Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/2131E0225B7E11EDB98BC14EC4F9AE02.roa
File: 2131E0225B7E11EDB98BC14EC4F9AE02.roa (raw, json)
Hash identifier: K12UGDVHASHEXRGJdQq6CXILggkzic3axnGkVWsX9Zo=
Subject key identifier: CA:07:E5:2E:B2:83:C3:FD:5F:BB:13:21:E2:9C:A4:E4:FB:A6:EA:4A
Certificate issuer: /CN=A91C0BDE/serialNumber=A4B50BECD8BBA285587128D5919283DBE1690918
Certificate serial: 0760
Authority key identifier: A4:B5:0B:EC:D8:BB:A2:85:58:71:28:D5:91:92:83:DB:E1:69:09:18
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/2131E0225B7E11EDB98BC14EC4F9AE02.roa
Signing time: Sat 03 Jun 2023 06:04:21 +0000
ROA not before: Sat 03 Jun 2023 06:04:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 38138
IP address blocks: 114.129.8.0/22 maxlen: 22
114.129.8.0/24 maxlen: 24
114.129.9.0/24 maxlen: 24
114.129.10.0/24 maxlen: 24
114.129.11.0/24 maxlen: 24
114.129.15.0/24 maxlen: 24
2405:eec0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1888 (0x760)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C0BDE
Validity
Not Before: Jun 3 06:04:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=647ad7e5-aea5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:1d:14:bb:e2:a0:c5:1a:64:35:68:06:3f:5e:
32:ce:82:df:95:9b:54:00:fa:b4:02:bb:c7:7a:a6:
26:32:b0:44:29:52:21:0d:91:ef:9e:45:89:51:06:
c2:b4:3f:39:69:63:c5:5d:81:d7:fd:d0:7c:4d:08:
d4:a2:33:cd:de:3e:42:65:4f:9e:2c:24:c1:02:c9:
28:43:e1:a9:53:24:df:f0:4b:56:36:c1:70:d5:fd:
20:c9:bf:fe:1f:88:dd:a9:4f:94:60:d9:d4:fe:76:
db:2a:9a:87:9f:4c:f3:23:9e:14:1c:db:75:4e:b6:
11:1d:11:ed:9d:c9:a8:36:1f:90:d3:34:09:83:c1:
15:c3:62:da:0f:4e:60:72:5a:cf:e2:d4:6f:19:c6:
c8:97:33:3d:8e:87:db:62:2d:21:0e:75:35:72:fd:
1c:05:2a:e9:4a:ca:64:aa:49:9a:3a:45:88:77:32:
14:78:da:25:3f:ce:e7:66:22:c8:16:f1:1b:50:0c:
9a:84:b7:3e:a7:57:13:18:3e:a9:43:8b:28:3f:c1:
ef:f0:31:53:e5:28:51:3f:12:9c:d3:d6:c5:75:3d:
51:8c:da:83:ef:f8:33:87:9e:5c:69:5e:e8:a1:1b:
b4:64:b5:ae:61:b9:8c:ef:da:4e:af:6e:f5:23:00:
87:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:07:E5:2E:B2:83:C3:FD:5F:BB:13:21:E2:9C:A4:E4:FB:A6:EA:4A
X509v3 Authority Key Identifier:
keyid:A4:B5:0B:EC:D8:BB:A2:85:58:71:28:D5:91:92:83:DB:E1:69:09:18
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/2131E0225B7E11EDB98BC14EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
114.129.8.0/22
114.129.15.0/24
IPv6:
2405:eec0::/32
Signature Algorithm: sha256WithRSAEncryption
40:e5:a6:24:d9:5b:84:56:fb:67:76:f8:bd:80:3f:b1:8e:37:
0c:10:7b:82:c9:bc:b3:b6:26:8f:5d:e0:7d:e9:83:35:e4:bf:
0e:78:cf:9b:57:15:09:6b:20:7f:69:2e:12:c1:aa:06:59:65:
7e:e9:11:e7:43:7b:c2:ae:ff:a6:78:b6:2d:fe:94:3d:ba:30:
ba:f9:04:cd:52:6e:77:d9:f5:8b:00:1d:49:8c:46:5f:b0:84:
62:90:d5:09:fb:44:ed:a4:eb:35:1f:5b:94:6b:62:29:db:76:
65:79:92:ed:f1:dd:cd:e4:a9:fc:05:9c:dd:06:f0:9f:89:4e:
1f:33:fe:e8:b6:a3:12:23:85:2e:83:86:91:4d:e9:2d:a8:7d:
d8:2c:4c:62:57:8f:2a:68:a2:d8:c5:f3:17:0c:10:d1:4a:62:
37:df:15:b8:f0:2f:fd:3e:6d:22:56:74:5f:e4:b7:ba:15:21:
5e:d1:3d:e9:04:c0:7b:4e:58:5d:f8:77:ad:a8:56:7f:16:06:
9a:0e:73:db:c1:6b:8e:d0:68:e9:27:50:17:49:2e:ae:7c:05:
0b:44:5a:ec:98:83:ac:b6:f4:0d:db:43:3b:22:ed:ef:70:18:
fa:b8:89:d5:ac:0f:d9:26:e2:8c:ad:15:cd:22:74:c2:6d:75:
b6:cb:46:5e
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICB2AwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzBCREUxMTAvBgNVBAUTKEE0QjUwQkVDRDhCQkEyODU1ODcxMjhENTkxOTI4M0RC
RTE2OTA5MTgwHhcNMjMwNjAzMDYwNDIxWhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDdhZDdlNS1hZWE1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7R0Uu+KgxRpkNWgGP14yzoLflZtUAPq0ArvHeqYmMrBEKVIhDZHvnkWJUQbC
tD85aWPFXYHX/dB8TQjUojPN3j5CZU+eLCTBAskoQ+GpUyTf8EtWNsFw1f0gyb/+
H4jdqU+UYNnU/nbbKpqHn0zzI54UHNt1TrYRHRHtncmoNh+Q0zQJg8EVw2LaD05g
clrP4tRvGcbIlzM9jofbYi0hDnU1cv0cBSrpSspkqkmaOkWIdzIUeNolP87nZiLI
FvEbUAyahLc+p1cTGD6pQ4soP8Hv8DFT5ShRPxKc09bFdT1RjNqD7/gzh55caV7o
oRu0ZLWuYbmM79pOr271IwCHgQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFMoH5S6y
g8P9X7sTIeKcpOT7pupKMB8GA1UdIwQYMBaAFKS1C+zYu6KFWHEo1ZGSg9vhaQkY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMEJERS83RTVBQzNFMDg5
NzExMUVBOTI0MDJBMEFDNEY5QUUwMi9wTFVMN05pN29vVlljU2pWa1pLRDItRnBD
UmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3BMVUw3Tmk3b29WWWNTalZrWktEMi1GcENSZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzBCREUvN0U1QUMzRTA4OTcxMTFFQTkyNDAyQTBBQzRGOUFFMDIvMjEzMUUwMjI1
QjdFMTFFREI5OEJDMTRFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJygQgDBABygQ8wDQQCAAIwBwMFACQF7sAwDQYJKoZIhvcN
AQELBQADggEBAEDlpiTZW4RW+2d2+L2AP7GONwwQe4LJvLO2Jo9d4H3pgzXkvw54
z5tXFQlrIH9pLhLBqgZZZX7pEedDe8Ku/6Z4ti3+lD26MLr5BM1SbnfZ9YsAHUmM
Rl+whGKQ1Qn7RO2k6zUfW5RrYinbdmV5ku3x3c3kqfwFnN0G8J+JTh8z/ui2oxIj
hS6DhpFN6S2ofdgsTGJXjypootjF8xcMENFKYjffFbjwL/0+bSJWdF/kt7oVIV7R
PekEwHtOWF34d62oVn8WBpoOc9vBa47QaOknUBdJLq58BQtEWuyYg6y29A3bQzsi
7e9wGPq4idWsD9km4oytFc0idMJtdbbLRl4=
-----END CERTIFICATE-----
Generated at Sat Apr 5 01:54:58 2025 by rpki-client