Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/78194D869FEB11EFA48D4A35C4F9AE02.roa
File: 78194D869FEB11EFA48D4A35C4F9AE02.roa (raw, json)
Hash identifier: onARy1IUO8mfXdyJmF4auxFuXxWKXPNT6D84qmuUilE=
Subject key identifier: 13:28:7F:22:0D:0E:20:45:BB:6E:99:B8:8D:C5:5B:8D:68:F7:72:4F
Certificate issuer: /CN=A91B59E5/serialNumber=E47BF70254532697D20D0D3110F625370D65FA83
Certificate serial: 0157
Authority key identifier: E4:7B:F7:02:54:53:26:97:D2:0D:0D:31:10:F6:25:37:0D:65:FA:83
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/78194D869FEB11EFA48D4A35C4F9AE02.roa
Signing time: Mon 11 Nov 2024 05:11:55 +0000
ROA not before: Mon 11 Nov 2024 05:11:55 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 133320
IP address blocks: 45.118.9.0/24 maxlen: 24
103.58.41.0/24 maxlen: 24
103.237.113.0/24 maxlen: 24
103.237.114.0/24 maxlen: 24
103.237.115.0/24 maxlen: 24
2001:df6:a900::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 343 (0x157)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B59E5
Validity
Not Before: Nov 11 05:11:55 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=6731921b-5b08
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:8d:dc:53:29:78:98:41:60:f3:5a:7c:a7:b3:
bf:16:94:5e:48:50:06:a6:74:63:b6:15:59:3b:32:
b9:11:fd:ac:5f:23:35:45:ff:a5:2a:ee:e5:6d:4a:
81:7a:ce:03:f0:b5:1d:7e:cc:fd:97:5e:fa:ac:ab:
cb:b7:33:7e:4e:ab:cb:4a:c8:de:97:39:3e:02:61:
29:4f:83:92:2b:03:14:da:a6:ec:70:12:36:4d:91:
41:7f:00:ee:db:c3:7a:89:d2:4f:83:e6:61:41:d6:
96:40:90:2e:8a:7e:8a:6c:54:fe:f0:23:30:fa:52:
0d:45:30:b2:ff:0e:45:18:58:1e:0f:e8:87:29:7b:
c8:94:77:d7:76:01:3a:c9:d8:5d:b6:a7:72:4f:7f:
5b:0d:5c:ba:f6:81:fb:06:ef:b1:8e:ad:bc:a8:2a:
bd:7b:01:69:d9:de:d3:94:ad:36:ac:c6:87:5e:50:
da:b9:50:42:99:e3:2c:3c:fa:9a:54:35:db:f4:63:
be:26:d9:31:c1:f4:55:73:30:48:8d:e8:fb:1b:6e:
26:ee:4b:ab:2c:82:9c:ff:c4:54:9c:aa:0c:c8:2b:
30:e1:37:31:15:5c:93:11:1d:bc:2a:b0:67:b9:4f:
6c:2d:82:0b:d3:ba:fd:37:e4:e3:30:c7:02:88:90:
13:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:28:7F:22:0D:0E:20:45:BB:6E:99:B8:8D:C5:5B:8D:68:F7:72:4F
X509v3 Authority Key Identifier:
keyid:E4:7B:F7:02:54:53:26:97:D2:0D:0D:31:10:F6:25:37:0D:65:FA:83
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/78194D869FEB11EFA48D4A35C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.118.9.0/24
103.58.41.0/24
103.237.113.0-103.237.115.255
IPv6:
2001:df6:a900::/48
Signature Algorithm: sha256WithRSAEncryption
1b:0b:90:2d:e8:93:d9:30:16:07:79:8a:fc:06:a5:3b:3c:cd:
4e:9f:2d:3b:cf:7e:be:47:b5:ef:39:d2:b4:06:d2:3e:cd:e2:
3a:4f:f8:c9:1a:43:00:d4:80:a9:16:ca:4b:55:31:55:75:a0:
43:7d:12:09:ce:f7:4e:f7:4a:4a:6c:fd:1a:14:a7:da:42:1b:
a1:e0:de:bd:6d:d7:90:21:62:07:d2:7c:e4:c7:88:d1:81:dd:
d2:0f:7d:9b:a1:73:3c:a0:ae:8d:19:67:c6:6a:cb:6e:7c:b3:
7b:7e:e3:39:1d:94:21:45:69:1b:69:3e:cb:4c:0d:90:b2:77:
6d:cf:89:b8:d7:89:3e:95:03:b3:d2:ff:69:04:99:cc:4a:ff:
43:04:7d:cd:aa:b7:28:90:b7:1d:64:67:38:a4:ab:9e:e6:a8:
b9:1f:95:01:4a:b7:32:a4:84:84:d9:fe:05:c7:a6:8d:ff:12:
67:79:17:f4:ee:89:95:ea:d4:28:3f:03:7f:00:17:f2:11:08:
11:1e:d5:ac:c2:d3:00:70:f3:20:ec:15:71:5b:cf:00:db:8c:
b0:0e:f2:91:4f:06:4a:c7:25:f9:2c:c5:c4:e2:a7:1f:a1:d2:
e0:63:4d:b3:af:b6:a3:fd:39:89:a8:15:f5:ef:1a:33:a7:8b:
b1:9d:38:e8
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgICAVcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjU5RTUxMTAvBgNVBAUTKEU0N0JGNzAyNTQ1MzI2OTdEMjBEMEQzMTEwRjYyNTM3
MEQ2NUZBODMwHhcNMjQxMTExMDUxMTU1WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzMxOTIxYi01YjA4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0Y3cUyl4mEFg81p8p7O/FpReSFAGpnRjthVZOzK5Ef2sXyM1Rf+lKu7lbUqB
es4D8LUdfsz9l176rKvLtzN+TqvLSsjelzk+AmEpT4OSKwMU2qbscBI2TZFBfwDu
28N6idJPg+ZhQdaWQJAuin6KbFT+8CMw+lINRTCy/w5FGFgeD+iHKXvIlHfXdgE6
ydhdtqdyT39bDVy69oH7Bu+xjq28qCq9ewFp2d7TlK02rMaHXlDauVBCmeMsPPqa
VDXb9GO+JtkxwfRVczBIjej7G24m7kurLIKc/8RUnKoMyCsw4TcxFVyTER28KrBn
uU9sLYIL07r9N+TjMMcCiJAThwIDAQABo4ICujCCArYwHQYDVR0OBBYEFBMofyIN
DiBFu26ZuI3FW41o93JPMB8GA1UdIwQYMBaAFOR79wJUUyaX0g0NMRD2JTcNZfqD
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNTlFNS9ERDlGMUY3QzND
MDExMUVFOTFDQkUxNTdDNEY5QUUwMi81SHYzQWxSVEpwZlNEUTB4RVBZbE53MWwt
b00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVIdjNBbFJUSnBmU0RRMHhFUFlsTncxbC1vTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjU5RTUvREQ5RjFGN0MzQzAxMTFFRTkxQ0JFMTU3QzRGOUFFMDIvNzgxOTREODY5
RkVCMTFFRkE0OEQ0QTM1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRAYIKwYBBQUHAQcBAf8E
NTAzMCAEAgABMBoDBAAtdgkDBABnOikwDAMEAGftcQMEAmftcDAPBAIAAjAJAwcA
IAEN9qkAMA0GCSqGSIb3DQEBCwUAA4IBAQAbC5At6JPZMBYHeYr8BqU7PM1Ony07
z36+R7XvOdK0BtI+zeI6T/jJGkMA1ICpFspLVTFVdaBDfRIJzvdO90pKbP0aFKfa
Qhuh4N69bdeQIWIH0nzkx4jRgd3SD32boXM8oK6NGWfGastufLN7fuM5HZQhRWkb
aT7LTA2Qsndtz4m414k+lQOz0v9pBJnMSv9DBH3NqrcokLcdZGc4pKue5qi5H5UB
SrcypISE2f4Fx6aN/xJneRf07omV6tQoPwN/ABfyEQgRHtWswtMAcPMg7BVxW88A
24ywDvKRTwZKxyX5LMXE4qcfodLgY02zr7aj/TmJqBX17xozp4uxnTjo
-----END CERTIFICATE-----
Generated at Sat Apr 5 13:19:55 2025 by rpki-client