Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9153AE1/63843ED0944011E7BC99C11AC4F9AE02/AFA89640E60C11EBAEE0FB18C4F9AE02.roa
File: AFA89640E60C11EBAEE0FB18C4F9AE02.roa (raw, json)
Hash identifier: 41NNBsf749cjZ4jnrJbegYJtygZiR4ik+L2UxT89/I4=
Subject key identifier: 5D:D8:B0:D0:DA:EA:25:FF:55:30:EF:4D:6B:CD:8D:5B:66:F8:90:53
Certificate issuer: /CN=A9153AE1/serialNumber=F664AC026BF4F47C08757CDE7F21EC3CF2A4E64E
Certificate serial: 1874
Authority key identifier: F6:64:AC:02:6B:F4:F4:7C:08:75:7C:DE:7F:21:EC:3C:F2:A4:E6:4E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9mSsAmv09HwIdXzefyHsPPKk5k4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9153AE1/63843ED0944011E7BC99C11AC4F9AE02/AFA89640E60C11EBAEE0FB18C4F9AE02.roa
Signing time: Wed 02 Oct 2024 16:54:30 +0000
ROA not before: Wed 02 Oct 2024 16:54:30 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 20940
IP address blocks: 60.87.0.0/20 maxlen: 24
2400:2000:6::/48 maxlen: 48
2400:2000:7::/48 maxlen: 48
2400:2000:b::/48 maxlen: 48
2400:2000:c::/48 maxlen: 48
2400:2000:f::/48 maxlen: 48
2400:2000:10::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6260 (0x1874)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9153AE1
Validity
Not Before: Oct 2 16:54:30 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=66fd7ac6-2e9d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:25:63:ba:a1:c3:d7:3e:22:c9:cd:90:e0:b5:
33:02:5f:90:d2:54:91:fc:6f:62:05:39:5c:f9:52:
98:c9:06:3f:e3:97:83:12:b5:0e:ff:4f:aa:9a:fd:
06:30:80:fd:e2:e0:f8:d5:5d:6a:c3:8f:67:29:53:
78:75:93:17:2e:e8:e4:d8:50:02:02:62:21:3b:8b:
65:55:64:99:6b:25:5f:ed:9b:0f:cb:9c:7d:d4:09:
30:18:96:b3:76:89:ba:62:05:18:86:ee:01:81:2c:
92:78:06:ff:31:29:56:d4:ef:ec:76:d9:bc:41:74:
1a:29:71:41:dc:4d:18:00:1c:4a:4d:6b:08:2d:71:
9e:cb:23:52:fd:8d:5a:ed:a6:1f:a1:18:7e:9e:d7:
c2:d8:85:aa:3d:86:af:7a:65:78:49:9c:6c:af:a1:
35:de:1b:d5:05:2a:f4:e2:da:04:e3:55:2b:a9:ad:
0c:20:4e:72:47:ae:42:cb:29:81:2a:61:d7:71:45:
4b:8b:3b:28:b2:a3:42:09:9d:ba:b1:85:99:01:b0:
c7:3a:19:16:3a:b5:1a:c6:65:3a:d6:eb:64:c0:e6:
03:72:f8:90:6c:59:ad:42:85:82:04:d8:6a:12:15:
fe:43:83:17:b8:14:a9:94:1c:e4:fc:dc:5f:bc:3f:
bb:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:D8:B0:D0:DA:EA:25:FF:55:30:EF:4D:6B:CD:8D:5B:66:F8:90:53
X509v3 Authority Key Identifier:
keyid:F6:64:AC:02:6B:F4:F4:7C:08:75:7C:DE:7F:21:EC:3C:F2:A4:E6:4E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9153AE1/63843ED0944011E7BC99C11AC4F9AE02/9mSsAmv09HwIdXzefyHsPPKk5k4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9mSsAmv09HwIdXzefyHsPPKk5k4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9153AE1/63843ED0944011E7BC99C11AC4F9AE02/AFA89640E60C11EBAEE0FB18C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
60.87.0.0/20
IPv6:
2400:2000:6::/47
2400:2000:b::-2400:2000:c:ffff:ffff:ffff:ffff:ffff
2400:2000:f::-2400:2000:10:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
5d:3f:bc:e9:e2:df:43:a1:02:12:5a:a9:8d:68:09:71:fa:d1:
99:78:4c:c2:00:7e:47:ce:eb:e0:ed:5a:0f:5d:47:16:fd:3f:
83:4e:f6:31:a2:83:eb:f6:1a:fb:b0:51:00:1b:f4:75:1a:97:
68:27:ab:f2:85:98:82:fa:79:a7:9c:57:e4:6c:08:70:5a:d1:
ee:3f:40:e0:6e:e0:97:0b:df:d6:63:5a:51:e8:b2:1c:b4:1e:
76:7f:32:cb:f2:8c:c2:09:03:d9:c9:7a:f1:9b:f1:75:f5:35:
26:01:bd:62:6c:2a:5d:9f:60:c6:b6:5e:bc:6c:94:fa:c5:d9:
d6:ec:2e:32:0b:9e:ae:11:2d:0d:22:b2:d6:9f:27:85:37:68:
fd:49:8f:7f:70:ed:93:a1:cf:8f:a8:a1:89:fa:b5:e4:e0:50:
98:71:47:c4:a2:fc:86:a9:57:90:1a:bc:2d:dd:8e:e9:1d:d7:
a6:da:36:8a:cb:82:3c:ed:f2:fd:14:f9:f6:33:b9:54:90:ff:
0f:ba:d3:0d:b7:68:13:9d:25:b2:24:52:01:c0:ca:aa:42:87:
01:7f:3f:67:5e:b0:d7:be:68:d8:51:17:ca:2d:41:be:09:97:
5a:32:31:6f:2e:fc:81:5f:5d:55:13:27:44:1e:73:cb:b4:ea:
e8:ff:70:d0
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgICGHQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTNBRTExMTAvBgNVBAUTKEY2NjRBQzAyNkJGNEY0N0MwODc1N0NERTdGMjFFQzND
RjJBNEU2NEUwHhcNMjQxMDAyMTY1NDMwWhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmZkN2FjNi0yZTlkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwCVjuqHD1z4iyc2Q4LUzAl+Q0lSR/G9iBTlc+VKYyQY/45eDErUO/0+qmv0G
MID94uD41V1qw49nKVN4dZMXLujk2FACAmIhO4tlVWSZayVf7ZsPy5x91AkwGJaz
dom6YgUYhu4BgSySeAb/MSlW1O/sdtm8QXQaKXFB3E0YABxKTWsILXGeyyNS/Y1a
7aYfoRh+ntfC2IWqPYavemV4SZxsr6E13hvVBSr04toE41Urqa0MIE5yR65CyymB
KmHXcUVLizsosqNCCZ26sYWZAbDHOhkWOrUaxmU61utkwOYDcviQbFmtQoWCBNhq
EhX+Q4MXuBSplBzk/NxfvD+7OwIDAQABo4ICzjCCAsowHQYDVR0OBBYEFF3YsNDa
6iX/VTDvTWvNjVtm+JBTMB8GA1UdIwQYMBaAFPZkrAJr9PR8CHV83n8h7DzypOZO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1M0FFMS82Mzg0M0VEMDk0
NDAxMUU3QkM5OUMxMUFDNEY5QUUwMi85bVNzQW12MDlId0lkWHplZnlIc1BQS2s1
azQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzltU3NBbXYwOUh3SWRYemVmeUhzUFBLazVrNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTNBRTEvNjM4NDNFRDA5NDQwMTFFN0JDOTlDMTFBQzRGOUFFMDIvQUZBODk2NDBF
NjBDMTFFQkFFRTBGQjE4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWAYIKwYBBQUHAQcBAf8E
STBHMAwEAgABMAYDBAQ8VwAwNwQCAAIwMQMHASQAIAAABjASAwcAJAAgAAALAwcA
JAAgAAAMMBIDBwAkACAAAA8DBwAkACAAABAwDQYJKoZIhvcNAQELBQADggEBAF0/
vOni30OhAhJaqY1oCXH60Zl4TMIAfkfO6+DtWg9dRxb9P4NO9jGig+v2GvuwUQAb
9HUal2gnq/KFmIL6eaecV+RsCHBa0e4/QOBu4JcL39ZjWlHoshy0HnZ/MsvyjMIJ
A9nJevGb8XX1NSYBvWJsKl2fYMa2XrxslPrF2dbsLjILnq4RLQ0istafJ4U3aP1J
j39w7ZOhz4+ooYn6teTgUJhxR8Si/IapV5AavC3djukd16baNorLgjzt8v0U+fYz
uVSQ/w+60w23aBOdJbIkUgHAyqpChwF/P2desNe+aNhRF8otQb4Jl1oyMW8u/IFf
XVUTJ0Qec8u06uj/cNA=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:17:09 2025 by rpki-client