Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/A523335AC8FB11ED9D009F7AC4F9AE02.roa
File: A523335AC8FB11ED9D009F7AC4F9AE02.roa (raw, json)
Hash identifier: kAdSTQALJM4/g8qNpytCjuZo8fYCqBl4vqt2SiEk5XY=
Subject key identifier: 7B:AF:74:D0:E1:67:D6:73:DE:1E:C2:5B:81:A8:6C:86:9B:A9:EE:D5
Certificate issuer: /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial: 0705
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/A523335AC8FB11ED9D009F7AC4F9AE02.roa
Signing time: Wed 31 Jan 2024 00:12:29 +0000
ROA not before: Wed 31 Jan 2024 00:12:29 +0000
ROA not after: Mon 31 Mar 2025 00:00:00 +0000
asID: 200017
IP address blocks: 202.139.253.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1797 (0x705)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CB7AB
Validity
Not Before: Jan 31 00:12:29 2024 GMT
Not After : Mar 31 00:00:00 2025 GMT
Subject: CN=65b9906d-ac96
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:51:be:89:12:99:33:f0:13:ef:af:96:36:77:
bd:03:d7:36:1f:d9:43:76:b9:ec:3f:f3:8d:88:d1:
8e:55:6c:41:05:68:4d:c7:76:9a:44:60:8c:d9:23:
ab:eb:cf:f4:32:f3:76:ba:40:0c:4c:59:4e:7d:05:
e1:76:44:6f:22:1a:05:4a:df:9c:ee:48:3f:14:c6:
a9:eb:a5:51:58:f7:3a:b7:dc:a6:06:2a:fb:f0:15:
a9:32:59:ed:87:fd:e4:c1:35:fd:78:59:8c:2d:9b:
77:aa:fc:ba:61:0b:3e:f2:96:1d:73:47:5b:c0:f0:
57:39:08:da:31:32:58:5b:ba:d4:76:4c:a1:27:08:
be:bd:f4:1a:a1:4d:54:5e:fd:a2:fd:0c:90:b0:dc:
1b:01:a1:a3:15:94:fa:12:fe:7d:f5:b0:f5:12:f2:
0b:df:c8:c0:a2:a6:1f:91:e6:a5:33:f1:14:e3:08:
50:df:94:9d:bd:32:72:f4:05:c1:82:98:b9:8e:bf:
6e:67:e0:a0:71:9b:22:59:82:7f:95:61:a9:c0:f0:
3c:8d:1c:6f:bc:52:9c:91:f2:ee:15:a3:c5:fd:ac:
6c:7d:93:dd:9d:48:61:e4:9b:9f:2e:a0:e7:74:db:
c0:bf:26:b2:d4:91:0c:2c:1f:2c:fd:ef:c7:b3:a3:
ce:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:AF:74:D0:E1:67:D6:73:DE:1E:C2:5B:81:A8:6C:86:9B:A9:EE:D5
X509v3 Authority Key Identifier:
keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/A523335AC8FB11ED9D009F7AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.139.253.0/24
Signature Algorithm: sha256WithRSAEncryption
3f:ba:ad:a3:62:27:c4:ad:e2:82:91:88:28:58:6d:cb:c6:08:
1e:c0:26:b7:61:64:ca:16:cb:cb:dd:e6:80:71:73:31:f9:67:
96:be:13:cd:a7:20:ac:2f:c9:51:ff:d0:7c:7e:48:70:ef:d5:
ba:97:1c:fd:7b:5f:73:ae:11:f2:70:65:e2:63:6a:03:db:0a:
60:82:3b:30:fe:92:d1:58:5f:ab:c6:72:d8:3c:40:1d:53:1d:
07:8b:58:ad:83:6c:84:fe:66:a1:e9:3d:5c:d7:42:c9:93:37:
69:76:6e:6f:a0:b3:6b:21:95:53:68:77:42:32:af:2e:ae:47:
b5:16:61:6b:83:86:2b:06:05:4c:f1:90:c9:e7:97:17:a3:d9:
f6:84:59:76:10:92:b4:5e:13:3d:9a:e2:89:e4:68:c1:f4:c9:
ab:d4:02:19:b7:db:b3:79:0b:9c:95:5f:b8:eb:6c:ab:82:c9:
09:5a:28:9c:5e:61:bb:e3:20:06:44:0a:14:44:a4:6b:38:88:
f7:c1:c0:74:cd:19:05:61:08:92:a0:01:6a:ee:e0:c6:e3:26:
30:99:f5:94:be:81:54:59:3c:2d:cd:45:19:08:8d:b5:6b:6b:
f0:58:86:2d:a3:f7:df:02:25:19:06:9c:48:e1:6e:5c:14:76:
e6:91:55:73
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBwUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjQwMTMxMDAxMjI5WhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWI5OTA2ZC1hYzk2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqFG+iRKZM/AT76+WNne9A9c2H9lDdrnsP/ONiNGOVWxBBWhNx3aaRGCM2SOr
68/0MvN2ukAMTFlOfQXhdkRvIhoFSt+c7kg/FMap66VRWPc6t9ymBir78BWpMlnt
h/3kwTX9eFmMLZt3qvy6YQs+8pYdc0dbwPBXOQjaMTJYW7rUdkyhJwi+vfQaoU1U
Xv2i/QyQsNwbAaGjFZT6Ev599bD1EvIL38jAoqYfkealM/EU4whQ35SdvTJy9AXB
gpi5jr9uZ+CgcZsiWYJ/lWGpwPA8jRxvvFKckfLuFaPF/axsfZPdnUhh5JufLqDn
dNvAvyay1JEMLB8s/e/Hs6PORQIDAQABo4IClTCCApEwHQYDVR0OBBYEFHuvdNDh
Z9Zz3h7CW4GobIabqe7VMB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvQTUyMzMzNUFD
OEZCMTFFRDlEMDA5RjdBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADKi/0wDQYJKoZIhvcNAQELBQADggEBAD+6raNiJ8St4oKR
iChYbcvGCB7AJrdhZMoWy8vd5oBxczH5Z5a+E82nIKwvyVH/0Hx+SHDv1bqXHP17
X3OuEfJwZeJjagPbCmCCOzD+ktFYX6vGctg8QB1THQeLWK2DbIT+ZqHpPVzXQsmT
N2l2bm+gs2shlVNod0Iyry6uR7UWYWuDhisGBUzxkMnnlxej2faEWXYQkrReEz2a
4onkaMH0yavUAhm327N5C5yVX7jrbKuCyQlaKJxeYbvjIAZEChREpGs4iPfBwHTN
GQVhCJKgAWru4MbjJjCZ9ZS+gVRZPC3NRRkIjbVra/BYhi2j998CJRkGnEjhblwU
duaRVXM=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:33:47 2025 by rpki-client