Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9CDDA78EC73C11EF9B744F28C4F9AE02.roa
File: 9CDDA78EC73C11EF9B744F28C4F9AE02.roa (raw, json)
Hash identifier: La1ydJmWvKwQFbldXAqLn2lZZmKmFTUhf3vKsDAy+QA=
Subject key identifier: 8A:1F:51:B0:0E:63:4F:76:7E:F8:FC:D0:9B:9D:37:55:3C:DC:6B:DF
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: A0E6
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9CDDA78EC73C11EF9B744F28C4F9AE02.roa
Signing time: Tue 31 Dec 2024 06:01:02 +0000
ROA not before: Tue 31 Dec 2024 06:01:02 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 135177
IP address blocks: 2400:5460::/48 maxlen: 48
2400:5460:1::/48 maxlen: 48
2400:5460:2::/48 maxlen: 48
2400:5460:3::/48 maxlen: 48
2400:5460:4::/48 maxlen: 48
2400:5460:5::/48 maxlen: 48
2400:5460:6::/48 maxlen: 48
2400:5460:7::/48 maxlen: 48
2400:5460:8::/48 maxlen: 48
2400:5460:9::/48 maxlen: 48
2400:5460:a::/48 maxlen: 48
2400:5460:b::/48 maxlen: 48
2400:5460:c::/48 maxlen: 48
2400:5460:d::/48 maxlen: 48
2400:5460:e::/48 maxlen: 48
2400:5460:f::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 41190 (0xa0e6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Dec 31 06:01:02 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6773889d-d574
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:fd:cd:3f:bf:20:76:a5:08:bf:b9:de:0e:2e:
65:93:30:4e:01:30:9f:48:76:52:f7:32:4b:7a:1a:
51:31:3e:ea:d6:14:16:5f:76:fd:f1:96:5e:91:ef:
6a:ad:31:82:ab:59:f8:d7:d9:ef:b7:9b:10:ba:c9:
5b:f7:ef:3d:4b:88:81:40:3a:7f:f0:4c:96:f2:47:
68:14:d1:ab:a9:fe:26:41:c6:cf:c0:b5:94:20:69:
9b:0e:90:54:14:c5:43:31:ef:21:b2:2b:42:34:f8:
5f:d0:26:5f:d7:b2:1f:20:2a:03:69:c6:18:0d:98:
96:c7:df:16:ca:ac:07:44:97:1f:69:c8:c4:a6:81:
06:87:be:08:d7:7d:4b:22:fd:6e:4f:61:3c:4f:a2:
78:57:77:3c:7a:5d:84:7b:2b:a5:0d:7c:d0:2d:1c:
e4:78:3e:ea:9d:9a:f5:73:7e:4f:3f:14:c7:32:5a:
fa:e0:4d:76:49:db:0a:1d:26:d8:9d:d9:53:72:d3:
37:b5:23:05:8b:37:41:02:5b:80:aa:d3:4d:58:15:
e1:07:5a:c8:71:0e:f5:08:64:68:8d:05:bd:0d:5f:
c2:06:40:53:99:d0:5b:01:17:ad:1f:f5:b2:76:69:
a4:fe:2e:5d:ad:eb:ab:32:f8:3d:dd:4c:13:1f:30:
1b:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:1F:51:B0:0E:63:4F:76:7E:F8:FC:D0:9B:9D:37:55:3C:DC:6B:DF
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9CDDA78EC73C11EF9B744F28C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2400:5460::/44
Signature Algorithm: sha256WithRSAEncryption
89:50:0b:ec:d8:bb:52:5c:de:d9:2c:2d:06:d0:28:56:b4:2d:
4a:99:3c:da:fb:f6:ce:7c:ee:8b:9d:ec:df:92:7d:e5:1c:ed:
e3:ed:ec:25:9d:36:2e:db:e2:95:c9:89:5f:f1:61:84:a6:5d:
9e:4f:9a:fc:2f:d2:97:57:a0:e1:a3:4a:c7:5f:d6:2a:7d:c9:
65:3a:14:ff:33:8b:58:4d:54:2b:44:02:df:60:98:03:ab:18:
cd:ef:29:08:b3:98:8d:46:ec:ed:f4:00:4b:1b:b0:93:a9:bc:
92:88:09:be:aa:33:62:d5:ea:05:bc:a2:6f:b6:43:dc:34:6a:
37:6d:eb:25:05:54:5b:de:48:95:92:fc:a7:5a:fb:b4:72:4f:
e8:23:cd:70:c2:a4:44:2a:1d:81:b3:a7:4e:44:68:28:ab:c7:
05:46:d0:2d:e8:38:a4:83:c3:f7:11:1b:e4:98:80:70:e8:0a:
5b:3a:a4:de:b9:39:80:db:55:c9:80:ca:c7:17:be:04:ae:a5:
b6:d9:1d:cd:f8:a7:33:69:f7:5e:8e:9b:bb:55:a3:9a:15:6e:
1f:1a:8d:2a:ce:12:ef:fe:1e:3a:b2:3b:19:09:94:17:d2:7e:
9c:c7:91:0a:05:6d:5c:71:fa:a5:1f:04:0d:f4:30:a2:ba:e6:
4e:dd:c8:6e
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgIDAKDmMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MTIzMTA2MDEwMloXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjc3Mzg4OWQtZDU3NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMH9zT+/IHalCL+53g4uZZMwTgEwn0h2UvcyS3oaUTE+6tYUFl92/fGWXpHv
aq0xgqtZ+NfZ77ebELrJW/fvPUuIgUA6f/BMlvJHaBTRq6n+JkHGz8C1lCBpmw6Q
VBTFQzHvIbIrQjT4X9AmX9eyHyAqA2nGGA2YlsffFsqsB0SXH2nIxKaBBoe+CNd9
SyL9bk9hPE+ieFd3PHpdhHsrpQ180C0c5Hg+6p2a9XN+Tz8UxzJa+uBNdknbCh0m
2J3ZU3LTN7UjBYs3QQJbgKrTTVgV4QdayHEO9QhkaI0FvQ1fwgZAU5nQWwEXrR/1
snZppP4uXa3rqzL4Pd1MEx8wG/8CAwEAAaOCApgwggKUMB0GA1UdDgQWBBSKH1Gw
DmNPdn74/NCbnTdVPNxr3zAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzlDRERBNzhF
QzczQzExRUY5Qjc0NEYyOEM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMCIGCCsGAQUFBwEHAQH/
BBMwETAPBAIAAjAJAwcEJABUYAAAMA0GCSqGSIb3DQEBCwUAA4IBAQCJUAvs2LtS
XN7ZLC0G0ChWtC1KmTza+/bOfO6Lnezfkn3lHO3j7ewlnTYu2+KVyYlf8WGEpl2e
T5r8L9KXV6Dho0rHX9YqfcllOhT/M4tYTVQrRALfYJgDqxjN7ykIs5iNRuzt9ABL
G7CTqbySiAm+qjNi1eoFvKJvtkPcNGo3beslBVRb3kiVkvynWvu0ck/oI81wwqRE
Kh2Bs6dORGgoq8cFRtAt6Dikg8P3ERvkmIBw6ApbOqTeuTmA21XJgMrHF74ErqW2
2R3N+Kczafdejpu7VaOaFW4fGo0qzhLv/h46sjsZCZQX0n6cx5EKBW1ccfqlHwQN
9DCiuuZO3chu
-----END CERTIFICATE-----
Generated at Fri Apr 4 21:54:01 2025 by rpki-client