Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/2E6FF94AE0D111ECAF88A30DC4F9AE02.roa
File: 2E6FF94AE0D111ECAF88A30DC4F9AE02.roa (raw, json)
Hash identifier: F14tNC5Vx32m2fE3mSgkc0ijEGikqBsrXVx+PB4XeXs=
Subject key identifier: D7:93:DB:E2:F6:EB:A3:C7:E6:26:36:B3:85:6D:5F:2E:2C:BD:E3:01
Certificate issuer: /CN=A91262CA/serialNumber=77A201C58EB3B4208C91BA7ECED936E595E61A19
Certificate serial: 0429
Authority key identifier: 77:A2:01:C5:8E:B3:B4:20:8C:91:BA:7E:CE:D9:36:E5:95:E6:1A:19
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d6IBxY6ztCCMkbp-ztk25ZXmGhk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/2E6FF94AE0D111ECAF88A30DC4F9AE02.roa
Signing time: Wed 03 Apr 2024 05:26:54 +0000
ROA not before: Wed 03 Apr 2024 05:26:54 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 45458
IP address blocks: 58.137.109.0/24 maxlen: 24
58.137.116.0/24 maxlen: 24
58.137.120.0/24 maxlen: 24
58.137.133.0/24 maxlen: 24
58.137.147.0/24 maxlen: 24
58.137.156.0/24 maxlen: 24
58.137.179.0/24 maxlen: 24
58.137.185.0/24 maxlen: 24
58.137.205.0/24 maxlen: 24
203.170.186.0/24 maxlen: 24
203.170.187.0/24 maxlen: 24
203.170.206.0/24 maxlen: 24
203.170.207.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1065 (0x429)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91262CA
Validity
Not Before: Apr 3 05:26:54 2024 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=660ce89d-9918
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:df:d0:27:14:18:df:3a:93:0f:65:33:5e:d4:
82:77:4b:68:31:3d:af:2a:15:d4:be:bd:fe:41:d4:
58:ca:9f:b3:e8:4d:cd:99:1d:d7:7d:d3:08:64:7a:
c6:2a:a0:bb:b5:e3:5b:dc:dc:92:eb:1b:ff:1f:d7:
93:e0:25:bd:50:cc:d8:7a:67:2a:3e:30:e9:5f:99:
da:87:d0:68:63:ff:99:e2:64:80:2f:12:7d:84:2a:
fa:f9:c8:cf:9f:61:df:33:47:a5:82:17:94:75:c0:
b9:09:9e:88:d3:68:27:ab:37:86:c6:d9:6b:b3:21:
14:43:3b:01:ed:67:0a:fc:7e:9a:e1:dc:12:50:68:
e7:ce:b6:ed:4c:55:e6:6e:24:50:5c:48:fd:50:69:
0e:ef:41:fe:93:82:e1:0e:21:7d:1f:64:69:39:fc:
35:fd:69:c2:f4:e1:c7:8b:c1:79:74:11:ed:a7:40:
67:3a:6a:99:3c:f9:f6:66:14:76:9f:ed:92:96:d7:
e5:f7:89:c7:80:eb:ea:09:93:34:ca:8b:be:1d:f4:
d9:dc:e4:88:88:26:92:20:f2:61:07:31:17:11:70:
64:b0:df:19:f2:67:53:2d:4b:1e:ca:b0:81:e3:de:
2e:ff:96:d0:7d:96:1c:2c:39:21:dd:c9:b2:ae:c3:
9c:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:93:DB:E2:F6:EB:A3:C7:E6:26:36:B3:85:6D:5F:2E:2C:BD:E3:01
X509v3 Authority Key Identifier:
keyid:77:A2:01:C5:8E:B3:B4:20:8C:91:BA:7E:CE:D9:36:E5:95:E6:1A:19
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/d6IBxY6ztCCMkbp-ztk25ZXmGhk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d6IBxY6ztCCMkbp-ztk25ZXmGhk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/2E6FF94AE0D111ECAF88A30DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
58.137.109.0/24
58.137.116.0/24
58.137.120.0/24
58.137.133.0/24
58.137.147.0/24
58.137.156.0/24
58.137.179.0/24
58.137.185.0/24
58.137.205.0/24
203.170.186.0/23
203.170.206.0/23
Signature Algorithm: sha256WithRSAEncryption
a7:88:d2:2f:51:c5:c4:f9:40:10:06:c1:7d:48:f7:f0:ea:36:
06:16:9d:6d:55:b2:26:22:11:df:77:86:35:54:fd:e5:41:b4:
25:47:60:ca:8b:1b:38:40:36:01:25:1f:82:2c:1b:9f:92:2d:
76:67:e8:bf:fd:1e:b5:f4:0e:24:1f:9c:51:b9:be:05:b9:fd:
2d:1f:31:b1:08:54:77:ee:d4:e6:c1:40:6c:4f:5e:ec:41:d1:
c5:05:22:b6:cf:b7:79:5f:a4:c3:92:60:c7:dd:0e:eb:e6:a4:
8f:53:fd:49:0a:24:6c:54:bd:d8:f1:02:b4:a4:38:55:3c:88:
a1:e3:2b:4f:e0:d9:e0:08:6c:99:88:9e:a6:c9:1a:0f:59:26:
93:20:5f:c2:df:6e:d8:ac:d6:f9:21:d9:01:17:30:63:a9:b8:
1e:a8:97:62:95:84:43:64:e4:56:c9:bd:69:a5:04:86:ab:2a:
51:ad:62:bd:84:79:86:f1:73:e7:54:c3:e5:b4:1e:b2:24:6a:
c0:b4:35:64:8d:fc:25:b7:b4:a4:fd:a9:82:86:91:f0:ee:b7:
59:4d:70:a9:ad:b3:d7:c8:c7:1d:5e:36:3c:62:d4:a6:7f:04:
52:3a:91:3b:65:5f:ca:65:ca:db:66:98:42:6a:54:0f:24:04:
fd:eb:bf:18
-----BEGIN CERTIFICATE-----
MIIFrTCCBJWgAwIBAgICBCkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjYyQ0ExMTAvBgNVBAUTKDc3QTIwMUM1OEVCM0I0MjA4QzkxQkE3RUNFRDkzNkU1
OTVFNjFBMTkwHhcNMjQwNDAzMDUyNjU0WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjBjZTg5ZC05OTE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvN/QJxQY3zqTD2UzXtSCd0toMT2vKhXUvr3+QdRYyp+z6E3NmR3XfdMIZHrG
KqC7teNb3NyS6xv/H9eT4CW9UMzYemcqPjDpX5nah9BoY/+Z4mSALxJ9hCr6+cjP
n2HfM0elgheUdcC5CZ6I02gnqzeGxtlrsyEUQzsB7WcK/H6a4dwSUGjnzrbtTFXm
biRQXEj9UGkO70H+k4LhDiF9H2RpOfw1/WnC9OHHi8F5dBHtp0BnOmqZPPn2ZhR2
n+2Sltfl94nHgOvqCZM0you+HfTZ3OSIiCaSIPJhBzEXEXBksN8Z8mdTLUseyrCB
494u/5bQfZYcLDkh3cmyrsOcxQIDAQABo4IC0TCCAs0wHQYDVR0OBBYEFNeT2+L2
66PH5iY2s4VtXy4sveMBMB8GA1UdIwQYMBaAFHeiAcWOs7QgjJG6fs7ZNuWV5hoZ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNjJDQS9GNUVEQzdGQzhB
NTcxMUVDOTZFQkMwMTRDNEY5QUUwMi9kNklCeFk2enRDQ01rYnAtenRrMjVaWG1H
aGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2Q2SUJ4WTZ6dENDTWticC16dGsyNVpYbUdoay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjYyQ0EvRjVFREM3RkM4QTU3MTFFQzk2RUJDMDE0QzRGOUFFMDIvMkU2RkY5NEFF
MEQxMTFFQ0FGODhBMzBEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWwYIKwYBBQUHAQcBAf8E
TDBKMEgEAgABMEIDBAA6iW0DBAA6iXQDBAA6iXgDBAA6iYUDBAA6iZMDBAA6iZwD
BAA6ibMDBAA6ibkDBAA6ic0DBAHLqroDBAHLqs4wDQYJKoZIhvcNAQELBQADggEB
AKeI0i9RxcT5QBAGwX1I9/DqNgYWnW1VsiYiEd93hjVU/eVBtCVHYMqLGzhANgEl
H4IsG5+SLXZn6L/9HrX0DiQfnFG5vgW5/S0fMbEIVHfu1ObBQGxPXuxB0cUFIrbP
t3lfpMOSYMfdDuvmpI9T/UkKJGxUvdjxArSkOFU8iKHjK0/g2eAIbJmInqbJGg9Z
JpMgX8Lfbtis1vkh2QEXMGOpuB6ol2KVhENk5FbJvWmlBIarKlGtYr2EeYbxc+dU
w+W0HrIkasC0NWSN/CW3tKT9qYKGkfDut1lNcKmts9fIxx1eNjxi1KZ/BFI6kTtl
X8plyttmmEJqVA8kBP3rvxg=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:06:04 2025 by rpki-client