Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9DF288ECF31111EE9DB5AC2AC4F9AE02.roa
File: 9DF288ECF31111EE9DB5AC2AC4F9AE02.roa (raw, json)
Hash identifier: Yeg8m9WPf8178aijzF724o8we3xCrq8+8xqI4OrLuiM=
Subject key identifier: 97:80:A2:4C:34:8E:DB:7D:B4:9D:DF:67:FE:D3:CF:2E:AE:DB:C2:6E
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 944B
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9DF288ECF31111EE9DB5AC2AC4F9AE02.roa
Signing time: Tue 09 Jul 2024 11:58:16 +0000
ROA not before: Tue 09 Jul 2024 11:58:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 137146
IP address blocks: 2001:df4:1580::/48 maxlen: 48
2401:af60::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 37963 (0x944b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Jul 9 11:58:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=668d25d8-3ff2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:48:d4:ec:a2:05:60:9b:f4:b8:72:95:3d:93:
da:fc:65:55:6e:61:18:48:a2:e2:06:ef:65:5d:1c:
50:27:7d:1d:ad:98:30:c6:25:09:91:14:0a:65:5d:
09:b4:bd:f8:62:a7:f3:9f:7c:26:0a:a4:6b:47:e5:
28:43:e7:b3:68:da:a2:a9:05:63:91:78:11:a1:75:
23:04:83:ab:cf:70:73:44:94:b1:bf:26:be:cb:af:
53:d2:e8:17:4f:5a:f7:d6:7d:d7:60:84:78:0d:56:
e5:91:b6:cc:bc:d1:49:d3:d5:f1:f9:1e:11:b5:de:
30:78:6f:d4:7e:12:7e:b7:e2:60:9b:71:41:0a:d7:
ce:aa:99:d0:94:18:4d:4d:2c:1a:81:b0:d8:14:1c:
b7:f4:3b:f0:81:bd:16:f6:90:57:0a:b0:a3:bf:3f:
49:71:64:31:b0:50:5b:6c:e5:dd:7a:e3:44:99:e0:
27:5c:b7:e1:35:7a:b2:35:e3:61:f6:d2:fc:0d:d9:
49:ee:21:5b:1a:df:b7:19:e8:c8:c7:bf:eb:66:49:
b0:f8:a9:c8:52:9b:61:36:51:44:69:2d:c1:ee:42:
1f:36:f3:18:24:7b:84:55:31:f2:fb:a6:48:7c:22:
57:0b:39:b3:31:88:67:5a:96:5d:7e:43:0a:0b:ab:
a3:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:80:A2:4C:34:8E:DB:7D:B4:9D:DF:67:FE:D3:CF:2E:AE:DB:C2:6E
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9DF288ECF31111EE9DB5AC2AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2001:df4:1580::/48
2401:af60::/32
Signature Algorithm: sha256WithRSAEncryption
70:77:21:9e:06:e1:59:81:6e:d6:67:f3:15:69:36:49:9a:dd:
b8:dd:d9:41:23:64:b6:14:89:21:7f:f0:f5:bd:f6:b4:b2:40:
63:39:a4:29:47:b0:e6:ef:ef:9e:0f:34:a9:5a:65:fc:07:77:
9f:cf:98:5d:89:49:b5:01:c4:c7:9c:fd:cd:78:63:49:c9:d3:
9e:2a:59:50:37:10:97:f0:a3:2a:af:1a:ef:b8:3b:ed:5c:3f:
03:3d:f6:49:13:d6:37:40:bb:e3:36:6f:76:25:cd:8a:43:cb:
bd:69:97:45:9b:7a:31:5f:2e:d0:b2:74:53:79:ed:66:b0:0a:
65:df:84:f3:3d:88:81:9e:01:28:c1:48:9f:4c:b5:f2:87:e4:
23:4a:4b:aa:14:31:32:93:d7:4f:1a:41:cb:85:f5:f9:e3:2d:
aa:ef:45:9d:52:2c:e1:20:26:89:45:51:45:65:69:63:8b:1d:
9c:1c:8f:3f:fd:99:2b:59:28:7a:aa:53:07:7a:7c:8b:df:82:
9e:e0:03:5e:70:b1:33:9a:0a:00:99:25:96:b2:9d:26:37:8a:
b3:cc:28:27:39:e9:27:5e:a5:5c:54:bd:3c:60:5c:a1:b1:0e:
94:b4:ec:29:fb:a3:d5:6a:c0:a4:d2:45:26:11:bf:5f:b4:35:
49:8d:4b:82
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgIDAJRLMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDcwOTExNTgxNloXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjY4ZDI1ZDgtM2ZmMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKtI1OyiBWCb9LhylT2T2vxlVW5hGEii4gbvZV0cUCd9Ha2YMMYlCZEUCmVd
CbS9+GKn8598Jgqka0flKEPns2jaoqkFY5F4EaF1IwSDq89wc0SUsb8mvsuvU9Lo
F09a99Z912CEeA1W5ZG2zLzRSdPV8fkeEbXeMHhv1H4SfrfiYJtxQQrXzqqZ0JQY
TU0sGoGw2BQct/Q78IG9FvaQVwqwo78/SXFkMbBQW2zl3XrjRJngJ1y34TV6sjXj
YfbS/A3ZSe4hWxrftxnoyMe/62ZJsPipyFKbYTZRRGktwe5CHzbzGCR7hFUx8vum
SHwiVws5szGIZ1qWXX5DCguro8cCAwEAAaOCAp8wggKbMB0GA1UdDgQWBBSXgKJM
NI7bfbSd32f+088urtvCbjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzlERjI4OEVD
RjMxMTExRUU5REI1QUMyQUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMCkGCCsGAQUFBwEHAQH/
BBowGDAWBAIAAjAQAwcAIAEN9BWAAwUAJAGvYDANBgkqhkiG9w0BAQsFAAOCAQEA
cHchngbhWYFu1mfzFWk2SZrduN3ZQSNkthSJIX/w9b32tLJAYzmkKUew5u/vng80
qVpl/Ad3n8+YXYlJtQHEx5z9zXhjScnTnipZUDcQl/CjKq8a77g77Vw/Az32SRPW
N0C74zZvdiXNikPLvWmXRZt6MV8u0LJ0U3ntZrAKZd+E8z2IgZ4BKMFIn0y18ofk
I0pLqhQxMpPXTxpBy4X1+eMtqu9FnVIs4SAmiUVRRWVpY4sdnByPP/2ZK1koeqpT
B3p8i9+CnuADXnCxM5oKAJkllrKdJjeKs8woJznpJ16lXFS9PGBcobEOlLTsKfuj
1WrApNJFJhG/X7Q1SY1Lgg==
-----END CERTIFICATE-----
Generated at Mon Jun 9 22:59:59 2025 by rpki-client