Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/C0D17B98B2FD11EDBB69D92BC4F9AE02.roa
File: C0D17B98B2FD11EDBB69D92BC4F9AE02.roa (raw, json)
Hash identifier: Dr7SMsn35DzV3g3tLMsgERSyF8l9Hx3V7ZHukBHzacM=
Subject key identifier: 46:29:09:CE:28:67:92:38:97:16:C1:39:4B:AE:98:4F:4C:F0:BE:A7
Certificate issuer: /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial: 05B4
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/C0D17B98B2FD11EDBB69D92BC4F9AE02.roa
Signing time: Wed 22 Feb 2023 22:10:45 +0000
ROA not before: Wed 22 Feb 2023 22:10:45 +0000
ROA not after: Sun 31 Mar 2024 00:00:00 +0000
asID: 834
IP address blocks: 202.139.224.0/20 maxlen: 24
202.139.240.0/20 maxlen: 24
202.148.128.0/20 maxlen: 24
202.148.144.0/20 maxlen: 24
203.147.128.0/21 maxlen: 24
203.147.136.0/21 maxlen: 24
203.147.144.0/21 maxlen: 24
203.147.152.0/21 maxlen: 24
203.147.176.0/20 maxlen: 20
203.147.192.0/20 maxlen: 20
203.147.208.0/20 maxlen: 24
203.147.224.0/20 maxlen: 20
203.147.240.0/20 maxlen: 20
210.247.128.0/19 maxlen: 19
210.247.160.0/19 maxlen: 19
210.247.192.0/21 maxlen: 21
210.247.200.0/21 maxlen: 21
210.247.208.0/21 maxlen: 21
210.247.216.0/21 maxlen: 21
210.247.224.0/21 maxlen: 24
210.247.232.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1460 (0x5b4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CB7AB
Validity
Not Before: Feb 22 22:10:45 2023 GMT
Not After : Mar 31 00:00:00 2024 GMT
Subject: CN=63f692e5-c84c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:3d:27:e7:8c:7c:9c:10:56:0b:f3:68:0c:76:
3d:66:95:60:a1:f2:3f:0d:e5:a1:b9:9c:32:dc:92:
d6:ad:ff:ab:a1:72:a0:bd:48:01:60:ff:ac:61:24:
fe:99:64:1a:03:20:e3:7a:f5:38:c6:4d:54:e6:58:
b8:d8:92:8e:eb:27:35:08:84:13:cf:de:10:d9:19:
7e:cc:88:5b:fd:51:6f:00:7b:96:5c:db:84:3f:bb:
45:52:a2:ea:85:d8:17:68:8f:38:dd:9d:d1:4d:fe:
b9:da:03:d9:f9:85:42:c4:cd:e0:a3:84:b0:e2:37:
28:58:0a:e8:4f:87:37:a0:70:24:64:1e:6e:e1:06:
58:53:03:27:c7:15:30:f8:17:53:2c:cc:a6:5d:c8:
2d:3d:28:e6:db:29:4f:b5:e9:b8:ee:ca:79:98:03:
52:39:38:ba:a5:06:f1:98:ba:99:5f:bc:4a:8f:97:
51:7d:38:19:e7:66:8a:16:37:49:aa:c7:5f:bf:07:
bf:47:37:9e:f8:bb:5a:3b:48:c6:3d:88:28:fc:4a:
48:45:2f:53:2d:fa:f2:aa:27:a7:a3:4a:d0:56:61:
0f:3d:8c:0b:42:76:00:a2:7c:9a:7e:62:06:4d:61:
57:7b:a2:a1:83:2f:ff:18:7f:0e:66:28:80:45:58:
72:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:29:09:CE:28:67:92:38:97:16:C1:39:4B:AE:98:4F:4C:F0:BE:A7
X509v3 Authority Key Identifier:
keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/C0D17B98B2FD11EDBB69D92BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.139.224.0/19
202.148.128.0/19
203.147.128.0/19
203.147.176.0-203.147.255.255
210.247.128.0-210.247.239.255
Signature Algorithm: sha256WithRSAEncryption
59:d1:80:b9:02:1e:5c:dc:fc:e6:78:56:da:3d:38:04:01:63:
1d:63:fb:15:9d:91:6b:10:d4:45:0d:2e:2c:1d:86:9a:3d:d2:
ba:ed:a4:ad:31:b7:ee:b5:02:01:17:45:1e:c3:ed:df:78:ae:
b9:b7:a7:1d:a9:0d:07:22:b8:36:46:6f:40:ff:7e:5e:c4:dc:
48:2d:d6:9e:c2:56:31:f7:9f:6a:94:03:84:3b:6e:f2:82:f2:
6b:7b:07:fa:33:11:9f:df:23:9f:32:cc:db:fb:fe:66:09:45:
3a:b3:44:e1:fb:43:cf:41:c9:ab:d9:45:f5:54:39:f9:1f:5d:
b9:8a:49:6b:47:12:e3:f1:ba:4b:65:f3:db:4d:3f:da:05:16:
27:5c:d0:aa:43:a1:f3:2c:cd:2d:c5:9e:09:69:7b:3a:55:28:
90:74:ce:dc:ce:f1:08:d6:b2:ba:b5:e9:a6:bb:7b:6e:77:61:
d2:72:87:a5:cb:a8:07:88:48:31:8e:18:04:42:33:06:2f:5b:
0c:65:72:dc:ea:eb:e2:7e:b5:8c:e7:7d:b9:18:06:7a:e5:0c:
43:2a:e7:2c:a3:c2:35:d1:55:1b:06:2d:19:13:27:1f:cb:2c:
78:40:df:2e:13:1c:5e:55:76:15:26:ac:e2:4e:4c:0d:79:7c:
ec:c3:e0:d5
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICBbQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjMwMjIyMjIxMDQ1WhcNMjQwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2Y2OTJlNS1jODRjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwT0n54x8nBBWC/NoDHY9ZpVgofI/DeWhuZwy3JLWrf+roXKgvUgBYP+sYST+
mWQaAyDjevU4xk1U5li42JKO6yc1CIQTz94Q2Rl+zIhb/VFvAHuWXNuEP7tFUqLq
hdgXaI843Z3RTf652gPZ+YVCxM3go4Sw4jcoWAroT4c3oHAkZB5u4QZYUwMnxxUw
+BdTLMymXcgtPSjm2ylPtem47sp5mANSOTi6pQbxmLqZX7xKj5dRfTgZ52aKFjdJ
qsdfvwe/Rzee+LtaO0jGPYgo/EpIRS9TLfryqieno0rQVmEPPYwLQnYAonyafmIG
TWFXe6Khgy//GH8OZiiARVhykwIDAQABo4ICvDCCArgwHQYDVR0OBBYEFEYpCc4o
Z5I4lxbBOUuumE9M8L6nMB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvQzBEMTdCOThC
MkZEMTFFREJCNjlEOTJCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MDMEAgABMC0DBAXKi+ADBAXKlIADBAXLk4AwCwMEBMuTsAMDAsuQMAwDBAfS
94ADBATS9+AwDQYJKoZIhvcNAQELBQADggEBAFnRgLkCHlzc/OZ4Vto9OAQBYx1j
+xWdkWsQ1EUNLiwdhpo90rrtpK0xt+61AgEXRR7D7d94rrm3px2pDQciuDZGb0D/
fl7E3Egt1p7CVjH3n2qUA4Q7bvKC8mt7B/ozEZ/fI58yzNv7/mYJRTqzROH7Q89B
yavZRfVUOfkfXbmKSWtHEuPxuktl89tNP9oFFidc0KpDofMszS3FnglpezpVKJB0
ztzO8QjWsrq16aa7e253YdJyh6XLqAeISDGOGARCMwYvWwxlctzq6+J+tYznfbkY
BnrlDEMq5yyjwjXRVRsGLRkTJx/LLHhA3y4THF5VdhUmrOJOTA15fOzD4NU=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:36:13 2025 by rpki-client