Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/D00342A0D30711EF96EE2B61C4F9AE02.roa
File: D00342A0D30711EF96EE2B61C4F9AE02.roa (raw, json)
Hash identifier: cHiUnzeO9ejT/ZNkC/NJOn35bxybiJ/Xw0ki2XXZP3Q=
Subject key identifier: C4:9A:BA:15:42:BE:93:18:55:87:B5:38:8F:A6:9E:6F:E3:C8:66:B5
Certificate issuer: /CN=A91E6134/serialNumber=9A73F1A919FBF46C872E38805B1650B5F88276D3
Certificate serial: 0D62
Authority key identifier: 9A:73:F1:A9:19:FB:F4:6C:87:2E:38:80:5B:16:50:B5:F8:82:76:D3
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/mnPxqRn79GyHLjiAWxZQtfiCdtM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/D00342A0D30711EF96EE2B61C4F9AE02.roa
Signing time: Wed 15 Jan 2025 06:13:18 +0000
ROA not before: Wed 15 Jan 2025 06:13:18 +0000
ROA not after: Wed 30 Jul 2025 00:00:00 +0000
asID: 138241
IP address blocks: 139.190.8.0/24 maxlen: 24
139.190.9.0/24 maxlen: 24
139.190.13.0/24 maxlen: 24
139.190.15.0/24 maxlen: 24
139.190.17.0/24 maxlen: 24
139.190.19.0/24 maxlen: 24
139.190.20.0/24 maxlen: 24
139.190.21.0/24 maxlen: 24
139.190.22.0/24 maxlen: 24
139.190.23.0/24 maxlen: 24
139.190.24.0/24 maxlen: 24
139.190.25.0/24 maxlen: 24
139.190.26.0/24 maxlen: 24
139.190.27.0/24 maxlen: 24
139.190.29.0/24 maxlen: 24
139.190.30.0/24 maxlen: 24
139.190.31.0/24 maxlen: 24
139.190.32.0/21 maxlen: 24
139.190.40.0/21 maxlen: 24
139.190.48.0/21 maxlen: 24
139.190.56.0/21 maxlen: 24
139.190.68.0/22 maxlen: 24
139.190.88.0/21 maxlen: 21
139.190.124.0/22 maxlen: 24
139.190.239.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 17 Jan 2025 12:30:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3426 (0xd62)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E6134
Validity
Not Before: Jan 15 06:13:18 2025 GMT
Not After : Jul 30 00:00:00 2025 GMT
Subject: CN=678751fe-95d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:8e:84:4c:05:68:99:41:7e:64:e1:a8:fe:5f:
53:d7:5f:50:17:30:4f:a2:eb:59:cd:5c:d2:83:ed:
3f:22:2e:c1:70:fc:37:28:46:48:37:65:3a:ce:e6:
ea:5a:d3:cd:08:39:72:9b:b2:8d:b9:00:bc:95:53:
2a:d2:01:f6:a1:fb:08:e9:1b:71:0e:51:15:86:6b:
29:5f:b6:c1:14:bb:8a:ae:f2:ca:80:8f:cc:76:e7:
bf:4d:00:46:9a:de:fe:33:eb:47:ee:3c:f4:fb:cf:
df:83:0d:8b:76:f6:f2:1e:fc:2e:79:67:ea:65:ed:
e1:3c:4a:22:16:09:db:12:29:e6:77:ac:c5:bf:b1:
08:61:82:dd:b6:52:f0:a3:21:32:0f:3d:51:09:90:
44:b2:e2:4f:45:14:d7:7f:df:e5:30:28:7b:89:a7:
7e:94:dd:59:0f:21:1e:e0:1d:3e:2d:d0:47:d1:95:
eb:6f:89:ec:2e:af:cf:f2:3d:90:b4:36:3b:11:fb:
a2:8a:9f:53:6e:5b:dd:14:19:33:e8:27:94:18:70:
e0:4f:36:90:9b:45:7c:da:05:e1:79:49:c7:7d:cc:
06:d7:7c:9b:70:b5:e1:46:fc:a7:a1:9e:d7:c8:17:
09:b6:dc:1a:54:ec:22:60:ed:2a:e6:f5:ec:11:15:
80:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:9A:BA:15:42:BE:93:18:55:87:B5:38:8F:A6:9E:6F:E3:C8:66:B5
X509v3 Authority Key Identifier:
keyid:9A:73:F1:A9:19:FB:F4:6C:87:2E:38:80:5B:16:50:B5:F8:82:76:D3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/mnPxqRn79GyHLjiAWxZQtfiCdtM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/mnPxqRn79GyHLjiAWxZQtfiCdtM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/D00342A0D30711EF96EE2B61C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
139.190.8.0/23
139.190.13.0/24
139.190.15.0/24
139.190.17.0/24
139.190.19.0-139.190.27.255
139.190.29.0-139.190.63.255
139.190.68.0/22
139.190.88.0/21
139.190.124.0/22
139.190.239.0/24
Signature Algorithm: sha256WithRSAEncryption
ca:ee:1c:24:ce:09:7e:d8:25:3b:bd:64:4f:a3:8f:01:91:62:
72:07:aa:ac:75:74:64:0d:aa:90:e0:e5:93:11:b9:0e:ff:9a:
d5:c8:ef:4a:fd:05:43:3a:41:bd:1d:e2:bb:cb:18:a6:e8:f1:
84:fd:5f:7c:be:4a:fa:9c:e8:b3:43:2d:95:39:6f:9e:42:1d:
cd:ab:22:f6:61:35:fc:83:73:91:3b:87:e4:1e:25:55:14:1f:
9c:5b:8c:37:94:a4:bb:18:45:16:72:9d:cc:be:7d:4c:2d:d5:
0d:d9:3f:14:ee:74:a7:b5:89:d6:c7:7e:80:8f:2e:b9:15:38:
09:90:6e:cd:af:8b:cd:61:c1:98:79:07:ee:d0:4f:a8:64:d8:
f9:dc:ee:81:80:04:13:24:04:23:73:91:04:32:46:a5:59:f6:
52:93:ec:d4:14:f8:11:b4:a9:fb:c8:ed:f4:fd:1c:f3:b5:ac:
9f:e9:9d:b9:70:7d:23:fa:38:b2:ff:93:3f:b0:de:fb:66:1b:
66:38:fd:fa:c4:da:b2:a7:03:0c:10:01:47:2b:7f:4e:0f:78:
20:36:1e:19:16:95:15:5e:59:5b:eb:bd:29:4b:0d:dd:4b:53:
00:5c:21:f1:7e:4d:d9:0e:a1:63:07:3e:62:ed:ac:be:5f:cb:
88:c2:9b:44
-----BEGIN CERTIFICATE-----
MIIFtzCCBJ+gAwIBAgICDWIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTYxMzQxMTAvBgNVBAUTKDlBNzNGMUE5MTlGQkY0NkM4NzJFMzg4MDVCMTY1MEI1
Rjg4Mjc2RDMwHhcNMjUwMTE1MDYxMzE4WhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Nzg3NTFmZS05NWQ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAv46ETAVomUF+ZOGo/l9T119QFzBPoutZzVzSg+0/Ii7BcPw3KEZIN2U6zubq
WtPNCDlym7KNuQC8lVMq0gH2ofsI6RtxDlEVhmspX7bBFLuKrvLKgI/Mdue/TQBG
mt7+M+tH7jz0+8/fgw2LdvbyHvwueWfqZe3hPEoiFgnbEinmd6zFv7EIYYLdtlLw
oyEyDz1RCZBEsuJPRRTXf9/lMCh7iad+lN1ZDyEe4B0+LdBH0ZXrb4nsLq/P8j2Q
tDY7Efuiip9TblvdFBkz6CeUGHDgTzaQm0V82gXheUnHfcwG13ybcLXhRvynoZ7X
yBcJttwaVOwiYO0q5vXsERWAXwIDAQABo4IC2zCCAtcwHQYDVR0OBBYEFMSauhVC
vpMYVYe1OI+mnm/jyGa1MB8GA1UdIwQYMBaAFJpz8akZ+/Rshy44gFsWULX4gnbT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNjEzNC81N0IzRTBCQ0My
QTgxMUVBQTc5MThBMkVDNEY5QUUwMi9tblB4cVJuNzlHeUhMamlBV3haUXRmaUNk
dE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL21uUHhxUm43OUd5SExqaUFXeFpRdGZpQ2R0TS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTYxMzQvNTdCM0UwQkNDMkE4MTFFQUE3OTE4QTJFQzRGOUFFMDIvRDAwMzQyQTBE
MzA3MTFFRjk2RUUyQjYxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwZQYIKwYBBQUHAQcBAf8E
VjBUMFIEAgABMEwDBAGLvggDBACLvg0DBACLvg8DBACLvhEwDAMEAIu+EwMEAou+
GDAMAwQAi74dAwQGi74AAwQCi75EAwQDi75YAwQCi758AwQAi77vMA0GCSqGSIb3
DQEBCwUAA4IBAQDK7hwkzgl+2CU7vWRPo48BkWJyB6qsdXRkDaqQ4OWTEbkO/5rV
yO9K/QVDOkG9HeK7yxim6PGE/V98vkr6nOizQy2VOW+eQh3NqyL2YTX8g3ORO4fk
HiVVFB+cW4w3lKS7GEUWcp3Mvn1MLdUN2T8U7nSntYnWx36Ajy65FTgJkG7Nr4vN
YcGYeQfu0E+oZNj53O6BgAQTJAQjc5EEMkalWfZSk+zUFPgRtKn7yO30/Rzztayf
6Z25cH0j+jiy/5M/sN77ZhtmOP36xNqypwMMEAFHK39OD3ggNh4ZFpUVXllb670p
Sw3dS1MAXCHxfk3ZDqFjBz5i7ay+X8uIwptE
-----END CERTIFICATE-----
Generated at Wed Feb 19 20:41:40 2025 by rpki-client