.0/23
103.120.82.0/23
Signature Algorithm: sha256WithRSAEncryption
0a:79:08:87:25:2a:d2:50:d8:35:94:1a:f6:92:ae:fd:2f:83:
3a:b2:2e:03:83:2a:62:1f:a1:d4:f0:bc:62:08:4a:d5:fd:55:
ad:b1:c9:94:6d:4f:5a:3d:59:fc:c4:57:2f:89:1b:55:0b:5e:
1f:ec:dc:ed:ce:53:1d:b4:2d:23:48:f3:9f:cf:b9:4c:ab:48:
6b:7f:95:89:da:4e:70:85:32:3b:5c:76:35:b3:23:6c:af:6c:
37:a5:c9:a3:64:ee:7b:6e:16:61:4e:29:a3:6f:61:60:45:a4:
45:c3:04:a6:54:36:c2:4f:a7:9c:c1:91:46:52:cf:a4:fd:50:
76:fa:17:ec:e9:ca:26:cc:4e:52:1a:eb:35:21:4d:85:35:fe:
e1:82:59:e9:ae:e5:2f:a6:5b:07:11:d3:aa:41:0e:e4:bf:71:
27:25:65:7f:11:13:6d:27:31:d8:01:d4:92:0f:c8:b7:18:f0:
1e:d0:69:1e:87:08:ec:cf:58:8c:18:db:b0:6a:d7:f4:44:bc:
56:50:c6:b6:5c:7a:97:bd:7c:d9:b8:1e:55:4e:c1:3c:04:f7:
c0:6b:fc:d8:5c:8c:b4:c9:5d:73:6a:81:bf:34:64:db:ee:e8:
c2:19:55:7c:52:63:28:63:ed:76:dc:dd:b9:82:31:94:dd:89:
62:a4:e5:53
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICEJAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkExNjQxMTAvBgNVBAUTKDJFQzQ0QjlGQzE2NUMzQkM4Mjg1ODEyQzMxM0NDNzgw
MTk4OEZGMzEwHhcNMjMwODA0MTc1NTExWhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGNkM2I3ZS0xOTFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2ZtTQj3qR3rAFMcYM0V52VXgt8Z/L9XI4dOr7+tZ/7WZKdw4bQSxr5/hXg6G
0lNhJRSrqueF46rwvb8dzhAdijJMMuwV+DlG6Kl4xg/YeyOlgT3fN08FJENiV3B2
0/H2ZiAZZgQkwxI5OUhU9Y5ke5e2ei3cFJNiQrpCumzFcW2XBgYJFoYoeXtDeXut
5QBmH+ujxRl0pdu46IH1zVqEVqyErl1TR8iDx2j4YmtsQ3UCMNKfnQEbWMmD2HDf
XtZnK2ZIUdXPtcbM6acLy1VUxsT/UOazN2RygDUwPABkOJw8wspAFnw7HZ/ZTMYO
TEmZOFjnWjOwqDWYXbNMv+edswIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFH0Ae8eY
Ut1U9rLcb2gvIraH+qWrMB8GA1UdIwQYMBaAFC7ES5/BZcO8goWBLDE8x4AZiP8x
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCQTE2NC9BRkM1OTJFQ0Yz
MUUxMUU4ODNFQjdCNzlDNEY5QUUwMi9Mc1JMbjhGbHc3eUNoWUVzTVR6SGdCbUlf
ekUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0xzUkxuOEZsdzd5Q2hZRXNNVHpIZ0JtSV96RS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkExNjQvQUZDNTkyRUNGMzFFMTFFODgzRUI3Qjc5QzRGOUFFMDIvMkFCNzI0RTAw
MjJBMTFFQjg0MkFEQTExQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAAr+QMDBAFnYJYDBAFneFIwDQYJKoZIhvcNAQELBQADggEB
AAp5CIclKtJQ2DWUGvaSrv0vgzqyLgODKmIfodTwvGIIStX9Va2xyZRtT1o9WfzE
Vy+JG1ULXh/s3O3OUx20LSNI85/PuUyrSGt/lYnaTnCFMjtcdjWzI2yvbDelyaNk
7ntuFmFOKaNvYWBFpEXDBKZUNsJPp5zBkUZSz6T9UHb6F+zpyibMTlIa6zUhTYU1
/uGCWemu5S+mWwcR06pBDuS/cSclZX8RE20nMdgB1JIPyLcY8B7QaR6HCOzPWIwY
27Bq1/REvFZQxrZcepe9fNm4HlVOwTwE98Br/NhcjLTJXXNqgb80ZNvu6MIZVXxS
Yyhj7Xbc3bmCMZTdiWKk5VM=
-----END CERTIFICATE-----
Generated at Mon Sep 18 02:15:50 2023 by rpki-client on console-ams.rpki-client.org