Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E3E27/F38887666F3A11EA9840133DC4F9AE02/F5943602A73111EFB3C1D127C4F9AE02.roa
File: F5943602A73111EFB3C1D127C4F9AE02.roa (raw, json)
Hash identifier: 6OhFwsdNoJMe8ZZZFnlKyIScxuf1tuQhWFaoWdTnReU=
Subject key identifier: 75:71:03:E1:93:A2:16:F6:23:44:DC:0B:A2:3B:84:2E:93:68:10:CC
Certificate issuer: /CN=A91E3E27/serialNumber=A272ACAFE8FAA4F2A9700A6FC11425908C743D4B
Certificate serial: 0A51
Authority key identifier: A2:72:AC:AF:E8:FA:A4:F2:A9:70:0A:6F:C1:14:25:90:8C:74:3D:4B
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/onKsr-j6pPKpcApvwRQlkIx0PUs.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E3E27/F38887666F3A11EA9840133DC4F9AE02/F5943602A73111EFB3C1D127C4F9AE02.roa
Signing time: Tue 17 Dec 2024 22:47:50 +0000
ROA not before: Tue 17 Dec 2024 22:47:50 +0000
ROA not after: Wed 30 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 203.88.64.0/19 maxlen: 19
210.89.64.0/19 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2641 (0xa51)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E3E27
Validity
Not Before: Dec 17 22:47:50 2024 GMT
Not After : Jul 30 00:00:00 2025 GMT
Subject: CN=6761ff96-d97c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:ca:5f:b9:0f:15:63:ef:ec:f1:dd:6d:4c:9f:
f4:11:b8:c3:cb:fd:46:14:3f:7d:27:72:00:b9:af:
93:94:f6:10:c5:5a:16:71:54:3e:eb:b5:bb:70:24:
d1:44:9e:df:ff:88:21:63:73:58:b8:77:14:0b:1f:
c7:e9:4f:e1:ca:51:ea:73:f0:87:c7:f1:92:d5:8c:
3c:91:8c:df:e4:41:73:1c:4c:76:b9:75:01:cb:01:
b6:de:83:04:44:d5:aa:6b:ed:50:5e:1f:f9:77:47:
75:4a:b6:11:97:2c:9a:60:ca:69:85:78:94:83:96:
80:ef:63:b2:b6:34:57:97:8d:98:88:bf:57:b9:a9:
4b:ac:c1:50:25:00:1e:bf:e0:8a:99:52:89:ea:5b:
08:d0:84:7b:08:d6:f2:7c:91:f8:35:c1:42:6c:0b:
f5:ac:59:4d:01:ca:a9:95:e2:42:f7:b1:3c:85:0a:
f6:2b:d7:4c:2a:89:37:f6:21:e2:68:60:98:22:f2:
bb:b5:43:64:b6:12:89:e2:4a:be:fe:74:c9:f2:2d:
42:d7:93:a7:53:7e:aa:d9:59:47:28:e5:d8:1f:9c:
6d:62:b6:bd:c2:d6:3e:29:05:b2:19:09:e6:83:88:
4e:ed:f2:1a:da:ea:fe:bd:de:a4:d7:7b:5d:7f:7d:
5e:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:71:03:E1:93:A2:16:F6:23:44:DC:0B:A2:3B:84:2E:93:68:10:CC
X509v3 Authority Key Identifier:
keyid:A2:72:AC:AF:E8:FA:A4:F2:A9:70:0A:6F:C1:14:25:90:8C:74:3D:4B
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E3E27/F38887666F3A11EA9840133DC4F9AE02/onKsr-j6pPKpcApvwRQlkIx0PUs.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/onKsr-j6pPKpcApvwRQlkIx0PUs.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E3E27/F38887666F3A11EA9840133DC4F9AE02/F5943602A73111EFB3C1D127C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
203.88.64.0/19
210.89.64.0/19
Signature Algorithm: sha256WithRSAEncryption
66:e2:43:8d:18:d3:45:6b:a0:e2:e9:95:7d:49:6d:4d:46:fc:
93:bb:11:ef:3e:7a:84:1c:56:fa:2a:bb:78:9f:9c:bc:6e:97:
d3:0d:c5:5d:e2:4d:4f:61:a8:2d:be:a6:25:68:86:15:47:88:
3a:a3:d6:04:36:e3:56:ed:d9:78:fb:48:be:3c:52:a9:4a:90:
82:70:27:26:3d:85:f0:1a:26:22:53:30:21:6e:0e:a5:15:c5:
38:d4:65:c8:ed:a1:13:da:38:3d:1a:bd:81:45:c1:53:5f:c0:
d7:cf:09:17:de:97:ff:a8:84:a2:fc:e6:b6:6a:5e:7c:d3:ad:
64:c5:38:fa:1d:09:54:f8:c8:fb:3c:1f:4b:d2:ec:ad:5e:e1:
6b:60:36:82:e3:77:c3:41:eb:d2:ab:6a:ce:9c:c5:cc:88:86:
c5:d9:43:8c:1c:ed:e5:30:b2:11:51:de:62:db:a5:f8:b6:1f:
6d:22:0b:b6:c7:9c:41:93:c4:9c:61:a2:39:03:d4:d6:df:03:
94:97:0e:3b:d9:f9:31:90:fd:1e:57:c4:53:61:32:c9:e4:c4:
e3:b9:00:a5:f5:ac:cf:20:9d:db:0b:1f:1e:f2:f4:0c:ec:44:
38:2f:ca:c4:d7:75:6f:bf:12:7d:15:db:26:e0:31:d5:38:b7:
cb:7c:fd:ff
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICClEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTNFMjcxMTAvBgNVBAUTKEEyNzJBQ0FGRThGQUE0RjJBOTcwMEE2RkMxMTQyNTkw
OEM3NDNENEIwHhcNMjQxMjE3MjI0NzUwWhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzYxZmY5Ni1kOTdjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0MpfuQ8VY+/s8d1tTJ/0EbjDy/1GFD99J3IAua+TlPYQxVoWcVQ+67W7cCTR
RJ7f/4ghY3NYuHcUCx/H6U/hylHqc/CHx/GS1Yw8kYzf5EFzHEx2uXUBywG23oME
RNWqa+1QXh/5d0d1SrYRlyyaYMpphXiUg5aA72OytjRXl42YiL9XualLrMFQJQAe
v+CKmVKJ6lsI0IR7CNbyfJH4NcFCbAv1rFlNAcqpleJC97E8hQr2K9dMKok39iHi
aGCYIvK7tUNkthKJ4kq+/nTJ8i1C15OnU36q2VlHKOXYH5xtYra9wtY+KQWyGQnm
g4hO7fIa2ur+vd6k13tdf31e6QIDAQABo4ICmzCCApcwHQYDVR0OBBYEFHVxA+GT
ohb2I0TcC6I7hC6TaBDMMB8GA1UdIwQYMBaAFKJyrK/o+qTyqXAKb8EUJZCMdD1L
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFM0UyNy9GMzg4ODc2NjZG
M0ExMUVBOTg0MDEzM0RDNEY5QUUwMi9vbktzci1qNnBQS3BjQXB2d1JRbGtJeDBQ
VXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29uS3NyLWo2cFBLcGNBcHZ3UlFsa0l4MFBVcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTNFMjcvRjM4ODg3NjY2RjNBMTFFQTk4NDAxMzNEQzRGOUFFMDIvRjU5NDM2MDJB
NzMxMTFFRkIzQzFEMTI3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAXLWEADBAXSWUAwDQYJKoZIhvcNAQELBQADggEBAGbiQ40Y
00VroOLplX1JbU1G/JO7Ee8+eoQcVvoqu3ifnLxul9MNxV3iTU9hqC2+piVohhVH
iDqj1gQ241bt2Xj7SL48UqlKkIJwJyY9hfAaJiJTMCFuDqUVxTjUZcjtoRPaOD0a
vYFFwVNfwNfPCRfel/+ohKL85rZqXnzTrWTFOPodCVT4yPs8H0vS7K1e4WtgNoLj
d8NB69Kras6cxcyIhsXZQ4wc7eUwshFR3mLbpfi2H20iC7bHnEGTxJxhojkD1Nbf
A5SXDjvZ+TGQ/R5XxFNhMsnkxOO5AKX1rM8gndsLHx7y9AzsRDgvysTXdW+/En0V
2ybgMdU4t8t8/f8=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:34:30 2025 by rpki-client