Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917C0C4/9180C822055711F09C6A8E49C4F9AE02/102AA41C479911F09F9DEE1CC4F9AE02.roa
File: 102AA41C479911F09F9DEE1CC4F9AE02.roa (raw, json)
Hash identifier: hOrU8uA8iaO1fbWpYsy0A7EGK7qiHOoOrOhcbSxH6W8=
Subject key identifier: EA:67:DB:BF:3B:8C:D6:2C:5F:92:EB:D2:58:BB:C0:55:5B:11:9F:31
Certificate issuer: /CN=A917C0C4/serialNumber=6E904BE05182BCB1F6F505D0A305891E6E8D1039
Certificate serial: 2F
Authority key identifier: 6E:90:4B:E0:51:82:BC:B1:F6:F5:05:D0:A3:05:89:1E:6E:8D:10:39
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bpBL4FGCvLH29QXQowWJHm6NEDk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917C0C4/9180C822055711F09C6A8E49C4F9AE02/102AA41C479911F09F9DEE1CC4F9AE02.roa
Signing time: Thu 12 Jun 2025 14:25:17 +0000
ROA not before: Thu 12 Jun 2025 14:25:17 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 18385
IP address blocks: 203.29.114.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 47 (0x2f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917C0C4, serialNumber=6E904BE05182BCB1F6F505D0A305891E6E8D1039
Validity
Not Before: Jun 12 14:25:17 2025 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=684ae34d-80c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:fd:16:38:3e:ba:d8:85:16:82:54:86:d7:5b:
cc:8e:0b:26:e2:80:29:eb:85:a3:56:72:1e:d9:95:
39:09:2e:0d:c6:5c:59:51:9a:0e:07:3a:96:4f:6e:
aa:00:55:4b:64:c6:30:25:1d:c9:15:2f:af:0d:2b:
09:ac:b0:3a:2f:4d:89:d3:eb:ec:ae:b7:fb:79:ae:
f2:b8:fe:7a:ab:86:29:ed:95:d4:ea:66:4b:48:b5:
e0:4c:77:61:d3:ef:ea:41:a5:2f:38:49:03:e2:8b:
4c:f6:bf:4d:eb:03:2f:fe:1b:26:0e:09:d7:48:16:
97:77:df:89:6d:c8:60:4c:7f:09:c4:97:1e:84:cd:
1c:d0:91:af:e4:db:47:29:6c:ef:e3:6f:89:88:ba:
d9:ac:60:3a:5f:9a:56:8b:7b:bc:36:78:b6:93:15:
8f:84:73:da:32:8b:a8:4a:c1:21:3c:76:f5:ad:a3:
e6:a5:8b:f3:39:c3:28:25:92:21:75:d1:dd:f2:b1:
63:e8:87:d8:1f:27:ee:3b:d9:c9:d7:a1:65:35:e6:
34:03:72:97:c4:74:26:78:8b:55:d9:6a:e4:d6:98:
1c:e7:37:f0:c3:7a:d9:4a:25:d9:7d:52:99:ce:f2:
f0:23:3c:0f:6b:eb:1b:65:6b:ca:88:d9:36:05:ee:
2f:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:67:DB:BF:3B:8C:D6:2C:5F:92:EB:D2:58:BB:C0:55:5B:11:9F:31
X509v3 Authority Key Identifier:
keyid:6E:90:4B:E0:51:82:BC:B1:F6:F5:05:D0:A3:05:89:1E:6E:8D:10:39
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917C0C4/9180C822055711F09C6A8E49C4F9AE02/bpBL4FGCvLH29QXQowWJHm6NEDk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bpBL4FGCvLH29QXQowWJHm6NEDk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917C0C4/9180C822055711F09C6A8E49C4F9AE02/102AA41C479911F09F9DEE1CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
203.29.114.0/23
Signature Algorithm: sha256WithRSAEncryption
35:c1:11:04:49:a7:23:07:29:91:0c:04:9a:41:e9:51:3b:5d:
3d:f0:7b:0f:9a:fb:55:be:d5:89:30:e7:11:2e:cd:f0:15:77:
e9:54:99:9b:58:63:28:47:20:58:d7:bc:dd:82:cf:1f:83:26:
04:07:1c:b2:45:c6:74:58:b7:52:11:03:74:d5:b6:80:4f:8f:
a0:5f:6d:28:73:92:09:02:68:a9:bb:fa:26:26:c4:e3:8b:c7:
fb:f7:79:e4:31:42:3b:28:b5:1a:40:af:11:e3:0b:db:cb:81:
1f:5a:53:18:36:79:22:12:af:46:80:34:71:41:c8:30:64:b0:
db:1b:84:5b:32:3a:16:1a:91:6e:de:e4:6a:95:20:55:92:ec:
62:0e:4e:13:97:3d:94:23:bb:dd:3f:ea:91:e4:5e:d4:05:66:
a3:7b:96:0d:63:43:6b:c0:bb:61:26:8b:b9:0c:8a:39:10:01:
f8:b3:a1:5a:ac:0a:8e:f4:4f:c3:78:c6:ef:0a:e4:60:84:2b:
4b:ac:63:d9:cc:0d:c4:32:51:67:31:dd:7f:6d:13:74:5e:27:
c3:13:68:99:8e:ca:8b:47:9c:bd:cd:a3:f4:f0:e5:ba:cf:c7:
db:92:83:33:62:1b:5b:d0:f5:71:3f:51:f3:c1:0a:4b:8b:dd:
03:3b:1f:6b
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBLzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE3
QzBDNDExMC8GA1UEBRMoNkU5MDRCRTA1MTgyQkNCMUY2RjUwNUQwQTMwNTg5MUU2
RThEMTAzOTAeFw0yNTA2MTIxNDI1MTdaFw0yNTEyMzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4NGFlMzRkLTgwYzkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDU/RY4PrrYhRaCVIbXW8yOCybigCnrhaNWch7ZlTkJLg3GXFlRmg4HOpZPbqoA
VUtkxjAlHckVL68NKwmssDovTYnT6+yut/t5rvK4/nqrhintldTqZktIteBMd2HT
7+pBpS84SQPii0z2v03rAy/+GyYOCddIFpd334ltyGBMfwnElx6EzRzQka/k20cp
bO/jb4mIutmsYDpfmlaLe7w2eLaTFY+Ec9oyi6hKwSE8dvWto+ali/M5wyglkiF1
0d3ysWPoh9gfJ+472cnXoWU15jQDcpfEdCZ4i1XZauTWmBznN/DDetlKJdl9UpnO
8vAjPA9r6xtla8qI2TYF7i+DAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQU6mfbvzuM
1ixfkuvSWLvAVVsRnzEwHwYDVR0jBBgwFoAUbpBL4FGCvLH29QXQowWJHm6NEDkw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTdDMEM0LzkxODBDODIyMDU1
NzExRjA5QzZBOEU0OUM0RjlBRTAyL2JwQkw0RkdDdkxIMjlRWFFvd1dKSG02TkVE
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvYnBCTDRGR0N2TEgyOVFYUW93V0pIbTZORURrLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3
QzBDNC85MTgwQzgyMjA1NTcxMUYwOUM2QThFNDlDNEY5QUUwMi8xMDJBQTQxQzQ3
OTkxMUYwOUY5REVFMUNDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAcsdcjANBgkqhkiG9w0BAQsFAAOCAQEANcERBEmnIwcpkQwE
mkHpUTtdPfB7D5r7Vb7ViTDnES7N8BV36VSZm1hjKEcgWNe83YLPH4MmBAccskXG
dFi3UhEDdNW2gE+PoF9tKHOSCQJoqbv6JibE44vH+/d55DFCOyi1GkCvEeML28uB
H1pTGDZ5IhKvRoA0cUHIMGSw2xuEWzI6FhqRbt7kapUgVZLsYg5OE5c9lCO73T/q
keRe1AVmo3uWDWNDa8C7YSaLuQyKORAB+LOhWqwKjvRPw3jG7wrkYIQrS6xj2cwN
xDJRZzHdf20TdF4nwxNomY7Ki0ecvc2j9PDlus/H25KDM2IbW9D1cT9R88EKS4vd
Azsfaw==
-----END CERTIFICATE-----
Generated at Sun Jul 20 03:25:10 2025 by rpki-client