Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/39FC9C9AE4F911EEA9F9CA4BC4F9AE02.roa
File: 39FC9C9AE4F911EEA9F9CA4BC4F9AE02.roa (raw, json)
Hash identifier: jEeorARAxrOadb7ItxkqLKbl9okbJNSrNoJuDE8UmE4=
Subject key identifier: 16:92:83:2C:1A:67:5F:B9:21:74:18:A3:05:21:B4:14:8A:6F:79:CF
Certificate issuer: /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial: 0736
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/39FC9C9AE4F911EEA9F9CA4BC4F9AE02.roa
Signing time: Mon 18 Mar 2024 07:29:17 +0000
ROA not before: Mon 18 Mar 2024 07:29:17 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 5065
IP address blocks: 202.139.244.0/22 maxlen: 24
203.147.224.0/23 maxlen: 24
203.147.232.0/23 maxlen: 24
203.147.234.0/23 maxlen: 24
203.147.238.0/23 maxlen: 24
210.247.128.0/21 maxlen: 24
210.247.160.0/21 maxlen: 24
210.247.208.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1846 (0x736)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CB7AB
Validity
Not Before: Mar 18 07:29:17 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=65f7ed4c-741a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:d1:4b:82:8d:1e:5c:d2:de:74:9c:24:36:a3:
4e:f0:5d:28:6c:37:4e:d1:aa:e9:ee:37:1c:8a:c5:
19:04:ef:1d:7c:f7:8a:57:ca:59:e9:52:33:74:ba:
df:ff:9c:a1:78:a0:21:97:75:76:5f:38:9b:4f:1e:
4f:46:3c:4b:6f:af:06:76:52:71:53:85:08:29:76:
c1:d2:36:76:6f:4f:39:fb:ad:9d:de:03:4b:f8:a3:
ef:c4:ae:c7:4f:f2:0b:46:be:d7:87:ea:db:55:cd:
35:46:92:25:5a:72:be:8b:95:6e:b4:4f:95:0e:e9:
cb:0e:cd:54:d6:2d:96:44:f3:5d:0b:75:f9:11:40:
5a:a4:0d:da:2b:e5:a6:d0:89:c2:19:0e:e5:81:30:
78:71:a0:1e:98:cf:de:7d:3d:26:33:67:6b:77:f2:
53:83:68:4e:89:c8:c8:cc:9a:31:4c:94:61:c9:d0:
de:db:af:fb:35:dd:bc:9f:0a:1d:8c:d1:06:1b:f8:
f1:65:ee:50:ea:28:eb:b3:8d:7e:da:70:f9:72:ca:
f3:98:9c:4e:bc:d1:71:a6:c2:9a:7e:ef:02:2e:fa:
c1:d3:39:98:a5:0b:18:b3:ba:45:38:f4:ba:0f:79:
a9:ea:1c:2d:7f:01:ec:3a:4e:e1:cd:63:5a:83:8b:
3b:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:92:83:2C:1A:67:5F:B9:21:74:18:A3:05:21:B4:14:8A:6F:79:CF
X509v3 Authority Key Identifier:
keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/39FC9C9AE4F911EEA9F9CA4BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.139.244.0/22
203.147.224.0/23
203.147.232.0/22
203.147.238.0/23
210.247.128.0/21
210.247.160.0/21
210.247.208.0/22
Signature Algorithm: sha256WithRSAEncryption
d3:db:20:57:4b:c2:77:19:ba:15:1a:e4:e0:bd:fa:8f:cb:98:
d1:ea:5a:98:3e:54:c2:aa:10:e5:9c:ee:a7:39:76:85:4a:02:
af:8a:43:8f:22:dd:ee:dc:3a:a3:e3:88:cf:ee:3b:5e:ed:0f:
17:6f:fe:10:04:bf:77:6b:8e:28:ed:65:fa:f5:c3:f7:f1:60:
b6:b5:24:ef:bd:65:f1:9b:af:9b:45:7f:40:a7:1c:5a:fc:be:
0b:26:a1:65:f6:c0:72:90:6f:66:99:3b:16:91:14:eb:6b:4d:
f4:5b:91:bc:25:80:72:c0:08:1e:33:a1:72:11:f4:b9:7e:7c:
f0:2e:49:cf:a4:b9:19:71:6c:85:d6:c8:32:25:e3:74:45:a1:
c3:78:ba:f7:0e:60:e7:0a:10:02:b8:ba:5e:7b:5d:86:59:ce:
24:00:aa:cd:f7:1e:2d:fc:80:1f:94:45:3a:bd:bb:cf:00:52:
3d:1d:f7:a7:0f:37:88:8c:3a:9b:c1:f3:a7:70:4e:9b:5e:5e:
0e:f0:5d:69:de:e5:17:3c:41:25:d5:af:78:a4:69:ca:83:31:
45:3c:64:80:bb:6c:39:63:d4:d6:a9:e2:65:92:d0:da:3b:a7:
d5:52:27:7d:1b:83:4c:1c:c0:e9:a0:4a:5c:a7:c4:fa:ca:39:
6a:60:87:75
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgICBzYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjQwMzE4MDcyOTE3WhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWY3ZWQ0Yy03NDFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA49FLgo0eXNLedJwkNqNO8F0obDdO0arp7jccisUZBO8dfPeKV8pZ6VIzdLrf
/5yheKAhl3V2XzibTx5PRjxLb68GdlJxU4UIKXbB0jZ2b085+62d3gNL+KPvxK7H
T/ILRr7Xh+rbVc01RpIlWnK+i5VutE+VDunLDs1U1i2WRPNdC3X5EUBapA3aK+Wm
0InCGQ7lgTB4caAemM/efT0mM2drd/JTg2hOicjIzJoxTJRhydDe26/7Nd28nwod
jNEGG/jxZe5Q6ijrs41+2nD5csrzmJxOvNFxpsKafu8CLvrB0zmYpQsYs7pFOPS6
D3mp6hwtfwHsOk7hzWNag4s7zQIDAQABo4ICuTCCArUwHQYDVR0OBBYEFBaSgywa
Z1+5IXQYowUhtBSKb3nPMB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvMzlGQzlDOUFF
NEY5MTFFRUE5RjlDQTRCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQwYIKwYBBQUHAQcBAf8E
NDAyMDAEAgABMCoDBALKi/QDBAHLk+ADBALLk+gDBAHLk+4DBAPS94ADBAPS96AD
BALS99AwDQYJKoZIhvcNAQELBQADggEBANPbIFdLwncZuhUa5OC9+o/LmNHqWpg+
VMKqEOWc7qc5doVKAq+KQ48i3e7cOqPjiM/uO17tDxdv/hAEv3drjijtZfr1w/fx
YLa1JO+9ZfGbr5tFf0CnHFr8vgsmoWX2wHKQb2aZOxaRFOtrTfRbkbwlgHLACB4z
oXIR9Ll+fPAuSc+kuRlxbIXWyDIl43RFocN4uvcOYOcKEAK4ul57XYZZziQAqs33
Hi38gB+URTq9u88AUj0d96cPN4iMOpvB86dwTpteXg7wXWne5Rc8QSXVr3ikacqD
MUU8ZIC7bDlj1Nap4mWS0No7p9VSJ30bg0wcwOmgSlynxPrKOWpgh3U=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:32:16 2025 by rpki-client