Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C7773/AD32237CA2E811E9BAE78D47C4F9AE02/9D5640444B1511EE85D02E5AC4F9AE02.roa
File: 9D5640444B1511EE85D02E5AC4F9AE02.roa (raw, json)
Hash identifier: Si6MxlR8WhD1nXAELirL7rFVqOvllKF36J3Mj1h1Auk=
Subject key identifier: 0F:A8:60:20:9A:0E:19:16:3C:A4:13:98:26:AC:42:B7:2E:83:A6:5E
Certificate issuer: /CN=A91C7773/serialNumber=D900DDF24A27622BF9643757EDBCAFFAEE321C37
Certificate serial: 0D00
Authority key identifier: D9:00:DD:F2:4A:27:62:2B:F9:64:37:57:ED:BC:AF:FA:EE:32:1C:37
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2QDd8konYiv5ZDdX7byv-u4yHDc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C7773/AD32237CA2E811E9BAE78D47C4F9AE02/9D5640444B1511EE85D02E5AC4F9AE02.roa
Signing time: Mon 04 Sep 2023 18:26:08 +0000
ROA not before: Mon 04 Sep 2023 18:26:08 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 139300
IP address blocks: 103.141.2.0/23 maxlen: 23
103.141.3.0/24 maxlen: 24
2001:df0:e280::/48 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3328 (0xd00)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C7773/serialNumber=D900DDF24A27622BF9643757EDBCAFFAEE321C37
Validity
Not Before: Sep 4 18:26:08 2023 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=64f6213f-e9e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:a3:6f:e5:ec:6f:8c:65:5d:35:ed:5d:32:15:
e9:2c:a2:c4:e4:0c:68:d6:ec:fc:29:3c:0e:0f:7c:
ca:bf:f1:67:ca:6e:b3:7f:c7:79:95:06:35:cc:3f:
2a:e2:2f:66:23:fb:ab:65:74:27:df:0c:99:30:4a:
45:4c:78:d6:3d:fd:bc:ae:bc:e9:f8:43:83:fa:c5:
8d:3f:09:50:2f:b8:94:b0:76:2f:0a:30:db:d1:40:
06:db:a8:8c:69:29:12:fe:39:7d:b1:d8:23:5e:05:
87:7b:d7:6d:5d:9e:9a:5b:d7:6c:ab:ce:02:03:2c:
28:d9:8a:33:b4:65:03:32:7d:4a:c5:56:b6:5c:1e:
cd:80:60:35:a3:65:d0:f6:ca:a9:f0:85:b8:bb:4e:
a7:fd:98:01:74:05:79:0e:ca:e6:a7:91:eb:6b:5f:
68:46:f3:a0:f3:25:5f:13:fc:db:cd:bf:9f:74:4f:
98:ee:a8:a0:88:9a:d8:d2:bd:87:0d:89:34:f1:2c:
80:89:a9:3c:fe:66:6a:a9:78:b1:2d:cc:95:6e:97:
24:52:0e:ed:29:24:89:e6:ae:7d:3f:62:0d:ce:79:
69:7c:38:5b:9a:ec:16:cf:1f:20:cb:0a:67:90:da:
b0:04:bc:aa:89:2a:41:13:a3:37:9e:25:dc:44:d2:
8c:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:A8:60:20:9A:0E:19:16:3C:A4:13:98:26:AC:42:B7:2E:83:A6:5E
X509v3 Authority Key Identifier:
keyid:D9:00:DD:F2:4A:27:62:2B:F9:64:37:57:ED:BC:AF:FA:EE:32:1C:37
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C7773/AD32237CA2E811E9BAE78D47C4F9AE02/2QDd8konYiv5ZDdX7byv-u4yHDc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2QDd8konYiv5ZDdX7byv-u4yHDc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C7773/AD32237CA2E811E9BAE78D47C4F9AE02/9D5640444B1511EE85D02E5AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.141.2.0/23
IPv6:
2001:df0:e280::/48
Signature Algorithm: sha256WithRSAEncryption
80:15:bf:c1:bd:18:ce:ec:44:c7:d1:1a:e5:0b:9b:62:25:f9:
23:31:4a:14:2b:fd:a3:fe:0f:45:64:52:b5:26:88:b4:d9:82:
7c:11:9d:62:ac:71:b4:e4:55:d6:bc:d2:a9:53:f8:05:7f:f5:
90:3d:62:2c:a2:00:e1:10:9f:00:ad:5b:e9:9a:26:8e:75:df:
1c:11:ba:2b:8b:0a:b7:c9:2c:91:28:dd:26:c5:34:c5:c8:70:
a3:e9:dc:d0:cb:f7:52:5b:61:ad:b3:e2:ee:44:b8:9f:ec:f9:
d4:7c:48:da:71:48:12:39:a8:87:7f:0b:41:24:ae:38:8f:40:
42:c5:f6:15:ee:e4:46:e6:a8:e9:92:23:80:39:ec:d3:8e:0c:
7e:59:cc:c9:95:ea:cd:9d:3f:51:08:23:f0:00:c3:9d:86:ae:
b9:69:d6:48:24:9d:56:3a:43:7b:67:1e:a3:d2:4f:a6:5f:52:
2e:a3:07:25:5e:4e:b1:75:89:52:41:74:86:82:36:37:ee:b8:
7b:a8:3a:75:b0:24:7f:b7:78:24:82:09:f2:1b:a1:4f:bd:d5:
b6:17:bb:e7:d7:e6:00:8d:1a:a1:53:a5:72:66:5c:0a:49:92:
7a:c7:29:f5:81:66:b9:5c:0c:13:8e:bb:93:a8:91:4c:28:a5:
2e:29:7d:f4
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICDQAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Qzc3NzMxMTAvBgNVBAUTKEQ5MDBEREYyNEEyNzYyMkJGOTY0Mzc1N0VEQkNBRkZB
RUUzMjFDMzcwHhcNMjMwOTA0MTgyNjA4WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGY2MjEzZi1lOWUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvKNv5exvjGVdNe1dMhXpLKLE5Axo1uz8KTwOD3zKv/Fnym6zf8d5lQY1zD8q
4i9mI/urZXQn3wyZMEpFTHjWPf28rrzp+EOD+sWNPwlQL7iUsHYvCjDb0UAG26iM
aSkS/jl9sdgjXgWHe9dtXZ6aW9dsq84CAywo2YoztGUDMn1KxVa2XB7NgGA1o2XQ
9sqp8IW4u06n/ZgBdAV5Dsrmp5Hra19oRvOg8yVfE/zbzb+fdE+Y7qigiJrY0r2H
DYk08SyAiak8/mZqqXixLcyVbpckUg7tKSSJ5q59P2INznlpfDhbmuwWzx8gywpn
kNqwBLyqiSpBE6M3niXcRNKMtwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFA+oYCCa
DhkWPKQTmCasQrcug6ZeMB8GA1UdIwQYMBaAFNkA3fJKJ2Ir+WQ3V+28r/ruMhw3
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDNzc3My9BRDMyMjM3Q0Ey
RTgxMUU5QkFFNzhENDdDNEY5QUUwMi8yUURkOGtvbllpdjVaRGRYN2J5di11NHlI
RGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzJRRGQ4a29uWWl2NVpEZFg3Ynl2LXU0eUhEYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Qzc3NzMvQUQzMjIzN0NBMkU4MTFFOUJBRTc4RDQ3QzRGOUFFMDIvOUQ1NjQwNDQ0
QjE1MTFFRTg1RDAyRTVBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnjQIwDwQCAAIwCQMHACABDfDigDANBgkqhkiG9w0BAQsF
AAOCAQEAgBW/wb0YzuxEx9Ea5QubYiX5IzFKFCv9o/4PRWRStSaItNmCfBGdYqxx
tORV1rzSqVP4BX/1kD1iLKIA4RCfAK1b6ZomjnXfHBG6K4sKt8kskSjdJsU0xchw
o+nc0Mv3UlthrbPi7kS4n+z51HxI2nFIEjmoh38LQSSuOI9AQsX2Fe7kRuao6ZIj
gDns044MflnMyZXqzZ0/UQgj8ADDnYauuWnWSCSdVjpDe2ceo9JPpl9SLqMHJV5O
sXWJUkF0hoI2N+64e6g6dbAkf7d4JIIJ8huhT73Vthe759fmAI0aoVOlcmZcCkmS
escp9YFmuVwME467k6iRTCilLil99A==
-----END CERTIFICATE-----
Generated at Tue Sep 5 19:36:42 2023 by rpki-client on console-fra.rpki-client.org