Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/E60B6DA6DFCE11EFBC4CD631C4F9AE02.roa
File: E60B6DA6DFCE11EFBC4CD631C4F9AE02.roa (raw, json)
Hash identifier: Cd+8XL7TQDobjKUjLzoluFMatNvyOHYpULa03Dd/JsA=
Subject key identifier: 09:B5:07:0A:A5:ED:3E:78:83:46:10:3B:DB:C2:A1:D8:84:9D:6E:CC
Certificate issuer: /CN=A9157DA0/serialNumber=8887CF6CF5102F0FB713F4C4A1BDE389481F1C44
Certificate serial: 3462
Authority key identifier: 88:87:CF:6C:F5:10:2F:0F:B7:13:F4:C4:A1:BD:E3:89:48:1F:1C:44
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iIfPbPUQLw-3E_TEob3jiUgfHEQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/E60B6DA6DFCE11EFBC4CD631C4F9AE02.roa
Signing time: Fri 21 Feb 2025 22:35:51 +0000
ROA not before: Fri 21 Feb 2025 22:35:51 +0000
ROA not after: Wed 30 Jul 2025 00:00:00 +0000
asID: 58524
IP address blocks: 43.248.158.0/23 maxlen: 23
119.252.122.0/24 maxlen: 24
119.252.126.0/23 maxlen: 23
2407:4800:c000::/36 maxlen: 36
Validation: Failed, certificate revoked on Mon 24 Feb 2025 09:15:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13410 (0x3462)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9157DA0, serialNumber=8887CF6CF5102F0FB713F4C4A1BDE389481F1C44
Validity
Not Before: Feb 21 22:35:51 2025 GMT
Not After : Jul 30 00:00:00 2025 GMT
Subject: CN=67b8ffc7-84d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:86:b4:5e:28:88:b7:a1:08:46:47:84:16:aa:
c8:88:70:33:43:a9:09:31:47:73:bd:83:c7:c2:7b:
f4:6a:6e:74:5e:1f:ce:49:53:5e:83:08:ae:fc:b3:
9f:82:b8:d0:fa:d5:08:50:db:3e:9c:09:6f:fc:8f:
22:df:9e:c7:96:4d:72:eb:ef:8d:1a:9c:a8:32:e2:
64:22:6d:6a:b7:2c:dc:58:8c:5d:82:b8:c9:45:bd:
d1:c6:f1:1f:9a:7e:28:fd:c0:a0:0d:13:1f:da:9c:
bb:a2:39:6d:29:9e:68:b5:2c:d3:c3:02:55:3b:c3:
bd:ae:48:e8:6d:06:97:da:17:c8:0f:bf:ef:e4:49:
46:8c:8b:15:b4:6d:2a:99:2c:0e:ca:fb:12:ee:9e:
7c:00:70:cb:48:86:c2:f9:b2:06:bc:ed:f7:c3:c6:
70:eb:19:ad:12:46:e0:d0:53:f6:37:a7:c5:82:a3:
56:65:c6:3c:eb:df:00:2c:3e:cd:ef:91:0a:97:3e:
84:36:11:49:a8:28:3b:d3:f4:87:e1:6e:c9:b8:9c:
f9:46:1f:7b:14:68:c3:c5:56:ea:26:cd:6b:6e:1d:
ff:8c:c1:1f:ae:68:10:63:00:11:1b:fb:a5:dd:7c:
dc:7c:7d:17:d7:38:03:47:49:55:86:0d:c2:08:a1:
21:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:B5:07:0A:A5:ED:3E:78:83:46:10:3B:DB:C2:A1:D8:84:9D:6E:CC
X509v3 Authority Key Identifier:
keyid:88:87:CF:6C:F5:10:2F:0F:B7:13:F4:C4:A1:BD:E3:89:48:1F:1C:44
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/iIfPbPUQLw-3E_TEob3jiUgfHEQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iIfPbPUQLw-3E_TEob3jiUgfHEQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/E60B6DA6DFCE11EFBC4CD631C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.248.158.0/23
119.252.122.0/24
119.252.126.0/23
IPv6:
2407:4800:c000::/36
Signature Algorithm: sha256WithRSAEncryption
11:29:3c:4f:59:dd:26:02:ed:fb:51:49:69:18:e8:9a:b2:c5:
b4:a5:0a:a0:8d:f0:ab:77:ff:b7:a8:1d:1a:4a:75:ac:2b:e4:
c2:09:1b:d1:fc:3d:4b:e5:7a:da:7c:9f:5a:26:37:ea:66:7d:
e4:0f:dc:c6:ab:53:9c:0b:5b:f3:a5:ec:dd:31:e6:17:26:90:
17:05:92:ee:f2:30:2b:12:2c:51:d2:c9:42:4c:61:27:ca:0b:
f3:76:21:e5:3a:5d:a3:1e:d3:bd:a0:df:fa:14:5d:47:68:77:
81:b0:5d:7b:53:70:20:17:7e:7d:32:ae:11:e5:37:6b:9b:ad:
c6:9d:c5:b8:83:83:49:8f:0d:8e:5a:fe:44:83:b7:33:1c:a9:
eb:3f:da:4d:71:09:ae:6f:51:38:39:ea:da:92:ff:3a:f4:ae:
ef:b1:2e:2e:a9:1d:17:f9:4e:f5:e7:6e:e3:de:60:e4:5a:2c:
a8:6d:12:a0:9c:37:50:04:b6:7c:44:c3:02:96:36:0e:38:66:
84:33:b4:28:0d:83:07:9e:cc:25:ce:b5:49:55:05:c9:cf:0b:
24:ce:21:8a:f2:32:ab:2d:fb:33:63:d1:5a:a7:08:1a:16:73:
2c:6e:18:15:53:70:0e:51:e5:41:56:9f:f7:ed:97:4c:d3:e8:
38:7c:e3:60
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgICNGIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdEQTAxMTAvBgNVBAUTKDg4ODdDRjZDRjUxMDJGMEZCNzEzRjRDNEExQkRFMzg5
NDgxRjFDNDQwHhcNMjUwMjIxMjIzNTUxWhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2I4ZmZjNy04NGQ3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApoa0XiiIt6EIRkeEFqrIiHAzQ6kJMUdzvYPHwnv0am50Xh/OSVNegwiu/LOf
grjQ+tUIUNs+nAlv/I8i357Hlk1y6++NGpyoMuJkIm1qtyzcWIxdgrjJRb3RxvEf
mn4o/cCgDRMf2py7ojltKZ5otSzTwwJVO8O9rkjobQaX2hfID7/v5ElGjIsVtG0q
mSwOyvsS7p58AHDLSIbC+bIGvO33w8Zw6xmtEkbg0FP2N6fFgqNWZcY8698ALD7N
75EKlz6ENhFJqCg70/SH4W7JuJz5Rh97FGjDxVbqJs1rbh3/jMEfrmgQYwARG/ul
3XzcfH0X1zgDR0lVhg3CCKEhVQIDAQABo4ICsTCCAq0wHQYDVR0OBBYEFAm1Bwql
7T54g0YQO9vCodiEnW7MMB8GA1UdIwQYMBaAFIiHz2z1EC8PtxP0xKG944lIHxxE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0RBMC8zQTBEOTMxMDFE
OEMxMUUyOEVGRjU3RTcwOEIwMkNEMi9pSWZQYlBVUUx3LTNFX1RFb2IzamlVZ2ZI
RVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2lJZlBiUFVRTHctM0VfVEVvYjNqaVVnZkhFUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdEQTAvM0EwRDkzMTAxRDhDMTFFMjhFRkY1N0U3MDhCMDJDRDIvRTYwQjZEQTZE
RkNFMTFFRkJDNENENjMxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOwYIKwYBBQUHAQcBAf8E
LDAqMBgEAgABMBIDBAEr+J4DBAB3/HoDBAF3/H4wDgQCAAIwCAMGBCQHSADAMA0G
CSqGSIb3DQEBCwUAA4IBAQARKTxPWd0mAu37UUlpGOiassW0pQqgjfCrd/+3qB0a
SnWsK+TCCRvR/D1L5XrafJ9aJjfqZn3kD9zGq1OcC1vzpezdMeYXJpAXBZLu8jAr
EixR0slCTGEnygvzdiHlOl2jHtO9oN/6FF1HaHeBsF17U3AgF359Mq4R5Tdrm63G
ncW4g4NJjw2OWv5Eg7czHKnrP9pNcQmub1E4Oerakv869K7vsS4uqR0X+U71527j
3mDkWiyobRKgnDdQBLZ8RMMCljYOOGaEM7QoDYMHnswlzrVJVQXJzwskziGK8jKr
LfszY9FapwgaFnMsbhgVU3AOUeVBVp/37ZdM0+g4fONg
-----END CERTIFICATE-----
Generated at Mon May 12 09:47:13 2025 by rpki-client