Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91144C9/842F98940EC911F0A26FF144C4F9AE02/A8D992560ECB11F087F0C36AC4F9AE02.roa
File: A8D992560ECB11F087F0C36AC4F9AE02.roa (raw, json)
Hash identifier: x8QbZJ9ASc7s1NjpwZh6mQVsZQPlLtWjmX30toEFDD8=
Subject key identifier: D2:39:F0:74:D7:E4:A4:A5:59:D6:8F:50:35:0E:B5:BF:10:92:31:34
Certificate issuer: /CN=A91144C9/serialNumber=95745293C88A2726E10A57D58F42CC3169B7C922
Certificate serial: 04
Authority key identifier: 95:74:52:93:C8:8A:27:26:E1:0A:57:D5:8F:42:CC:31:69:B7:C9:22
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lXRSk8iKJybhClfVj0LMMWm3ySI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91144C9/842F98940EC911F0A26FF144C4F9AE02/A8D992560ECB11F087F0C36AC4F9AE02.roa
Signing time: Tue 01 Apr 2025 07:33:52 +0000
ROA not before: Tue 01 Apr 2025 07:33:52 +0000
ROA not after: Wed 30 Jul 2025 00:00:00 +0000
asID: 10099
IP address blocks: 43.252.84.0/22 maxlen: 22
43.252.84.0/24 maxlen: 24
43.252.85.0/24 maxlen: 24
43.252.86.0/24 maxlen: 24
43.252.87.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 01 Apr 2025 07:40:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91144C9, serialNumber=95745293C88A2726E10A57D58F42CC3169B7C922
Validity
Not Before: Apr 1 07:33:52 2025 GMT
Not After : Jul 30 00:00:00 2025 GMT
Subject: CN=67eb96e0-80af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:50:fa:8b:fe:32:d2:d4:52:72:d2:b7:f0:26:
89:54:c9:1b:4a:bf:c6:e5:d3:55:34:d2:87:e8:26:
2d:0b:c1:dd:9c:1a:d7:c1:98:68:ed:f6:fa:4b:26:
cb:f8:19:07:9d:8e:41:2c:d7:4e:b0:cb:3e:eb:90:
48:be:dd:ce:1c:a2:56:0c:a3:ab:c3:09:18:3f:75:
71:0a:37:15:5c:18:75:fd:eb:bf:c7:c8:bf:7f:96:
26:05:4d:ae:1e:8f:fc:34:a7:b9:e0:5e:09:51:a8:
59:a3:96:db:19:ca:57:f8:62:f2:53:87:29:18:b1:
9c:84:34:d8:bc:6a:06:71:ba:bd:31:1b:0e:b2:1c:
c9:b2:2e:3c:b0:98:75:94:90:1d:05:44:9c:ca:14:
56:1c:e2:a3:18:ea:e4:b3:2b:d8:83:26:a5:5e:7a:
f3:90:c4:35:21:72:6a:f0:9e:2e:91:b3:cf:2e:05:
1b:d0:ab:54:4c:39:bb:a2:7f:c0:9c:f0:d9:98:c9:
e0:be:4a:e1:fb:42:3f:d4:c6:a9:c6:2f:5d:fb:17:
a7:7a:3e:bd:75:bd:ce:94:31:90:61:56:0d:86:06:
b6:52:bc:fc:ec:c0:a8:cd:27:83:4c:88:c7:f0:38:
63:69:51:37:78:ba:0e:cb:e9:cf:f8:19:60:ad:fc:
d2:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:39:F0:74:D7:E4:A4:A5:59:D6:8F:50:35:0E:B5:BF:10:92:31:34
X509v3 Authority Key Identifier:
keyid:95:74:52:93:C8:8A:27:26:E1:0A:57:D5:8F:42:CC:31:69:B7:C9:22
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91144C9/842F98940EC911F0A26FF144C4F9AE02/lXRSk8iKJybhClfVj0LMMWm3ySI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lXRSk8iKJybhClfVj0LMMWm3ySI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91144C9/842F98940EC911F0A26FF144C4F9AE02/A8D992560ECB11F087F0C36AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.252.84.0/22
Signature Algorithm: sha256WithRSAEncryption
2f:f6:54:05:25:bd:38:95:50:91:d7:72:45:4c:07:63:57:f2:
3a:00:57:e9:b3:0f:cc:84:32:b7:06:b6:e7:4c:c1:75:d9:22:
49:f8:54:df:49:53:88:5c:bf:74:02:de:9c:c1:57:cb:c1:7d:
1c:70:35:0d:cb:1e:db:9a:87:98:f0:d4:58:9b:13:e5:25:db:
f5:e2:fc:fe:de:1c:c1:00:c4:86:0c:d1:2b:50:36:8e:2f:a8:
f2:17:b1:a8:89:e1:09:e2:b0:c2:4c:30:7b:9c:82:d2:11:83:
c9:24:8f:7f:d0:f1:ef:1d:d6:c3:6e:b7:bc:d7:d1:d6:49:9a:
0c:44:f7:df:ea:4a:25:f7:9c:1e:45:53:8e:d2:c9:ab:70:8b:
52:31:20:19:6e:02:ec:4d:11:fe:f7:d9:50:c9:44:10:86:41:
6f:09:8f:16:74:32:bf:32:fd:62:b4:33:c5:3a:64:28:ed:90:
e9:43:0d:41:05:94:9e:3d:e9:e6:95:ac:49:00:37:9b:8d:ee:
f2:5b:2a:cb:af:cb:b2:d3:1c:0c:2c:1e:21:53:07:ec:ba:af:
37:19:f7:f3:b4:9f:8f:62:1b:45:77:9e:ec:96:6b:e1:2b:da:
ff:08:f5:82:5a:66:13:d1:87:8c:c4:f2:56:f0:5c:e7:4b:a6:
d2:e9:83:2d
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBBDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEx
NDRDOTExMC8GA1UEBRMoOTU3NDUyOTNDODhBMjcyNkUxMEE1N0Q1OEY0MkNDMzE2
OUI3QzkyMjAeFw0yNTA0MDEwNzMzNTJaFw0yNTA3MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY3ZWI5NmUwLTgwYWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCdUPqL/jLS1FJy0rfwJolUyRtKv8bl01U00ofoJi0Lwd2cGtfBmGjt9vpLJsv4
GQedjkEs106wyz7rkEi+3c4colYMo6vDCRg/dXEKNxVcGHX967/HyL9/liYFTa4e
j/w0p7ngXglRqFmjltsZylf4YvJThykYsZyENNi8agZxur0xGw6yHMmyLjywmHWU
kB0FRJzKFFYc4qMY6uSzK9iDJqVeevOQxDUhcmrwni6Rs88uBRvQq1RMObuif8Cc
8NmYyeC+SuH7Qj/UxqnGL137F6d6Pr11vc6UMZBhVg2GBrZSvPzswKjNJ4NMiMfw
OGNpUTd4ug7L6c/4GWCt/NJxAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQU0jnwdNfk
pKVZ1o9QNQ61vxCSMTQwHwYDVR0jBBgwFoAUlXRSk8iKJybhClfVj0LMMWm3ySIw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTE0NEM5Lzg0MkY5ODk0MEVD
OTExRjBBMjZGRjE0NEM0RjlBRTAyL2xYUlNrOGlLSnliaENsZlZqMExNTVdtM3lT
SS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvbFhSU2s4aUtKeWJoQ2xmVmowTE1NV20zeVNJLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEx
NDRDOS84NDJGOTg5NDBFQzkxMUYwQTI2RkYxNDRDNEY5QUUwMi9BOEQ5OTI1NjBF
Q0IxMUYwODdGMEMzNkFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAiv8VDANBgkqhkiG9w0BAQsFAAOCAQEAL/ZUBSW9OJVQkddy
RUwHY1fyOgBX6bMPzIQytwa250zBddkiSfhU30lTiFy/dALenMFXy8F9HHA1Dcse
25qHmPDUWJsT5SXb9eL8/t4cwQDEhgzRK1A2ji+o8hexqInhCeKwwkwwe5yC0hGD
ySSPf9Dx7x3Ww263vNfR1kmaDET33+pKJfecHkVTjtLJq3CLUjEgGW4C7E0R/vfZ
UMlEEIZBbwmPFnQyvzL9YrQzxTpkKO2Q6UMNQQWUnj3p5pWsSQA3m43u8lsqy6/L
stMcDCweIVMH7LqvNxn387Sfj2IbRXee7JZr4Sva/wj1glpmE9GHjMTyVvBc50um
0umDLQ==
-----END CERTIFICATE-----
Generated at Sat Apr 26 08:27:57 2025 by rpki-client