Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/F29EA1B0D21911EDB67A7A76C4F9AE02.roa
File: F29EA1B0D21911EDB67A7A76C4F9AE02.roa (raw, json)
Hash identifier: L7nt3t9mWxZEbmfkR26HrBkGtfeOzyD6tzOmNvKO1QM=
Subject key identifier: BA:B8:AC:0F:96:F8:9B:E0:3A:42:E1:E5:6B:FB:E7:14:76:79:F5:26
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 09ED
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/F29EA1B0D21911EDB67A7A76C4F9AE02.roa
Signing time: Mon 03 Apr 2023 12:20:41 +0000
ROA not before: Mon 03 Apr 2023 12:20:41 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 147066
IP address blocks: 223.29.224.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2541 (0x9ed)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7
Validity
Not Before: Apr 3 12:20:41 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=642ac498-b426
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:1f:2d:75:08:09:c2:4d:9e:9f:0b:02:39:d1:
e9:81:de:e1:26:39:f8:d6:f7:8c:e4:62:97:c7:ae:
f5:52:3a:ee:84:af:c0:2f:cc:7d:d4:06:a4:5f:8f:
f0:b3:21:4c:46:a6:78:33:68:51:16:43:1b:49:84:
16:a6:45:6c:61:63:d2:f1:47:59:4a:1e:3b:d5:2c:
11:82:5e:dc:73:96:e6:87:31:90:5a:36:50:4d:2b:
77:89:c1:9d:e6:81:8e:b7:67:46:20:fe:95:40:0b:
c5:72:a7:41:ab:2e:60:f3:fc:b3:d0:94:dc:81:27:
64:2c:fd:f3:9f:74:7a:9a:aa:b7:8f:23:0d:68:2e:
f3:7b:33:bd:08:fb:d3:b2:43:de:df:4b:ea:fb:e4:
a7:af:41:ad:f2:ec:ff:07:50:85:9b:1b:df:82:91:
29:42:0d:42:0e:f1:d9:3f:2c:a3:5b:e3:1c:01:05:
20:7b:14:bc:c2:c2:20:7f:97:7d:95:a2:57:20:1b:
07:2d:ee:20:6f:e8:0f:ef:3b:23:2e:ce:ba:c4:1e:
f2:9d:9f:1f:1c:d1:ad:c0:bf:e9:ad:6f:04:89:56:
b8:00:27:8c:0a:47:9b:b7:b8:b9:63:d9:2f:25:7f:
e0:83:7f:f4:11:cb:a5:ef:f3:ce:e3:65:57:ed:e0:
a3:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:B8:AC:0F:96:F8:9B:E0:3A:42:E1:E5:6B:FB:E7:14:76:79:F5:26
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/F29EA1B0D21911EDB67A7A76C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
223.29.224.0/24
Signature Algorithm: sha256WithRSAEncryption
36:66:a8:bc:79:5d:79:07:a8:16:55:81:85:40:4c:de:72:de:
92:ba:43:16:b1:7b:99:95:da:0d:4f:ed:d1:ea:cb:61:2d:7a:
04:99:d2:4b:8a:41:84:36:e7:cc:f4:61:13:91:a0:df:7e:2d:
74:13:48:b7:a1:05:9c:5b:26:35:fe:fb:67:a0:19:00:03:ef:
a0:72:6c:a6:46:bf:59:b7:4a:33:34:d7:f4:90:ab:82:9d:52:
1f:f1:f5:6b:6f:dd:58:50:88:43:6a:8c:67:79:c1:ee:ce:1f:
79:d8:c1:8d:69:a3:93:d7:5d:cc:02:0e:e4:24:5b:ff:9c:27:
7a:b6:1e:5f:b8:a8:83:8b:6a:a8:46:f3:3a:f3:06:93:4a:52:
2b:46:f0:25:03:82:8c:16:cd:b9:57:32:e0:22:73:b6:31:43:
c4:00:1f:aa:94:f3:d0:e6:90:c8:85:09:ca:76:44:d8:f2:5c:
59:8c:cb:d4:fe:a8:a3:76:7f:49:37:15:d9:f7:01:40:4f:6d:
0e:f2:20:8d:05:02:bb:e6:23:2e:a4:92:be:4f:28:f4:8b:a9:
18:cc:07:0c:01:f0:6b:47:38:f8:fd:c4:3f:c0:cd:17:4b:78:
40:47:c8:50:86:8e:28:39:fc:94:cf:3e:f9:e0:85:90:37:5f:
1c:0c:25:75
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCe0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwNDAzMTIyMDQxWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDJhYzQ5OC1iNDI2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnR8tdQgJwk2enwsCOdHpgd7hJjn41veM5GKXx671UjruhK/AL8x91AakX4/w
syFMRqZ4M2hRFkMbSYQWpkVsYWPS8UdZSh471SwRgl7cc5bmhzGQWjZQTSt3icGd
5oGOt2dGIP6VQAvFcqdBqy5g8/yz0JTcgSdkLP3zn3R6mqq3jyMNaC7zezO9CPvT
skPe30vq++Snr0Gt8uz/B1CFmxvfgpEpQg1CDvHZPyyjW+McAQUgexS8wsIgf5d9
laJXIBsHLe4gb+gP7zsjLs66xB7ynZ8fHNGtwL/prW8EiVa4ACeMCkebt7i5Y9kv
JX/gg3/0Ecul7/PO42VX7eCjkQIDAQABo4IClTCCApEwHQYDVR0OBBYEFLq4rA+W
+JvgOkLh5Wv75xR2efUmMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvRjI5RUExQjBE
MjE5MTFFREI2N0E3QTc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADfHeAwDQYJKoZIhvcNAQELBQADggEBADZmqLx5XXkHqBZV
gYVATN5y3pK6Qxaxe5mV2g1P7dHqy2EtegSZ0kuKQYQ258z0YRORoN9+LXQTSLeh
BZxbJjX++2egGQAD76BybKZGv1m3SjM01/SQq4KdUh/x9Wtv3VhQiENqjGd5we7O
H3nYwY1po5PXXcwCDuQkW/+cJ3q2Hl+4qIOLaqhG8zrzBpNKUitG8CUDgowWzblX
MuAic7YxQ8QAH6qU89DmkMiFCcp2RNjyXFmMy9T+qKN2f0k3Fdn3AUBPbQ7yII0F
ArvmIy6kkr5PKPSLqRjMBwwB8GtHOPj9xD/AzRdLeEBHyFCGjig5/JTPPvnghZA3
XxwMJXU=
-----END CERTIFICATE-----
Generated at Sat Apr 12 06:08:47 2025 by rpki-client