Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/7BD322B0DCF811ED9D16095AC4F9AE02.roa
File: 7BD322B0DCF811ED9D16095AC4F9AE02.roa (raw, json)
Hash identifier: rwzKrVAkzMrkxh+oeKo5SIjl8sLDq0Rk6IX02xv+uiE=
Subject key identifier: FA:F2:65:11:80:FC:93:25:B5:26:11:F3:5B:D3:B8:CD:54:D9:68:5F
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 0A15
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/7BD322B0DCF811ED9D16095AC4F9AE02.roa
Signing time: Mon 17 Apr 2023 08:18:51 +0000
ROA not before: Mon 17 Apr 2023 08:18:51 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 140732
IP address blocks: 223.29.228.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2581 (0xa15)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7
Validity
Not Before: Apr 17 08:18:51 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=643d00ea-ee30
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:b4:cd:5f:db:2d:e1:03:b3:96:72:ee:83:eb:
80:90:04:bc:93:70:4a:31:0b:bd:e5:ac:52:9d:4a:
3a:6e:ab:4a:58:cf:83:8a:0b:b7:05:de:58:72:73:
88:1f:2f:64:6a:9d:44:2a:dd:66:32:eb:8e:ff:d9:
fe:d2:24:eb:cd:d0:f9:90:ec:f6:c3:34:01:52:d3:
87:40:f7:5d:47:d3:d1:5b:0c:ef:da:db:b4:e4:95:
21:76:62:92:b9:3f:84:0a:38:6d:8b:86:25:3b:ef:
9b:6a:b5:04:4f:11:e0:72:e1:a4:f2:a6:33:a4:c4:
07:37:26:22:49:9b:cf:95:f6:89:39:5f:4f:f9:69:
74:1e:ca:27:ea:bb:10:56:af:4e:12:06:f0:37:36:
98:d3:37:b1:2e:a3:c1:67:8b:c3:87:7a:2a:74:99:
2e:ad:bd:47:31:26:c2:27:0e:37:e0:da:fe:a4:93:
63:f7:85:f8:79:8f:81:14:35:47:24:ff:33:d8:fb:
66:6b:60:88:7f:8d:0d:7a:0d:4c:80:69:65:00:98:
f2:ee:4f:3e:73:2b:b4:24:44:2b:39:39:4c:f2:d0:
15:9e:c0:b2:51:ca:e8:a4:10:53:d8:cf:36:f6:e1:
b6:7a:e2:bc:e4:73:5f:81:dc:b1:6c:84:76:6b:ad:
9b:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:F2:65:11:80:FC:93:25:B5:26:11:F3:5B:D3:B8:CD:54:D9:68:5F
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/7BD322B0DCF811ED9D16095AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
223.29.228.0/23
Signature Algorithm: sha256WithRSAEncryption
37:9d:34:c5:5c:59:e5:32:5b:a2:a1:fb:af:1c:27:80:52:14:
42:6e:30:21:8e:76:01:5c:0a:04:00:e2:60:82:e7:0c:aa:67:
68:4b:8c:aa:13:4b:41:fa:e6:1d:70:99:d3:9e:a7:ac:38:de:
5d:8e:54:f1:34:b6:95:6d:ec:c1:e2:8c:ea:cc:5c:94:5e:b9:
ca:86:4d:fe:f6:b1:51:92:3b:b8:46:12:26:54:83:cb:7f:29:
09:4b:87:88:4c:fb:4e:d4:34:fd:63:95:1d:d2:91:4b:3b:bd:
f6:38:1c:30:3c:40:a4:d0:52:b5:ab:2f:86:26:52:a0:a2:92:
b7:57:4f:ea:43:de:5c:3b:0f:e4:01:da:49:0d:bb:97:48:47:
23:1a:f7:5f:cb:99:d7:ff:83:90:b6:9e:c1:8f:29:5a:c0:7e:
b3:3e:3c:ac:43:ba:27:16:97:cb:69:33:06:1a:b1:ea:a6:b9:
1d:c8:5d:8d:68:e7:74:1b:3a:2b:a0:c0:7b:d6:1a:91:74:1f:
51:92:67:36:c2:ca:1c:72:4a:c0:93:11:6a:b1:1f:ba:ba:ae:
7e:8e:f0:ba:d0:64:b1:55:5e:5d:cb:02:26:86:86:28:28:64:
31:30:fd:bc:48:af:a7:63:35:c5:60:27:79:7d:a0:e1:85:c3:
80:55:9f:0b
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICChUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwNDE3MDgxODUxWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDNkMDBlYS1lZTMwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr7TNX9st4QOzlnLug+uAkAS8k3BKMQu95axSnUo6bqtKWM+Digu3Bd5YcnOI
Hy9kap1EKt1mMuuO/9n+0iTrzdD5kOz2wzQBUtOHQPddR9PRWwzv2tu05JUhdmKS
uT+ECjhti4YlO++barUETxHgcuGk8qYzpMQHNyYiSZvPlfaJOV9P+Wl0Hson6rsQ
Vq9OEgbwNzaY0zexLqPBZ4vDh3oqdJkurb1HMSbCJw434Nr+pJNj94X4eY+BFDVH
JP8z2Ptma2CIf40Neg1MgGllAJjy7k8+cyu0JEQrOTlM8tAVnsCyUcropBBT2M82
9uG2euK85HNfgdyxbIR2a62b1QIDAQABo4IClTCCApEwHQYDVR0OBBYEFPryZRGA
/JMltSYR81vTuM1U2WhfMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvN0JEMzIyQjBE
Q0Y4MTFFRDlEMTYwOTVBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAHfHeQwDQYJKoZIhvcNAQELBQADggEBADedNMVcWeUyW6Kh
+68cJ4BSFEJuMCGOdgFcCgQA4mCC5wyqZ2hLjKoTS0H65h1wmdOep6w43l2OVPE0
tpVt7MHijOrMXJReucqGTf72sVGSO7hGEiZUg8t/KQlLh4hM+07UNP1jlR3SkUs7
vfY4HDA8QKTQUrWrL4YmUqCikrdXT+pD3lw7D+QB2kkNu5dIRyMa91/Lmdf/g5C2
nsGPKVrAfrM+PKxDuicWl8tpMwYaseqmuR3IXY1o53QbOiugwHvWGpF0H1GSZzbC
yhxySsCTEWqxH7q6rn6O8LrQZLFVXl3LAiaGhigoZDEw/bxIr6djNcVgJ3l9oOGF
w4BVnws=
-----END CERTIFICATE-----
Generated at Sat Apr 12 06:04:30 2025 by rpki-client