Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91BDC3F/5CE810460EB011EF872E8127C4F9AE02/4E376BF09AA111EFBB6D6A72C4F9AE02.roa
File: 4E376BF09AA111EFBB6D6A72C4F9AE02.roa (raw, json)
Hash identifier: QEfJXd2NLT5skOK5sQF/wZIJmc/XPa80Jh0po39AVac=
Subject key identifier: B4:20:7E:8F:5C:E3:B0:C5:A9:A1:9C:0B:46:66:B0:BD:0B:79:7E:67
Certificate issuer: /CN=A91BDC3F/serialNumber=6CE0E949711B203E4ACB22B680F3FFF47ED16C61
Certificate serial: 65
Authority key identifier: 6C:E0:E9:49:71:1B:20:3E:4A:CB:22:B6:80:F3:FF:F4:7E:D1:6C:61
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bODpSXEbID5KyyK2gPP_9H7RbGE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91BDC3F/5CE810460EB011EF872E8127C4F9AE02/4E376BF09AA111EFBB6D6A72C4F9AE02.roa
Signing time: Mon 04 Nov 2024 11:38:26 +0000
ROA not before: Mon 04 Nov 2024 11:38:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 38532
IP address blocks: 43.227.231.0/24 maxlen: 24
43.229.84.0/22 maxlen: 22
43.229.128.0/23 maxlen: 23
43.229.130.0/24 maxlen: 24
103.7.8.0/22 maxlen: 22
103.14.212.0/22 maxlen: 22
103.26.40.0/22 maxlen: 22
103.26.41.0/24 maxlen: 24
103.36.92.0/22 maxlen: 22
103.62.4.0/22 maxlen: 22
103.254.255.0/24 maxlen: 24
113.11.248.0/21 maxlen: 21
113.197.32.0/21 maxlen: 21
116.12.48.0/21 maxlen: 21
124.6.60.0/22 maxlen: 22
2400:1480::/48 maxlen: 48
2407:d200::/32 maxlen: 32
Validation: Failed, certificate revoked on Wed 20 Nov 2024 08:36:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 101 (0x65)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91BDC3F/serialNumber=6CE0E949711B203E4ACB22B680F3FFF47ED16C61
Validity
Not Before: Nov 4 11:38:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6728b232-5107
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:d9:19:bd:d8:b9:e7:9d:d6:a1:10:f7:bf:54:
dc:08:ab:23:8f:97:34:45:9c:12:31:9f:c5:fa:7a:
9f:23:6c:1d:08:81:6c:8f:9c:b3:02:ba:83:88:9d:
0e:01:2d:04:f0:4c:b0:76:1d:8e:3a:94:0a:c8:a4:
50:f5:9a:7d:a8:c5:15:dc:e9:0f:df:32:c9:63:65:
cf:99:8e:4b:c1:af:6c:dc:51:72:3b:b0:d0:49:9e:
c1:3d:66:11:29:7f:32:cd:f3:14:43:0c:48:41:b9:
62:c3:99:7a:3b:98:54:3c:06:bb:17:bc:82:c4:09:
be:f6:91:60:17:7c:4b:f6:3e:4b:0a:a1:8f:3b:35:
0e:36:04:47:da:ab:06:38:94:23:61:1b:1b:52:36:
bb:91:50:be:02:70:05:22:71:2c:1b:1e:0e:fc:1b:
54:de:0b:52:04:95:23:5b:59:cf:16:89:95:00:d9:
2c:c5:3a:c2:3c:84:14:54:ea:93:4c:0d:00:09:29:
9b:b8:60:a8:fb:9d:9c:20:d6:85:c4:50:1c:95:ee:
85:1f:28:0b:6e:e3:d8:37:47:2d:b6:c3:93:db:ea:
9e:d5:d7:8f:60:af:47:d4:96:89:76:91:68:b9:ca:
58:27:30:78:91:36:ef:ce:c4:ee:29:18:22:3a:d7:
60:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:20:7E:8F:5C:E3:B0:C5:A9:A1:9C:0B:46:66:B0:BD:0B:79:7E:67
X509v3 Authority Key Identifier:
keyid:6C:E0:E9:49:71:1B:20:3E:4A:CB:22:B6:80:F3:FF:F4:7E:D1:6C:61
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91BDC3F/5CE810460EB011EF872E8127C4F9AE02/bODpSXEbID5KyyK2gPP_9H7RbGE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bODpSXEbID5KyyK2gPP_9H7RbGE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BDC3F/5CE810460EB011EF872E8127C4F9AE02/4E376BF09AA111EFBB6D6A72C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.227.231.0/24
43.229.84.0/22
43.229.128.0-43.229.130.255
103.7.8.0/22
103.14.212.0/22
103.26.40.0/22
103.36.92.0/22
103.62.4.0/22
103.254.255.0/24
113.11.248.0/21
113.197.32.0/21
116.12.48.0/21
124.6.60.0/22
IPv6:
2400:1480::/48
2407:d200::/32
Signature Algorithm: sha256WithRSAEncryption
c2:84:ed:df:e4:f3:69:b4:59:3e:c5:08:05:6b:e7:b5:91:eb:
26:2c:a7:87:01:c3:98:89:61:d5:0b:71:57:4b:e9:57:58:2f:
c1:5a:3f:fd:c7:f1:52:e3:fe:4e:3f:6d:8c:91:84:6e:c3:27:
71:fe:4b:19:15:d5:74:36:29:47:c6:2d:dd:e5:38:12:3c:3e:
98:63:bd:59:05:df:cf:01:6e:77:45:fb:d7:a0:2f:36:bd:09:
65:f7:86:f6:b9:96:cd:8f:69:ca:9e:df:44:99:77:70:71:40:
95:7e:93:d2:9d:48:51:c7:06:bd:d1:93:e3:3d:c6:51:21:0e:
82:c9:7c:81:33:84:96:c0:8d:c9:fe:75:96:e8:3f:0d:5a:08:
c9:4f:6c:2e:4f:ad:89:99:05:1c:40:d6:27:7c:ce:6b:6e:ab:
a9:5f:21:f7:4f:96:24:79:f5:50:72:83:06:36:8c:c5:43:01:
d8:42:77:2c:39:28:91:60:1c:e5:df:86:85:5f:3f:e4:3a:6e:
06:8b:3c:8b:b6:d6:7d:0e:4a:fa:82:36:9f:01:27:25:ec:dd:
e6:d4:7c:dd:bc:d0:30:ce:d7:8d:f5:ca:e8:0b:97:46:e1:76:
2a:81:44:f4:47:64:95:28:96:c5:98:7d:4d:e4:2a:72:f1:45:
cc:0a:8d:ac
-----BEGIN CERTIFICATE-----
MIIF2TCCBMGgAwIBAgIBZTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
REMzRjExMC8GA1UEBRMoNkNFMEU5NDk3MTFCMjAzRTRBQ0IyMkI2ODBGM0ZGRjQ3
RUQxNkM2MTAeFw0yNDExMDQxMTM4MjZaFw0yNTA3MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY3MjhiMjMyLTUxMDcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDi2Rm92LnnndahEPe/VNwIqyOPlzRFnBIxn8X6ep8jbB0IgWyPnLMCuoOInQ4B
LQTwTLB2HY46lArIpFD1mn2oxRXc6Q/fMsljZc+ZjkvBr2zcUXI7sNBJnsE9ZhEp
fzLN8xRDDEhBuWLDmXo7mFQ8BrsXvILECb72kWAXfEv2PksKoY87NQ42BEfaqwY4
lCNhGxtSNruRUL4CcAUicSwbHg78G1TeC1IElSNbWc8WiZUA2SzFOsI8hBRU6pNM
DQAJKZu4YKj7nZwg1oXEUByV7oUfKAtu49g3Ry22w5Pb6p7V149gr0fUlol2kWi5
ylgnMHiRNu/OxO4pGCI612B7AgMBAAGjggL+MIIC+jAdBgNVHQ4EFgQUtCB+j1zj
sMWpoZwLRmawvQt5fmcwHwYDVR0jBBgwFoAUbODpSXEbID5KyyK2gPP/9H7RbGEw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUJEQzNGLzVDRTgxMDQ2MEVC
MDExRUY4NzJFODEyN0M0RjlBRTAyL2JPRHBTWEViSUQ1S3l5SzJnUFBfOUg3UmJH
RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvYk9EcFNYRWJJRDVLeXlLMmdQUF85SDdSYkdFLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
REMzRi81Q0U4MTA0NjBFQjAxMUVGODcyRTgxMjdDNEY5QUUwMi80RTM3NkJGMDlB
QTExMUVGQkI2RDZBNzJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDCBhwYIKwYBBQUHAQcBAf8E
eDB2MFwEAgABMFYDBAAr4+cDBAIr5VQwDAMEByvlgAMEACvlggMEAmcHCAMEAmcO
1AMEAmcaKAMEAmckXAMEAmc+BAMEAGf+/wMEA3EL+AMEA3HFIAMEA3QMMAMEAnwG
PDAWBAIAAjAQAwcAJAAUgAAAAwUAJAfSADANBgkqhkiG9w0BAQsFAAOCAQEAwoTt
3+TzabRZPsUIBWvntZHrJiynhwHDmIlh1QtxV0vpV1gvwVo//cfxUuP+Tj9tjJGE
bsMncf5LGRXVdDYpR8Yt3eU4Ejw+mGO9WQXfzwFud0X716AvNr0JZfeG9rmWzY9p
yp7fRJl3cHFAlX6T0p1IUccGvdGT4z3GUSEOgsl8gTOElsCNyf51lug/DVoIyU9s
Lk+tiZkFHEDWJ3zOa26rqV8h90+WJHn1UHKDBjaMxUMB2EJ3LDkokWAc5d+GhV8/
5DpuBos8i7bWfQ5K+oI2nwEnJezd5tR83bzQMM7XjfXK6AuXRuF2KoFE9EdklSiW
xZh9TeQqcvFFzAqNrA==
-----END CERTIFICATE-----
Generated at Wed Nov 20 11:00:50 2024 by rpki-client on console-fra.rpki-client.org