Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/6EA65A5C324911EEBB9DF032C4F9AE02.roa
File: 6EA65A5C324911EEBB9DF032C4F9AE02.roa (raw, json)
Hash identifier: LqlxzHCHC68DKJ5YZ3bY8WZTZkQ5UBQzPMjqNMMEt5Q=
Subject key identifier: EE:79:DC:B8:89:A7:93:8F:C3:0E:CD:AF:74:71:A0:C5:6C:61:03:03
Certificate issuer: /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial: 0660
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/6EA65A5C324911EEBB9DF032C4F9AE02.roa
Signing time: Thu 03 Aug 2023 22:02:27 +0000
ROA not before: Thu 03 Aug 2023 22:02:27 +0000
ROA not after: Sun 31 Mar 2024 00:00:00 +0000
asID: 49999
IP address blocks: 202.139.244.0/22 maxlen: 24
202.139.248.0/22 maxlen: 24
202.148.136.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1632 (0x660)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CB7AB
Validity
Not Before: Aug 3 22:02:27 2023 GMT
Not After : Mar 31 00:00:00 2024 GMT
Subject: CN=64cc23f2-a387
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:48:0b:c1:70:90:08:bc:3d:43:4a:32:71:16:
57:9a:94:6f:7b:43:9c:a2:32:36:3d:6e:11:97:ee:
bd:07:a7:a7:f2:bd:43:d2:f4:f1:d5:d7:e4:6a:f1:
04:32:64:91:df:ba:4d:9b:2e:72:72:3d:2c:38:02:
97:4f:84:12:e1:fb:4b:dc:d7:63:6c:5b:9b:5e:86:
1c:e6:18:f1:53:dd:61:cd:89:63:15:b9:a8:4f:87:
9d:be:ce:e3:95:ae:bb:3a:67:2a:fb:1f:77:b0:69:
fd:3e:0c:c2:83:f1:34:94:e6:6a:66:3c:a3:21:42:
e6:44:a1:03:d2:bc:d5:38:45:d4:91:70:84:15:e9:
bc:2b:7c:c6:c1:de:14:49:d1:86:41:df:30:6d:48:
9f:27:ee:75:26:17:11:8c:df:7a:9a:bc:ce:20:ba:
a7:f1:2e:dd:9e:1e:5b:9b:af:20:ce:dc:b1:31:48:
b4:d7:74:2e:15:57:33:4f:24:01:16:f7:8b:3f:3a:
ac:3c:2f:f6:41:27:33:ac:91:2d:26:03:26:93:a0:
4a:a2:45:11:9d:00:83:4d:b5:b0:2c:38:f7:48:df:
d3:38:d4:4b:13:df:0f:23:ad:63:79:60:29:1b:38:
dc:d1:4e:36:01:87:15:0c:7d:5c:ec:26:f5:89:8b:
25:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:79:DC:B8:89:A7:93:8F:C3:0E:CD:AF:74:71:A0:C5:6C:61:03:03
X509v3 Authority Key Identifier:
keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/6EA65A5C324911EEBB9DF032C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.139.244.0-202.139.251.255
202.148.136.0/22
Signature Algorithm: sha256WithRSAEncryption
71:b3:76:2a:13:d4:e5:0d:54:2d:04:2b:a7:d5:4d:e7:98:df:
77:eb:c0:19:bd:f4:32:14:69:00:11:56:f9:60:57:e8:1b:34:
d9:6d:19:84:20:d6:b1:07:34:c6:05:17:82:97:a1:77:d0:fa:
94:38:fb:61:8d:6e:92:fe:e2:a4:63:f5:a5:46:45:11:9a:93:
2a:05:12:10:17:9c:8b:c3:bb:b5:d6:7e:07:a2:78:31:36:55:
66:26:8d:53:ae:3b:4d:77:c5:da:f9:22:95:1b:77:a8:c8:db:
8a:79:0f:6d:69:72:81:bc:ca:3d:f5:2f:e4:78:d9:86:be:c6:
bc:b9:4b:0f:1b:e8:c7:70:74:88:89:bd:58:a2:67:64:a9:1e:
e2:37:0b:30:68:f4:35:69:21:6d:f2:72:ba:95:8b:48:03:9f:
71:7c:78:54:b7:29:e4:fc:7d:a9:14:08:86:30:0a:4f:8a:05:
e7:31:b5:ab:ba:15:9f:b8:16:e5:93:9e:9b:1c:8c:7c:e2:2d:
e5:a1:82:7c:ce:1f:4e:51:d7:6e:7c:32:f6:79:9a:8d:e0:c6:
85:a1:d5:db:ff:83:f7:2a:88:4f:c7:0a:65:8e:04:e2:cc:0a:
17:d4:30:d5:30:ad:d9:cc:30:2e:6d:97:84:d3:4a:6c:98:6b:
81:24:d5:4d
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICBmAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjMwODAzMjIwMjI3WhcNMjQwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGNjMjNmMi1hMzg3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5UgLwXCQCLw9Q0oycRZXmpRve0OcojI2PW4Rl+69B6en8r1D0vTx1dfkavEE
MmSR37pNmy5ycj0sOAKXT4QS4ftL3NdjbFubXoYc5hjxU91hzYljFbmoT4edvs7j
la67Omcq+x93sGn9PgzCg/E0lOZqZjyjIULmRKED0rzVOEXUkXCEFem8K3zGwd4U
SdGGQd8wbUifJ+51JhcRjN96mrzOILqn8S7dnh5bm68gztyxMUi013QuFVczTyQB
FveLPzqsPC/2QSczrJEtJgMmk6BKokURnQCDTbWwLDj3SN/TONRLE98PI61jeWAp
Gzjc0U42AYcVDH1c7Cb1iYslKQIDAQABo4ICozCCAp8wHQYDVR0OBBYEFO553LiJ
p5OPww7Nr3RxoMVsYQMDMB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvNkVBNjVBNUMz
MjQ5MTFFRUJCOURGMDMyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQwDAMEAsqL9AMEAsqL+AMEAsqUiDANBgkqhkiG9w0BAQsFAAOC
AQEAcbN2KhPU5Q1ULQQrp9VN55jfd+vAGb30MhRpABFW+WBX6Bs02W0ZhCDWsQc0
xgUXgpehd9D6lDj7YY1ukv7ipGP1pUZFEZqTKgUSEBeci8O7tdZ+B6J4MTZVZiaN
U647TXfF2vkilRt3qMjbinkPbWlygbzKPfUv5HjZhr7GvLlLDxvox3B0iIm9WKJn
ZKke4jcLMGj0NWkhbfJyupWLSAOfcXx4VLcp5Px9qRQIhjAKT4oF5zG1q7oVn7gW
5ZOemxyMfOIt5aGCfM4fTlHXbnwy9nmajeDGhaHV2/+D9yqIT8cKZY4E4swKF9Qw
1TCt2cwwLm2XhNNKbJhrgSTVTQ==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:34:33 2025 by rpki-client