Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9DF288ECF31111EE9DB5AC2AC4F9AE02.roa
File: 9DF288ECF31111EE9DB5AC2AC4F9AE02.roa (raw, json)
Hash identifier: pFWe1fPv2h67Q4EzspqznvOzutnA6BNvDdceSdxT/3k=
Subject key identifier: D7:96:2A:F5:BB:63:C1:99:59:74:01:B3:1E:13:19:49:7D:AF:AF:40
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: B47E
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9DF288ECF31111EE9DB5AC2AC4F9AE02.roa
Signing time: Thu 08 May 2025 16:09:17 +0000
ROA not before: Thu 08 May 2025 16:09:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 137146
IP address blocks: 2001:df4:1580::/48 maxlen: 48
2401:af60::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 46206 (0xb47e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 8 16:09:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=681cd72d-d079
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:26:85:26:1a:2d:76:52:0c:6d:7f:b8:26:8c:
a9:83:52:1c:ae:e4:89:a5:9c:d3:9e:4b:bb:55:1e:
09:8a:d5:97:ff:e1:f8:d9:dd:83:e0:c1:b3:bd:fe:
ac:e7:75:01:86:0a:5c:ab:d9:d2:19:af:e3:ce:63:
2d:1e:b0:79:21:f6:fd:d2:01:49:22:97:df:08:68:
04:b9:b1:8f:df:d7:e2:1a:93:04:cc:45:59:9d:cf:
f0:d8:05:39:bc:a7:f2:00:2a:5a:64:f3:f0:57:44:
31:50:fc:8a:75:dd:61:51:92:57:88:e1:65:37:65:
80:04:a0:55:c4:b7:31:31:7d:6f:0c:72:65:29:16:
b7:93:ed:19:6f:a3:9b:8c:c4:ee:07:26:29:a0:19:
c8:ae:f4:0f:da:16:fd:6f:53:d5:c8:77:84:70:30:
8c:a9:b6:82:95:e7:80:20:05:9c:7e:23:e6:4e:b4:
87:d5:d1:ae:af:d6:1e:a3:ea:13:98:1f:8e:b6:b9:
c5:82:c2:d8:7a:15:75:13:9b:91:00:ff:c9:55:c6:
6b:99:31:e0:7f:f7:79:cc:11:53:a6:ac:87:54:f8:
84:1a:be:3d:03:b0:66:8f:a6:32:39:c6:c1:ca:cb:
5d:18:c1:d5:d1:13:78:2d:d1:81:94:03:e3:19:9c:
24:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:96:2A:F5:BB:63:C1:99:59:74:01:B3:1E:13:19:49:7D:AF:AF:40
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9DF288ECF31111EE9DB5AC2AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2001:df4:1580::/48
2401:af60::/32
Signature Algorithm: sha256WithRSAEncryption
6e:ee:79:bb:c7:38:89:87:a8:f7:97:74:ae:2f:61:31:7e:e1:
02:32:3c:dd:04:fa:a0:6d:71:51:20:e0:70:41:74:85:87:e6:
1a:1e:27:f4:d1:22:e8:9a:1d:f6:a5:c8:3f:db:32:d0:00:08:
bd:ef:b8:36:d0:57:c2:8f:dc:be:10:7a:b8:50:d0:54:4d:5a:
7f:ca:9a:80:8a:2e:94:f2:13:b5:b8:6e:8e:33:2b:0f:59:e5:
7b:5e:e8:e8:61:66:f8:3f:22:e9:ea:d1:97:f9:1f:cd:b6:79:
37:b1:5a:97:4c:eb:5c:b7:8a:0a:7d:8a:df:2a:60:0d:c2:32:
9f:28:72:f3:ed:b9:d3:60:d8:66:3e:98:71:41:2d:74:0c:82:
02:a1:5e:ab:29:6a:08:cf:e2:c8:22:29:04:f8:d8:f0:b2:f3:
fd:de:34:35:49:e9:c6:77:e6:30:55:49:3d:df:6a:6b:02:18:
12:3d:ed:52:38:30:63:61:37:f3:20:9d:91:79:95:18:8a:9a:
5b:ab:c6:a8:af:47:d9:31:7e:a7:fe:aa:b9:32:2c:85:44:c6:
02:d5:09:b6:e3:c0:f0:55:be:34:33:78:a2:34:70:bd:13:d6:
09:08:8b:7e:f3:e1:5e:18:a3:24:b4:07:dc:1f:f5:9e:99:d0:
17:01:9a:8f
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgIDALR+MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUwODE2MDkxN1oXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgxY2Q3MmQtZDA3OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK4mhSYaLXZSDG1/uCaMqYNSHK7kiaWc055Lu1UeCYrVl//h+Nndg+DBs73+
rOd1AYYKXKvZ0hmv485jLR6weSH2/dIBSSKX3whoBLmxj9/X4hqTBMxFWZ3P8NgF
Obyn8gAqWmTz8FdEMVD8inXdYVGSV4jhZTdlgASgVcS3MTF9bwxyZSkWt5PtGW+j
m4zE7gcmKaAZyK70D9oW/W9T1ch3hHAwjKm2gpXngCAFnH4j5k60h9XRrq/WHqPq
E5gfjra5xYLC2HoVdRObkQD/yVXGa5kx4H/3ecwRU6ash1T4hBq+PQOwZo+mMjnG
wcrLXRjB1dETeC3RgZQD4xmcJE0CAwEAAaOCAp8wggKbMB0GA1UdDgQWBBTXlir1
u2PBmVl0AbMeExlJfa+vQDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzlERjI4OEVD
RjMxMTExRUU5REI1QUMyQUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMCkGCCsGAQUFBwEHAQH/
BBowGDAWBAIAAjAQAwcAIAEN9BWAAwUAJAGvYDANBgkqhkiG9w0BAQsFAAOCAQEA
bu55u8c4iYeo95d0ri9hMX7hAjI83QT6oG1xUSDgcEF0hYfmGh4n9NEi6Jod9qXI
P9sy0AAIve+4NtBXwo/cvhB6uFDQVE1af8qagIoulPITtbhujjMrD1nle17o6GFm
+D8i6erRl/kfzbZ5N7Fal0zrXLeKCn2K3ypgDcIynyhy8+2502DYZj6YcUEtdAyC
AqFeqylqCM/iyCIpBPjY8LLz/d40NUnpxnfmMFVJPd9qawIYEj3tUjgwY2E38yCd
kXmVGIqaW6vGqK9H2TF+p/6quTIshUTGAtUJtuPA8FW+NDN4ojRwvRPWCQiLfvPh
XhijJLQH3B/1npnQFwGajw==
-----END CERTIFICATE-----
Generated at Wed Jun 11 20:17:16 2025 by rpki-client