Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DB4FE/CF4A10EA85E111EBAFB51E84C4F9AE02/EFC7DBD264DA11EF92775E34C4F9AE02.roa
File: EFC7DBD264DA11EF92775E34C4F9AE02.roa (raw, json)
Hash identifier: 2xpD3zRS5kJbZw/kIcYw6vtjH7ypkfrzzjptTTPWp14=
Subject key identifier: 07:96:CB:54:45:F7:78:4A:ED:AC:85:F2:D5:E9:55:FC:11:3C:5D:81
Certificate issuer: /CN=A91DB4FE/serialNumber=7F6BE1D5A2730FC227FAFC896D13433241783179
Certificate serial: 0792
Authority key identifier: 7F:6B:E1:D5:A2:73:0F:C2:27:FA:FC:89:6D:13:43:32:41:78:31:79
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/f2vh1aJzD8In-vyJbRNDMkF4MXk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DB4FE/CF4A10EA85E111EBAFB51E84C4F9AE02/EFC7DBD264DA11EF92775E34C4F9AE02.roa
Signing time: Tue 10 Dec 2024 22:51:40 +0000
ROA not before: Tue 10 Dec 2024 22:51:40 +0000
ROA not after: Sat 31 Jan 2026 00:00:00 +0000
asID: 9268
IP address blocks: 220.157.68.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1938 (0x792)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DB4FE
Validity
Not Before: Dec 10 22:51:40 2024 GMT
Not After : Jan 31 00:00:00 2026 GMT
Subject: CN=6758c5fc-3b19
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:38:9d:d1:2c:a7:1c:da:38:dc:cc:40:b4:ee:
e9:2e:b6:97:2a:43:42:34:17:c5:85:6e:db:f6:75:
eb:bb:72:31:68:a1:9b:93:b0:e5:ab:e5:1d:cb:13:
1c:50:3c:b6:f0:aa:c3:3f:4c:f9:84:ae:a4:d5:78:
6d:d8:fb:38:f3:95:51:09:04:6a:1a:52:ce:cc:3e:
4a:f2:16:5f:d8:64:b5:bf:d1:45:a0:ed:8e:1e:e7:
88:0c:84:2a:bb:cf:d0:f9:9d:60:8b:ee:3f:bb:fe:
46:e9:26:d8:f4:3f:50:be:bd:c1:b1:8e:d3:e9:68:
83:63:7e:d0:df:74:b2:a8:bf:7e:3e:0c:1a:49:ec:
db:65:1f:1f:41:46:14:7a:74:34:6c:b9:74:e9:90:
d4:d1:1e:4d:e2:8a:b6:c2:38:f7:72:d3:6e:5b:2d:
84:37:a2:f9:7c:04:b1:4f:0b:23:35:ba:8e:df:89:
77:00:b8:b2:94:58:92:51:35:87:19:72:aa:30:2b:
68:8d:f1:59:60:7d:42:2d:1f:30:31:60:8e:38:aa:
00:3d:a5:33:af:ce:03:f4:e6:5c:53:72:15:d8:c4:
a1:ee:e7:c6:e3:2c:5a:50:12:76:68:ce:81:99:65:
b8:85:c1:a8:a7:99:60:a3:01:91:16:c5:ab:b4:34:
a1:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:96:CB:54:45:F7:78:4A:ED:AC:85:F2:D5:E9:55:FC:11:3C:5D:81
X509v3 Authority Key Identifier:
keyid:7F:6B:E1:D5:A2:73:0F:C2:27:FA:FC:89:6D:13:43:32:41:78:31:79
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DB4FE/CF4A10EA85E111EBAFB51E84C4F9AE02/f2vh1aJzD8In-vyJbRNDMkF4MXk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/f2vh1aJzD8In-vyJbRNDMkF4MXk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DB4FE/CF4A10EA85E111EBAFB51E84C4F9AE02/EFC7DBD264DA11EF92775E34C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
220.157.68.0/24
Signature Algorithm: sha256WithRSAEncryption
8b:04:d5:e9:59:d7:a4:eb:39:c1:53:37:4b:f7:17:4d:d7:60:
ab:93:b9:cb:30:cd:58:b8:ae:e5:72:54:d5:c9:25:da:22:44:
35:7d:7b:6f:df:c5:65:b3:77:d9:18:14:14:59:af:a0:bf:17:
40:2a:33:46:0a:ca:10:14:af:2e:50:20:d4:e2:9e:8d:fc:48:
fc:b4:8f:0b:45:e8:31:9f:c8:35:7a:54:27:72:5f:3e:09:13:
c8:f3:04:93:6b:f3:c5:04:fb:0b:a5:64:d1:ae:66:90:31:1b:
70:a8:6c:bd:a0:9b:a4:0a:09:10:47:af:6c:ae:6f:54:16:1f:
16:38:4b:01:96:e1:58:20:ae:a7:b7:3b:03:6b:e8:88:5c:69:
35:0e:c5:ba:9a:91:9f:bf:5d:9e:19:d6:eb:3d:47:87:6e:22:
07:54:d8:bf:42:54:05:7a:35:5b:33:9f:a8:9d:e0:95:76:d4:
13:a8:b4:a8:5f:93:57:4a:6a:34:db:8f:e2:a0:18:c3:67:55:
1b:fb:ac:a5:cb:c2:78:b7:83:62:dd:04:99:61:64:ca:1a:a3:
a8:5d:a6:a7:94:bf:fc:b7:50:93:5e:af:75:73:12:13:26:de:
0e:df:9c:0e:a7:ed:5f:5a:e9:cc:66:36:90:f2:16:1d:31:a1:
96:27:1b:31
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICB5IwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REI0RkUxMTAvBgNVBAUTKDdGNkJFMUQ1QTI3MzBGQzIyN0ZBRkM4OTZEMTM0MzMy
NDE3ODMxNzkwHhcNMjQxMjEwMjI1MTQwWhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzU4YzVmYy0zYjE5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAlzid0SynHNo43MxAtO7pLraXKkNCNBfFhW7b9nXru3IxaKGbk7Dlq+UdyxMc
UDy28KrDP0z5hK6k1Xht2Ps485VRCQRqGlLOzD5K8hZf2GS1v9FFoO2OHueIDIQq
u8/Q+Z1gi+4/u/5G6SbY9D9Qvr3BsY7T6WiDY37Q33SyqL9+PgwaSezbZR8fQUYU
enQ0bLl06ZDU0R5N4oq2wjj3ctNuWy2EN6L5fASxTwsjNbqO34l3ALiylFiSUTWH
GXKqMCtojfFZYH1CLR8wMWCOOKoAPaUzr84D9OZcU3IV2MSh7ufG4yxaUBJ2aM6B
mWW4hcGop5lgowGRFsWrtDShkQIDAQABo4IClTCCApEwHQYDVR0OBBYEFAeWy1RF
93hK7ayF8tXpVfwRPF2BMB8GA1UdIwQYMBaAFH9r4dWicw/CJ/r8iW0TQzJBeDF5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQjRGRS9DRjRBMTBFQTg1
RTExMUVCQUZCNTFFODRDNEY5QUUwMi9mMnZoMWFKekQ4SW4tdnlKYlJORE1rRjRN
WGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2YydmgxYUp6RDhJbi12eUpiUk5ETWtGNE1Yay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REI0RkUvQ0Y0QTEwRUE4NUUxMTFFQkFGQjUxRTg0QzRGOUFFMDIvRUZDN0RCRDI2
NERBMTFFRjkyNzc1RTM0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADcnUQwDQYJKoZIhvcNAQELBQADggEBAIsE1elZ16TrOcFT
N0v3F03XYKuTucswzVi4ruVyVNXJJdoiRDV9e2/fxWWzd9kYFBRZr6C/F0AqM0YK
yhAUry5QINTino38SPy0jwtF6DGfyDV6VCdyXz4JE8jzBJNr88UE+wulZNGuZpAx
G3CobL2gm6QKCRBHr2yub1QWHxY4SwGW4Vggrqe3OwNr6IhcaTUOxbqakZ+/XZ4Z
1us9R4duIgdU2L9CVAV6NVszn6id4JV21BOotKhfk1dKajTbj+KgGMNnVRv7rKXL
wni3g2LdBJlhZMoao6hdpqeUv/y3UJNer3VzEhMm3g7fnA6n7V9a6cxmNpDyFh0x
oZYnGzE=
-----END CERTIFICATE-----
Generated at Sat Apr 5 00:52:28 2025 by rpki-client