Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/68CC1FD4DB6611EDB3746966C4F9AE02.roa
File: 68CC1FD4DB6611EDB3746966C4F9AE02.roa (raw, json)
Hash identifier: srjDYNjq+0+kHqMirsI83MSlmzcN6A+R/VGDkUJqGpw=
Subject key identifier: 0B:A9:6B:E1:65:42:AE:A9:E9:21:21:AE:B3:F6:A8:4D:B4:46:56:0B
Certificate issuer: /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial: 0606
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/68CC1FD4DB6611EDB3746966C4F9AE02.roa
Signing time: Sat 06 May 2023 22:41:28 +0000
ROA not before: Sat 06 May 2023 22:41:28 +0000
ROA not after: Sun 31 Mar 2024 00:00:00 +0000
asID: 49999
IP address blocks: 202.139.240.0/22 maxlen: 24
202.139.244.0/22 maxlen: 24
202.139.248.0/22 maxlen: 24
202.148.136.0/22 maxlen: 24
210.247.204.0/22 maxlen: 24
210.247.208.0/22 maxlen: 24
210.247.212.0/22 maxlen: 24
210.247.228.0/22 maxlen: 24
210.247.236.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1542 (0x606)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CB7AB
Validity
Not Before: May 6 22:41:28 2023 GMT
Not After : Mar 31 00:00:00 2024 GMT
Subject: CN=6456d798-a8dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:7e:cb:1c:37:3b:9e:e2:b4:2b:88:86:d3:cf:
d2:96:71:4e:bb:5c:f4:0b:f8:69:d5:a6:14:93:50:
b8:fb:81:4f:f7:58:d8:8a:49:3f:34:95:4d:4c:d1:
36:b3:3e:09:9d:dd:bd:7d:3a:8e:28:d8:07:14:a8:
d5:b5:8e:e4:c5:20:82:8e:80:b6:2a:50:c6:f7:5f:
8c:f6:2c:c2:96:1b:58:2a:96:b2:a2:0b:c9:a0:14:
d7:b8:92:17:06:9b:64:d0:b8:84:cb:9d:03:1a:c5:
0f:2a:77:33:a8:e9:76:82:49:86:c6:97:3b:84:37:
79:54:52:c7:5c:55:82:20:50:38:ae:7e:6d:76:39:
3a:09:fd:d1:7d:d7:b7:07:48:b3:de:eb:1b:af:04:
82:a0:0e:db:d6:b3:cd:56:1f:3a:fe:de:66:44:16:
5d:2f:13:3f:95:12:0f:23:d3:cf:36:7e:a2:8e:bd:
46:b3:d2:c7:51:23:92:d3:be:1c:d8:f6:22:8a:6d:
95:96:9e:d4:4d:6d:99:e1:10:65:17:39:e9:68:cd:
37:cf:21:80:58:6c:ce:14:88:31:f5:27:c1:ea:1f:
ff:c8:a2:e7:11:88:9b:33:bc:0c:ea:dc:69:b4:5a:
04:47:c5:b4:7f:bd:c2:83:0a:de:ed:b7:6c:e6:ef:
04:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:A9:6B:E1:65:42:AE:A9:E9:21:21:AE:B3:F6:A8:4D:B4:46:56:0B
X509v3 Authority Key Identifier:
keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/68CC1FD4DB6611EDB3746966C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.139.240.0-202.139.251.255
202.148.136.0/22
210.247.204.0-210.247.215.255
210.247.228.0/22
210.247.236.0/22
Signature Algorithm: sha256WithRSAEncryption
c4:f7:17:a5:7e:d8:ff:ee:b8:51:f1:c0:8f:f7:0e:97:20:de:
32:4b:4b:6f:94:6e:da:c1:3c:8f:06:bd:e1:ef:84:05:55:28:
b0:8b:7d:9c:5b:21:c1:42:43:fe:05:a0:15:85:84:62:db:12:
e1:09:2c:67:23:74:b1:79:8f:37:fb:7a:85:5a:cb:cc:9e:88:
92:c1:cb:ab:bd:1a:ed:8e:64:77:a9:c9:e6:3d:83:02:39:98:
7e:7f:3b:ce:51:a8:24:21:9b:0e:18:67:b2:9d:00:a3:58:33:
e0:51:0b:42:a1:cb:a4:cb:74:fe:13:19:cb:ac:bc:d8:65:8b:
ef:25:a4:75:c1:aa:20:e9:66:f6:bb:20:6b:52:7a:db:09:3d:
2c:30:e9:e2:05:27:5e:e6:c5:5c:cf:4d:5e:6d:ca:62:fc:31:
51:3b:9a:3d:6a:57:e4:75:71:51:78:47:65:ca:2d:84:bb:c2:
1f:a2:67:3f:2c:c9:2a:bb:6c:24:fc:59:3b:e8:d8:f3:fa:58:
68:52:0f:26:74:60:bf:3f:66:7f:43:7a:c6:e6:19:2f:34:c8:
e3:7a:a1:e9:12:5f:8d:c6:1b:4b:8e:ca:77:9f:81:2e:11:e6:
f9:cf:b2:0e:eb:c0:2e:b4:5c:66:85:67:5e:50:24:46:84:b2:
09:92:2e:8d
-----BEGIN CERTIFICATE-----
MIIFmTCCBIGgAwIBAgICBgYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjMwNTA2MjI0MTI4WhcNMjQwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDU2ZDc5OC1hOGRjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtX7LHDc7nuK0K4iG08/SlnFOu1z0C/hp1aYUk1C4+4FP91jYikk/NJVNTNE2
sz4Jnd29fTqOKNgHFKjVtY7kxSCCjoC2KlDG91+M9izClhtYKpayogvJoBTXuJIX
Bptk0LiEy50DGsUPKnczqOl2gkmGxpc7hDd5VFLHXFWCIFA4rn5tdjk6Cf3Rfde3
B0iz3usbrwSCoA7b1rPNVh86/t5mRBZdLxM/lRIPI9PPNn6ijr1Gs9LHUSOS074c
2PYiim2Vlp7UTW2Z4RBlFznpaM03zyGAWGzOFIgx9SfB6h//yKLnEYibM7wM6txp
tFoER8W0f73Cgwre7bds5u8ESQIDAQABo4ICvTCCArkwHQYDVR0OBBYEFAupa+Fl
Qq6p6SEhrrP2qE20RlYLMB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvNjhDQzFGRDRE
QjY2MTFFREIzNzQ2OTY2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRwYIKwYBBQUHAQcBAf8E
ODA2MDQEAgABMC4wDAMEBMqL8AMEAsqL+AMEAsqUiDAMAwQC0vfMAwQD0vfQAwQC
0vfkAwQC0vfsMA0GCSqGSIb3DQEBCwUAA4IBAQDE9xelftj/7rhR8cCP9w6XIN4y
S0tvlG7awTyPBr3h74QFVSiwi32cWyHBQkP+BaAVhYRi2xLhCSxnI3SxeY83+3qF
WsvMnoiSwcurvRrtjmR3qcnmPYMCOZh+fzvOUagkIZsOGGeynQCjWDPgUQtCocuk
y3T+ExnLrLzYZYvvJaR1waog6Wb2uyBrUnrbCT0sMOniBSde5sVcz01ebcpi/DFR
O5o9alfkdXFReEdlyi2Eu8Ifomc/LMkqu2wk/Fk76Njz+lhoUg8mdGC/P2Z/Q3rG
5hkvNMjjeqHpEl+NxhtLjsp3n4EuEeb5z7IO68AutFxmhWdeUCRGhLIJki6N
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:38:49 2025 by rpki-client