Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9176BDB/657E0F34D64B11ECAB20E36BC4F9AE02/BE65DAF646FE11F083055C85C4F9AE02.roa
File: BE65DAF646FE11F083055C85C4F9AE02.roa (raw, json)
Hash identifier: AfEBQjKNnibN5CgqBIWTvGQoaqHakVqEmw/BNLJgfG0=
Subject key identifier: 1E:C3:ED:72:8B:A2:B5:74:87:3C:71:C7:F5:BB:EE:09:E2:27:BE:E7
Certificate issuer: /CN=A9176BDB/serialNumber=1D61ACB0C672CB4D40ED3E94D3C09B20C74525AE
Certificate serial: 0312
Authority key identifier: 1D:61:AC:B0:C6:72:CB:4D:40:ED:3E:94:D3:C0:9B:20:C7:45:25:AE
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/HWGssMZyy01A7T6U08CbIMdFJa4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9176BDB/657E0F34D64B11ECAB20E36BC4F9AE02/BE65DAF646FE11F083055C85C4F9AE02.roa
Signing time: Wed 11 Jun 2025 20:00:38 +0000
ROA not before: Wed 11 Jun 2025 20:00:38 +0000
ROA not after: Sat 31 Jan 2026 00:00:00 +0000
asID: 4768
IP address blocks: 167.179.196.0/24 maxlen: 24
167.179.197.0/24 maxlen: 24
167.179.198.0/24 maxlen: 24
167.179.208.0/24 maxlen: 24
167.179.210.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 786 (0x312)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9176BDB, serialNumber=1D61ACB0C672CB4D40ED3E94D3C09B20C74525AE
Validity
Not Before: Jun 11 20:00:38 2025 GMT
Not After : Jan 31 00:00:00 2026 GMT
Subject: CN=6849e066-fbf7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:a8:0e:d2:72:c0:5a:80:66:12:8e:b1:f9:ac:
cd:8a:8d:36:0f:81:75:f9:33:35:a3:59:c2:d3:05:
b7:c6:bd:ad:8f:de:c2:05:a8:28:78:e0:93:a0:20:
11:37:29:8e:e0:17:7a:33:98:a2:23:45:15:1c:1a:
74:e4:06:32:a6:7b:8b:43:04:16:70:71:81:a0:56:
84:5f:68:ee:0c:c5:73:1a:b3:9f:cd:e4:87:15:ca:
74:8e:4d:29:b0:62:00:ca:e4:60:9b:47:8b:d1:ab:
6c:59:29:f4:d8:6f:5d:e5:ce:ef:9a:e0:9c:66:53:
75:11:5d:b1:37:62:c0:81:d9:ca:79:7d:9c:46:64:
87:61:2e:c0:96:ac:79:77:0d:f2:5e:54:2e:cd:cb:
f1:16:13:11:f3:be:f5:d6:78:b6:74:9c:b8:7c:77:
8b:f5:c4:99:34:3c:da:5e:63:89:59:4a:bc:8d:0f:
46:9a:5d:e6:38:8d:a6:ff:11:be:05:cb:d9:08:29:
b5:e6:2c:c4:29:a2:52:3d:32:96:ba:32:38:81:07:
53:be:13:2f:6f:c7:17:45:e4:2c:f5:d8:7e:35:a9:
1a:56:04:34:5d:64:90:64:b8:50:20:db:6e:a7:be:
99:92:9d:7a:bb:26:92:c3:db:29:cc:f1:04:c6:0b:
83:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:C3:ED:72:8B:A2:B5:74:87:3C:71:C7:F5:BB:EE:09:E2:27:BE:E7
X509v3 Authority Key Identifier:
keyid:1D:61:AC:B0:C6:72:CB:4D:40:ED:3E:94:D3:C0:9B:20:C7:45:25:AE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9176BDB/657E0F34D64B11ECAB20E36BC4F9AE02/HWGssMZyy01A7T6U08CbIMdFJa4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/HWGssMZyy01A7T6U08CbIMdFJa4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9176BDB/657E0F34D64B11ECAB20E36BC4F9AE02/BE65DAF646FE11F083055C85C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
167.179.196.0-167.179.198.255
167.179.208.0/24
167.179.210.0/24
Signature Algorithm: sha256WithRSAEncryption
52:57:2d:36:f1:d7:66:38:30:80:bf:e8:07:f3:9d:e1:af:21:
26:05:c9:15:02:8c:7b:38:33:f6:c3:cc:e8:09:ab:6e:e5:69:
b7:48:17:c6:70:fc:f7:2d:2c:d2:d6:91:57:d5:29:54:8e:46:
c6:b5:d4:1c:0f:50:d9:4f:bd:53:57:25:ac:ac:7e:82:cd:41:
4d:79:e7:b1:06:3e:ad:e0:48:2c:70:43:50:6f:8c:6c:5c:3f:
9c:5e:58:02:e1:12:85:a8:73:17:bc:63:7a:90:90:e9:fc:8f:
d0:39:06:e4:15:d2:36:7d:66:c9:bd:24:8e:a8:4e:4a:f0:10:
ec:e8:45:6f:c5:b9:8d:a9:2e:e5:b7:b1:35:68:58:ae:c2:aa:
a3:3e:2a:d9:91:05:1e:1d:28:56:86:ca:cc:ed:cb:5a:05:dc:
8c:31:61:46:a9:84:32:3a:bc:f1:41:e4:42:6b:9a:44:e8:af:
47:15:09:ee:02:bd:8a:04:0d:69:c4:a0:24:1c:3b:29:24:93:
e3:03:56:ed:0c:2a:07:b6:c0:04:52:4a:9b:a8:11:bc:ee:ad:
40:5a:f9:0f:c4:d5:e0:b6:1b:1a:83:d5:96:87:34:e4:27:ae:
be:97:21:46:0f:4f:db:ce:8d:0f:9f:51:26:3c:a9:34:ee:ef:
f0:9a:19:91
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICAxIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzZCREIxMTAvBgNVBAUTKDFENjFBQ0IwQzY3MkNCNEQ0MEVEM0U5NEQzQzA5QjIw
Qzc0NTI1QUUwHhcNMjUwNjExMjAwMDM4WhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODQ5ZTA2Ni1mYmY3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1KgO0nLAWoBmEo6x+azNio02D4F1+TM1o1nC0wW3xr2tj97CBagoeOCToCAR
NymO4Bd6M5iiI0UVHBp05AYypnuLQwQWcHGBoFaEX2juDMVzGrOfzeSHFcp0jk0p
sGIAyuRgm0eL0atsWSn02G9d5c7vmuCcZlN1EV2xN2LAgdnKeX2cRmSHYS7Alqx5
dw3yXlQuzcvxFhMR87711ni2dJy4fHeL9cSZNDzaXmOJWUq8jQ9Gml3mOI2m/xG+
BcvZCCm15izEKaJSPTKWujI4gQdTvhMvb8cXReQs9dh+NakaVgQ0XWSQZLhQINtu
p76Zkp16uyaSw9spzPEExguDVwIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFB7D7XKL
orV0hzxxx/W77gniJ77nMB8GA1UdIwQYMBaAFB1hrLDGcstNQO0+lNPAmyDHRSWu
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3NkJEQi82NTdFMEYzNEQ2
NEIxMUVDQUIyMEUzNkJDNEY5QUUwMi9IV0dzc01aeXkwMUE3VDZVMDhDYklNZEZK
YTQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0hXR3NzTVp5eTAxQTdUNlUwOENiSU1kRkphNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzZCREIvNjU3RTBGMzRENjRCMTFFQ0FCMjBFMzZCQzRGOUFFMDIvQkU2NURBRjY0
NkZFMTFGMDgzMDU1Qzg1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBowDAMEAqezxAMEAKezxgMEAKez0AMEAKez0jANBgkqhkiG9w0B
AQsFAAOCAQEAUlctNvHXZjgwgL/oB/Od4a8hJgXJFQKMezgz9sPM6AmrbuVpt0gX
xnD89y0s0taRV9UpVI5GxrXUHA9Q2U+9U1clrKx+gs1BTXnnsQY+reBILHBDUG+M
bFw/nF5YAuEShahzF7xjepCQ6fyP0DkG5BXSNn1myb0kjqhOSvAQ7OhFb8W5jaku
5bexNWhYrsKqoz4q2ZEFHh0oVobKzO3LWgXcjDFhRqmEMjq88UHkQmuaROivRxUJ
7gK9igQNacSgJBw7KSST4wNW7QwqB7bABFJKm6gRvO6tQFr5D8TV4LYbGoPVloc0
5CeuvpchRg9P286ND59RJjypNO7v8JoZkQ==
-----END CERTIFICATE-----
Generated at Thu Jul 24 12:18:53 2025 by rpki-client