Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DB4FE/CF4A10EA85E111EBAFB51E84C4F9AE02/720987748DBD11EBB4566432C4F9AE02.roa
File: 720987748DBD11EBB4566432C4F9AE02.roa (raw, json)
Hash identifier: 5WwM6GRKC7ae7a+3G6zB5f80dxo3fM6uimTGxX2q9Uw=
Subject key identifier: 29:CF:6D:85:DE:EE:46:AF:2F:9B:39:A7:2B:5F:B7:E1:1D:48:BB:BF
Certificate issuer: /CN=A91DB4FE/serialNumber=7F6BE1D5A2730FC227FAFC896D13433241783179
Certificate serial: 0791
Authority key identifier: 7F:6B:E1:D5:A2:73:0F:C2:27:FA:FC:89:6D:13:43:32:41:78:31:79
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/f2vh1aJzD8In-vyJbRNDMkF4MXk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DB4FE/CF4A10EA85E111EBAFB51E84C4F9AE02/720987748DBD11EBB4566432C4F9AE02.roa
Signing time: Tue 10 Dec 2024 22:51:39 +0000
ROA not before: Tue 10 Dec 2024 22:51:39 +0000
ROA not after: Sat 31 Jan 2026 00:00:00 +0000
asID: 45411
IP address blocks: 58.87.4.0/23 maxlen: 23
220.157.73.0/24 maxlen: 24
220.157.76.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1937 (0x791)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DB4FE
Validity
Not Before: Dec 10 22:51:39 2024 GMT
Not After : Jan 31 00:00:00 2026 GMT
Subject: CN=6758c5fb-56e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:bb:70:28:e3:17:db:d8:23:da:51:f0:d6:50:
81:e3:d9:9c:03:60:fc:51:e2:fc:6e:54:57:c6:ce:
82:9b:dc:82:06:c5:0e:5f:55:95:09:be:81:a8:67:
f1:01:48:93:2d:35:53:58:44:1f:1b:4f:e6:82:b0:
9b:e8:fc:03:82:54:c2:b7:1a:60:56:5c:93:a9:83:
fb:db:ca:d0:00:dc:ce:d7:d3:67:4a:39:a0:86:d4:
69:71:18:f5:62:08:b2:40:62:ee:7d:fd:12:5e:b9:
de:69:93:3a:69:22:fe:0d:11:df:47:66:52:4d:d0:
be:cc:5c:0b:d1:32:66:c6:50:df:d5:f5:74:6a:b2:
5b:ee:0b:92:0e:58:30:84:78:cd:55:65:73:93:38:
58:ce:ca:0d:5e:df:e2:f7:a3:22:1d:20:17:37:58:
92:55:75:84:7b:18:7d:3f:b3:82:e0:fc:ab:e2:07:
97:39:62:0a:76:da:4c:9c:56:73:7d:56:f1:5d:6d:
b6:80:3f:48:62:3d:ca:3e:45:39:9d:e7:14:a8:29:
08:93:b2:f6:30:6a:09:eb:bb:6c:a6:c3:79:5c:38:
ca:97:87:1d:4d:3b:15:e9:4e:03:03:47:c8:86:4c:
2f:c9:53:bc:af:d8:e2:85:3b:8a:4c:bb:ca:9b:99:
ae:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:CF:6D:85:DE:EE:46:AF:2F:9B:39:A7:2B:5F:B7:E1:1D:48:BB:BF
X509v3 Authority Key Identifier:
keyid:7F:6B:E1:D5:A2:73:0F:C2:27:FA:FC:89:6D:13:43:32:41:78:31:79
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DB4FE/CF4A10EA85E111EBAFB51E84C4F9AE02/f2vh1aJzD8In-vyJbRNDMkF4MXk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/f2vh1aJzD8In-vyJbRNDMkF4MXk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DB4FE/CF4A10EA85E111EBAFB51E84C4F9AE02/720987748DBD11EBB4566432C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
58.87.4.0/23
220.157.73.0/24
220.157.76.0/24
Signature Algorithm: sha256WithRSAEncryption
49:58:cc:89:0c:b5:33:a1:b1:d2:2b:d4:c2:a4:e4:e1:10:c0:
32:81:85:8a:ab:54:b3:54:94:9c:1b:e0:7d:8a:40:5b:9d:5f:
54:82:a7:e9:62:9b:71:49:e7:20:eb:7e:21:c4:b9:00:b8:a9:
8c:64:5e:ac:a9:39:6f:dd:4b:c8:e9:3c:25:d6:b0:b7:7f:60:
89:eb:2f:90:6b:d0:30:5f:01:95:76:35:7e:35:2f:55:d5:0d:
53:ed:e4:53:29:47:25:0f:be:32:36:60:d5:47:50:65:c1:40:
18:06:4a:3e:7e:2a:8f:52:4b:85:5d:f1:e5:f1:2e:4d:af:c6:
e3:83:af:b4:65:98:80:df:75:8e:24:c8:cb:ee:e0:93:5f:6a:
d5:49:68:a1:f0:b1:88:28:83:18:34:27:67:47:ae:1b:9a:06:
d0:0a:32:8e:32:e7:89:e5:26:55:73:86:51:d2:5a:30:a2:3b:
c2:2c:1f:c2:c3:fd:64:d9:3a:98:87:be:91:f1:fe:5d:38:59:
54:77:f8:81:43:64:c4:b2:2b:6c:01:68:71:93:60:fa:19:da:
26:ef:4d:2d:63:0d:9f:d6:b5:5f:3e:eb:85:63:27:bb:3f:da:
29:73:a2:67:6b:dc:1e:73:6f:e3:d5:f7:cf:15:bf:28:72:46:
8c:7e:c3:04
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICB5EwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REI0RkUxMTAvBgNVBAUTKDdGNkJFMUQ1QTI3MzBGQzIyN0ZBRkM4OTZEMTM0MzMy
NDE3ODMxNzkwHhcNMjQxMjEwMjI1MTM5WhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzU4YzVmYi01NmU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAobtwKOMX29gj2lHw1lCB49mcA2D8UeL8blRXxs6Cm9yCBsUOX1WVCb6BqGfx
AUiTLTVTWEQfG0/mgrCb6PwDglTCtxpgVlyTqYP728rQANzO19NnSjmghtRpcRj1
YgiyQGLuff0SXrneaZM6aSL+DRHfR2ZSTdC+zFwL0TJmxlDf1fV0arJb7guSDlgw
hHjNVWVzkzhYzsoNXt/i96MiHSAXN1iSVXWEexh9P7OC4Pyr4geXOWIKdtpMnFZz
fVbxXW22gD9IYj3KPkU5necUqCkIk7L2MGoJ67tspsN5XDjKl4cdTTsV6U4DA0fI
hkwvyVO8r9jihTuKTLvKm5muzQIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFCnPbYXe
7kavL5s5pytft+EdSLu/MB8GA1UdIwQYMBaAFH9r4dWicw/CJ/r8iW0TQzJBeDF5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQjRGRS9DRjRBMTBFQTg1
RTExMUVCQUZCNTFFODRDNEY5QUUwMi9mMnZoMWFKekQ4SW4tdnlKYlJORE1rRjRN
WGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2YydmgxYUp6RDhJbi12eUpiUk5ETWtGNE1Yay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REI0RkUvQ0Y0QTEwRUE4NUUxMTFFQkFGQjUxRTg0QzRGOUFFMDIvNzIwOTg3NzQ4
REJEMTFFQkI0NTY2NDMyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAE6VwQDBADcnUkDBADcnUwwDQYJKoZIhvcNAQELBQADggEB
AElYzIkMtTOhsdIr1MKk5OEQwDKBhYqrVLNUlJwb4H2KQFudX1SCp+lim3FJ5yDr
fiHEuQC4qYxkXqypOW/dS8jpPCXWsLd/YInrL5Br0DBfAZV2NX41L1XVDVPt5FMp
RyUPvjI2YNVHUGXBQBgGSj5+Ko9SS4Vd8eXxLk2vxuODr7RlmIDfdY4kyMvu4JNf
atVJaKHwsYgogxg0J2dHrhuaBtAKMo4y54nlJlVzhlHSWjCiO8IsH8LD/WTZOpiH
vpHx/l04WVR3+IFDZMSyK2wBaHGTYPoZ2ibvTS1jDZ/WtV8+64VjJ7s/2ilzomdr
3B5zb+PV988VvyhyRox+wwQ=
-----END CERTIFICATE-----
Generated at Sat Apr 5 07:13:55 2025 by rpki-client