Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/D0B96140EB2B11EDBAF6CB4DC4F9AE02.roa
File: D0B96140EB2B11EDBAF6CB4DC4F9AE02.roa (raw, json)
Hash identifier: kcae5RibypD0N0TgX9laWuhjdgG9f8P7iy5+sPLcss0=
Subject key identifier: 65:EE:AD:B2:4D:E5:DD:76:57:DE:36:2D:5C:C6:63:D3:92:D9:0B:71
Certificate issuer: /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial: 0603
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/D0B96140EB2B11EDBAF6CB4DC4F9AE02.roa
Signing time: Fri 05 May 2023 22:01:13 +0000
ROA not before: Fri 05 May 2023 22:01:13 +0000
ROA not after: Sun 31 Mar 2024 00:00:00 +0000
asID: 211585
IP address blocks: 202.148.128.0/22 maxlen: 24
203.147.224.0/22 maxlen: 24
203.147.252.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1539 (0x603)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CB7AB
Validity
Not Before: May 5 22:01:13 2023 GMT
Not After : Mar 31 00:00:00 2024 GMT
Subject: CN=64557ca9-947e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:38:d9:80:5a:51:1b:b9:8f:9b:fd:d1:cd:24:
fb:27:35:f4:a9:45:fe:3a:55:97:ff:8b:58:4d:03:
31:eb:7d:ab:68:39:e9:a4:aa:dc:f7:d4:cd:59:e1:
b9:6b:c7:27:f9:5d:ef:61:c5:d9:af:4c:24:07:99:
39:51:28:0e:34:67:97:3a:31:53:ba:4e:33:91:24:
a9:92:0f:19:60:5d:2f:16:f2:f6:86:28:4c:65:dd:
6f:ed:14:6c:54:80:60:dd:62:40:97:3a:99:d7:62:
97:67:f6:96:c9:ff:22:47:1b:6c:5a:79:1b:6e:7f:
f3:97:e2:f1:d3:13:36:13:9a:dd:69:3c:c9:a2:ce:
ea:e8:7a:54:a9:2d:eb:86:62:8b:4c:2d:15:79:09:
e4:44:55:45:04:34:54:54:85:a3:f0:2d:f0:01:df:
ae:6c:2f:6b:98:e6:f7:25:09:72:59:7f:52:d7:27:
8b:b1:b3:30:ac:a7:66:14:8e:10:d3:28:24:cf:1d:
fd:c3:c7:eb:82:44:21:4e:d9:ef:fd:b2:8c:45:ef:
f6:f7:e4:48:01:ae:0c:f5:d4:b0:06:ec:63:6f:20:
27:6e:a0:2b:e1:75:4d:8a:53:ac:3e:f7:cf:d3:39:
d3:7e:4d:42:7d:8b:99:a1:a7:f9:7b:d5:d0:9b:68:
b7:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:EE:AD:B2:4D:E5:DD:76:57:DE:36:2D:5C:C6:63:D3:92:D9:0B:71
X509v3 Authority Key Identifier:
keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/D0B96140EB2B11EDBAF6CB4DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.148.128.0/22
203.147.224.0/22
203.147.252.0/22
Signature Algorithm: sha256WithRSAEncryption
5e:44:00:2d:95:ed:84:f6:43:92:15:c3:c0:c8:a7:7f:8c:b6:
5d:2e:1e:7e:6c:5e:ec:b0:7d:c2:09:ec:4e:fc:53:fc:dd:81:
69:63:c5:19:ce:e1:a5:6a:f4:46:6d:e3:f5:d8:83:b2:ff:63:
87:9c:5c:14:66:6c:64:94:d0:98:4c:a1:69:de:2f:3e:30:ae:
65:80:8b:e8:48:a8:89:4b:7e:c6:bb:5c:6f:a5:48:ad:bb:4a:
32:4e:b4:1e:59:d2:a6:5f:08:62:ed:91:9a:b8:77:4e:de:4e:
98:26:0b:91:16:3d:21:96:7c:91:c7:4d:12:f6:70:0b:16:db:
93:ec:47:07:64:03:78:74:82:d6:fc:70:8c:d8:37:fc:66:51:
90:d9:2d:c5:d5:c7:9e:df:7e:a3:de:97:96:51:27:9c:3a:4a:
25:cd:88:26:b7:11:b3:c4:72:7b:7b:bf:13:0d:ad:ff:eb:41:
a6:6f:4f:a4:64:66:ee:b8:5a:b3:3e:23:13:e1:0d:7b:87:66:
01:cd:5e:6d:22:aa:40:34:06:a9:05:15:62:9e:00:da:48:94:
06:d9:ca:16:d3:07:f0:4b:67:22:95:fd:09:8a:3c:85:be:1c:
9d:48:82:b6:a2:4d:db:cd:e1:ea:f1:b5:ce:eb:57:ee:dd:be:
8d:0c:a3:27
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICBgMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjMwNTA1MjIwMTEzWhcNMjQwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDU1N2NhOS05NDdlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3DjZgFpRG7mPm/3RzST7JzX0qUX+OlWX/4tYTQMx632raDnppKrc99TNWeG5
a8cn+V3vYcXZr0wkB5k5USgONGeXOjFTuk4zkSSpkg8ZYF0vFvL2hihMZd1v7RRs
VIBg3WJAlzqZ12KXZ/aWyf8iRxtsWnkbbn/zl+Lx0xM2E5rdaTzJos7q6HpUqS3r
hmKLTC0VeQnkRFVFBDRUVIWj8C3wAd+ubC9rmOb3JQlyWX9S1yeLsbMwrKdmFI4Q
0ygkzx39w8frgkQhTtnv/bKMRe/29+RIAa4M9dSwBuxjbyAnbqAr4XVNilOsPvfP
0znTfk1CfYuZoaf5e9XQm2i34wIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFGXurbJN
5d12V942LVzGY9OS2QtxMB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvRDBCOTYxNDBF
QjJCMTFFREJBRjZDQjREQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBALKlIADBALLk+ADBALLk/wwDQYJKoZIhvcNAQELBQADggEB
AF5EAC2V7YT2Q5IVw8DIp3+Mtl0uHn5sXuywfcIJ7E78U/zdgWljxRnO4aVq9EZt
4/XYg7L/Y4ecXBRmbGSU0JhMoWneLz4wrmWAi+hIqIlLfsa7XG+lSK27SjJOtB5Z
0qZfCGLtkZq4d07eTpgmC5EWPSGWfJHHTRL2cAsW25PsRwdkA3h0gtb8cIzYN/xm
UZDZLcXVx57ffqPel5ZRJ5w6SiXNiCa3EbPEcnt7vxMNrf/rQaZvT6RkZu64WrM+
IxPhDXuHZgHNXm0iqkA0BqkFFWKeANpIlAbZyhbTB/BLZyKV/QmKPIW+HJ1Igrai
TdvN4erxtc7rV+7dvo0Moyc=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:31:53 2025 by rpki-client