Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/827FD5A08B7911EF8BD52E7CC4F9AE02.roa
File: 827FD5A08B7911EF8BD52E7CC4F9AE02.roa (raw, json)
Hash identifier: jBp/THSphQEO+QedmIpgKTZ6cmR58FVf5upHi68BsVY=
Subject key identifier: 3E:8C:A2:F7:35:11:61:CC:CE:84:6D:6E:42:F2:96:83:AA:B2:FE:21
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 9BB3
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/827FD5A08B7911EF8BD52E7CC4F9AE02.roa
Signing time: Wed 16 Oct 2024 04:45:47 +0000
ROA not before: Wed 16 Oct 2024 04:45:47 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 135186
IP address blocks: 2001:df2:dc0::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 39859 (0x9bb3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Oct 16 04:45:47 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=670f44fb-95ec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:91:82:08:b6:58:f2:04:03:23:f3:31:8a:0a:
8b:f5:31:f6:f4:56:c7:af:15:26:77:16:78:5c:7a:
34:cb:e1:5b:18:62:3b:34:7d:ee:ca:d7:6e:f7:ea:
1a:dc:89:0c:df:a2:89:f8:61:6b:23:64:73:76:7d:
09:b4:8b:ec:ea:b3:e3:51:7f:63:92:46:8b:73:62:
81:f4:72:8e:f8:84:cd:a2:54:ad:02:96:28:fc:81:
97:2a:d9:9b:b0:43:84:e0:15:c2:9c:d0:38:bf:dd:
95:f9:8d:70:40:db:bd:6e:dc:d1:3d:e6:54:64:89:
79:32:e7:4f:24:09:eb:2e:cc:5c:36:b8:30:a3:9b:
29:45:75:e6:42:63:ea:0e:07:02:82:14:42:7f:20:
73:e4:90:53:4b:8b:69:9b:d3:87:ed:d8:1f:c7:fe:
7c:34:e1:11:9e:6d:74:a3:3d:26:de:10:7f:57:73:
13:11:b9:1c:f5:9e:0a:9b:8e:08:07:cf:7a:ce:16:
e4:57:e6:dc:df:14:21:25:f0:13:4b:53:6c:4c:16:
9d:47:29:0d:e2:4b:ac:81:85:4d:86:c8:13:b7:98:
99:b4:2e:b8:33:6d:11:00:62:b5:de:fe:30:c4:f3:
4a:e4:fe:a1:44:82:8e:77:ed:8c:43:6d:d0:cd:69:
39:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:8C:A2:F7:35:11:61:CC:CE:84:6D:6E:42:F2:96:83:AA:B2:FE:21
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/827FD5A08B7911EF8BD52E7CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2001:df2:dc0::/48
Signature Algorithm: sha256WithRSAEncryption
44:c4:42:e0:80:c2:2d:40:83:20:4f:4a:39:f1:5b:3d:0d:ff:
1b:cb:d7:ef:cd:b6:d8:a9:6a:4c:23:4b:c5:bc:68:62:db:ac:
aa:eb:38:18:cc:ea:03:de:c7:4f:48:ff:28:5e:14:f5:13:95:
78:8a:c6:f8:7b:7a:4f:f1:6e:37:75:43:fa:57:8f:b1:b8:e3:
c4:4b:98:40:65:51:76:57:cd:f1:78:66:6f:e1:ff:2c:bc:94:
2b:c4:95:6a:30:f4:11:bc:45:ef:ed:4e:09:22:d1:24:21:0d:
e1:61:40:cb:55:b8:44:70:de:09:ab:3c:e3:12:5b:69:6a:2c:
fc:96:d9:d8:26:17:53:4d:61:51:bc:68:f7:db:84:9a:c8:f5:
7e:1e:94:04:59:1b:43:53:84:ec:1c:f4:58:85:24:90:48:9c:
93:4b:eb:a8:db:14:69:5a:ec:0f:dc:a5:12:94:d6:f4:29:a3:
23:bd:91:6a:7c:ba:21:76:77:5c:a5:14:1a:b5:c9:fe:cb:dc:
3f:14:7c:7c:30:91:be:d7:4b:3f:3b:28:7e:2d:b4:34:48:a4:
48:f5:5f:5a:6f:48:65:8b:36:d5:3b:8c:9f:83:09:2a:d3:96:
b3:b2:0a:b6:ce:95:98:11:aa:db:19:f4:dc:98:31:fb:cc:62:
a8:8c:51:75
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgIDAJuzMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MTAxNjA0NDU0N1oXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjcwZjQ0ZmItOTVlYzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMuRggi2WPIEAyPzMYoKi/Ux9vRWx68VJncWeFx6NMvhWxhiOzR97srXbvfq
GtyJDN+iifhhayNkc3Z9CbSL7Oqz41F/Y5JGi3NigfRyjviEzaJUrQKWKPyBlyrZ
m7BDhOAVwpzQOL/dlfmNcEDbvW7c0T3mVGSJeTLnTyQJ6y7MXDa4MKObKUV15kJj
6g4HAoIUQn8gc+SQU0uLaZvTh+3YH8f+fDThEZ5tdKM9Jt4Qf1dzExG5HPWeCpuO
CAfPes4W5Ffm3N8UISXwE0tTbEwWnUcpDeJLrIGFTYbIE7eYmbQuuDNtEQBitd7+
MMTzSuT+oUSCjnftjENt0M1pORUCAwEAAaOCApgwggKUMB0GA1UdDgQWBBQ+jKL3
NRFhzM6EbW5C8paDqrL+ITAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzgyN0ZENUEw
OEI3OTExRUY4QkQ1MkU3Q0M0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMCIGCCsGAQUFBwEHAQH/
BBMwETAPBAIAAjAJAwcAIAEN8g3AMA0GCSqGSIb3DQEBCwUAA4IBAQBExELggMIt
QIMgT0o58Vs9Df8by9fvzbbYqWpMI0vFvGhi26yq6zgYzOoD3sdPSP8oXhT1E5V4
isb4e3pP8W43dUP6V4+xuOPES5hAZVF2V83xeGZv4f8svJQrxJVqMPQRvEXv7U4J
ItEkIQ3hYUDLVbhEcN4JqzzjEltpaiz8ltnYJhdTTWFRvGj324SayPV+HpQEWRtD
U4TsHPRYhSSQSJyTS+uo2xRpWuwP3KUSlNb0KaMjvZFqfLohdndcpRQatcn+y9w/
FHx8MJG+10s/Oyh+LbQ0SKRI9V9ab0hlizbVO4yfgwkq05azsgq2zpWYEarbGfTc
mDH7zGKojFF1
-----END CERTIFICATE-----
Generated at Fri Apr 4 21:53:52 2025 by rpki-client