Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E3E27/F38887666F3A11EA9840133DC4F9AE02/FA2E7F56B61311EFBE0A2C6BC4F9AE02.roa
File: FA2E7F56B61311EFBE0A2C6BC4F9AE02.roa (raw, json)
Hash identifier: SRaK3/91k8soNW6h0rpdrcsy/BT676aVr0fwJsxbRJ4=
Subject key identifier: ED:1E:38:B9:9E:EA:91:02:85:50:16:EF:07:56:89:91:70:C6:8E:33
Certificate issuer: /CN=A91E3E27/serialNumber=A272ACAFE8FAA4F2A9700A6FC11425908C743D4B
Certificate serial: 0A44
Authority key identifier: A2:72:AC:AF:E8:FA:A4:F2:A9:70:0A:6F:C1:14:25:90:8C:74:3D:4B
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/onKsr-j6pPKpcApvwRQlkIx0PUs.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E3E27/F38887666F3A11EA9840133DC4F9AE02/FA2E7F56B61311EFBE0A2C6BC4F9AE02.roa
Signing time: Mon 09 Dec 2024 09:57:19 +0000
ROA not before: Mon 09 Dec 2024 09:57:19 +0000
ROA not after: Wed 30 Jul 2025 00:00:00 +0000
asID: 9229
IP address blocks: 202.174.130.0/24 maxlen: 24
202.174.155.0/24 maxlen: 24
202.174.156.0/24 maxlen: 24
202.174.157.0/24 maxlen: 24
202.174.159.0/24 maxlen: 24
203.88.64.0/19 maxlen: 19
203.88.64.0/24 maxlen: 24
203.88.65.0/24 maxlen: 24
203.88.66.0/24 maxlen: 24
203.88.67.0/24 maxlen: 24
203.88.68.0/24 maxlen: 24
203.88.69.0/24 maxlen: 24
203.88.70.0/24 maxlen: 24
203.88.71.0/24 maxlen: 24
203.88.72.0/24 maxlen: 24
203.88.73.0/24 maxlen: 24
203.88.74.0/24 maxlen: 24
203.88.76.0/24 maxlen: 24
203.88.77.0/24 maxlen: 24
203.88.78.0/24 maxlen: 24
203.88.79.0/24 maxlen: 24
203.88.80.0/24 maxlen: 24
203.88.81.0/24 maxlen: 24
203.88.82.0/24 maxlen: 24
203.88.95.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2628 (0xa44)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E3E27
Validity
Not Before: Dec 9 09:57:19 2024 GMT
Not After : Jul 30 00:00:00 2025 GMT
Subject: CN=6756beff-03d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:e6:cc:0d:29:89:fe:47:5d:10:59:fd:91:c6:
9b:32:63:73:aa:25:e6:13:dc:6f:0e:57:2c:b8:03:
2f:46:ee:93:01:e5:32:3b:27:26:db:1a:9a:3f:a0:
b1:cc:6e:e5:d1:ef:62:5a:a1:86:a0:0b:9f:76:08:
e8:78:e2:35:46:ce:02:31:1e:05:fb:6d:0c:27:39:
e3:69:98:11:13:a2:be:fe:43:cd:5a:6c:52:1b:87:
a9:60:75:7c:ad:b7:82:f5:a9:c0:78:b3:f1:50:dc:
ba:de:a5:82:56:a5:33:1f:28:63:70:b2:e9:a9:48:
f2:11:56:fc:d2:0a:a4:2e:f7:df:f7:bc:87:3f:d1:
50:ef:24:44:f8:74:a3:b2:8e:dd:43:c1:1e:7d:ca:
d8:a0:93:96:df:71:48:32:f8:56:31:dd:cb:e2:ac:
fb:b7:06:13:ec:d7:7a:34:94:c3:94:3a:f8:70:f4:
22:cd:67:9a:2d:6a:dc:a8:d6:ba:41:61:74:47:91:
81:e8:27:0d:a1:17:de:2a:66:ed:df:e6:b5:0a:92:
82:0b:4f:88:1f:43:4e:d9:84:c0:0e:d7:7c:61:95:
63:3e:78:51:13:f4:e4:df:c5:38:1c:2e:c1:17:ad:
9f:87:75:79:7e:3e:54:e0:87:2a:10:30:05:ca:ce:
74:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:1E:38:B9:9E:EA:91:02:85:50:16:EF:07:56:89:91:70:C6:8E:33
X509v3 Authority Key Identifier:
keyid:A2:72:AC:AF:E8:FA:A4:F2:A9:70:0A:6F:C1:14:25:90:8C:74:3D:4B
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E3E27/F38887666F3A11EA9840133DC4F9AE02/onKsr-j6pPKpcApvwRQlkIx0PUs.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/onKsr-j6pPKpcApvwRQlkIx0PUs.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E3E27/F38887666F3A11EA9840133DC4F9AE02/FA2E7F56B61311EFBE0A2C6BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.174.130.0/24
202.174.155.0-202.174.157.255
202.174.159.0/24
203.88.64.0/19
Signature Algorithm: sha256WithRSAEncryption
5b:d5:5e:92:ae:9b:d8:e6:3f:e0:7f:56:4a:7d:51:74:34:4c:
df:3d:51:4c:a9:54:41:28:82:b4:d2:f3:dd:54:21:71:b5:db:
75:5c:bc:a7:86:03:d7:19:4a:16:82:74:e2:74:07:43:de:8b:
86:bc:6f:f1:12:4b:a1:a1:3a:51:d3:da:f3:7d:ca:19:f0:72:
43:04:6c:d2:dc:7f:fa:87:5d:dc:70:15:d3:35:32:16:95:e3:
45:dd:f1:c9:ff:5b:5a:0a:92:8e:6d:f1:9d:ad:1e:81:71:49:
de:15:5a:4f:fd:18:5b:b9:2b:42:94:7e:b4:b0:70:cb:ab:c9:
07:98:d9:73:8a:77:4a:0b:23:9c:2f:aa:d0:fc:34:36:ce:66:
a4:1e:78:cc:72:70:98:8e:40:d1:81:fe:26:78:05:6e:67:91:
7b:dc:5e:79:0c:df:9e:e2:5a:8a:10:f1:3a:25:e3:e8:b5:41:
eb:c7:98:3e:f6:37:a7:f8:17:4e:88:44:49:7c:98:f4:29:c7:
f5:fd:52:30:cf:7e:62:5f:dd:c7:e4:ff:d7:a1:01:3c:7d:34:
a0:8a:86:33:47:c5:1c:39:ed:66:d9:48:cd:28:18:dc:41:7f:
24:78:b2:59:cb:db:f6:92:f7:9a:7c:6e:fc:8e:2e:8e:dd:36:
03:51:6c:72
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICCkQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTNFMjcxMTAvBgNVBAUTKEEyNzJBQ0FGRThGQUE0RjJBOTcwMEE2RkMxMTQyNTkw
OEM3NDNENEIwHhcNMjQxMjA5MDk1NzE5WhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzU2YmVmZi0wM2QwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzebMDSmJ/kddEFn9kcabMmNzqiXmE9xvDlcsuAMvRu6TAeUyOycm2xqaP6Cx
zG7l0e9iWqGGoAufdgjoeOI1Rs4CMR4F+20MJznjaZgRE6K+/kPNWmxSG4epYHV8
rbeC9anAeLPxUNy63qWCVqUzHyhjcLLpqUjyEVb80gqkLvff97yHP9FQ7yRE+HSj
so7dQ8EefcrYoJOW33FIMvhWMd3L4qz7twYT7Nd6NJTDlDr4cPQizWeaLWrcqNa6
QWF0R5GB6CcNoRfeKmbt3+a1CpKCC0+IH0NO2YTADtd8YZVjPnhRE/Tk38U4HC7B
F62fh3V5fj5U4IcqEDAFys501QIDAQABo4ICrzCCAqswHQYDVR0OBBYEFO0eOLme
6pEChVAW7wdWiZFwxo4zMB8GA1UdIwQYMBaAFKJyrK/o+qTyqXAKb8EUJZCMdD1L
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFM0UyNy9GMzg4ODc2NjZG
M0ExMUVBOTg0MDEzM0RDNEY5QUUwMi9vbktzci1qNnBQS3BjQXB2d1JRbGtJeDBQ
VXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29uS3NyLWo2cFBLcGNBcHZ3UlFsa0l4MFBVcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTNFMjcvRjM4ODg3NjY2RjNBMTFFQTk4NDAxMzNEQzRGOUFFMDIvRkEyRTdGNTZC
NjEzMTFFRkJFMEEyQzZCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMCYEAgABMCADBADKroIwDAMEAMqumwMEAcqunAMEAMqunwMEBctYQDANBgkq
hkiG9w0BAQsFAAOCAQEAW9Vekq6b2OY/4H9WSn1RdDRM3z1RTKlUQSiCtNLz3VQh
cbXbdVy8p4YD1xlKFoJ04nQHQ96Lhrxv8RJLoaE6UdPa833KGfByQwRs0tx/+odd
3HAV0zUyFpXjRd3xyf9bWgqSjm3xna0egXFJ3hVaT/0YW7krQpR+tLBwy6vJB5jZ
c4p3SgsjnC+q0Pw0Ns5mpB54zHJwmI5A0YH+JngFbmeRe9xeeQzfnuJaihDxOiXj
6LVB68eYPvY3p/gXTohESXyY9CnH9f1SMM9+Yl/dx+T/16EBPH00oIqGM0fFHDnt
ZtlIzSgY3EF/JHiyWcvb9pL3mnxu/I4ujt02A1Fscg==
-----END CERTIFICATE-----
Generated at Mon Apr 7 13:58:04 2025 by rpki-client