Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/0A3D699C0B8911EFAA588431C4F9AE02.roa
File: 0A3D699C0B8911EFAA588431C4F9AE02.roa (raw, json)
Hash identifier: JAmWB+0PEm3OD3cI1s1ukGucsUF5dqXQj36pagW5dbU=
Subject key identifier: F5:55:84:C7:5F:4F:74:20:21:48:AB:28:DD:A3:32:59:38:42:F2:91
Certificate issuer: /CN=A91AB6EB/serialNumber=FC9BD463D02E9FD2DFC3C39AE4CD5AB322658C2A
Certificate serial: 09EF
Authority key identifier: FC:9B:D4:63:D0:2E:9F:D2:DF:C3:C3:9A:E4:CD:5A:B3:22:65:8C:2A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_JvUY9Aun9Lfw8Oa5M1asyJljCo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/0A3D699C0B8911EFAA588431C4F9AE02.roa
Signing time: Mon 06 May 2024 09:14:28 +0000
ROA not before: Mon 06 May 2024 09:14:28 +0000
ROA not after: Thu 01 May 2025 00:00:00 +0000
asID: 141432
IP address blocks: 180.92.134.0/24 maxlen: 24
180.92.135.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2543 (0x9ef)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91AB6EB, serialNumber=FC9BD463D02E9FD2DFC3C39AE4CD5AB322658C2A
Validity
Not Before: May 6 09:14:28 2024 GMT
Not After : May 1 00:00:00 2025 GMT
Subject: CN=66389f74-0414
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:4c:ba:ab:a8:d0:c3:e8:af:23:99:a3:e9:14:
d9:ca:95:7f:12:fc:34:40:9c:10:b9:05:71:57:74:
11:7d:75:c5:49:0f:4f:c7:10:18:f6:71:d3:fc:15:
e3:13:fa:62:f0:b9:d1:2f:01:fd:3c:6b:25:0c:f2:
4b:8c:1d:ae:43:cf:77:4f:d5:88:06:44:57:53:f7:
c9:7c:e4:ce:00:67:a3:97:3a:71:96:01:0e:df:aa:
f4:73:34:f4:ce:06:21:db:dc:f7:df:a4:90:11:04:
1e:47:c7:cf:1c:b0:b9:c8:6a:07:70:34:0b:3d:36:
67:98:a1:fe:c0:4d:39:34:71:77:ef:f5:36:ed:7d:
d8:63:cf:31:fe:cb:43:99:7d:c1:e5:c9:af:54:66:
b6:85:de:da:4d:56:5f:d6:1b:21:24:d4:f7:ce:eb:
54:fc:62:df:3d:20:f1:5f:d2:ff:1d:27:72:47:20:
e6:7c:3f:ac:ef:95:c6:87:c3:06:96:eb:64:d5:bd:
2a:51:bf:3f:ea:79:55:88:d3:46:82:9f:d4:cd:dd:
79:4a:6c:d1:b1:8f:39:f3:f8:7b:ac:13:31:83:f0:
76:80:45:ac:56:42:3a:18:aa:cf:d4:dd:d6:13:cb:
73:32:21:40:17:78:f6:33:24:3c:5c:2e:03:bb:6c:
e1:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:55:84:C7:5F:4F:74:20:21:48:AB:28:DD:A3:32:59:38:42:F2:91
X509v3 Authority Key Identifier:
keyid:FC:9B:D4:63:D0:2E:9F:D2:DF:C3:C3:9A:E4:CD:5A:B3:22:65:8C:2A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/_JvUY9Aun9Lfw8Oa5M1asyJljCo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_JvUY9Aun9Lfw8Oa5M1asyJljCo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/0A3D699C0B8911EFAA588431C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
180.92.134.0/23
Signature Algorithm: sha256WithRSAEncryption
c5:6d:fe:d7:ab:22:20:06:c1:92:87:87:ac:06:ff:8f:cb:29:
43:c4:ee:db:11:73:8e:16:98:4d:e7:21:1f:35:55:7a:b4:74:
ea:17:37:8b:b4:f5:57:28:bd:c7:da:76:bb:51:60:dd:97:76:
b8:e9:00:7f:c1:24:db:6b:83:ba:0a:9b:a1:9b:de:b6:75:63:
97:37:9d:01:96:fe:46:d5:fe:9a:d0:20:fb:66:4e:90:53:37:
db:0f:25:20:a2:a3:8f:75:97:db:fe:49:e2:97:4c:95:2e:7b:
dc:d1:5d:e1:f8:c6:b6:80:d9:ab:d2:48:0e:b7:bf:60:69:49:
21:29:f8:23:59:12:d6:58:e4:c0:7e:08:45:5a:88:76:1d:67:
4e:13:68:d8:e3:0a:2b:63:85:c9:09:e8:ac:7e:cf:33:61:01:
83:53:8f:52:30:e7:b1:f2:3b:55:9b:01:1e:aa:0a:83:11:69:
35:6a:59:83:6e:07:34:ff:14:27:1f:8b:a6:22:07:0b:31:1e:
4b:96:d3:e3:ef:6f:24:dc:1d:36:0f:f4:bc:ae:74:62:e3:5c:
49:90:c2:a7:47:cb:04:83:e0:44:5c:74:11:c7:ec:0a:e7:b9:
fe:7c:40:46:e4:19:41:fc:ab:15:38:7b:f5:b2:e5:1e:ee:ad:
7b:90:6a:f2
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCe8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUI2RUIxMTAvBgNVBAUTKEZDOUJENDYzRDAyRTlGRDJERkMzQzM5QUU0Q0Q1QUIz
MjI2NThDMkEwHhcNMjQwNTA2MDkxNDI4WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjM4OWY3NC0wNDE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr0y6q6jQw+ivI5mj6RTZypV/Evw0QJwQuQVxV3QRfXXFSQ9PxxAY9nHT/BXj
E/pi8LnRLwH9PGslDPJLjB2uQ893T9WIBkRXU/fJfOTOAGejlzpxlgEO36r0czT0
zgYh29z336SQEQQeR8fPHLC5yGoHcDQLPTZnmKH+wE05NHF37/U27X3YY88x/stD
mX3B5cmvVGa2hd7aTVZf1hshJNT3zutU/GLfPSDxX9L/HSdyRyDmfD+s75XGh8MG
lutk1b0qUb8/6nlViNNGgp/Uzd15SmzRsY858/h7rBMxg/B2gEWsVkI6GKrP1N3W
E8tzMiFAF3j2MyQ8XC4Du2zh3QIDAQABo4IClTCCApEwHQYDVR0OBBYEFPVVhMdf
T3QgIUirKN2jMlk4QvKRMB8GA1UdIwQYMBaAFPyb1GPQLp/S38PDmuTNWrMiZYwq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQjZFQi8wMTM5MUIwMDhF
MkIxMUVBQkY4NkRBNENDNEY5QUUwMi9fSnZVWTlBdW45TGZ3OE9hNU0xYXN5Smxq
Q28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19KdlVZOUF1bjlMZnc4T2E1TTFhc3lKbGpDby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUI2RUIvMDEzOTFCMDA4RTJCMTFFQUJGODZEQTRDQzRGOUFFMDIvMEEzRDY5OUMw
Qjg5MTFFRkFBNTg4NDMxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAG0XIYwDQYJKoZIhvcNAQELBQADggEBAMVt/terIiAGwZKH
h6wG/4/LKUPE7tsRc44WmE3nIR81VXq0dOoXN4u09VcovcfadrtRYN2XdrjpAH/B
JNtrg7oKm6Gb3rZ1Y5c3nQGW/kbV/prQIPtmTpBTN9sPJSCio491l9v+SeKXTJUu
e9zRXeH4xraA2avSSA63v2BpSSEp+CNZEtZY5MB+CEVaiHYdZ04TaNjjCitjhckJ
6Kx+zzNhAYNTj1Iw57HyO1WbAR6qCoMRaTVqWYNuBzT/FCcfi6YiBwsxHkuW0+Pv
byTcHTYP9LyudGLjXEmQwqdHywSD4ERcdBHH7Arnuf58QEbkGUH8qxU4e/Wy5R7u
rXuQavI=
-----END CERTIFICATE-----
Generated at Thu Apr 17 10:09:16 2025 by rpki-client