Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/25BD0696C8E411EF980B4F83C4F9AE02.roa
File: 25BD0696C8E411EF980B4F83C4F9AE02.roa (raw, json)
Hash identifier: 07Z5QYQxu6wnQQcvBaKyzO7BAdMc96k+Xsfh/ChR3xI=
Subject key identifier: 88:9D:F2:BF:DA:6E:BE:C7:29:AC:36:09:48:5A:06:77:D8:A2:9D:C5
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: A155
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/25BD0696C8E411EF980B4F83C4F9AE02.roa
Signing time: Thu 02 Jan 2025 08:32:48 +0000
ROA not before: Thu 02 Jan 2025 08:32:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 43.225.0.0/22 maxlen: 24
43.231.116.0/22 maxlen: 24
45.114.156.0/22 maxlen: 24
45.121.108.0/22 maxlen: 24
103.14.196.0/22 maxlen: 24
103.16.140.0/22 maxlen: 24
103.27.168.0/24 maxlen: 24
103.27.170.0/23 maxlen: 23
103.41.28.0/22 maxlen: 24
103.47.152.0/24 maxlen: 24
103.51.92.0/22 maxlen: 24
103.52.48.0/22 maxlen: 24
103.54.96.0/22 maxlen: 24
103.55.84.0/22 maxlen: 24
103.74.136.0/22 maxlen: 24
103.82.144.0/22 maxlen: 24
103.86.20.0/22 maxlen: 24
103.88.124.0/22 maxlen: 24
103.108.76.0/22 maxlen: 24
103.111.128.0/22 maxlen: 24
103.118.8.0/22 maxlen: 24
103.124.38.0/23 maxlen: 24
103.129.192.0/23 maxlen: 24
103.142.64.0/23 maxlen: 24
103.155.194.0/23 maxlen: 24
103.171.236.0/23 maxlen: 24
103.173.14.0/23 maxlen: 24
103.173.41.0/24 maxlen: 24
103.180.216.0/23 maxlen: 24
103.192.72.0/22 maxlen: 24
103.195.196.0/22 maxlen: 24
103.200.48.0/22 maxlen: 24
103.206.64.0/22 maxlen: 24
103.212.132.0/22 maxlen: 24
103.226.224.0/22 maxlen: 24
103.228.172.0/24 maxlen: 24
103.228.173.0/24 maxlen: 24
103.228.174.0/24 maxlen: 24
103.228.175.0/24 maxlen: 24
139.5.96.0/22 maxlen: 24
203.191.56.0/22 maxlen: 24
2400:d180:66::/48 maxlen: 48
2400:d180:67::/48 maxlen: 48
2400:d180:68::/48 maxlen: 48
2400:d180:69::/48 maxlen: 48
2400:d180:70::/48 maxlen: 48
2400:d180:71::/48 maxlen: 48
Validation: Failed, certificate revoked on Thu 02 Jan 2025 08:45:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 41301 (0xa155)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Jan 2 08:32:48 2025 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=67764f30-eac2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:c7:24:be:8a:7f:aa:74:3a:3b:47:13:54:9c:
75:c5:9d:5a:44:c5:b6:1c:39:00:b1:a5:15:c5:e6:
44:c7:ee:55:7a:46:4c:49:e5:ad:cc:00:5d:86:1c:
00:6a:e9:3d:a3:85:55:a6:fd:49:37:b1:f5:e9:95:
25:5d:18:58:e1:54:bf:4e:d7:c1:7f:44:9d:bf:eb:
85:13:1e:c4:12:85:5c:9a:a3:98:65:ba:72:d1:ac:
d6:c8:c1:d1:2b:ce:a7:8b:ad:94:02:02:97:e5:0b:
3b:d6:64:77:b1:ce:5b:26:23:38:e2:13:cb:0a:fa:
2a:55:fc:da:52:27:0b:30:97:a4:9d:cc:f1:07:f1:
02:94:41:4b:b0:c8:38:d9:0a:c3:8a:2c:be:71:e0:
f5:19:67:b5:8e:c4:38:69:81:8a:d0:12:0f:02:85:
41:d1:94:1f:6a:a1:d1:0b:8a:10:d5:9e:02:03:0a:
1c:92:4b:38:d6:fd:10:bb:25:45:c7:fe:b0:e0:be:
bf:44:43:8d:d9:33:0c:a9:00:fa:de:4e:76:58:f4:
f3:15:9b:da:ca:b0:ae:33:11:1c:b8:b2:a8:a2:e4:
43:77:ef:17:28:c1:f4:ba:bc:93:0e:a3:55:36:ad:
f1:9b:63:7c:8b:32:f8:b5:39:7b:32:ce:2f:cb:b5:
9b:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:9D:F2:BF:DA:6E:BE:C7:29:AC:36:09:48:5A:06:77:D8:A2:9D:C5
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/25BD0696C8E411EF980B4F83C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.225.0.0/22
43.231.116.0/22
45.114.156.0/22
45.121.108.0/22
103.14.196.0/22
103.16.140.0/22
103.27.168.0/24
103.27.170.0/23
103.41.28.0/22
103.47.152.0/24
103.51.92.0/22
103.52.48.0/22
103.54.96.0/22
103.55.84.0/22
103.74.136.0/22
103.82.144.0/22
103.86.20.0/22
103.88.124.0/22
103.108.76.0/22
103.111.128.0/22
103.118.8.0/22
103.124.38.0/23
103.129.192.0/23
103.142.64.0/23
103.155.194.0/23
103.171.236.0/23
103.173.14.0/23
103.173.41.0/24
103.180.216.0/23
103.192.72.0/22
103.195.196.0/22
103.200.48.0/22
103.206.64.0/22
103.212.132.0/22
103.226.224.0/22
103.228.172.0/22
139.5.96.0/22
203.191.56.0/22
IPv6:
2400:d180:66::-2400:d180:69:ffff:ffff:ffff:ffff:ffff
2400:d180:70::/47
Signature Algorithm: sha256WithRSAEncryption
b1:51:f1:76:9d:f9:4d:bb:2c:4e:b6:18:71:75:d3:62:ed:95:
3d:00:d3:45:dc:60:d8:a5:82:a8:d1:2f:6c:e2:9c:62:40:5a:
2a:88:48:47:c8:d1:69:14:e1:20:4b:a9:90:b6:8d:fc:b7:d2:
64:c8:da:41:92:c2:f4:c3:f8:d1:6a:f9:7a:5f:6a:66:4f:4f:
92:62:67:96:37:6c:33:89:be:53:ed:55:00:68:0e:c6:3c:22:
f9:09:30:d6:18:dd:b6:3e:62:e3:da:e7:37:96:2b:50:9f:f3:
12:26:2f:95:7d:9b:e9:46:99:0d:7d:6d:e7:bc:fc:a2:2e:60:
02:51:43:4b:fd:34:a1:20:df:06:22:0a:95:c7:8f:df:72:24:
f5:c0:05:a8:47:d6:b7:77:fe:72:cb:58:9f:e4:73:56:80:92:
cc:0e:f7:4a:3c:cd:a7:73:11:5f:1b:03:a5:45:df:7d:66:91:
b6:01:9e:a8:70:df:8d:db:77:c1:6c:03:1c:9d:c7:f8:34:b7:
1a:8d:34:9a:c8:7b:33:dd:5d:85:d6:a0:6b:2e:2e:4b:3a:0a:
40:9c:43:6d:95:55:16:a6:02:e5:a6:40:e7:63:a5:2f:7e:fb:
5a:66:2a:a8:99:d9:3d:11:9e:54:99:7a:a6:77:a3:01:22:8a:
29:09:54:ed
-----BEGIN CERTIFICATE-----
MIIGfTCCBWWgAwIBAgIDAKFVMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDEwMjA4MzI0OFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjc3NjRmMzAtZWFjMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKLHJL6Kf6p0OjtHE1ScdcWdWkTFthw5ALGlFcXmRMfuVXpGTEnlrcwAXYYc
AGrpPaOFVab9STex9emVJV0YWOFUv07XwX9Enb/rhRMexBKFXJqjmGW6ctGs1sjB
0SvOp4utlAICl+ULO9Zkd7HOWyYjOOITywr6KlX82lInCzCXpJ3M8QfxApRBS7DI
ONkKw4osvnHg9RlntY7EOGmBitASDwKFQdGUH2qh0QuKENWeAgMKHJJLONb9ELsl
Rcf+sOC+v0RDjdkzDKkA+t5Odlj08xWb2sqwrjMRHLiyqKLkQ3fvFyjB9Lq8kw6j
VTat8ZtjfIsy+LU5ezLOL8u1m+MCAwEAAaOCA6AwggOcMB0GA1UdDgQWBBSInfK/
2m6+xymsNglIWgZ32KKdxTAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzI1QkQwNjk2
QzhFNDExRUY5ODBCNEY4M0M0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIIBKAYIKwYBBQUHAQcB
Af8EggEXMIIBEzCB6wQCAAEwgeQDBAIr4QADBAIr53QDBAItcpwDBAIteWwDBAJn
DsQDBAJnEIwDBABnG6gDBAFnG6oDBAJnKRwDBABnL5gDBAJnM1wDBAJnNDADBAJn
NmADBAJnN1QDBAJnSogDBAJnUpADBAJnVhQDBAJnWHwDBAJnbEwDBAJnb4ADBAJn
dggDBAFnfCYDBAFngcADBAFnjkADBAFnm8IDBAFnq+wDBAFnrQ4DBABnrSkDBAFn
tNgDBAJnwEgDBAJnw8QDBAJnyDADBAJnzkADBAJn1IQDBAJn4uADBAJn5KwDBAKL
BWADBALLvzgwIwQCAAIwHTASAwcBJADRgABmAwcBJADRgABoAwcBJADRgABwMA0G
CSqGSIb3DQEBCwUAA4IBAQCxUfF2nflNuyxOthhxddNi7ZU9ANNF3GDYpYKo0S9s
4pxiQFoqiEhHyNFpFOEgS6mQto38t9JkyNpBksL0w/jRavl6X2pmT0+SYmeWN2wz
ib5T7VUAaA7GPCL5CTDWGN22PmLj2uc3litQn/MSJi+VfZvpRpkNfW3nvPyiLmAC
UUNL/TShIN8GIgqVx4/fciT1wAWoR9a3d/5yy1if5HNWgJLMDvdKPM2ncxFfGwOl
Rd99ZpG2AZ6ocN+N23fBbAMcncf4NLcajTSayHsz3V2F1qBrLi5LOgpAnENtlVUW
pgLlpkDnY6UvfvtaZiqomdk9EZ5UmXqmd6MBIoopCVTt
-----END CERTIFICATE-----
Generated at Fri May 16 17:49:53 2025 by rpki-client