Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/44BB185C0C2A11EFA34C4D82C4F9AE02.roa
File: 44BB185C0C2A11EFA34C4D82C4F9AE02.roa (raw, json)
Hash identifier: NJFu2Vi+DWfhIPB98WL9FRbeCE+25Mqn3yc79adgYzk=
Subject key identifier: 43:79:BE:E2:B8:DE:5D:9A:7A:0B:23:29:CC:FC:79:71:AA:E3:0A:EC
Certificate issuer: /CN=A91262CA/serialNumber=77A201C58EB3B4208C91BA7ECED936E595E61A19
Certificate serial: 04BC
Authority key identifier: 77:A2:01:C5:8E:B3:B4:20:8C:91:BA:7E:CE:D9:36:E5:95:E6:1A:19
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d6IBxY6ztCCMkbp-ztk25ZXmGhk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/44BB185C0C2A11EFA34C4D82C4F9AE02.roa
Signing time: Wed 03 Jul 2024 15:29:52 +0000
ROA not before: Wed 03 Jul 2024 15:29:52 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 45458
IP address blocks: 58.137.86.0/23 maxlen: 24
58.137.109.0/24 maxlen: 24
58.137.120.0/24 maxlen: 24
58.137.133.0/24 maxlen: 24
58.137.147.0/24 maxlen: 24
58.137.156.0/24 maxlen: 24
58.137.179.0/24 maxlen: 24
58.137.185.0/24 maxlen: 24
58.137.200.0/23 maxlen: 24
58.137.205.0/24 maxlen: 24
58.137.206.0/23 maxlen: 24
202.183.156.0/22 maxlen: 22
202.183.188.0/24 maxlen: 24
202.183.209.0/24 maxlen: 24
202.183.210.0/24 maxlen: 24
202.183.236.0/23 maxlen: 23
202.183.239.0/24 maxlen: 24
203.170.186.0/24 maxlen: 24
203.170.187.0/24 maxlen: 24
203.170.206.0/24 maxlen: 24
203.170.207.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1212 (0x4bc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91262CA
Validity
Not Before: Jul 3 15:29:52 2024 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=66856e70-c753
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:80:5a:94:19:5c:e2:ab:5a:6f:81:43:60:ce:
97:fe:28:c0:87:e1:70:e9:14:0b:d2:51:11:da:96:
0b:71:1f:35:be:b6:c1:54:57:5e:72:22:88:23:5e:
5d:f6:ec:f3:66:42:84:49:2c:67:df:2d:96:bc:d8:
a1:fb:d9:d8:ce:be:f9:ad:5f:f1:76:a9:74:0a:50:
a2:bd:42:4e:2b:f7:09:fe:ca:64:e1:ca:32:98:fc:
d4:9f:bc:23:48:b8:c9:f8:6a:6a:28:4d:0f:2b:da:
88:2e:53:d4:06:a7:0b:fa:5a:31:bb:30:de:05:16:
ec:f9:ee:cf:47:58:c2:83:e2:b1:75:37:b4:1d:9e:
a1:4c:aa:e5:f7:da:79:36:ac:ea:d4:79:89:17:01:
89:30:92:7c:b9:e2:13:75:fe:af:44:f6:6c:4b:ed:
e2:e8:3e:c0:c7:36:71:06:3b:13:06:8e:f5:e0:e2:
df:a1:63:f4:f9:b5:29:d5:20:25:6c:60:c9:f2:3d:
d7:c5:0c:16:b3:6f:31:92:de:a9:c4:a5:e6:32:95:
1f:b9:dc:61:49:33:54:de:86:07:4f:49:b3:0e:eb:
b5:3e:bf:eb:6a:ee:7e:96:ad:1b:97:5d:9b:8c:bc:
3d:6d:08:09:ae:53:78:59:94:ae:fd:fd:26:1f:d7:
94:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:79:BE:E2:B8:DE:5D:9A:7A:0B:23:29:CC:FC:79:71:AA:E3:0A:EC
X509v3 Authority Key Identifier:
keyid:77:A2:01:C5:8E:B3:B4:20:8C:91:BA:7E:CE:D9:36:E5:95:E6:1A:19
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/d6IBxY6ztCCMkbp-ztk25ZXmGhk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d6IBxY6ztCCMkbp-ztk25ZXmGhk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/44BB185C0C2A11EFA34C4D82C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
58.137.86.0/23
58.137.109.0/24
58.137.120.0/24
58.137.133.0/24
58.137.147.0/24
58.137.156.0/24
58.137.179.0/24
58.137.185.0/24
58.137.200.0/23
58.137.205.0-58.137.207.255
202.183.156.0/22
202.183.188.0/24
202.183.209.0-202.183.210.255
202.183.236.0/23
202.183.239.0/24
203.170.186.0/23
203.170.206.0/23
Signature Algorithm: sha256WithRSAEncryption
15:07:69:4f:13:e0:dc:4a:61:96:06:8e:08:47:9b:1f:ca:ed:
ee:d5:1c:26:e0:44:70:b1:11:18:87:50:0a:76:fd:3a:45:fc:
cd:c5:f5:e1:c2:b0:aa:c9:7f:d8:fd:0b:d2:08:54:6a:fa:94:
f7:27:71:f1:09:72:e8:d6:ca:3d:9d:be:80:d5:d6:f9:b1:49:
09:fa:40:5c:04:36:b1:1a:a0:ff:08:6c:4d:ea:93:d7:d3:2b:
9d:6e:ed:2c:e0:cf:bc:f3:87:c2:b3:f5:1e:71:c5:26:e5:a9:
05:5d:e0:2a:43:44:85:13:c7:75:89:27:d0:7d:4f:a1:f3:6d:
bd:68:4f:b2:d1:ca:8c:d0:a7:c0:a5:53:ba:a3:04:1d:91:4a:
39:ef:15:92:47:0a:5a:67:04:ee:ce:58:5c:1e:0b:e8:cf:dc:
32:61:bc:4d:a8:4d:e9:f8:ff:53:f2:ff:93:73:c3:20:42:99:
30:77:59:37:03:5c:3d:1f:f8:f2:26:f6:c2:e9:b1:55:d9:99:
8d:94:bc:4a:69:58:f4:01:ea:1a:e9:7c:35:c5:8d:0d:82:9e:
28:82:18:f8:1a:99:ac:07:de:e4:6d:fb:53:e2:fb:54:3d:e1:
31:0a:46:e9:83:f7:46:7d:94:06:f0:9e:db:d9:54:0f:4b:1b:
1d:09:a3:bc
-----BEGIN CERTIFICATE-----
MIIF4zCCBMugAwIBAgICBLwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjYyQ0ExMTAvBgNVBAUTKDc3QTIwMUM1OEVCM0I0MjA4QzkxQkE3RUNFRDkzNkU1
OTVFNjFBMTkwHhcNMjQwNzAzMTUyOTUyWhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Njg1NmU3MC1jNzUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzIBalBlc4qtab4FDYM6X/ijAh+Fw6RQL0lER2pYLcR81vrbBVFdeciKII15d
9uzzZkKESSxn3y2WvNih+9nYzr75rV/xdql0ClCivUJOK/cJ/spk4coymPzUn7wj
SLjJ+GpqKE0PK9qILlPUBqcL+loxuzDeBRbs+e7PR1jCg+KxdTe0HZ6hTKrl99p5
Nqzq1HmJFwGJMJJ8ueITdf6vRPZsS+3i6D7AxzZxBjsTBo714OLfoWP0+bUp1SAl
bGDJ8j3XxQwWs28xkt6pxKXmMpUfudxhSTNU3oYHT0mzDuu1Pr/rau5+lq0bl12b
jLw9bQgJrlN4WZSu/f0mH9eUBwIDAQABo4IDBzCCAwMwHQYDVR0OBBYEFEN5vuK4
3l2aegsjKcz8eXGq4wrsMB8GA1UdIwQYMBaAFHeiAcWOs7QgjJG6fs7ZNuWV5hoZ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNjJDQS9GNUVEQzdGQzhB
NTcxMUVDOTZFQkMwMTRDNEY5QUUwMi9kNklCeFk2enRDQ01rYnAtenRrMjVaWG1H
aGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2Q2SUJ4WTZ6dENDTWticC16dGsyNVpYbUdoay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjYyQ0EvRjVFREM3RkM4QTU3MTFFQzk2RUJDMDE0QzRGOUFFMDIvNDRCQjE4NUMw
QzJBMTFFRkEzNEM0RDgyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZAGCCsGAQUFBwEHAQH/
BIGAMH4wfAQCAAEwdgMEATqJVgMEADqJbQMEADqJeAMEADqJhQMEADqJkwMEADqJ
nAMEADqJswMEADqJuQMEATqJyDAMAwQAOonNAwQEOonAAwQCyrecAwQAyre8MAwD
BADKt9EDBADKt9IDBAHKt+wDBADKt+8DBAHLqroDBAHLqs4wDQYJKoZIhvcNAQEL
BQADggEBABUHaU8T4NxKYZYGjghHmx/K7e7VHCbgRHCxERiHUAp2/TpF/M3F9eHC
sKrJf9j9C9IIVGr6lPcncfEJcujWyj2dvoDV1vmxSQn6QFwENrEaoP8IbE3qk9fT
K51u7Szgz7zzh8Kz9R5xxSblqQVd4CpDRIUTx3WJJ9B9T6Hzbb1oT7LRyozQp8Cl
U7qjBB2RSjnvFZJHClpnBO7OWFweC+jP3DJhvE2oTen4/1Py/5NzwyBCmTB3WTcD
XD0f+PIm9sLpsVXZmY2UvEppWPQB6hrpfDXFjQ2CniiCGPgamawH3uRt+1Pi+1Q9
4TEKRumD90Z9lAbwntvZVA9LGx0Jo7w=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:11:01 2025 by rpki-client