Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/0CB2C14CB72E11EC90DD8382C4F9AE02.roa
File: 0CB2C14CB72E11EC90DD8382C4F9AE02.roa (raw, json)
Hash identifier: uCKaf3MbvkOXgBx5DKlYRVJiED6xqMDgvC0C3WYP0i8=
Subject key identifier: 0F:B7:10:23:7B:97:21:6F:FB:3C:AF:A3:23:EB:38:A1:DB:D7:C7:54
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 4BDC
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/0CB2C14CB72E11EC90DD8382C4F9AE02.roa
Signing time: Fri 08 Apr 2022 11:21:35 +0000
ROA not before: Fri 08 Apr 2022 11:21:35 +0000
ROA not after: Fri 01 Jul 2022 00:00:00 +0000
asID: 132772
IP address blocks: 45.248.36.0/24 maxlen: 24
45.248.37.0/24 maxlen: 24
103.216.162.0/23 maxlen: 24
2001:df7:6300::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19420 (0x4bdc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Apr 8 11:21:35 2022 GMT
Not After : Jul 1 00:00:00 2022 GMT
Subject: CN=62501abf-7f44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:58:b6:21:f7:e9:60:24:3f:3c:f8:22:b6:b0:
ba:75:27:7b:88:36:5f:9f:41:9f:2c:bb:69:7d:58:
76:8a:71:86:ad:8a:f1:a3:c2:a1:14:15:07:5e:d0:
ef:9b:12:b9:90:bd:e5:7a:d0:38:c9:86:01:0f:61:
2b:6f:c8:a6:60:8f:ad:07:93:2e:49:46:b3:e0:90:
df:33:43:7d:8a:d4:11:45:44:18:4d:e6:d8:cf:1f:
32:d1:05:a2:d3:e9:a7:df:a7:7a:3c:3b:26:78:aa:
40:8e:ca:8a:2e:32:90:5c:66:87:5c:76:01:9e:be:
be:62:12:18:d1:33:08:ea:8e:12:36:b5:f6:f7:37:
c1:dd:00:ef:67:6e:cc:34:66:46:f0:f5:e2:93:b0:
21:af:80:92:6c:d6:ff:b8:88:0e:eb:11:0e:8e:5d:
fd:01:5e:d8:df:ee:85:e5:3c:33:20:11:49:31:27:
a4:74:67:e7:63:88:78:75:86:6f:e5:83:cf:a0:b8:
a4:39:49:71:d0:7e:22:e8:0e:f7:1e:23:0d:88:a8:
65:ab:cf:f0:30:a1:5f:bb:0d:01:45:f3:52:60:25:
9e:73:92:e5:10:bd:dd:a2:29:a0:2b:b0:d5:92:8a:
a0:31:e7:c7:dd:5c:41:d7:41:92:ec:14:36:d9:96:
d7:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:B7:10:23:7B:97:21:6F:FB:3C:AF:A3:23:EB:38:A1:DB:D7:C7:54
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/0CB2C14CB72E11EC90DD8382C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.248.36.0/23
103.216.162.0/23
IPv6:
2001:df7:6300::/48
Signature Algorithm: sha256WithRSAEncryption
7e:91:f4:98:6c:78:07:bd:3b:b2:29:70:74:a1:1d:d9:e6:60:
61:cc:3d:3e:fc:45:11:03:4b:83:4e:a0:65:4b:af:54:d2:02:
d3:d5:b7:50:5c:7a:c1:ff:c4:ea:bf:50:ec:d3:b0:bc:13:2b:
b3:e9:93:8e:07:7d:dd:92:8a:78:21:ec:b4:1b:79:1b:9f:7b:
65:ae:b8:90:91:a4:a1:12:95:ac:09:76:41:82:ed:cd:cb:49:
87:ea:5f:1f:73:48:9a:c0:7e:23:b5:f5:d5:80:40:46:7b:e8:
40:3f:c5:a2:80:11:0d:e1:78:9d:0f:30:ad:3e:93:c0:35:89:
4b:89:ec:68:21:b2:cf:7e:e5:a8:46:f6:c5:ad:5f:e0:d5:6f:
1b:45:fd:c8:fa:4d:96:55:2d:fa:bc:8f:9d:8f:6c:74:8a:c9:
db:6b:f7:ca:9b:52:04:1f:b6:f5:67:2c:bc:3b:41:3c:a4:08:
f4:78:88:eb:f8:d7:47:de:26:ca:70:1e:55:5b:83:c0:16:9f:
58:cb:36:6b:ae:4c:1b:67:d0:02:20:c1:8e:4e:46:a2:24:12:
20:d7:06:2e:fd:a1:f8:a1:3b:9c:20:a2:0e:b8:78:89:6f:16:
ae:b7:b1:31:1f:74:86:fe:4b:17:19:6b:cf:74:83:99:f9:e8:
51:5e:68:33
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICS9wwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwNDA4MTEyMTM1WhcNMjIwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjUwMWFiZi03ZjQ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8Fi2IffpYCQ/PPgitrC6dSd7iDZfn0GfLLtpfVh2inGGrYrxo8KhFBUHXtDv
mxK5kL3letA4yYYBD2Erb8imYI+tB5MuSUaz4JDfM0N9itQRRUQYTebYzx8y0QWi
0+mn36d6PDsmeKpAjsqKLjKQXGaHXHYBnr6+YhIY0TMI6o4SNrX29zfB3QDvZ27M
NGZG8PXik7Ahr4CSbNb/uIgO6xEOjl39AV7Y3+6F5TwzIBFJMSekdGfnY4h4dYZv
5YPPoLikOUlx0H4i6A73HiMNiKhlq8/wMKFfuw0BRfNSYCWec5LlEL3doimgK7DV
koqgMefH3VxB10GS7BQ22ZbXpQIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFA+3ECN7
lyFv+zyvoyPrOKHb18dUMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvMENCMkMxNENC
NzJFMTFFQzkwREQ4MzgyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBIEAgABMAwDBAEt+CQDBAFn2KIwDwQCAAIwCQMHACABDfdjADANBgkqhkiG
9w0BAQsFAAOCAQEAfpH0mGx4B707silwdKEd2eZgYcw9PvxFEQNLg06gZUuvVNIC
09W3UFx6wf/E6r9Q7NOwvBMrs+mTjgd93ZKKeCHstBt5G597Za64kJGkoRKVrAl2
QYLtzctJh+pfH3NImsB+I7X11YBARnvoQD/FooARDeF4nQ8wrT6TwDWJS4nsaCGy
z37lqEb2xa1f4NVvG0X9yPpNllUt+ryPnY9sdIrJ22v3yptSBB+29WcsvDtBPKQI
9HiI6/jXR94mynAeVVuDwBafWMs2a65MG2fQAiDBjk5GoiQSINcGLv2h+KE7nCCi
Drh4iW8WrrexMR90hv5LFxlrz3SDmfnoUV5oMw==
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:19:58 2025 by rpki-client