Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9160C9E/57FF4BCA8BCA11EFABFC1A39C4F9AE02/BDE58E268BCB11EFAE8ADA5BC4F9AE02.roa
File: BDE58E268BCB11EFAE8ADA5BC4F9AE02.roa (raw, json)
Hash identifier: Pqd2vOAbZLoe3ayDehM9W72u4NX+JQli4GuRasI2YV8=
Subject key identifier: A0:A2:7B:5E:45:04:D2:AE:08:94:BA:4E:03:64:55:13:42:B1:E3:E5
Certificate issuer: /CN=A9160C9E/serialNumber=100D9AEE91D227FE475934F2978C3617D8CFA8EE
Certificate serial: 02
Authority key identifier: 10:0D:9A:EE:91:D2:27:FE:47:59:34:F2:97:8C:36:17:D8:CF:A8:EE
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/EA2a7pHSJ_5HWTTyl4w2F9jPqO4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9160C9E/57FF4BCA8BCA11EFABFC1A39C4F9AE02/BDE58E268BCB11EFAE8ADA5BC4F9AE02.roa
Signing time: Wed 16 Oct 2024 14:34:25 +0000
ROA not before: Wed 16 Oct 2024 14:34:25 +0000
ROA not after: Tue 30 Dec 2025 00:00:00 +0000
asID: 153365
IP address blocks: 2001:df4:6d40::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9160C9E/serialNumber=100D9AEE91D227FE475934F2978C3617D8CFA8EE
Validity
Not Before: Oct 16 14:34:25 2024 GMT
Not After : Dec 30 00:00:00 2025 GMT
Subject: CN=670fcef1-0832
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:ad:0d:24:8a:9a:27:e0:ea:c0:1f:f4:e0:56:
df:a5:a7:c0:7b:50:22:0a:fe:62:97:77:28:07:20:
0d:fd:26:ad:82:4a:6a:15:71:d7:2d:fe:b7:4a:63:
19:56:33:f9:6f:d2:8f:a5:59:1b:38:50:2b:ed:a1:
ce:2b:74:e2:ee:47:4c:eb:0e:38:82:d8:df:2f:61:
7b:9e:e4:f8:86:77:1c:77:d8:de:c9:4c:4a:80:8c:
25:a1:df:f9:7d:79:18:a9:4b:10:00:99:48:e5:dc:
a0:3e:7f:47:4e:66:18:1a:7f:b1:56:80:5f:e6:fe:
55:ce:cb:33:b6:eb:79:2a:48:73:47:67:31:f2:fe:
fe:91:26:bf:4f:9d:0e:fd:27:ab:ef:c6:0d:b8:57:
fb:cd:df:97:a0:27:35:87:ca:bd:75:55:25:0f:a9:
85:13:a7:6a:bd:4c:93:23:14:61:8a:45:17:fa:e7:
89:72:32:f4:75:4a:d7:ea:59:79:8d:d3:f5:fe:cb:
81:e5:6c:b1:10:18:ea:b3:70:80:42:9b:bd:15:1e:
14:0e:ba:81:29:a3:16:ce:b4:79:25:51:7c:00:0c:
9c:b0:89:da:a3:47:e7:1f:59:c0:01:73:f9:f2:d8:
98:61:ba:3a:8c:a5:0f:9f:ab:3b:38:be:23:d3:a6:
5f:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:A2:7B:5E:45:04:D2:AE:08:94:BA:4E:03:64:55:13:42:B1:E3:E5
X509v3 Authority Key Identifier:
keyid:10:0D:9A:EE:91:D2:27:FE:47:59:34:F2:97:8C:36:17:D8:CF:A8:EE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9160C9E/57FF4BCA8BCA11EFABFC1A39C4F9AE02/EA2a7pHSJ_5HWTTyl4w2F9jPqO4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/EA2a7pHSJ_5HWTTyl4w2F9jPqO4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9160C9E/57FF4BCA8BCA11EFABFC1A39C4F9AE02/BDE58E268BCB11EFAE8ADA5BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2001:df4:6d40::/48
Signature Algorithm: sha256WithRSAEncryption
0e:01:65:07:4e:ab:2e:d7:07:90:94:b7:dc:ae:48:22:4f:ae:
b3:e5:5b:5f:10:82:e6:bb:fc:78:1e:9a:52:1e:ef:cf:25:1b:
b8:ec:38:27:e3:a7:64:6b:ba:82:52:43:08:8c:d9:06:06:d8:
56:c8:52:63:88:04:7a:74:c7:8b:fb:cb:0b:76:e5:ae:90:01:
f7:df:61:68:fc:c2:4a:46:30:17:c0:b6:5e:5c:ed:3a:88:48:
26:14:9b:18:8e:84:2a:18:ff:8a:ad:25:ff:fb:40:cb:e5:8d:
87:d0:c0:20:a2:39:82:b2:2f:8f:82:74:79:9d:b1:07:67:d3:
59:db:99:c9:c0:eb:c8:a8:50:ca:6d:33:a1:ed:80:43:e9:9b:
3f:d2:e6:02:6d:36:50:a4:7d:39:7d:89:b9:10:3f:a7:25:8e:
9e:67:c1:5a:71:b0:f3:2c:31:a0:97:f1:d4:20:c9:60:90:a2:
11:71:b2:d3:de:da:33:ff:e5:53:c2:37:12:ae:9a:35:0f:32:
95:e3:00:b8:46:23:9f:2b:bd:c4:c3:cb:a5:e7:13:c8:98:6e:
fb:19:70:d7:dd:c7:9c:97:e0:15:a2:d4:ad:71:25:5f:75:14:
73:2b:89:4b:64:25:42:4e:1e:1c:36:bd:49:c5:6f:0b:d5:e6:
06:2a:39:41
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE2
MEM5RTExMC8GA1UEBRMoMTAwRDlBRUU5MUQyMjdGRTQ3NTkzNEYyOTc4QzM2MTdE
OENGQThFRTAeFw0yNDEwMTYxNDM0MjVaFw0yNTEyMzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY3MGZjZWYxLTA4MzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCtrQ0kipon4OrAH/TgVt+lp8B7UCIK/mKXdygHIA39Jq2CSmoVcdct/rdKYxlW
M/lv0o+lWRs4UCvtoc4rdOLuR0zrDjiC2N8vYXue5PiGdxx32N7JTEqAjCWh3/l9
eRipSxAAmUjl3KA+f0dOZhgaf7FWgF/m/lXOyzO263kqSHNHZzHy/v6RJr9PnQ79
J6vvxg24V/vN35egJzWHyr11VSUPqYUTp2q9TJMjFGGKRRf654lyMvR1StfqWXmN
0/X+y4HlbLEQGOqzcIBCm70VHhQOuoEpoxbOtHklUXwADJywidqjR+cfWcABc/ny
2JhhujqMpQ+fqzs4viPTpl/jAgMBAAGjggKYMIIClDAdBgNVHQ4EFgQUoKJ7XkUE
0q4IlLpOA2RVE0Kx4+UwHwYDVR0jBBgwFoAUEA2a7pHSJ/5HWTTyl4w2F9jPqO4w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTYwQzlFLzU3RkY0QkNBOEJD
QTExRUZBQkZDMUEzOUM0RjlBRTAyL0VBMmE3cEhTSl81SFdUVHlsNHcyRjlqUHFP
NC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvRUEyYTdwSFNKXzVIV1RUeWw0dzJGOWpQcU80LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2
MEM5RS81N0ZGNEJDQThCQ0ExMUVGQUJGQzFBMzlDNEY5QUUwMi9CREU1OEUyNjhC
Q0IxMUVGQUU4QURBNUJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAiBggrBgEFBQcBBwEB/wQT
MBEwDwQCAAIwCQMHACABDfRtQDANBgkqhkiG9w0BAQsFAAOCAQEADgFlB06rLtcH
kJS33K5IIk+us+VbXxCC5rv8eB6aUh7vzyUbuOw4J+OnZGu6glJDCIzZBgbYVshS
Y4gEenTHi/vLC3blrpAB999haPzCSkYwF8C2XlztOohIJhSbGI6EKhj/iq0l//tA
y+WNh9DAIKI5grIvj4J0eZ2xB2fTWduZycDryKhQym0zoe2AQ+mbP9LmAm02UKR9
OX2JuRA/pyWOnmfBWnGw8ywxoJfx1CDJYJCiEXGy097aM//lU8I3Eq6aNQ8yleMA
uEYjnyu9xMPLpecTyJhu+xlw193HnJfgFaLUrXElX3UUcyuJS2QlQk4eHDa9ScVv
C9XmBio5QQ==
-----END CERTIFICATE-----
Generated at Mon Oct 21 11:47:01 2024 by rpki-client on console-fra.rpki-client.org