Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91D3F8E/6C4089BA216C11EEB28BF24CC4F9AE02/CBC33A8C681411EF8CF13969C4F9AE02.roa
File: CBC33A8C681411EF8CF13969C4F9AE02.roa (raw, json)
Hash identifier: hdrdmsDBcrluf18GIAPnCmJ+TO4DQV9UsGHM2GA7vSw=
Subject key identifier: 3B:AC:5D:A6:25:A5:FE:BF:60:21:E5:06:A9:AA:58:AC:76:CE:59:AC
Certificate issuer: /CN=A91D3F8E/serialNumber=D40051BC8DDA60C932EE07769AB867BEFA8D42F6
Certificate serial: 0109
Authority key identifier: D4:00:51:BC:8D:DA:60:C9:32:EE:07:76:9A:B8:67:BE:FA:8D:42:F6
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1ABRvI3aYMky7gd2mrhnvvqNQvY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91D3F8E/6C4089BA216C11EEB28BF24CC4F9AE02/CBC33A8C681411EF8CF13969C4F9AE02.roa
Signing time: Sun 01 Sep 2024 03:47:51 +0000
ROA not before: Sun 01 Sep 2024 03:47:51 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 150774
IP address blocks: 103.238.114.0/24 maxlen: 24
103.238.115.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 31 Oct 2024 19:11:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 265 (0x109)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91D3F8E/serialNumber=D40051BC8DDA60C932EE07769AB867BEFA8D42F6
Validity
Not Before: Sep 1 03:47:51 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=66d3e3e7-e01e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:eb:69:c0:13:90:ea:a0:15:fd:a7:81:d3:f8:
ab:e0:4c:b2:c0:41:2e:55:c4:0c:5f:57:77:3b:b6:
b5:0f:15:1f:54:3c:e9:0d:97:4f:17:4f:98:43:9d:
05:df:d5:0a:a5:c0:4f:af:f0:1e:f0:fc:26:45:ba:
92:f6:de:a8:af:48:31:59:e5:53:3e:f5:83:f9:9e:
5e:86:4f:d3:8c:db:9c:c6:02:1b:d5:f0:97:bb:7c:
8e:d8:43:48:7d:37:1b:66:2b:81:2d:39:0a:e2:02:
4a:fa:16:b1:89:87:d1:72:f2:70:fe:5e:de:50:3d:
45:52:3a:48:23:d3:c2:04:76:ba:f4:9f:fa:c9:4c:
09:d8:e4:69:87:6a:90:4d:01:e8:46:83:c2:75:5e:
54:8d:3d:a1:f1:0c:c9:5f:16:ab:aa:f7:1b:0f:4f:
ec:8c:74:eb:86:3a:f2:da:a8:3c:71:57:a5:30:45:
14:e8:88:29:02:9a:4c:3d:25:14:41:75:7f:5e:7e:
44:60:fe:55:65:5c:2a:af:44:14:ae:63:cf:8f:55:
a7:bf:99:7c:4e:ea:af:24:07:3b:26:26:95:12:43:
62:5b:5a:1a:39:33:60:0b:26:3a:81:f2:1f:7e:c9:
86:88:64:8c:01:f7:ca:04:d3:81:42:4a:01:f3:a4:
ed:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:AC:5D:A6:25:A5:FE:BF:60:21:E5:06:A9:AA:58:AC:76:CE:59:AC
X509v3 Authority Key Identifier:
keyid:D4:00:51:BC:8D:DA:60:C9:32:EE:07:76:9A:B8:67:BE:FA:8D:42:F6
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91D3F8E/6C4089BA216C11EEB28BF24CC4F9AE02/1ABRvI3aYMky7gd2mrhnvvqNQvY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1ABRvI3aYMky7gd2mrhnvvqNQvY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D3F8E/6C4089BA216C11EEB28BF24CC4F9AE02/CBC33A8C681411EF8CF13969C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.238.114.0/23
Signature Algorithm: sha256WithRSAEncryption
77:dc:40:bb:c6:13:da:8b:b4:96:ce:21:53:f2:2d:0e:8d:75:
31:02:3b:91:26:f4:b6:9a:ad:c6:23:57:22:10:49:8f:c7:c3:
9c:f0:ee:5a:c4:40:b5:9d:7e:f2:76:60:8b:db:79:93:e8:9f:
a6:f6:96:bd:34:47:50:6a:d5:7d:23:71:71:89:11:f8:f4:39:
96:d1:e0:03:7a:94:c9:aa:b6:f8:b3:08:76:47:1d:e3:39:af:
c9:79:76:8e:a1:85:45:80:65:2d:7c:7e:6b:7b:a7:5b:54:5f:
8d:29:1e:fc:c1:25:02:ad:06:3a:97:ff:ff:17:a1:15:17:51:
0f:c0:68:54:63:1d:d3:e0:81:ef:dc:28:84:b3:3e:9d:ad:7c:
c3:9a:cb:00:3f:2e:24:82:d7:42:e1:91:07:d4:67:5c:60:4b:
49:9a:f0:e3:7f:06:ca:0b:7a:6f:1a:b5:8a:24:20:54:51:a3:
a8:63:d0:2a:1d:a9:ee:04:c9:d1:b0:d6:63:91:ea:77:d3:b5:
83:c6:16:ee:21:9d:b5:e7:7c:8c:7d:f4:21:08:c7:83:ce:e9:
a3:2f:48:04:ae:6e:37:69:18:ec:07:78:61:d7:a4:08:2b:95:
73:17:9d:cc:6c:bc:ee:60:d8:f2:94:13:41:e2:89:0a:70:49:
15:2f:49:b7
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAQkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDNGOEUxMTAvBgNVBAUTKEQ0MDA1MUJDOEREQTYwQzkzMkVFMDc3NjlBQjg2N0JF
RkE4RDQyRjYwHhcNMjQwOTAxMDM0NzUxWhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmQzZTNlNy1lMDFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuutpwBOQ6qAV/aeB0/ir4EyywEEuVcQMX1d3O7a1DxUfVDzpDZdPF0+YQ50F
39UKpcBPr/Ae8PwmRbqS9t6or0gxWeVTPvWD+Z5ehk/TjNucxgIb1fCXu3yO2ENI
fTcbZiuBLTkK4gJK+haxiYfRcvJw/l7eUD1FUjpII9PCBHa69J/6yUwJ2ORph2qQ
TQHoRoPCdV5UjT2h8QzJXxarqvcbD0/sjHTrhjry2qg8cVelMEUU6IgpAppMPSUU
QXV/Xn5EYP5VZVwqr0QUrmPPj1Wnv5l8TuqvJAc7JiaVEkNiW1oaOTNgCyY6gfIf
fsmGiGSMAffKBNOBQkoB86Tt/QIDAQABo4IClTCCApEwHQYDVR0OBBYEFDusXaYl
pf6/YCHlBqmqWKx2zlmsMB8GA1UdIwQYMBaAFNQAUbyN2mDJMu4Hdpq4Z776jUL2
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEM0Y4RS82QzQwODlCQTIx
NkMxMUVFQjI4QkYyNENDNEY5QUUwMi8xQUJSdkkzYVlNa3k3Z2QybXJobnZ2cU5R
dlkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzFBQlJ2STNhWU1reTdnZDJtcmhudnZxTlF2WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDNGOEUvNkM0MDg5QkEyMTZDMTFFRUIyOEJGMjRDQzRGOUFFMDIvQ0JDMzNBOEM2
ODE0MTFFRjhDRjEzOTY5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFn7nIwDQYJKoZIhvcNAQELBQADggEBAHfcQLvGE9qLtJbO
IVPyLQ6NdTECO5Em9LaarcYjVyIQSY/Hw5zw7lrEQLWdfvJ2YIvbeZPon6b2lr00
R1Bq1X0jcXGJEfj0OZbR4AN6lMmqtvizCHZHHeM5r8l5do6hhUWAZS18fmt7p1tU
X40pHvzBJQKtBjqX//8XoRUXUQ/AaFRjHdPgge/cKISzPp2tfMOaywA/LiSC10Lh
kQfUZ1xgS0ma8ON/BsoLem8atYokIFRRo6hj0Codqe4EydGw1mOR6nfTtYPGFu4h
nbXnfIx99CEIx4PO6aMvSASubjdpGOwHeGHXpAgrlXMXncxsvO5g2PKUE0HiiQpw
SRUvSbc=
-----END CERTIFICATE-----
Generated at Thu Oct 31 20:35:53 2024 by rpki-client on console-fra.rpki-client.org