Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C5021/9AFD486C3BBC11EBA776F161C4F9AE02/0CE58260355D11EC96291331C4F9AE02.roa
File: 0CE58260355D11EC96291331C4F9AE02.roa (raw, json)
Hash identifier: nUuH7X/bVeMuP2tQ3mxGgM+nXkZNbJBzG/X/Efk7Qpg=
Subject key identifier: AC:E4:E8:EA:7A:B4:71:D0:A1:A2:5A:A7:8A:4F:28:07:0C:36:3C:C8
Certificate issuer: /CN=A91C5021/serialNumber=28F07110E43584A3BA6A3A4A87D68E9EB7D3E902
Certificate serial: 06F3
Authority key identifier: 28:F0:71:10:E4:35:84:A3:BA:6A:3A:4A:87:D6:8E:9E:B7:D3:E9:02
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KPBxEOQ1hKO6ajpKh9aOnrfT6QI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C5021/9AFD486C3BBC11EBA776F161C4F9AE02/0CE58260355D11EC96291331C4F9AE02.roa
Signing time: Mon 20 Jan 2025 21:41:20 +0000
ROA not before: Mon 20 Jan 2025 21:41:20 +0000
ROA not after: Tue 31 Mar 2026 00:00:00 +0000
asID: 58715
IP address blocks: 103.106.166.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1779 (0x6f3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C5021
Validity
Not Before: Jan 20 21:41:20 2025 GMT
Not After : Mar 31 00:00:00 2026 GMT
Subject: CN=678ec300-f739
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:b4:11:e0:e1:a3:e9:04:fc:a1:29:40:47:dd:
7b:4d:b0:e6:4c:39:fc:03:08:6b:6b:04:5c:e1:ef:
d8:7f:0e:dd:a7:49:fc:e1:05:59:ca:8c:0d:38:84:
20:53:b6:4e:74:52:06:60:cd:39:6b:28:4d:7c:9d:
cd:33:ec:ed:7d:ef:9c:70:c8:b7:ac:9d:48:19:1f:
e9:a3:1a:3a:41:39:ee:9e:c9:bc:cc:63:10:7a:8a:
ec:cd:7f:37:fb:09:db:58:78:2d:92:52:4f:9d:67:
30:bd:59:47:a5:dc:10:10:f7:9c:6c:70:e4:d1:70:
45:39:80:54:59:0d:6e:ed:bf:4a:22:81:c6:62:79:
87:e1:70:2b:aa:1e:b8:56:cd:a5:59:e4:da:b1:2d:
c3:6d:f8:0d:20:11:4b:09:ef:a6:5d:9a:07:ef:65:
73:a7:50:b1:f5:0a:5f:f6:3a:be:2c:a3:6a:97:a3:
76:3d:9c:51:a7:ac:ab:a8:88:a7:d1:6f:68:87:8c:
02:69:91:6a:13:84:be:62:3f:55:8a:01:cb:31:59:
75:a1:69:a3:d1:44:1a:e2:f0:42:11:1e:7f:56:e8:
26:d8:1f:b8:73:ce:7b:51:e3:a0:e2:7e:44:44:d2:
81:57:63:79:2e:a2:f0:bb:b7:e9:73:4c:02:1a:8e:
53:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:E4:E8:EA:7A:B4:71:D0:A1:A2:5A:A7:8A:4F:28:07:0C:36:3C:C8
X509v3 Authority Key Identifier:
keyid:28:F0:71:10:E4:35:84:A3:BA:6A:3A:4A:87:D6:8E:9E:B7:D3:E9:02
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C5021/9AFD486C3BBC11EBA776F161C4F9AE02/KPBxEOQ1hKO6ajpKh9aOnrfT6QI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KPBxEOQ1hKO6ajpKh9aOnrfT6QI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C5021/9AFD486C3BBC11EBA776F161C4F9AE02/0CE58260355D11EC96291331C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.106.166.0/23
Signature Algorithm: sha256WithRSAEncryption
5a:b4:4e:ef:3b:4f:74:2a:08:dd:63:67:27:b5:75:af:64:f5:
39:36:9c:eb:2e:42:ec:44:aa:12:67:56:23:e3:df:40:5e:05:
61:31:0c:10:72:5c:71:72:0d:4f:05:93:14:47:4d:b2:3b:5f:
bd:09:9d:59:34:2f:6b:c6:ab:92:98:34:da:74:30:30:79:4c:
05:61:5b:7c:7a:e8:15:0a:d9:c3:c8:dc:f0:9d:f2:e7:79:a5:
2b:9d:91:0a:a5:29:09:83:47:43:eb:c2:df:8e:cd:8b:24:c4:
5a:40:5c:bf:f7:83:e4:21:9b:74:e3:57:4a:ae:96:f5:4e:1f:
f4:83:89:26:f4:16:74:b0:56:48:17:e7:16:27:f8:4f:cf:cf:
18:4b:8e:f9:ba:6c:9d:a8:a8:bb:e5:4a:f1:ce:c4:4b:12:c8:
ca:5b:cc:2c:18:9b:d1:c0:53:cd:01:a1:dd:db:23:22:9d:6b:
17:0a:4c:e8:10:94:e5:6b:9f:28:e8:64:a2:17:1d:42:bf:fe:
2e:df:75:12:57:28:15:09:3c:ca:2d:d1:48:92:ee:aa:ca:5f:
26:79:34:25:50:ce:34:09:4c:93:d3:5d:ca:fd:65:16:24:7d:
f1:e7:5d:33:47:91:07:04:36:95:37:1a:4a:72:d4:6a:95:4c:
2e:3f:b8:81
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBvMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzUwMjExMTAvBgNVBAUTKDI4RjA3MTEwRTQzNTg0QTNCQTZBM0E0QTg3RDY4RTlF
QjdEM0U5MDIwHhcNMjUwMTIwMjE0MTIwWhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzhlYzMwMC1mNzM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAurQR4OGj6QT8oSlAR917TbDmTDn8AwhrawRc4e/Yfw7dp0n84QVZyowNOIQg
U7ZOdFIGYM05ayhNfJ3NM+ztfe+ccMi3rJ1IGR/poxo6QTnunsm8zGMQeorszX83
+wnbWHgtklJPnWcwvVlHpdwQEPecbHDk0XBFOYBUWQ1u7b9KIoHGYnmH4XArqh64
Vs2lWeTasS3DbfgNIBFLCe+mXZoH72Vzp1Cx9Qpf9jq+LKNql6N2PZxRp6yrqIin
0W9oh4wCaZFqE4S+Yj9VigHLMVl1oWmj0UQa4vBCER5/Vugm2B+4c857UeOg4n5E
RNKBV2N5LqLwu7fpc0wCGo5TsQIDAQABo4IClTCCApEwHQYDVR0OBBYEFKzk6Op6
tHHQoaJap4pPKAcMNjzIMB8GA1UdIwQYMBaAFCjwcRDkNYSjumo6SofWjp630+kC
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDNTAyMS85QUZENDg2QzNC
QkMxMUVCQTc3NkYxNjFDNEY5QUUwMi9LUEJ4RU9RMWhLTzZhanBLaDlhT25yZlQ2
UUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tQQnhFT1ExaEtPNmFqcEtoOWFPbnJmVDZRSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzUwMjEvOUFGRDQ4NkMzQkJDMTFFQkE3NzZGMTYxQzRGOUFFMDIvMENFNTgyNjAz
NTVEMTFFQzk2MjkxMzMxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnaqYwDQYJKoZIhvcNAQELBQADggEBAFq0Tu87T3QqCN1j
Zye1da9k9Tk2nOsuQuxEqhJnViPj30BeBWExDBByXHFyDU8FkxRHTbI7X70JnVk0
L2vGq5KYNNp0MDB5TAVhW3x66BUK2cPI3PCd8ud5pSudkQqlKQmDR0Prwt+OzYsk
xFpAXL/3g+Qhm3TjV0qulvVOH/SDiSb0FnSwVkgX5xYn+E/PzxhLjvm6bJ2oqLvl
SvHOxEsSyMpbzCwYm9HAU80Bod3bIyKdaxcKTOgQlOVrnyjoZKIXHUK//i7fdRJX
KBUJPMot0UiS7qrKXyZ5NCVQzjQJTJPTXcr9ZRYkffHnXTNHkQcENpU3Gkpy1GqV
TC4/uIE=
-----END CERTIFICATE-----
Generated at Thu Apr 3 07:44:42 2025 by rpki-client