Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C7773/AD32237CA2E811E9BAE78D47C4F9AE02/68B6D808A2EA11E9B6FFE649C4F9AE02.roa
File: 68B6D808A2EA11E9B6FFE649C4F9AE02.roa (raw, json)
Hash identifier: AYLgtFBvWF1n6XSOeTKhDKHbA/JaK79KL2oNXO5V8yw=
Subject key identifier: 0E:5C:B1:C9:9E:CC:E0:45:21:F0:7F:7F:FD:19:3F:8A:70:F4:A5:97
Certificate issuer: /CN=A91C7773/serialNumber=D900DDF24A27622BF9643757EDBCAFFAEE321C37
Certificate serial: 0CF5
Authority key identifier: D9:00:DD:F2:4A:27:62:2B:F9:64:37:57:ED:BC:AF:FA:EE:32:1C:37
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2QDd8konYiv5ZDdX7byv-u4yHDc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C7773/AD32237CA2E811E9BAE78D47C4F9AE02/68B6D808A2EA11E9B6FFE649C4F9AE02.roa
Signing time: Wed 30 Aug 2023 18:26:14 +0000
ROA not before: Wed 30 Aug 2023 18:26:14 +0000
ROA not after: Sat 30 Dec 2023 00:00:00 +0000
asID: 139300
IP address blocks: 103.141.2.0/23 maxlen: 23
103.141.2.0/24 maxlen: 24
103.141.3.0/24 maxlen: 24
2001:df0:e280::/48 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3317 (0xcf5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C7773/serialNumber=D900DDF24A27622BF9643757EDBCAFFAEE321C37
Validity
Not Before: Aug 30 18:26:14 2023 GMT
Not After : Dec 30 00:00:00 2023 GMT
Subject: CN=64ef89c5-2cd3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:53:7c:66:76:94:88:f5:16:a2:77:69:7f:8a:
64:ed:d6:9c:0f:af:30:9d:09:65:5b:b7:68:f2:c7:
d5:62:0a:3d:8b:13:bb:14:1f:77:bf:d5:59:00:62:
28:80:22:8d:be:c9:ff:25:62:0f:dd:5f:0e:80:10:
92:6c:4d:26:49:e9:3f:2a:db:22:3e:59:14:85:b6:
2a:67:d0:f0:e4:b4:ef:8e:d6:e0:f9:28:e6:aa:48:
51:5f:dc:0b:b6:04:81:aa:64:f0:79:6a:7b:a9:e6:
28:d2:4a:18:1d:f4:5a:1b:08:74:fe:de:bd:3d:62:
60:46:e1:ec:d7:8f:97:58:7f:84:35:e0:72:0d:db:
5c:17:1f:09:f6:e6:93:93:6f:48:b6:ec:e4:53:f7:
51:57:aa:57:2e:90:d9:a7:63:f8:ff:16:1a:86:c8:
88:24:d8:1b:aa:3d:16:6b:95:2a:fd:a5:92:7b:c5:
04:59:d6:89:c6:46:98:a9:55:55:2f:36:f7:09:4b:
68:9c:1f:2e:ef:1e:b3:43:c7:af:b8:a1:e1:6d:be:
9e:44:06:19:9a:3c:68:a0:2e:97:e3:55:58:cc:ef:
9b:bc:81:9d:04:1e:8c:f2:9e:de:33:01:e6:20:47:
5e:ad:d0:38:d1:70:51:a2:33:f4:16:ea:a0:a7:a2:
51:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:5C:B1:C9:9E:CC:E0:45:21:F0:7F:7F:FD:19:3F:8A:70:F4:A5:97
X509v3 Authority Key Identifier:
keyid:D9:00:DD:F2:4A:27:62:2B:F9:64:37:57:ED:BC:AF:FA:EE:32:1C:37
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C7773/AD32237CA2E811E9BAE78D47C4F9AE02/2QDd8konYiv5ZDdX7byv-u4yHDc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2QDd8konYiv5ZDdX7byv-u4yHDc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C7773/AD32237CA2E811E9BAE78D47C4F9AE02/68B6D808A2EA11E9B6FFE649C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.141.2.0/23
IPv6:
2001:df0:e280::/48
Signature Algorithm: sha256WithRSAEncryption
6c:9b:ba:f2:f8:2e:31:b1:b7:24:e5:7b:07:f2:c5:4c:a4:5c:
09:0b:ef:be:6f:14:3a:c0:a8:0a:67:79:3c:3a:7b:23:e9:63:
ee:5b:96:a7:20:4b:21:a2:e9:ab:e2:83:ba:3d:36:1b:4b:d3:
30:23:6b:58:83:f5:5d:f2:af:54:86:8d:0a:34:29:f2:da:1a:
61:07:45:4a:fb:10:cb:52:52:4b:94:87:c4:f1:5d:a4:87:d2:
d6:d9:3c:84:b6:4b:85:83:8a:8f:35:6e:c3:f9:a5:59:0c:2d:
17:0e:d4:5c:b6:b4:70:5d:27:76:9e:cc:05:41:e5:ad:ff:a0:
f5:c1:e5:c2:01:f4:19:6f:97:aa:66:57:f6:a6:df:dd:c0:2c:
6d:d5:c4:df:73:53:53:3a:f2:b8:61:87:be:af:dc:74:5d:c1:
ee:cd:1e:ee:71:f2:af:49:74:2a:28:bf:92:59:d6:87:52:96:
4c:0d:ac:75:3a:9e:c1:ae:10:a9:ad:41:05:70:46:9b:29:05:
15:54:d1:e2:52:e5:d0:8e:cc:8d:d0:a8:02:b5:06:4e:f9:cb:
84:2a:c8:3c:9d:6e:d0:c4:c5:21:49:c2:20:31:7d:9b:54:d1:
0a:40:5c:df:12:45:b2:03:01:67:49:55:c0:d3:02:75:9d:c0:
0f:2f:dd:b4
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICDPUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Qzc3NzMxMTAvBgNVBAUTKEQ5MDBEREYyNEEyNzYyMkJGOTY0Mzc1N0VEQkNBRkZB
RUUzMjFDMzcwHhcNMjMwODMwMTgyNjE0WhcNMjMxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGVmODljNS0yY2QzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApFN8ZnaUiPUWondpf4pk7dacD68wnQllW7do8sfVYgo9ixO7FB93v9VZAGIo
gCKNvsn/JWIP3V8OgBCSbE0mSek/KtsiPlkUhbYqZ9Dw5LTvjtbg+SjmqkhRX9wL
tgSBqmTweWp7qeYo0koYHfRaGwh0/t69PWJgRuHs14+XWH+ENeByDdtcFx8J9uaT
k29ItuzkU/dRV6pXLpDZp2P4/xYahsiIJNgbqj0Wa5Uq/aWSe8UEWdaJxkaYqVVV
Lzb3CUtonB8u7x6zQ8evuKHhbb6eRAYZmjxooC6X41VYzO+bvIGdBB6M8p7eMwHm
IEderdA40XBRojP0Fuqgp6JRxQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFA5cscme
zOBFIfB/f/0ZP4pw9KWXMB8GA1UdIwQYMBaAFNkA3fJKJ2Ir+WQ3V+28r/ruMhw3
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDNzc3My9BRDMyMjM3Q0Ey
RTgxMUU5QkFFNzhENDdDNEY5QUUwMi8yUURkOGtvbllpdjVaRGRYN2J5di11NHlI
RGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzJRRGQ4a29uWWl2NVpEZFg3Ynl2LXU0eUhEYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Qzc3NzMvQUQzMjIzN0NBMkU4MTFFOUJBRTc4RDQ3QzRGOUFFMDIvNjhCNkQ4MDhB
MkVBMTFFOUI2RkZFNjQ5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnjQIwDwQCAAIwCQMHACABDfDigDANBgkqhkiG9w0BAQsF
AAOCAQEAbJu68vguMbG3JOV7B/LFTKRcCQvvvm8UOsCoCmd5PDp7I+lj7luWpyBL
IaLpq+KDuj02G0vTMCNrWIP1XfKvVIaNCjQp8toaYQdFSvsQy1JSS5SHxPFdpIfS
1tk8hLZLhYOKjzVuw/mlWQwtFw7UXLa0cF0ndp7MBUHlrf+g9cHlwgH0GW+XqmZX
9qbf3cAsbdXE33NTUzryuGGHvq/cdF3B7s0e7nHyr0l0Kii/klnWh1KWTA2sdTqe
wa4Qqa1BBXBGmykFFVTR4lLl0I7MjdCoArUGTvnLhCrIPJ1u0MTFIUnCIDF9m1TR
CkBc3xJFsgMBZ0lVwNMCdZ3ADy/dtA==
-----END CERTIFICATE-----
Generated at Mon Sep 4 12:07:12 2023 by rpki-client on console-fra.rpki-client.org