Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/24C95A3ED74C11EF9514995EC4F9AE02.roa
File: 24C95A3ED74C11EF9514995EC4F9AE02.roa (raw, json)
Hash identifier: Q+oHxLfjnU5EXi9/z6Q/czVwtw9KGAOWKnYDYsVhZ5Y=
Subject key identifier: 52:55:D6:C7:A3:D0:82:F3:08:39:8E:89:2D:2A:09:61:EC:96:50:31
Certificate issuer: /CN=A91AB6EB/serialNumber=FC9BD463D02E9FD2DFC3C39AE4CD5AB322658C2A
Certificate serial: 0A88
Authority key identifier: FC:9B:D4:63:D0:2E:9F:D2:DF:C3:C3:9A:E4:CD:5A:B3:22:65:8C:2A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_JvUY9Aun9Lfw8Oa5M1asyJljCo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/24C95A3ED74C11EF9514995EC4F9AE02.roa
Signing time: Mon 20 Jan 2025 16:32:31 +0000
ROA not before: Mon 20 Jan 2025 16:32:31 +0000
ROA not after: Thu 01 May 2025 00:00:00 +0000
asID: 55714
IP address blocks: 103.17.200.0/22 maxlen: 22
103.17.200.0/24 maxlen: 24
110.34.33.0/24 maxlen: 24
110.34.34.0/24 maxlen: 24
110.34.35.0/24 maxlen: 24
110.34.36.0/24 maxlen: 24
110.34.39.0/24 maxlen: 24
192.135.90.0/24 maxlen: 24
192.135.91.0/24 maxlen: 24
2406:f500::/32 maxlen: 32
2406:f500::/36 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2696 (0xa88)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91AB6EB, serialNumber=FC9BD463D02E9FD2DFC3C39AE4CD5AB322658C2A
Validity
Not Before: Jan 20 16:32:31 2025 GMT
Not After : May 1 00:00:00 2025 GMT
Subject: CN=678e7a9f-62d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:8f:9c:f8:f4:13:cf:2e:59:6f:96:c0:1f:d4:
e0:f8:05:db:a2:d4:4b:c3:bc:18:3c:0d:52:4f:be:
78:cc:d8:50:14:8c:16:fd:86:5e:12:6b:32:a3:eb:
ca:18:a9:6b:d8:c6:41:f2:13:7f:1f:b8:73:a4:b1:
c1:e3:ff:40:76:34:2e:df:a2:99:17:bb:48:f6:26:
d5:37:1d:6f:2b:34:2b:72:90:bf:bb:e8:e2:00:9a:
bf:36:65:78:77:0d:16:48:f7:46:c9:df:28:7b:16:
96:af:9f:69:ce:30:37:36:3c:fb:ad:2d:79:bd:26:
2a:f3:1a:0e:a4:65:70:ed:54:4e:6d:90:6f:5d:22:
64:5b:47:79:ff:0f:96:27:db:be:ea:a9:c1:e2:28:
9a:7d:65:bf:44:69:c2:cb:af:15:49:5a:d0:9c:04:
01:90:a7:2b:11:2c:8d:49:f7:04:7e:b3:d5:32:13:
64:b9:a9:56:af:e0:97:46:ea:2c:77:49:82:45:3b:
85:2a:19:50:64:6f:cb:29:74:b5:8c:b1:78:df:e9:
68:e7:d5:ca:53:72:1f:01:d0:c0:e6:16:98:22:a0:
3e:cc:09:52:45:0d:de:a1:dd:ac:90:d5:74:22:ff:
4d:3c:d1:b9:07:a5:88:28:b1:16:41:d6:86:4d:6b:
13:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:55:D6:C7:A3:D0:82:F3:08:39:8E:89:2D:2A:09:61:EC:96:50:31
X509v3 Authority Key Identifier:
keyid:FC:9B:D4:63:D0:2E:9F:D2:DF:C3:C3:9A:E4:CD:5A:B3:22:65:8C:2A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/_JvUY9Aun9Lfw8Oa5M1asyJljCo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_JvUY9Aun9Lfw8Oa5M1asyJljCo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/24C95A3ED74C11EF9514995EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.17.200.0/22
110.34.33.0-110.34.36.255
110.34.39.0/24
192.135.90.0/23
IPv6:
2406:f500::/32
Signature Algorithm: sha256WithRSAEncryption
9a:44:1f:21:74:f7:75:95:e2:1d:01:dc:7c:e3:86:d3:75:36:
6d:cd:98:d6:4a:67:25:3f:1a:bc:68:b5:1e:32:8d:fa:66:4b:
eb:44:ef:f0:97:29:ce:2a:e8:29:0f:33:23:e2:d7:f7:78:a9:
5f:15:2a:4e:d3:20:6f:ed:a2:1a:58:e9:47:f3:04:18:89:54:
bb:8b:01:9c:23:0e:d5:f8:c4:f2:5b:c0:62:25:a3:eb:56:7d:
b5:e7:aa:f5:ee:5d:da:ce:69:d1:6b:ce:ee:a9:89:8e:03:6c:
14:a0:28:03:79:56:26:57:e5:59:fa:5a:b9:d6:b0:97:ec:36:
68:64:35:82:d6:e6:22:4c:56:c4:3f:33:fa:a7:18:35:36:35:
1e:7a:82:d8:aa:68:1a:43:66:44:05:9d:a2:73:8a:e8:d6:65:
a7:4c:53:a5:3e:60:44:0d:33:90:a1:4b:53:36:f4:48:bf:a5:
24:40:44:ab:0e:e2:53:87:80:1a:4c:a5:6c:67:ee:5b:e6:5a:
cd:ac:ea:56:04:35:ca:22:c4:1e:c0:89:cd:0e:0b:9d:69:e7:
95:07:ad:e9:04:37:c1:6d:09:df:24:b8:71:1a:5e:f1:4b:ee:
a2:26:e9:d4:13:64:c4:c4:06:10:bf:8b:73:fe:58:6f:8b:2d:
65:9a:58:07
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgICCogwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUI2RUIxMTAvBgNVBAUTKEZDOUJENDYzRDAyRTlGRDJERkMzQzM5QUU0Q0Q1QUIz
MjI2NThDMkEwHhcNMjUwMTIwMTYzMjMxWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzhlN2E5Zi02MmQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5I+c+PQTzy5Zb5bAH9Tg+AXbotRLw7wYPA1ST754zNhQFIwW/YZeEmsyo+vK
GKlr2MZB8hN/H7hzpLHB4/9AdjQu36KZF7tI9ibVNx1vKzQrcpC/u+jiAJq/NmV4
dw0WSPdGyd8oexaWr59pzjA3Njz7rS15vSYq8xoOpGVw7VRObZBvXSJkW0d5/w+W
J9u+6qnB4iiafWW/RGnCy68VSVrQnAQBkKcrESyNSfcEfrPVMhNkualWr+CXRuos
d0mCRTuFKhlQZG/LKXS1jLF43+lo59XKU3IfAdDA5haYIqA+zAlSRQ3eod2skNV0
Iv9NPNG5B6WIKLEWQdaGTWsTsQIDAQABo4ICvjCCArowHQYDVR0OBBYEFFJV1sej
0ILzCDmOiS0qCWHsllAxMB8GA1UdIwQYMBaAFPyb1GPQLp/S38PDmuTNWrMiZYwq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQjZFQi8wMTM5MUIwMDhF
MkIxMUVBQkY4NkRBNENDNEY5QUUwMi9fSnZVWTlBdW45TGZ3OE9hNU0xYXN5Smxq
Q28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19KdlVZOUF1bjlMZnc4T2E1TTFhc3lKbGpDby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUI2RUIvMDEzOTFCMDA4RTJCMTFFQUJGODZEQTRDQzRGOUFFMDIvMjRDOTVBM0VE
NzRDMTFFRjk1MTQ5OTVFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSAYIKwYBBQUHAQcBAf8E
OTA3MCYEAgABMCADBAJnEcgwDAMEAG4iIQMEAG4iJAMEAG4iJwMEAcCHWjANBAIA
AjAHAwUAJAb1ADANBgkqhkiG9w0BAQsFAAOCAQEAmkQfIXT3dZXiHQHcfOOG03U2
bc2Y1kpnJT8avGi1HjKN+mZL60Tv8JcpziroKQ8zI+LX93ipXxUqTtMgb+2iGljp
R/MEGIlUu4sBnCMO1fjE8lvAYiWj61Z9teeq9e5d2s5p0WvO7qmJjgNsFKAoA3lW
JlflWfpaudawl+w2aGQ1gtbmIkxWxD8z+qcYNTY1HnqC2KpoGkNmRAWdonOK6NZl
p0xTpT5gRA0zkKFLUzb0SL+lJEBEqw7iU4eAGkylbGfuW+ZazazqVgQ1yiLEHsCJ
zQ4LnWnnlQet6QQ3wW0J3yS4cRpe8Uvuoibp1BNkxMQGEL+Lc/5Yb4stZZpYBw==
-----END CERTIFICATE-----
Generated at Sun Apr 13 03:43:56 2025 by rpki-client