Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/8A8DFF6C850111EEAE266623C4F9AE02.roa
File: 8A8DFF6C850111EEAE266623C4F9AE02.roa (raw, json)
Hash identifier: Xw2BLPgM2RNPX1eqkWzl1/ypOu26MxEt5qxbDQj2UNE=
Subject key identifier: B4:46:7F:92:AF:B9:32:AC:29:24:86:DF:78:D2:AF:9C:3E:3F:4D:79
Certificate issuer: /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial: 0783
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/8A8DFF6C850111EEAE266623C4F9AE02.roa
Signing time: Sun 23 Jun 2024 23:50:54 +0000
ROA not before: Sun 23 Jun 2024 23:50:54 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 7496
IP address blocks: 202.139.224.0/19 maxlen: 24
202.148.128.0/19 maxlen: 24
203.27.226.0/23 maxlen: 24
203.32.8.0/21 maxlen: 24
203.147.128.0/20 maxlen: 24
203.147.224.0/19 maxlen: 24
210.247.128.0/18 maxlen: 24
210.247.208.0/20 maxlen: 24
210.247.224.0/20 maxlen: 24
2405:8800::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1923 (0x783)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CB7AB
Validity
Not Before: Jun 23 23:50:54 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=6678b4de-6887
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:2e:16:50:c6:a6:4d:08:e1:de:b9:40:4a:9f:
25:4b:77:3f:0b:42:dd:85:6a:b8:31:d5:f8:d8:73:
c7:a4:36:a7:a2:f2:83:02:e4:85:3f:57:36:1e:b5:
18:3e:54:f4:49:f3:0b:c0:4a:c4:f2:c8:ad:59:c4:
a3:21:91:c1:2d:51:3f:88:ee:3e:eb:cc:2e:58:02:
9d:5b:f9:98:52:25:e1:9d:18:ce:d1:6a:57:c6:14:
ff:49:83:cf:b9:09:2a:37:ce:c5:9c:0d:c5:cc:db:
21:29:e3:5f:68:7d:b5:71:86:ec:34:a9:58:65:07:
0d:33:5c:16:ea:53:40:c6:42:85:0e:3f:8f:2b:3a:
13:1d:65:a7:22:01:e8:82:52:54:e3:8b:e3:dc:63:
23:61:3b:4a:86:42:55:b4:61:71:88:cc:ab:37:9f:
c3:94:47:78:e2:e9:2f:49:78:01:56:cc:15:d3:03:
f1:06:02:f7:1a:1e:ab:c9:6e:53:46:d6:30:97:b5:
75:ae:84:07:fe:34:42:5b:70:52:2d:86:c4:b1:4b:
30:ad:87:b1:85:87:85:24:3c:2a:d3:76:e4:3d:98:
b9:7a:87:9a:26:b5:ed:b6:e0:d8:93:20:44:68:96:
c2:dc:c7:e7:da:91:f2:cd:fa:11:ba:09:8a:b0:82:
af:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:46:7F:92:AF:B9:32:AC:29:24:86:DF:78:D2:AF:9C:3E:3F:4D:79
X509v3 Authority Key Identifier:
keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/8A8DFF6C850111EEAE266623C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.139.224.0/19
202.148.128.0/19
203.27.226.0/23
203.32.8.0/21
203.147.128.0/20
203.147.224.0/19
210.247.128.0/18
210.247.208.0-210.247.239.255
IPv6:
2405:8800::/32
Signature Algorithm: sha256WithRSAEncryption
a8:71:1f:e5:6d:78:79:8c:9a:b2:06:d9:81:75:93:02:9b:29:
eb:17:e1:09:c0:ea:4b:72:9e:6b:fd:fe:6b:1e:75:0b:ca:0a:
45:33:bb:f1:bf:6f:ed:f3:e2:0b:a4:a1:53:a8:f8:21:99:0c:
96:db:06:c3:1b:41:19:96:be:42:cd:51:7b:8e:25:a0:87:87:
b6:f4:01:8c:4e:24:60:66:a5:3c:16:80:39:4f:3b:49:60:a0:
24:82:e0:8c:f5:aa:ab:d6:aa:af:cc:42:49:d0:9c:00:3e:98:
d1:e3:ef:3e:3f:6f:d6:d2:42:98:a3:a1:97:50:89:8a:30:ea:
4f:23:a0:48:10:b9:3f:7e:84:b6:a0:aa:bd:d5:05:23:c6:40:
9b:02:d8:b7:0a:28:6b:dc:af:18:59:03:93:72:5a:6f:f4:b0:
48:24:83:68:32:8a:a5:1d:9f:3c:7a:07:67:7f:1e:c1:0c:a2:
30:2f:6c:ab:72:44:00:fe:81:24:2d:16:aa:52:ee:4a:30:8d:
d0:25:b6:09:e4:d9:a1:db:56:ca:ad:36:23:b4:d0:7c:e8:11:
4d:45:02:91:82:e5:ad:ab:7e:57:f5:1e:01:46:5d:9c:e4:0b:
68:09:7c:84:9d:17:83:ff:71:00:ae:08:65:c4:e2:74:a3:95:
93:61:c4:d2
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgICB4MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjQwNjIzMjM1MDU0WhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Njc4YjRkZS02ODg3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0i4WUMamTQjh3rlASp8lS3c/C0LdhWq4MdX42HPHpDanovKDAuSFP1c2HrUY
PlT0SfMLwErE8sitWcSjIZHBLVE/iO4+68wuWAKdW/mYUiXhnRjO0WpXxhT/SYPP
uQkqN87FnA3FzNshKeNfaH21cYbsNKlYZQcNM1wW6lNAxkKFDj+PKzoTHWWnIgHo
glJU44vj3GMjYTtKhkJVtGFxiMyrN5/DlEd44ukvSXgBVswV0wPxBgL3Gh6ryW5T
RtYwl7V1roQH/jRCW3BSLYbEsUswrYexhYeFJDwq03bkPZi5eoeaJrXttuDYkyBE
aJbC3Mfn2pHyzfoRugmKsIKvHwIDAQABo4IC1jCCAtIwHQYDVR0OBBYEFLRGf5Kv
uTKsKSSG33jSr5w+P015MB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvOEE4REZGNkM4
NTAxMTFFRUFFMjY2NjIzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwYAYIKwYBBQUHAQcBAf8E
UTBPMD4EAgABMDgDBAXKi+ADBAXKlIADBAHLG+IDBAPLIAgDBATLk4ADBAXLk+AD
BAbS94AwDAMEBNL30AMEBNL34DANBAIAAjAHAwUAJAWIADANBgkqhkiG9w0BAQsF
AAOCAQEAqHEf5W14eYyasgbZgXWTApsp6xfhCcDqS3Kea/3+ax51C8oKRTO78b9v
7fPiC6ShU6j4IZkMltsGwxtBGZa+Qs1Re44loIeHtvQBjE4kYGalPBaAOU87SWCg
JILgjPWqq9aqr8xCSdCcAD6Y0ePvPj9v1tJCmKOhl1CJijDqTyOgSBC5P36EtqCq
vdUFI8ZAmwLYtwooa9yvGFkDk3Jab/SwSCSDaDKKpR2fPHoHZ38ewQyiMC9sq3JE
AP6BJC0WqlLuSjCN0CW2CeTZodtWyq02I7TQfOgRTUUCkYLlrat+V/UeAUZdnOQL
aAl8hJ0Xg/9xAK4IZcTidKOVk2HE0g==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:32:19 2025 by rpki-client