Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/4C637AF4A53D11ED84E1537CC4F9AE02.roa
File: 4C637AF4A53D11ED84E1537CC4F9AE02.roa (raw, json)
Hash identifier: I2Fg5w1htOdQoXSgonapFO+8z5v9i5dE9qF8PqmUjiE=
Subject key identifier: 7E:14:91:7E:20:FD:F2:0A:BA:41:9E:67:E3:B6:FC:C7:65:5B:B6:9D
Certificate issuer: /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial: 059C
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/4C637AF4A53D11ED84E1537CC4F9AE02.roa
Signing time: Thu 09 Feb 2023 11:10:26 +0000
ROA not before: Thu 09 Feb 2023 11:10:26 +0000
ROA not after: Sun 31 Mar 2024 00:00:00 +0000
asID: 834
IP address blocks: 202.139.240.0/20 maxlen: 20
202.148.128.0/20 maxlen: 20
202.148.144.0/20 maxlen: 20
203.147.128.0/21 maxlen: 21
203.147.136.0/21 maxlen: 21
203.147.144.0/21 maxlen: 21
203.147.152.0/21 maxlen: 21
203.147.160.0/20 maxlen: 20
203.147.176.0/20 maxlen: 20
203.147.192.0/20 maxlen: 20
203.147.208.0/20 maxlen: 20
203.147.224.0/20 maxlen: 20
203.147.240.0/20 maxlen: 20
210.247.128.0/19 maxlen: 19
210.247.160.0/19 maxlen: 19
210.247.192.0/21 maxlen: 21
210.247.200.0/21 maxlen: 21
210.247.208.0/21 maxlen: 21
210.247.216.0/21 maxlen: 21
210.247.224.0/21 maxlen: 24
210.247.232.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1436 (0x59c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CB7AB
Validity
Not Before: Feb 9 11:10:26 2023 GMT
Not After : Mar 31 00:00:00 2024 GMT
Subject: CN=63e4d4a1-1bf6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:83:c0:39:77:25:26:7c:70:3b:4e:f4:f9:22:
d2:66:b8:58:58:22:57:a4:5f:a8:99:7b:71:61:6e:
b7:01:84:c3:2f:ef:cc:84:7e:7b:3a:40:02:c0:bc:
58:08:12:a2:c4:72:96:77:f4:f6:2e:ef:20:93:30:
69:17:a2:7b:d1:78:1f:f3:bd:3c:c0:62:bc:6a:39:
e9:ed:30:dd:0b:0c:3f:09:8e:8e:01:fe:31:c8:e8:
eb:b3:6d:56:37:4e:de:60:ce:e2:7f:77:de:9a:3e:
7b:45:13:38:08:b1:c7:4f:55:de:21:d3:52:21:35:
eb:68:c2:48:31:75:fe:cc:8a:f5:e6:7f:36:fe:c2:
9a:bb:2f:46:22:25:43:11:5b:7b:8b:a3:1c:f4:0b:
19:5b:d1:e5:13:0b:80:ce:b1:38:bb:4c:fe:75:39:
bb:5c:32:f3:4f:83:09:30:92:16:4e:6e:19:fa:cb:
a0:da:2f:b8:27:92:ac:fe:92:e7:6c:9a:f4:6d:9c:
e9:03:99:5a:92:8e:96:95:11:1f:3c:36:90:19:a5:
a5:35:4a:13:df:bb:36:33:bd:54:52:ff:f1:55:51:
83:93:88:e3:6a:25:58:a7:c3:b0:31:ec:be:bc:92:
da:cb:af:6f:f8:41:36:19:55:e9:66:00:7d:54:a3:
cb:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:14:91:7E:20:FD:F2:0A:BA:41:9E:67:E3:B6:FC:C7:65:5B:B6:9D
X509v3 Authority Key Identifier:
keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/4C637AF4A53D11ED84E1537CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.139.240.0/20
202.148.128.0/19
203.147.128.0/17
210.247.128.0-210.247.239.255
Signature Algorithm: sha256WithRSAEncryption
83:e3:91:39:00:95:36:44:22:72:16:82:c2:07:65:66:e2:0d:
bd:05:0b:20:c0:1e:2a:30:ad:9a:81:e1:04:72:ed:c5:a6:6f:
0c:be:48:07:f4:90:41:cb:bd:28:62:2b:4e:ae:76:fb:58:fe:
f5:37:b1:2c:c7:42:81:24:43:6d:f1:7e:8e:0a:f0:9e:27:04:
b6:d7:45:8b:9b:21:91:36:93:a4:2e:40:a9:c6:97:08:49:3f:
5c:f0:05:19:ef:9a:00:78:e2:bb:77:32:1d:bf:57:c8:4c:a5:
7d:28:39:99:ee:89:71:b9:a5:70:02:d9:53:a4:90:44:5a:e7:
b5:b2:8e:57:cf:48:59:04:05:f6:17:cb:35:5a:6f:e7:bc:fc:
91:ef:46:5c:a6:70:f1:0b:ab:c0:26:d5:36:fe:da:b4:8f:d1:
90:c3:2b:ae:37:94:10:53:8a:d9:cd:23:16:f9:c9:c8:28:02:
20:e5:dd:ff:fc:56:a5:f6:84:cc:fb:84:f5:07:ee:75:df:3b:
42:da:35:b1:71:0f:a7:55:0e:0b:0d:4a:1c:d6:1c:05:51:99:
b8:ab:1f:ca:ca:65:fe:dc:73:0b:59:68:cb:34:80:8e:40:7b:
b3:e9:cd:27:ce:64:98:ae:96:9e:16:08:80:43:35:51:5e:14:
5d:ed:66:79
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICBZwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjMwMjA5MTExMDI2WhcNMjQwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2U0ZDRhMS0xYmY2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA9YPAOXclJnxwO070+SLSZrhYWCJXpF+omXtxYW63AYTDL+/MhH57OkACwLxY
CBKixHKWd/T2Lu8gkzBpF6J70Xgf8708wGK8ajnp7TDdCww/CY6OAf4xyOjrs21W
N07eYM7if3femj57RRM4CLHHT1XeIdNSITXraMJIMXX+zIr15n82/sKauy9GIiVD
EVt7i6Mc9AsZW9HlEwuAzrE4u0z+dTm7XDLzT4MJMJIWTm4Z+sug2i+4J5Ks/pLn
bJr0bZzpA5lako6WlREfPDaQGaWlNUoT37s2M71UUv/xVVGDk4jjaiVYp8OwMey+
vJLay69v+EE2GVXpZgB9VKPLlQIDAQABo4ICrzCCAqswHQYDVR0OBBYEFH4UkX4g
/fIKukGeZ+O2/MdlW7adMB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvNEM2MzdBRjRB
NTNEMTFFRDg0RTE1MzdDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMCYEAgABMCADBATKi/ADBAXKlIADBAfLk4AwDAMEB9L3gAMEBNL34DANBgkq
hkiG9w0BAQsFAAOCAQEAg+OROQCVNkQichaCwgdlZuINvQULIMAeKjCtmoHhBHLt
xaZvDL5IB/SQQcu9KGIrTq52+1j+9TexLMdCgSRDbfF+jgrwnicEttdFi5shkTaT
pC5AqcaXCEk/XPAFGe+aAHjiu3cyHb9XyEylfSg5me6JcbmlcALZU6SQRFrntbKO
V89IWQQF9hfLNVpv57z8ke9GXKZw8QurwCbVNv7atI/RkMMrrjeUEFOK2c0jFvnJ
yCgCIOXd//xWpfaEzPuE9Qfudd87Qto1sXEPp1UOCw1KHNYcBVGZuKsfyspl/txz
C1loyzSAjkB7s+nNJ85kmK6WnhYIgEM1UV4UXe1meQ==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:36:46 2025 by rpki-client