Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/4FD095F0045611EEAABA8378C4F9AE02.roa
File: 4FD095F0045611EEAABA8378C4F9AE02.roa (raw, json)
Hash identifier: NaeTG3N1F7jUyrrIWbEehAgBZQh9A1vBUz3ZwO6KLto=
Subject key identifier: 11:9A:87:44:AC:D8:CF:25:EF:B9:3F:20:09:63:28:E9:B3:6B:24:8A
Certificate issuer: /CN=A91C0BDE/serialNumber=A4B50BECD8BBA285587128D5919283DBE1690918
Certificate serial: 0855
Authority key identifier: A4:B5:0B:EC:D8:BB:A2:85:58:71:28:D5:91:92:83:DB:E1:69:09:18
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/4FD095F0045611EEAABA8378C4F9AE02.roa
Signing time: Wed 24 Jul 2024 20:58:49 +0000
ROA not before: Wed 24 Jul 2024 20:58:49 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 38138
IP address blocks: 114.129.8.0/21 maxlen: 21
114.129.8.0/24 maxlen: 24
114.129.9.0/24 maxlen: 24
114.129.10.0/24 maxlen: 24
114.129.11.0/24 maxlen: 24
114.129.12.0/24 maxlen: 24
114.129.13.0/24 maxlen: 24
114.129.14.0/24 maxlen: 24
114.129.15.0/24 maxlen: 24
2405:eec0::/32 maxlen: 32
2405:eec0:1::/48 maxlen: 48
2405:eec0:2::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2133 (0x855)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C0BDE
Validity
Not Before: Jul 24 20:58:49 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=66a16b09-376c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:ec:3b:e9:3b:bb:2d:36:4c:b8:b5:a4:58:98:
f0:82:6a:9c:d2:aa:ee:c3:ea:63:cb:c1:46:bc:e3:
33:04:09:f2:8c:11:0a:8c:d3:20:52:ea:fb:56:fa:
d7:35:f1:65:63:bf:d0:b2:ca:d9:62:b8:28:02:e0:
b7:c6:0d:5e:6e:dc:19:3d:0c:0f:6d:1d:31:ce:b1:
d1:80:fa:9d:90:6d:28:0c:ad:ce:25:58:ae:26:68:
7e:28:65:ae:90:85:97:90:a3:70:19:35:a6:0b:9a:
33:41:f4:04:fa:5a:7a:02:24:1b:0b:dc:9d:ab:90:
8b:a7:8c:70:db:27:db:ac:93:bc:ac:80:ab:67:63:
be:74:9f:ea:9f:96:bd:03:1b:80:75:28:ee:a9:8c:
48:d0:d4:8c:12:3f:b2:e9:81:dd:72:ce:f7:dc:38:
f9:d9:5a:2c:6d:22:55:42:ee:ca:68:8d:7f:eb:47:
64:a2:12:c4:f5:e3:d5:2b:d7:a8:25:7a:a3:78:b1:
86:c8:ed:ca:2a:27:94:02:31:c2:77:af:d9:54:f0:
02:23:f8:e7:2b:c5:67:2a:3c:35:df:f1:54:a2:08:
98:62:b4:66:e4:46:b6:f6:3c:65:3d:11:c3:7b:a1:
49:42:a2:45:ed:a4:02:2b:4c:53:7c:c7:ce:79:fc:
6d:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:9A:87:44:AC:D8:CF:25:EF:B9:3F:20:09:63:28:E9:B3:6B:24:8A
X509v3 Authority Key Identifier:
keyid:A4:B5:0B:EC:D8:BB:A2:85:58:71:28:D5:91:92:83:DB:E1:69:09:18
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/4FD095F0045611EEAABA8378C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
114.129.8.0/21
IPv6:
2405:eec0::/32
Signature Algorithm: sha256WithRSAEncryption
b0:e0:05:99:6e:07:59:99:73:c5:30:39:df:29:fc:bd:ed:fc:
e0:da:16:92:2a:40:f5:3a:7f:1c:ff:29:98:34:e5:2c:a4:17:
13:a2:a5:e9:aa:0d:27:d6:f0:63:1e:35:7d:32:a1:ae:60:4a:
0e:7d:25:41:e3:24:70:b9:33:a4:f5:c4:29:59:3d:36:b4:1c:
80:12:f1:59:49:48:c2:ee:04:7b:bb:72:dc:6e:d7:1c:bf:2e:
b9:e9:31:66:53:4d:af:29:eb:89:34:f9:4f:e9:c4:90:9b:68:
12:5d:72:e3:49:f7:5e:4c:e0:37:6d:2e:5a:66:e1:d1:bf:ea:
34:2b:04:ab:20:d1:d0:d3:b4:fc:b0:55:ca:b3:5e:23:27:c7:
db:7c:eb:2e:95:d5:31:ef:66:76:e7:40:ed:a9:1f:42:ed:32:
dd:a5:9e:9d:34:19:e9:38:76:e2:87:e6:6f:46:66:32:01:39:
44:18:1b:68:d8:f4:71:6b:57:e2:45:23:b8:df:dd:fc:2b:f8:
bc:87:63:41:b6:36:e7:91:7e:89:5c:37:8a:a9:b1:08:13:8b:
45:50:ce:e3:08:89:11:2d:ba:dd:c4:2a:e6:6a:f6:ff:28:7c:
ba:83:43:5c:fd:05:7b:b3:ca:59:65:19:7c:67:92:3b:7f:21:
23:72:83:df
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICCFUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzBCREUxMTAvBgNVBAUTKEE0QjUwQkVDRDhCQkEyODU1ODcxMjhENTkxOTI4M0RC
RTE2OTA5MTgwHhcNMjQwNzI0MjA1ODQ5WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmExNmIwOS0zNzZjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6Ow76Tu7LTZMuLWkWJjwgmqc0qruw+pjy8FGvOMzBAnyjBEKjNMgUur7VvrX
NfFlY7/QssrZYrgoAuC3xg1ebtwZPQwPbR0xzrHRgPqdkG0oDK3OJViuJmh+KGWu
kIWXkKNwGTWmC5ozQfQE+lp6AiQbC9ydq5CLp4xw2yfbrJO8rICrZ2O+dJ/qn5a9
AxuAdSjuqYxI0NSMEj+y6YHdcs733Dj52VosbSJVQu7KaI1/60dkohLE9ePVK9eo
JXqjeLGGyO3KKieUAjHCd6/ZVPACI/jnK8VnKjw13/FUogiYYrRm5Ea29jxlPRHD
e6FJQqJF7aQCK0xTfMfOefxteQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFBGah0Ss
2M8l77k/IAljKOmzaySKMB8GA1UdIwQYMBaAFKS1C+zYu6KFWHEo1ZGSg9vhaQkY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMEJERS83RTVBQzNFMDg5
NzExMUVBOTI0MDJBMEFDNEY5QUUwMi9wTFVMN05pN29vVlljU2pWa1pLRDItRnBD
UmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3BMVUw3Tmk3b29WWWNTalZrWktEMi1GcENSZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzBCREUvN0U1QUMzRTA4OTcxMTFFQTkyNDAyQTBBQzRGOUFFMDIvNEZEMDk1RjAw
NDU2MTFFRUFBQkE4Mzc4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBANygQgwDQQCAAIwBwMFACQF7sAwDQYJKoZIhvcNAQELBQAD
ggEBALDgBZluB1mZc8UwOd8p/L3t/ODaFpIqQPU6fxz/KZg05SykFxOipemqDSfW
8GMeNX0yoa5gSg59JUHjJHC5M6T1xClZPTa0HIAS8VlJSMLuBHu7ctxu1xy/Lrnp
MWZTTa8p64k0+U/pxJCbaBJdcuNJ915M4DdtLlpm4dG/6jQrBKsg0dDTtPywVcqz
XiMnx9t86y6V1THvZnbnQO2pH0LtMt2lnp00Gek4duKH5m9GZjIBOUQYG2jY9HFr
V+JFI7jf3fwr+LyHY0G2NueRfolcN4qpsQgTi0VQzuMIiREtut3EKuZq9v8ofLqD
Q1z9BXuzylllGXxnkjt/ISNyg98=
-----END CERTIFICATE-----
Generated at Sat Apr 5 01:58:06 2025 by rpki-client