Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/7842DD4A045111EE8421CF47C4F9AE02.roa
File: 7842DD4A045111EE8421CF47C4F9AE02.roa (raw, json)
Hash identifier: DoWyIL/7fFtdbXCIqchZWr3n6ZipTMRKCyTORUhlpgw=
Subject key identifier: 72:1E:CC:A0:13:BA:D8:DB:E6:33:4F:39:42:85:B7:6B:E2:7E:31:77
Certificate issuer: /CN=A91C0BDE/serialNumber=A4B50BECD8BBA285587128D5919283DBE1690918
Certificate serial: 076F
Authority key identifier: A4:B5:0B:EC:D8:BB:A2:85:58:71:28:D5:91:92:83:DB:E1:69:09:18
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/7842DD4A045111EE8421CF47C4F9AE02.roa
Signing time: Tue 06 Jun 2023 10:04:05 +0000
ROA not before: Tue 06 Jun 2023 10:04:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 38138
IP address blocks: 114.129.8.0/21 maxlen: 21
114.129.8.0/24 maxlen: 24
114.129.9.0/24 maxlen: 24
114.129.10.0/24 maxlen: 24
114.129.11.0/24 maxlen: 24
114.129.12.0/24 maxlen: 24
114.129.15.0/24 maxlen: 24
2405:eec0::/32 maxlen: 32
2405:eec0:1::/48 maxlen: 48
2405:eec0:2::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1903 (0x76f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C0BDE
Validity
Not Before: Jun 6 10:04:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=647f0495-28d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:22:de:3e:49:43:fd:13:a6:a1:fd:f8:8c:c6:
9b:d0:57:32:e6:0e:d5:db:3c:f5:a8:20:27:bb:ad:
af:d0:25:c4:83:0f:2e:4a:62:94:c0:ae:ba:ca:39:
82:ad:f6:c6:1e:a4:f5:51:7a:2a:de:ff:27:6e:6d:
f3:9a:54:6c:f2:96:73:09:0a:4b:c3:3c:75:36:30:
9c:c4:2e:c3:f3:d9:fd:e2:21:75:11:14:b3:48:59:
71:13:79:41:9c:f1:1e:70:ae:25:b5:2d:2d:0d:57:
ed:60:1c:29:b8:fd:62:0f:dc:29:68:0f:2e:69:1b:
b8:c1:d2:d5:5b:0b:60:8f:e6:db:3d:19:33:7d:8e:
b4:9f:c5:29:7a:f1:41:6d:77:80:9c:ad:b9:9e:1b:
a5:8f:a2:1c:5e:f9:87:8f:bf:67:f4:70:10:3c:c0:
d7:ce:5b:6b:67:41:30:26:ba:2a:43:96:dc:c6:a8:
81:e2:45:68:75:08:41:b6:64:62:7f:f7:fa:e7:95:
99:36:8b:91:a3:ef:72:04:5e:bc:b1:79:f9:c9:1d:
30:a7:3b:8d:6c:ff:ce:c3:ac:f1:c7:3a:a6:25:0a:
79:83:30:f4:75:aa:08:8b:29:c3:59:8d:83:bf:6f:
2f:fb:7b:6b:d1:05:af:ee:04:e0:f2:1d:ba:c7:04:
9b:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:1E:CC:A0:13:BA:D8:DB:E6:33:4F:39:42:85:B7:6B:E2:7E:31:77
X509v3 Authority Key Identifier:
keyid:A4:B5:0B:EC:D8:BB:A2:85:58:71:28:D5:91:92:83:DB:E1:69:09:18
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/7842DD4A045111EE8421CF47C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
114.129.8.0/21
IPv6:
2405:eec0::/32
Signature Algorithm: sha256WithRSAEncryption
dc:e2:fa:65:ee:17:66:c3:5d:3b:9f:16:8f:54:28:ed:b9:1b:
9d:d6:43:6c:07:8f:90:24:fb:e7:73:e3:fb:e4:bc:14:af:ed:
2a:8a:97:1f:44:5a:e8:de:c5:b8:8e:6b:7b:b7:fd:cb:10:54:
8f:d4:10:8c:0c:a3:ba:99:e5:3a:16:b2:90:c8:38:f9:eb:c0:
14:57:f8:63:c7:63:ec:b0:d3:c2:3d:03:60:94:28:f7:a1:9c:
8c:f0:b7:10:9a:74:40:75:ae:dd:61:a9:45:70:8b:33:00:54:
56:e3:90:e5:30:29:94:6e:84:45:1c:45:39:f5:58:21:ac:d1:
e7:33:ba:6a:9b:3d:50:d8:c9:c1:ec:38:05:4f:a9:9e:bf:70:
40:52:39:38:06:c9:07:c9:8d:13:7a:7f:6a:24:84:7f:44:06:
6b:70:e6:5c:a5:0b:e6:3d:02:16:4b:92:0b:fc:f4:e8:37:e1:
74:08:3f:03:83:db:ab:37:b6:4f:b7:56:9a:2f:f1:68:fe:3d:
2e:d7:1d:37:9b:4a:93:00:5a:ee:24:cf:1a:e5:4e:3b:4f:6c:
13:c5:65:39:49:7d:20:06:5d:39:99:4f:c3:ca:bb:e6:e0:9d:
3e:ba:64:2f:9a:49:7c:b6:0d:f0:c9:c5:0f:ff:a8:f5:90:35:
fd:d3:3a:e4
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICB28wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzBCREUxMTAvBgNVBAUTKEE0QjUwQkVDRDhCQkEyODU1ODcxMjhENTkxOTI4M0RC
RTE2OTA5MTgwHhcNMjMwNjA2MTAwNDA1WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDdmMDQ5NS0yOGQ4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0yLePklD/ROmof34jMab0Fcy5g7V2zz1qCAnu62v0CXEgw8uSmKUwK66yjmC
rfbGHqT1UXoq3v8nbm3zmlRs8pZzCQpLwzx1NjCcxC7D89n94iF1ERSzSFlxE3lB
nPEecK4ltS0tDVftYBwpuP1iD9wpaA8uaRu4wdLVWwtgj+bbPRkzfY60n8UpevFB
bXeAnK25nhulj6IcXvmHj79n9HAQPMDXzltrZ0EwJroqQ5bcxqiB4kVodQhBtmRi
f/f655WZNouRo+9yBF68sXn5yR0wpzuNbP/Ow6zxxzqmJQp5gzD0daoIiynDWY2D
v28v+3tr0QWv7gTg8h26xwSbwwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFHIezKAT
utjb5jNPOUKFt2vifjF3MB8GA1UdIwQYMBaAFKS1C+zYu6KFWHEo1ZGSg9vhaQkY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMEJERS83RTVBQzNFMDg5
NzExMUVBOTI0MDJBMEFDNEY5QUUwMi9wTFVMN05pN29vVlljU2pWa1pLRDItRnBD
UmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3BMVUw3Tmk3b29WWWNTalZrWktEMi1GcENSZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzBCREUvN0U1QUMzRTA4OTcxMTFFQTkyNDAyQTBBQzRGOUFFMDIvNzg0MkRENEEw
NDUxMTFFRTg0MjFDRjQ3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBANygQgwDQQCAAIwBwMFACQF7sAwDQYJKoZIhvcNAQELBQAD
ggEBANzi+mXuF2bDXTufFo9UKO25G53WQ2wHj5Ak++dz4/vkvBSv7SqKlx9EWuje
xbiOa3u3/csQVI/UEIwMo7qZ5ToWspDIOPnrwBRX+GPHY+yw08I9A2CUKPehnIzw
txCadEB1rt1hqUVwizMAVFbjkOUwKZRuhEUcRTn1WCGs0eczumqbPVDYycHsOAVP
qZ6/cEBSOTgGyQfJjRN6f2okhH9EBmtw5lylC+Y9AhZLkgv89Og34XQIPwOD26s3
tk+3Vpov8Wj+PS7XHTebSpMAWu4kzxrlTjtPbBPFZTlJfSAGXTmZT8PKu+bgnT66
ZC+aSXy2DfDJxQ//qPWQNf3TOuQ=
-----END CERTIFICATE-----
Generated at Sat Apr 5 01:50:42 2025 by rpki-client