Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A8B67/2FA00D3EC6AA11EF84FB0D0DC4F9AE02/8C293C92C6AA11EF8BCD0A11C4F9AE02.roa
File: 8C293C92C6AA11EF8BCD0A11C4F9AE02.roa (raw, json)
Hash identifier: CjWXk1D8cGlKpQvGdfdGbQPPL8ZpxHd+tveXFd+itDY=
Subject key identifier: 61:32:F2:6B:FC:AA:7D:F5:B8:4D:61:7C:71:7E:72:1F:F5:C7:55:54
Certificate issuer: /CN=A91A8B67/serialNumber=D459D267525234A0535EC38D8CCC8990194DE189
Certificate serial: 2F
Authority key identifier: D4:59:D2:67:52:52:34:A0:53:5E:C3:8D:8C:CC:89:90:19:4D:E1:89
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1FnSZ1JSNKBTXsONjMyJkBlN4Yk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A8B67/2FA00D3EC6AA11EF84FB0D0DC4F9AE02/8C293C92C6AA11EF8BCD0A11C4F9AE02.roa
Signing time: Fri 21 Mar 2025 06:42:57 +0000
ROA not before: Fri 21 Mar 2025 06:42:57 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 135660
IP address blocks: 103.137.20.0/23 maxlen: 24
Validation: Failed, certificate revoked on Tue 01 Apr 2025 00:12:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 47 (0x2f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A8B67, serialNumber=D459D267525234A0535EC38D8CCC8990194DE189
Validity
Not Before: Mar 21 06:42:57 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=67dd0a71-4431
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:e5:a7:1e:6a:3f:8e:0d:38:c0:97:c0:89:43:
2f:1f:3b:89:ef:f3:50:b6:6f:8b:73:b6:07:44:72:
3e:de:40:da:bb:2c:a7:92:74:75:48:56:53:a2:6a:
48:31:ad:81:59:5e:0a:1f:d4:76:8b:d2:11:98:65:
d9:bc:08:03:23:83:62:4b:2e:93:4c:55:f6:5a:6a:
2a:46:2b:7e:6a:ac:5a:bd:e7:1a:6f:77:b4:a1:af:
81:05:e8:73:0f:5e:85:cf:b8:71:15:cf:98:b8:59:
80:44:37:32:0b:5d:b3:9d:e8:5c:30:dd:6f:b2:6d:
97:79:f7:be:a4:04:5f:0e:70:3d:91:eb:74:9d:21:
24:b7:c2:94:97:ee:42:ac:aa:ad:86:1b:70:2d:d8:
1a:16:c3:0e:ee:3c:2d:0b:e7:a7:6f:6c:df:ff:94:
75:54:55:9c:33:3d:83:5b:2d:72:bc:87:f3:78:73:
44:a5:48:11:e2:1a:8a:be:f9:66:20:26:62:95:4c:
a2:eb:93:4b:85:63:68:7e:65:04:fc:12:97:97:0d:
3f:74:a4:2b:21:0d:94:d9:cf:9b:1d:b3:58:29:d6:
91:a8:99:30:27:ef:ef:8b:47:ef:39:43:e1:a7:59:
56:00:c3:65:ee:48:8d:7b:47:01:37:ef:91:09:26:
9f:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:32:F2:6B:FC:AA:7D:F5:B8:4D:61:7C:71:7E:72:1F:F5:C7:55:54
X509v3 Authority Key Identifier:
keyid:D4:59:D2:67:52:52:34:A0:53:5E:C3:8D:8C:CC:89:90:19:4D:E1:89
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A8B67/2FA00D3EC6AA11EF84FB0D0DC4F9AE02/1FnSZ1JSNKBTXsONjMyJkBlN4Yk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1FnSZ1JSNKBTXsONjMyJkBlN4Yk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A8B67/2FA00D3EC6AA11EF84FB0D0DC4F9AE02/8C293C92C6AA11EF8BCD0A11C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.137.20.0/23
Signature Algorithm: sha256WithRSAEncryption
5a:fe:33:97:49:74:e4:59:3e:05:be:13:06:40:40:a1:7e:76:
2f:51:fb:75:9b:fe:fb:cd:46:be:78:de:18:b1:a9:cd:b3:7c:
56:41:95:4a:da:8f:35:84:51:ca:89:22:d5:91:71:66:63:72:
bf:ce:65:a7:f1:e5:35:a6:cd:ee:63:d9:55:29:3b:2c:96:b3:
0a:1a:6d:a7:76:6f:dd:6e:43:34:34:af:47:76:c8:62:9a:61:
0d:89:e4:b8:01:a4:ed:ad:02:2d:95:8e:eb:cb:79:fa:9a:79:
d1:d3:11:62:37:1f:5e:5d:d4:17:1d:92:78:a4:21:bd:ea:70:
b9:9f:c7:a8:99:34:4a:0e:f7:03:37:02:2e:be:68:2b:dd:8d:
b8:c7:0f:40:41:a3:67:17:7f:54:a8:d0:56:b1:82:3b:01:fb:
fa:17:e0:4a:17:06:e9:24:14:56:2b:12:b5:28:23:1f:ec:41:
3b:9e:f5:5d:7a:16:65:6a:79:42:18:0e:c8:dd:63:7f:4c:3b:
51:56:20:d5:09:05:55:85:3e:fc:0f:8c:d5:66:94:3e:3f:3d:
5e:4c:7e:71:23:ff:33:85:c5:dd:50:c5:fd:26:e1:46:23:63:
c7:ef:6b:43:ba:e1:15:77:8e:f0:01:53:ac:3c:7d:0d:a9:66:
2a:df:ed:49
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBLzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFB
OEI2NzExMC8GA1UEBRMoRDQ1OUQyNjc1MjUyMzRBMDUzNUVDMzhEOENDQzg5OTAx
OTRERTE4OTAeFw0yNTAzMjEwNjQyNTdaFw0yNjA1MjgwMDAwMDBaMBgxFjAUBgNV
BAMTDTY3ZGQwYTcxLTQ0MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDP5aceaj+ODTjAl8CJQy8fO4nv81C2b4tztgdEcj7eQNq7LKeSdHVIVlOiakgx
rYFZXgof1HaL0hGYZdm8CAMjg2JLLpNMVfZaaipGK35qrFq95xpvd7Shr4EF6HMP
XoXPuHEVz5i4WYBENzILXbOd6Fww3W+ybZd5976kBF8OcD2R63SdISS3wpSX7kKs
qq2GG3At2BoWww7uPC0L56dvbN//lHVUVZwzPYNbLXK8h/N4c0SlSBHiGoq++WYg
JmKVTKLrk0uFY2h+ZQT8EpeXDT90pCshDZTZz5sds1gp1pGomTAn7++LR+85Q+Gn
WVYAw2XuSI17RwE375EJJp9dAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUYTLya/yq
ffW4TWF8cX5yH/XHVVQwHwYDVR0jBBgwFoAU1FnSZ1JSNKBTXsONjMyJkBlN4Ykw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUE4QjY3LzJGQTAwRDNFQzZB
QTExRUY4NEZCMEQwREM0RjlBRTAyLzFGblNaMUpTTktCVFhzT05qTXlKa0JsTjRZ
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvMUZuU1oxSlNOS0JUWHNPTmpNeUprQmxONFlrLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFB
OEI2Ny8yRkEwMEQzRUM2QUExMUVGODRGQjBEMERDNEY5QUUwMi84QzI5M0M5MkM2
QUExMUVGOEJDRDBBMTFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAWeJFDANBgkqhkiG9w0BAQsFAAOCAQEAWv4zl0l05Fk+Bb4T
BkBAoX52L1H7dZv++81GvnjeGLGpzbN8VkGVStqPNYRRyoki1ZFxZmNyv85lp/Hl
NabN7mPZVSk7LJazChptp3Zv3W5DNDSvR3bIYpphDYnkuAGk7a0CLZWO68t5+pp5
0dMRYjcfXl3UFx2SeKQhvepwuZ/HqJk0Sg73AzcCLr5oK92NuMcPQEGjZxd/VKjQ
VrGCOwH7+hfgShcG6SQUVisStSgjH+xBO571XXoWZWp5QhgOyN1jf0w7UVYg1QkF
VYU+/A+M1WaUPj89Xkx+cSP/M4XF3VDF/SbhRiNjx+9rQ7rhFXeO8AFTrDx9Dalm
Kt/tSQ==
-----END CERTIFICATE-----
Generated at Sat Apr 26 12:19:59 2025 by rpki-client