Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91FA9BC/BE2CEFF0B3AA11EDAF31623FC4F9AE02/4014542AED7D11ED8302706AC4F9AE02.roa
File: 4014542AED7D11ED8302706AC4F9AE02.roa (raw, json)
Hash identifier: aDXtLVv7Dz8NCrwm7YV5bSnKQ8oyVUDkO22Xz92v28Y=
Subject key identifier: CF:80:F9:C9:98:90:30:EA:54:3C:17:97:35:32:2F:2A:DB:21:E4:AF
Certificate issuer: /CN=A91FA9BC/serialNumber=4ABBD7301CFF7FB4ACB6A04A14F0A36CCE85611C
Certificate serial: 01BD
Authority key identifier: 4A:BB:D7:30:1C:FF:7F:B4:AC:B6:A0:4A:14:F0:A3:6C:CE:85:61:1C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SrvXMBz_f7SstqBKFPCjbM6FYRw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91FA9BC/BE2CEFF0B3AA11EDAF31623FC4F9AE02/4014542AED7D11ED8302706AC4F9AE02.roa
Signing time: Tue 29 Apr 2025 03:39:18 +0000
ROA not before: Tue 29 Apr 2025 03:39:18 +0000
ROA not after: Thu 28 Aug 2025 00:00:00 +0000
asID: 141780
IP address blocks: 103.163.225.0/24 maxlen: 24
103.243.179.0/24 maxlen: 24
2001:df6:3480::/47 maxlen: 47
2001:df6:3480::/48 maxlen: 48
2001:df6:3481::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 06 May 2025 13:12:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 445 (0x1bd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91FA9BC, serialNumber=4ABBD7301CFF7FB4ACB6A04A14F0A36CCE85611C
Validity
Not Before: Apr 29 03:39:18 2025 GMT
Not After : Aug 28 00:00:00 2025 GMT
Subject: CN=681049e6-fd91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:25:44:da:c5:aa:55:6b:9f:0b:f6:b7:e2:23:
c2:5a:d7:0c:d6:a0:be:e3:eb:35:15:77:d4:bb:16:
9d:ac:f2:cf:7e:29:de:2f:24:6e:0d:1d:10:91:48:
20:e8:76:08:5a:4d:47:a7:d3:5c:46:a6:8d:f4:ae:
a4:5e:40:76:c6:35:8c:14:a1:0a:fe:4a:68:1c:dd:
10:d8:a3:4a:70:15:df:ae:63:90:77:37:2b:a3:05:
96:e5:df:d7:4e:a7:34:da:1c:4e:a1:5e:26:aa:23:
7c:a3:fd:fe:ee:af:d8:af:a8:11:c8:33:fd:21:6b:
df:0a:56:6c:f1:6e:3b:9e:ab:83:65:c2:47:49:6f:
29:4b:bb:96:8e:01:9e:aa:7b:01:dd:4e:64:eb:5c:
9f:d7:9a:50:6d:53:16:da:47:bf:3c:d5:ec:f6:36:
d7:f8:09:1e:77:92:6e:f2:dc:13:69:4f:23:41:82:
64:a2:a8:b2:1f:e2:9e:5a:d9:6e:1a:62:8a:4a:d6:
01:42:f5:b4:55:d8:ed:f5:2c:78:9a:a7:6c:36:8e:
c3:dd:54:a2:62:c8:9a:ba:56:93:00:82:ff:ac:ed:
da:7f:7e:1f:0f:dd:cd:c7:22:09:b5:d2:2c:c9:8b:
d2:c2:48:e3:72:c3:ab:9a:2c:98:b8:e5:89:86:c5:
27:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:80:F9:C9:98:90:30:EA:54:3C:17:97:35:32:2F:2A:DB:21:E4:AF
X509v3 Authority Key Identifier:
keyid:4A:BB:D7:30:1C:FF:7F:B4:AC:B6:A0:4A:14:F0:A3:6C:CE:85:61:1C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91FA9BC/BE2CEFF0B3AA11EDAF31623FC4F9AE02/SrvXMBz_f7SstqBKFPCjbM6FYRw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SrvXMBz_f7SstqBKFPCjbM6FYRw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FA9BC/BE2CEFF0B3AA11EDAF31623FC4F9AE02/4014542AED7D11ED8302706AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.163.225.0/24
103.243.179.0/24
IPv6:
2001:df6:3480::/47
Signature Algorithm: sha256WithRSAEncryption
45:2b:b4:7b:6e:ed:2a:30:bc:b7:97:08:09:15:45:2e:a7:e5:
09:e8:3f:b9:d9:6c:17:3a:7c:aa:91:df:d8:77:fd:1e:fc:8b:
3e:5a:e6:19:0f:66:df:9a:9d:9b:4c:90:dd:1c:fc:d3:80:04:
5b:d5:5c:dc:12:ff:d4:2b:ad:e9:01:e6:4d:e0:a4:f2:9b:f8:
7d:cb:39:89:c6:f0:57:64:5e:c7:d7:e5:9f:c1:a9:ef:56:cb:
d6:c0:f8:35:3d:8f:4d:56:82:9d:20:74:b4:71:5c:80:dd:93:
93:ed:d7:67:33:4e:ae:5f:04:33:16:75:ed:5c:0d:7a:5b:a7:
54:dc:41:8b:7d:22:11:2b:ea:74:9c:c0:5f:22:0c:3b:fd:c0:
ad:b4:4a:74:25:b8:a9:62:31:7d:20:f4:20:5f:23:93:b0:98:
c8:5d:ec:0c:86:c5:ca:ea:27:82:4a:d7:24:70:bd:3f:32:10:
e8:44:58:50:34:2b:d9:af:ee:88:b9:a1:c2:66:44:73:12:ff:
50:87:7f:6f:05:49:e8:91:7f:bc:b8:0a:10:97:1f:fe:ff:5d:
30:c2:9d:e6:00:c3:f3:39:dd:97:2f:9f:e9:8d:b4:8d:97:6f:
57:f6:28:6c:38:11:c5:1c:63:a6:fb:fa:3c:c3:a1:0d:ef:9f:
da:bf:48:3d
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICAb0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkE5QkMxMTAvBgNVBAUTKDRBQkJENzMwMUNGRjdGQjRBQ0I2QTA0QTE0RjBBMzZD
Q0U4NTYxMUMwHhcNMjUwNDI5MDMzOTE4WhcNMjUwODI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02ODEwNDllNi1mZDkxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzSVE2sWqVWufC/a34iPCWtcM1qC+4+s1FXfUuxadrPLPfineLyRuDR0QkUgg
6HYIWk1Hp9NcRqaN9K6kXkB2xjWMFKEK/kpoHN0Q2KNKcBXfrmOQdzcrowWW5d/X
Tqc02hxOoV4mqiN8o/3+7q/Yr6gRyDP9IWvfClZs8W47nquDZcJHSW8pS7uWjgGe
qnsB3U5k61yf15pQbVMW2ke/PNXs9jbX+Aked5Ju8twTaU8jQYJkoqiyH+KeWtlu
GmKKStYBQvW0Vdjt9Sx4mqdsNo7D3VSiYsiaulaTAIL/rO3af34fD93NxyIJtdIs
yYvSwkjjcsOrmiyYuOWJhsUnuQIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFM+A+cmY
kDDqVDwXlzUyLyrbIeSvMB8GA1UdIwQYMBaAFEq71zAc/3+0rLagShTwo2zOhWEc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGQTlCQy9CRTJDRUZGMEIz
QUExMUVEQUYzMTYyM0ZDNEY5QUUwMi9TcnZYTUJ6X2Y3U3N0cUJLRlBDamJNNkZZ
UncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1NydlhNQnpfZjdTc3RxQktGUENqYk02RllSdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkE5QkMvQkUyQ0VGRjBCM0FBMTFFREFGMzE2MjNGQzRGOUFFMDIvNDAxNDU0MkFF
RDdEMTFFRDgzMDI3MDZBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBIEAgABMAwDBABno+EDBABn87MwDwQCAAIwCQMHASABDfY0gDANBgkqhkiG
9w0BAQsFAAOCAQEARSu0e27tKjC8t5cICRVFLqflCeg/udlsFzp8qpHf2Hf9HvyL
PlrmGQ9m35qdm0yQ3Rz804AEW9Vc3BL/1Cut6QHmTeCk8pv4fcs5icbwV2Rex9fl
n8Gp71bL1sD4NT2PTVaCnSB0tHFcgN2Tk+3XZzNOrl8EMxZ17VwNelunVNxBi30i
ESvqdJzAXyIMO/3ArbRKdCW4qWIxfSD0IF8jk7CYyF3sDIbFyuongkrXJHC9PzIQ
6ERYUDQr2a/uiLmhwmZEcxL/UId/bwVJ6JF/vLgKEJcf/v9dMMKd5gDD8zndly+f
6Y20jZdvV/YobDgRxRxjpvv6PMOhDe+f2r9IPQ==
-----END CERTIFICATE-----
Generated at Sat May 17 04:49:04 2025 by rpki-client