Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/0DA166E69A4C11EE807F8412C4F9AE02.roa
File: 0DA166E69A4C11EE807F8412C4F9AE02.roa (raw, json)
Hash identifier: a58Knd/FrHbEZ17w6X50kE1V5aCn+HHkg1FWBhbtTEE=
Subject key identifier: 90:2C:D0:B3:7B:61:06:F8:34:67:3B:FF:38:68:F0:72:A6:E8:6E:4F
Certificate issuer: /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial: 0704
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/0DA166E69A4C11EE807F8412C4F9AE02.roa
Signing time: Wed 31 Jan 2024 00:12:29 +0000
ROA not before: Wed 31 Jan 2024 00:12:29 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 16509
IP address blocks: 202.139.236.0/22 maxlen: 24
202.139.252.0/24 maxlen: 24
202.148.147.0/24 maxlen: 24
203.27.226.0/23 maxlen: 24
210.247.144.0/20 maxlen: 24
210.247.238.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1796 (0x704)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CB7AB
Validity
Not Before: Jan 31 00:12:29 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=65b9906d-7c0e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:99:e3:de:92:14:b3:f4:4d:ee:b9:f8:ed:b0:
88:33:2b:5b:bf:4c:01:56:a0:1f:56:19:55:5b:d3:
d0:05:84:45:b5:5c:25:76:b2:cb:7f:2d:c2:79:ca:
f9:6e:4e:e1:04:03:48:f0:17:81:81:89:2c:97:af:
05:c5:33:b7:4c:f0:d1:d0:d5:23:a3:49:f4:b3:53:
f3:38:04:2d:7c:3e:1a:f8:77:32:0a:3d:f3:21:09:
3b:b2:41:5e:02:f1:4c:65:ee:ea:c9:ee:3f:d6:79:
04:40:f7:52:cf:1c:a2:05:df:ff:71:7a:5e:76:99:
fe:c4:5f:17:2c:b6:34:ef:07:a9:c4:8f:df:f4:a1:
38:a6:69:ba:31:ad:41:be:58:42:3d:1a:71:6c:d4:
00:3d:76:61:be:53:9e:1f:21:a2:69:51:2b:1f:43:
fc:56:d3:01:e2:ad:7e:55:c1:38:eb:c8:4e:7d:95:
6a:e7:11:ee:0c:65:fa:de:dd:ad:35:68:87:24:00:
1e:3e:6c:ea:b7:1f:5c:20:18:1b:d3:64:4f:1b:c1:
c7:fa:96:1c:f8:15:b5:d8:0d:fd:56:4a:fc:c9:c0:
71:a3:7d:49:ba:2d:88:95:8a:78:29:f2:7a:fb:7a:
20:9f:f3:17:8c:a7:0b:d1:56:8b:9a:10:16:3d:8d:
ca:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:2C:D0:B3:7B:61:06:F8:34:67:3B:FF:38:68:F0:72:A6:E8:6E:4F
X509v3 Authority Key Identifier:
keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/0DA166E69A4C11EE807F8412C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.139.236.0/22
202.139.252.0/24
202.148.147.0/24
203.27.226.0/23
210.247.144.0/20
210.247.238.0/23
Signature Algorithm: sha256WithRSAEncryption
64:70:57:29:71:18:53:c6:6a:f7:bf:82:50:83:aa:c6:91:d6:
d5:70:81:e7:32:f6:fa:c8:c9:59:ed:93:cb:0b:a7:36:0d:62:
28:12:8a:30:36:37:28:31:89:23:48:e5:fa:03:30:d1:1d:12:
91:89:83:a5:aa:63:1d:71:ef:da:94:b7:56:35:49:54:19:35:
89:fa:44:0b:44:05:ca:da:1c:a1:fc:87:89:df:b1:81:d6:94:
fb:cc:21:59:b1:3d:18:b2:20:b8:31:75:90:ed:b5:85:2d:e4:
34:16:ea:cf:00:b7:e0:7d:f9:10:01:df:5e:7d:46:0b:6e:5c:
c4:b3:da:e7:64:fd:56:6c:5f:d4:41:6f:bb:cd:a5:f7:eb:7c:
d2:ea:34:dd:6c:08:61:6a:cf:a7:64:a1:6d:d1:90:71:0d:7f:
bf:e4:67:15:0c:9c:9a:96:ab:03:e3:a7:60:7c:e9:2a:2e:02:
bf:b2:67:58:74:83:a8:ef:96:9c:f1:4e:88:37:2b:71:ea:e3:
d1:1a:8b:a8:3a:a3:74:b7:e5:ab:cd:fc:7f:84:64:0d:0f:dc:
31:59:28:70:72:c0:9c:88:18:79:93:7f:65:95:1e:34:f6:6d:
43:b0:18:fa:61:51:68:62:c3:6f:29:e9:1b:a8:d1:2d:e7:eb:
d5:7d:67:56
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgICBwQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjQwMTMxMDAxMjI5WhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWI5OTA2ZC03YzBlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwpnj3pIUs/RN7rn47bCIMytbv0wBVqAfVhlVW9PQBYRFtVwldrLLfy3Cecr5
bk7hBANI8BeBgYksl68FxTO3TPDR0NUjo0n0s1PzOAQtfD4a+HcyCj3zIQk7skFe
AvFMZe7qye4/1nkEQPdSzxyiBd//cXpedpn+xF8XLLY07wepxI/f9KE4pmm6Ma1B
vlhCPRpxbNQAPXZhvlOeHyGiaVErH0P8VtMB4q1+VcE468hOfZVq5xHuDGX63t2t
NWiHJAAePmzqtx9cIBgb02RPG8HH+pYc+BW12A39Vkr8ycBxo31Jui2IlYp4KfJ6
+3ogn/MXjKcL0VaLmhAWPY3KXQIDAQABo4ICszCCAq8wHQYDVR0OBBYEFJAs0LN7
YQb4NGc7/zho8HKm6G5PMB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvMERBMTY2RTY5
QTRDMTFFRTgwN0Y4NDEyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPQYIKwYBBQUHAQcBAf8E
LjAsMCoEAgABMCQDBALKi+wDBADKi/wDBADKlJMDBAHLG+IDBATS95ADBAHS9+4w
DQYJKoZIhvcNAQELBQADggEBAGRwVylxGFPGave/glCDqsaR1tVwgecy9vrIyVnt
k8sLpzYNYigSijA2NygxiSNI5foDMNEdEpGJg6WqYx1x79qUt1Y1SVQZNYn6RAtE
BcraHKH8h4nfsYHWlPvMIVmxPRiyILgxdZDttYUt5DQW6s8At+B9+RAB3159Rgtu
XMSz2udk/VZsX9RBb7vNpffrfNLqNN1sCGFqz6dkoW3RkHENf7/kZxUMnJqWqwPj
p2B86SouAr+yZ1h0g6jvlpzxTog3K3Hq49Eai6g6o3S35avN/H+EZA0P3DFZKHBy
wJyIGHmTf2WVHjT2bUOwGPphUWhiw28p6Ruo0S3n69V9Z1Y=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:37:31 2025 by rpki-client