Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/FF115DF8FDFF11EE8EC9F931C4F9AE02.roa
File: FF115DF8FDFF11EE8EC9F931C4F9AE02.roa (raw, json)
Hash identifier: 1TjlQNLZchOxdN55Ki0PCDNuZb+sMy/Ej4ZQGYe5SO4=
Subject key identifier: 3F:9C:DC:C6:A3:FB:B5:BA:64:D7:63:4E:D2:78:6B:B3:B9:FD:0B:3B
Certificate issuer: /CN=A91262CA/serialNumber=77A201C58EB3B4208C91BA7ECED936E595E61A19
Certificate serial: 0501
Authority key identifier: 77:A2:01:C5:8E:B3:B4:20:8C:91:BA:7E:CE:D9:36:E5:95:E6:1A:19
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d6IBxY6ztCCMkbp-ztk25ZXmGhk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/FF115DF8FDFF11EE8EC9F931C4F9AE02.roa
Signing time: Wed 31 Jul 2024 02:33:29 +0000
ROA not before: Wed 31 Jul 2024 02:33:29 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 152694
IP address blocks: 58.137.116.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1281 (0x501)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91262CA
Validity
Not Before: Jul 31 02:33:29 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=66a9a279-b9cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:ca:4e:0e:cb:a8:1d:1f:41:ad:6f:d4:06:e8:
92:67:0d:8d:c0:57:16:3b:3f:cb:1e:91:ed:a2:fd:
42:19:bf:d7:23:3f:47:a7:11:81:b3:72:cf:40:a4:
25:4a:d8:d1:0a:0d:9a:8c:91:eb:cf:f1:fd:f3:59:
b1:a1:b7:da:f5:91:79:a2:49:4c:fc:9c:cd:b3:05:
a5:e0:b5:de:28:09:58:be:b1:0d:bb:a3:6b:b3:81:
4b:f8:86:89:6a:3c:af:c4:b5:8d:04:17:4f:08:8b:
a8:da:d3:d1:b7:5f:99:5f:bd:d6:06:06:03:bc:4f:
f2:d7:c3:99:88:e8:9b:33:73:53:57:9b:1c:d2:c3:
7a:bf:fa:dd:5d:34:62:01:ae:ba:56:a9:65:24:20:
c6:89:2c:4e:e1:57:5b:09:48:01:f5:cb:d3:42:fd:
af:8d:2e:17:47:91:f2:48:57:45:33:38:59:7f:52:
49:0c:3e:d0:64:eb:fa:a1:38:cb:fc:68:87:a9:dd:
2c:f7:70:21:e7:e5:e2:78:47:e3:3e:a9:47:aa:7e:
0e:47:e0:f8:6e:b1:16:43:55:4f:bc:4e:16:3f:32:
56:0f:96:4a:4f:aa:44:30:71:a4:0b:86:72:b2:18:
5e:54:b1:10:2c:65:81:2e:a1:5c:73:04:9f:0a:ee:
91:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:9C:DC:C6:A3:FB:B5:BA:64:D7:63:4E:D2:78:6B:B3:B9:FD:0B:3B
X509v3 Authority Key Identifier:
keyid:77:A2:01:C5:8E:B3:B4:20:8C:91:BA:7E:CE:D9:36:E5:95:E6:1A:19
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/d6IBxY6ztCCMkbp-ztk25ZXmGhk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d6IBxY6ztCCMkbp-ztk25ZXmGhk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/FF115DF8FDFF11EE8EC9F931C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
58.137.116.0/24
Signature Algorithm: sha256WithRSAEncryption
2c:05:41:29:6b:a9:33:84:19:03:6b:46:b5:6a:67:86:c7:f6:
12:cb:e0:67:bd:97:bb:64:59:53:91:da:53:3f:f3:a7:4d:94:
09:49:9e:80:79:fe:99:fb:50:36:f4:c6:4b:6d:0d:11:f4:6b:
23:b7:e6:15:63:f0:c3:c5:e9:2e:7e:e4:4b:84:b9:62:b6:a8:
86:f0:3f:3d:d2:67:f6:aa:14:09:c8:43:47:c5:d0:5a:64:84:
d1:4c:8c:f3:2f:9f:41:b4:27:7e:09:b3:01:e1:2b:6e:98:20:
5b:b2:0c:89:24:e9:b5:eb:64:a2:35:b4:3e:32:39:c2:62:66:
a4:ac:24:af:97:39:cf:d0:fc:df:75:d8:ca:10:74:c6:24:56:
1c:96:af:cd:94:9b:a9:79:e4:37:e6:06:43:f7:15:7d:57:01:
2e:35:4b:f9:ed:9f:b5:bb:7c:c5:d7:03:77:14:bc:77:a0:21:
ed:48:91:7e:52:f6:98:9e:34:d6:46:ed:3e:7b:fd:e7:b2:a5:
dd:4f:5f:98:f4:65:b3:84:28:92:97:16:31:eb:36:fd:c2:e3:
e4:61:75:6d:09:11:35:0d:da:84:7d:e5:00:b3:f3:16:2c:5f:
61:2d:ae:33:99:47:a6:5f:44:f7:19:14:f3:89:25:96:e6:f6:
25:d3:99:f4
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBQEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjYyQ0ExMTAvBgNVBAUTKDc3QTIwMUM1OEVCM0I0MjA4QzkxQkE3RUNFRDkzNkU1
OTVFNjFBMTkwHhcNMjQwNzMxMDIzMzI5WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmE5YTI3OS1iOWNjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6cpODsuoHR9BrW/UBuiSZw2NwFcWOz/LHpHtov1CGb/XIz9HpxGBs3LPQKQl
StjRCg2ajJHrz/H981mxobfa9ZF5oklM/JzNswWl4LXeKAlYvrENu6Nrs4FL+IaJ
ajyvxLWNBBdPCIuo2tPRt1+ZX73WBgYDvE/y18OZiOibM3NTV5sc0sN6v/rdXTRi
Aa66VqllJCDGiSxO4VdbCUgB9cvTQv2vjS4XR5HySFdFMzhZf1JJDD7QZOv6oTjL
/GiHqd0s93Ah5+XieEfjPqlHqn4OR+D4brEWQ1VPvE4WPzJWD5ZKT6pEMHGkC4Zy
shheVLEQLGWBLqFccwSfCu6RowIDAQABo4IClTCCApEwHQYDVR0OBBYEFD+c3Maj
+7W6ZNdjTtJ4a7O5/Qs7MB8GA1UdIwQYMBaAFHeiAcWOs7QgjJG6fs7ZNuWV5hoZ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNjJDQS9GNUVEQzdGQzhB
NTcxMUVDOTZFQkMwMTRDNEY5QUUwMi9kNklCeFk2enRDQ01rYnAtenRrMjVaWG1H
aGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2Q2SUJ4WTZ6dENDTWticC16dGsyNVpYbUdoay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjYyQ0EvRjVFREM3RkM4QTU3MTFFQzk2RUJDMDE0QzRGOUFFMDIvRkYxMTVERjhG
REZGMTFFRThFQzlGOTMxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAA6iXQwDQYJKoZIhvcNAQELBQADggEBACwFQSlrqTOEGQNr
RrVqZ4bH9hLL4Ge9l7tkWVOR2lM/86dNlAlJnoB5/pn7UDb0xkttDRH0ayO35hVj
8MPF6S5+5EuEuWK2qIbwPz3SZ/aqFAnIQ0fF0FpkhNFMjPMvn0G0J34JswHhK26Y
IFuyDIkk6bXrZKI1tD4yOcJiZqSsJK+XOc/Q/N912MoQdMYkVhyWr82Um6l55Dfm
BkP3FX1XAS41S/ntn7W7fMXXA3cUvHegIe1IkX5S9pieNNZG7T57/eeypd1PX5j0
ZbOEKJKXFjHrNv3C4+RhdW0JETUN2oR95QCz8xYsX2EtrjOZR6ZfRPcZFPOJJZbm
9iXTmfQ=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:10:15 2025 by rpki-client