Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/D855CA1EB6AC11EDB83D5D33C4F9AE02.roa
File: D855CA1EB6AC11EDB83D5D33C4F9AE02.roa (raw, json)
Hash identifier: 8XVlcGYS/0+edwtymSpBD0QcxxISQaRD4cMBSIeZC3Q=
Subject key identifier: C7:04:35:DB:85:26:A1:F5:44:2F:47:35:1B:6C:42:B5:3D:EB:91:B0
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 69E1
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/D855CA1EB6AC11EDB83D5D33C4F9AE02.roa
Signing time: Wed 10 May 2023 16:11:59 +0000
ROA not before: Wed 10 May 2023 16:11:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 131277
IP address blocks: 1.186.0.0/16 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27105 (0x69e1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 10 16:11:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=645bc24f-82af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:a3:7d:b4:01:d8:e4:b8:77:28:40:fc:d6:f4:
6e:c2:7d:92:db:fb:1b:36:d6:64:a3:bc:16:6c:84:
a9:69:71:df:58:ac:85:e5:1f:96:03:55:3f:4d:85:
7d:64:3a:55:ac:7e:37:cb:51:89:2a:21:fe:e8:43:
96:68:a8:98:75:a4:a0:d8:68:9a:66:33:37:ac:60:
1f:24:2a:7d:50:63:6d:06:b6:e6:a5:0d:16:ac:bb:
56:e4:c4:fc:81:7b:85:4a:48:fc:36:82:77:95:db:
ab:83:22:4f:1f:3f:13:19:71:75:84:bd:7d:b2:4d:
cb:72:b2:98:d3:45:54:94:d1:3f:4d:d3:5e:87:75:
ed:5d:b4:ea:7f:ea:d0:89:e7:38:87:55:13:33:ef:
bb:84:4c:3e:ec:06:67:ff:fa:c7:1a:ee:4f:34:65:
f0:5d:94:8f:0b:1d:87:22:3a:e7:fb:7b:83:b7:3a:
75:78:16:6b:ac:41:8a:e8:d7:ed:d0:87:05:fb:cd:
ce:a5:33:ec:88:63:6c:a3:48:93:b4:c8:18:f9:18:
c0:2d:ba:75:dd:aa:2d:e6:e2:ab:6b:3a:a3:a4:fe:
83:61:a4:7f:37:b0:c2:df:32:51:3f:28:fb:1c:0e:
7c:2c:2d:c4:9d:75:d5:8e:e4:ac:39:74:9f:62:80:
8d:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:04:35:DB:85:26:A1:F5:44:2F:47:35:1B:6C:42:B5:3D:EB:91:B0
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/D855CA1EB6AC11EDB83D5D33C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
1.186.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9c:4c:0d:60:5f:58:9d:33:86:77:42:9b:94:60:1b:01:6b:8d:
07:f1:1c:72:64:24:3c:06:65:c6:15:ed:31:ed:73:56:2a:e1:
9a:ca:4b:2a:aa:e1:08:4c:dc:d4:56:50:3f:c2:3a:dc:ed:90:
2d:f8:0e:8e:82:7c:39:e3:76:5a:74:e9:71:34:c4:36:23:cc:
4f:fe:e3:ef:bb:c1:bd:4c:f2:b6:05:4b:c2:b5:65:34:fd:c8:
a0:59:be:81:d1:c2:bd:93:e5:ea:0f:ce:3c:39:b9:e3:59:88:
18:b5:73:12:8c:f7:ec:26:6f:70:fc:ea:c9:cd:71:f0:a9:ff:
20:b3:f9:98:07:3b:e6:5f:67:e6:db:0c:59:00:f9:ed:89:72:
46:0a:4f:f3:f7:fc:16:0e:a2:bf:48:4e:18:86:48:e5:d6:6f:
5e:55:0d:0d:fd:c2:89:a6:07:3a:8d:25:2f:69:e0:c5:a3:19:
28:c5:0a:5d:fb:d1:f5:4c:b2:53:c2:ae:14:4e:ab:cf:a9:bf:
2f:26:8d:d6:f3:a3:db:41:f9:ad:19:97:b6:c8:6e:d0:98:4e:
8d:14:3b:7b:e6:36:fd:36:38:50:89:61:fa:3f:c3:a9:b7:20:
4a:98:53:f6:c3:43:fb:91:39:0e:20:b6:96:9e:2d:d8:59:f2:
56:31:a4:af
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgICaeEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwNTEwMTYxMTU5WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDViYzI0Zi04MmFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsqN9tAHY5Lh3KED81vRuwn2S2/sbNtZko7wWbISpaXHfWKyF5R+WA1U/TYV9
ZDpVrH43y1GJKiH+6EOWaKiYdaSg2GiaZjM3rGAfJCp9UGNtBrbmpQ0WrLtW5MT8
gXuFSkj8NoJ3ldurgyJPHz8TGXF1hL19sk3LcrKY00VUlNE/TdNeh3XtXbTqf+rQ
iec4h1UTM++7hEw+7AZn//rHGu5PNGXwXZSPCx2HIjrn+3uDtzp1eBZrrEGK6Nft
0IcF+83OpTPsiGNso0iTtMgY+RjALbp13aot5uKrazqjpP6DYaR/N7DC3zJRPyj7
HA58LC3EnXXVjuSsOXSfYoCNiwIDAQABo4IClDCCApAwHQYDVR0OBBYEFMcENduF
JqH1RC9HNRtsQrU965GwMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvRDg1NUNBMUVC
NkFDMTFFREI4M0Q1RDMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHgYIKwYBBQUHAQcBAf8E
DzANMAsEAgABMAUDAwABujANBgkqhkiG9w0BAQsFAAOCAQEAnEwNYF9YnTOGd0Kb
lGAbAWuNB/EccmQkPAZlxhXtMe1zVirhmspLKqrhCEzc1FZQP8I63O2QLfgOjoJ8
OeN2WnTpcTTENiPMT/7j77vBvUzytgVLwrVlNP3IoFm+gdHCvZPl6g/OPDm541mI
GLVzEoz37CZvcPzqyc1x8Kn/ILP5mAc75l9n5tsMWQD57YlyRgpP8/f8Fg6iv0hO
GIZI5dZvXlUNDf3CiaYHOo0lL2ngxaMZKMUKXfvR9UyyU8KuFE6rz6m/LyaN1vOj
20H5rRmXtshu0JhOjRQ7e+Y2/TY4UIlh+j/DqbcgSphT9sND+5E5DiC2lp4t2Fny
VjGkrw==
-----END CERTIFICATE-----
Generated at Fri Apr 4 21:05:52 2025 by rpki-client