Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/A4E0A84C809111EFA736E885C4F9AE02.roa
File: A4E0A84C809111EFA736E885C4F9AE02.roa (raw, json)
Hash identifier: svM+teuBEEMri4j/278vFAQTZEYKoHJ9PlFXQrTnF4A=
Subject key identifier: 80:9C:58:58:D4:22:E3:52:E2:AA:87:71:91:F6:72:4C:25:3F:DE:0E
Certificate issuer: /CN=A91B59E5/serialNumber=E47BF70254532697D20D0D3110F625370D65FA83
Certificate serial: 0150
Authority key identifier: E4:7B:F7:02:54:53:26:97:D2:0D:0D:31:10:F6:25:37:0D:65:FA:83
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/A4E0A84C809111EFA736E885C4F9AE02.roa
Signing time: Fri 08 Nov 2024 10:34:46 +0000
ROA not before: Fri 08 Nov 2024 10:34:46 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 133320
IP address blocks: 45.118.9.0/24 maxlen: 24
103.58.41.0/24 maxlen: 24
103.237.112.0/24 maxlen: 24
103.237.113.0/24 maxlen: 24
103.237.114.0/24 maxlen: 24
103.237.115.0/24 maxlen: 24
2001:df6:a900::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 336 (0x150)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B59E5
Validity
Not Before: Nov 8 10:34:46 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=672de946-dfad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:e9:25:a7:76:ae:d0:90:1e:d0:ee:42:2a:bb:
66:a4:a6:ec:e6:62:b8:ae:8a:91:a1:06:1a:0d:6d:
2b:5a:72:71:26:19:c9:17:c8:0c:e1:79:b6:03:17:
39:e7:e8:30:40:0a:4f:dd:85:35:7f:ad:03:b1:53:
89:5e:b5:c8:62:51:b9:a2:dc:d9:fb:6f:0c:b5:3a:
5a:42:07:b7:07:dc:15:a3:3d:b2:70:f0:e7:9b:e8:
a6:48:e3:30:8c:4c:56:eb:aa:f4:27:9d:28:3e:5c:
c1:5d:1a:ee:f0:d5:66:7f:13:ab:c5:a1:ad:a0:d2:
1d:1e:6d:9b:cc:03:c5:8c:8d:76:80:91:7e:7c:3e:
1a:cb:5b:6b:84:79:bd:6e:ed:f6:7c:ea:1c:fa:11:
4d:69:4a:2c:38:b9:2b:38:02:73:7d:30:d9:85:c6:
8f:8e:83:19:e6:22:e8:34:4b:f8:d4:14:ff:23:15:
c8:a3:b5:b0:2e:c2:7c:a4:30:89:45:db:cb:16:3b:
e6:e0:2a:40:0e:45:72:07:97:4c:bf:32:38:2f:cb:
91:a3:08:0a:1c:9c:9e:89:e7:af:4d:e9:10:de:59:
c5:48:8a:a1:62:55:5c:50:d5:ca:5e:be:5a:c9:29:
50:0a:25:a4:e6:3a:f5:03:24:19:79:da:9c:96:aa:
7b:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:9C:58:58:D4:22:E3:52:E2:AA:87:71:91:F6:72:4C:25:3F:DE:0E
X509v3 Authority Key Identifier:
keyid:E4:7B:F7:02:54:53:26:97:D2:0D:0D:31:10:F6:25:37:0D:65:FA:83
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/A4E0A84C809111EFA736E885C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.118.9.0/24
103.58.41.0/24
103.237.112.0/22
IPv6:
2001:df6:a900::/48
Signature Algorithm: sha256WithRSAEncryption
9f:0d:e2:ed:c4:7e:a8:53:0e:b7:e2:b0:3c:49:a6:4b:97:23:
a2:c1:61:e6:72:bd:49:55:33:f7:71:74:59:f3:9b:dc:40:7f:
46:83:b0:a6:58:63:e2:03:78:cb:df:ce:22:c0:c6:bc:23:3b:
f3:0b:0f:c5:0b:6b:ac:7b:b9:89:c6:f0:03:45:0f:3f:63:37:
a4:fd:e6:e3:16:36:47:ce:0b:f8:3b:a5:46:10:0f:93:dd:5c:
9b:22:4d:56:b3:36:27:bd:b5:37:8b:36:2d:69:28:cf:fe:12:
87:f9:09:7a:fc:4b:15:52:20:8d:e1:17:bb:58:0d:db:d3:8c:
14:84:e9:0a:9b:e8:c6:fb:29:6d:25:7a:e6:33:12:49:d5:c7:
90:36:d0:87:02:96:bb:74:63:5a:80:24:25:73:ea:06:dc:d3:
87:d6:da:34:ab:84:d3:3c:1b:f0:25:29:50:75:e8:8f:c9:e4:
bf:44:46:d8:09:81:34:76:b4:94:e3:16:5b:63:ea:5b:57:f3:
f3:b9:7b:d1:69:ad:61:de:fc:f1:c0:6b:b7:a0:a8:81:69:fa:
da:7d:f0:3c:d7:a5:c6:b6:5d:ce:74:cf:b7:a7:ec:2a:68:bb:
20:6e:8a:16:29:8e:fb:04:1e:8b:10:90:28:27:4e:ee:80:a4:
7e:95:e6:fd
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgICAVAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjU5RTUxMTAvBgNVBAUTKEU0N0JGNzAyNTQ1MzI2OTdEMjBEMEQzMTEwRjYyNTM3
MEQ2NUZBODMwHhcNMjQxMTA4MTAzNDQ2WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzJkZTk0Ni1kZmFkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApuklp3au0JAe0O5CKrtmpKbs5mK4roqRoQYaDW0rWnJxJhnJF8gM4Xm2Axc5
5+gwQApP3YU1f60DsVOJXrXIYlG5otzZ+28MtTpaQge3B9wVoz2ycPDnm+imSOMw
jExW66r0J50oPlzBXRru8NVmfxOrxaGtoNIdHm2bzAPFjI12gJF+fD4ay1trhHm9
bu32fOoc+hFNaUosOLkrOAJzfTDZhcaPjoMZ5iLoNEv41BT/IxXIo7WwLsJ8pDCJ
RdvLFjvm4CpADkVyB5dMvzI4L8uRowgKHJyeieevTekQ3lnFSIqhYlVcUNXKXr5a
ySlQCiWk5jr1AyQZedqclqp7MwIDAQABo4ICsjCCAq4wHQYDVR0OBBYEFICcWFjU
IuNS4qqHcZH2ckwlP94OMB8GA1UdIwQYMBaAFOR79wJUUyaX0g0NMRD2JTcNZfqD
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNTlFNS9ERDlGMUY3QzND
MDExMUVFOTFDQkUxNTdDNEY5QUUwMi81SHYzQWxSVEpwZlNEUTB4RVBZbE53MWwt
b00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVIdjNBbFJUSnBmU0RRMHhFUFlsTncxbC1vTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjU5RTUvREQ5RjFGN0MzQzAxMTFFRTkxQ0JFMTU3QzRGOUFFMDIvQTRFMEE4NEM4
MDkxMTFFRkE3MzZFODg1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPAYIKwYBBQUHAQcBAf8E
LTArMBgEAgABMBIDBAAtdgkDBABnOikDBAJn7XAwDwQCAAIwCQMHACABDfapADAN
BgkqhkiG9w0BAQsFAAOCAQEAnw3i7cR+qFMOt+KwPEmmS5cjosFh5nK9SVUz93F0
WfOb3EB/RoOwplhj4gN4y9/OIsDGvCM78wsPxQtrrHu5icbwA0UPP2M3pP3m4xY2
R84L+DulRhAPk91cmyJNVrM2J721N4s2LWkoz/4Sh/kJevxLFVIgjeEXu1gN29OM
FITpCpvoxvspbSV65jMSSdXHkDbQhwKWu3RjWoAkJXPqBtzTh9baNKuE0zwb8CUp
UHXoj8nkv0RG2AmBNHa0lOMWW2PqW1fz87l70WmtYd788cBrt6CogWn62n3wPNel
xrZdznTPt6fsKmi7IG6KFimO+wQeixCQKCdO7oCkfpXm/Q==
-----END CERTIFICATE-----
Generated at Sun Apr 6 21:07:39 2025 by rpki-client