Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/1C11C794B2ED11ED94B6462CC4F9AE02.roa
File: 1C11C794B2ED11ED94B6462CC4F9AE02.roa (raw, json)
Hash identifier: /X6bPrEb1dOjANT9MGqanG+ClirSoRlxaOlBtNv217U=
Subject key identifier: 80:AD:BD:65:00:FC:EC:05:BE:37:32:B8:F1:92:C2:3E:58:7B:18:3A
Certificate issuer: /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial: 05AA
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/1C11C794B2ED11ED94B6462CC4F9AE02.roa
Signing time: Wed 22 Feb 2023 20:11:37 +0000
ROA not before: Wed 22 Feb 2023 20:11:37 +0000
ROA not after: Sun 31 Mar 2024 00:00:00 +0000
asID: 834
IP address blocks: 202.139.240.0/20 maxlen: 20
202.148.128.0/20 maxlen: 20
202.148.144.0/20 maxlen: 20
203.147.128.0/21 maxlen: 21
203.147.136.0/21 maxlen: 21
203.147.144.0/21 maxlen: 21
203.147.152.0/21 maxlen: 24
203.147.192.0/20 maxlen: 20
203.147.208.0/20 maxlen: 20
203.147.224.0/20 maxlen: 20
203.147.240.0/20 maxlen: 20
210.247.128.0/19 maxlen: 19
210.247.160.0/19 maxlen: 19
210.247.192.0/21 maxlen: 21
210.247.200.0/21 maxlen: 21
210.247.208.0/21 maxlen: 21
210.247.216.0/21 maxlen: 21
210.247.224.0/21 maxlen: 24
210.247.232.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1450 (0x5aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CB7AB, serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Validity
Not Before: Feb 22 20:11:37 2023 GMT
Not After : Mar 31 00:00:00 2024 GMT
Subject: CN=63f676f8-f364
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:0d:ea:6e:01:ef:46:48:20:62:b0:97:6f:b6:
b9:c4:dc:b4:d9:17:db:cf:e1:ab:54:e7:08:f5:11:
d7:37:45:bb:99:24:aa:c2:88:9b:a1:87:38:33:9b:
5d:a5:2c:1d:88:e3:e3:4d:bd:1b:fb:2a:31:2e:b7:
7b:21:aa:67:f7:ad:ba:e1:3a:22:92:7a:20:23:8f:
13:97:95:b5:6c:41:00:1e:c5:db:fe:c9:25:0e:46:
b5:7c:b7:bd:f8:65:f0:e9:b3:a2:52:b3:99:81:92:
db:5e:44:65:a4:ce:ac:e0:c6:77:29:71:46:e1:ea:
3f:d7:00:51:b1:5d:72:c5:a0:df:f1:e1:1a:4b:73:
b9:4d:e3:7d:f4:04:15:4d:fc:30:85:6b:7d:2d:23:
93:8a:79:9b:55:f7:82:f6:bc:a7:3c:ef:27:c2:c4:
4c:69:e0:5c:ce:9d:19:29:9c:5f:5c:5e:7f:99:97:
24:ff:65:27:5f:c7:b2:09:16:cf:28:70:5c:4d:42:
fa:6d:61:91:f7:35:ea:9b:26:c1:b4:44:20:c8:87:
af:61:3d:8b:47:af:10:10:f6:44:b9:3d:11:f1:91:
41:e9:f0:c0:b0:b4:b3:f4:86:c8:04:c7:d5:12:b3:
ed:b0:a5:58:fa:a9:70:b0:09:d9:08:f3:ed:ad:db:
3a:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:AD:BD:65:00:FC:EC:05:BE:37:32:B8:F1:92:C2:3E:58:7B:18:3A
X509v3 Authority Key Identifier:
keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/1C11C794B2ED11ED94B6462CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.139.240.0/20
202.148.128.0/19
203.147.128.0/19
203.147.192.0/18
210.247.128.0-210.247.239.255
Signature Algorithm: sha256WithRSAEncryption
a7:76:8e:39:05:6a:14:1f:30:1b:a7:ab:d2:82:7b:fb:50:a6:
f0:10:8c:c6:72:a0:83:ea:5a:89:3c:f1:dd:f2:6f:1b:dd:0e:
77:5a:2b:fa:66:2e:25:74:3c:bc:39:ec:cf:04:54:ce:eb:35:
88:2e:f9:a7:dd:58:bc:9f:d9:bd:df:cd:29:8d:3d:2e:0e:88:
a6:71:e0:0d:d3:6a:47:d2:56:0f:a6:19:5b:d7:af:15:ee:c9:
58:07:37:d4:d1:41:e9:a6:e9:03:11:c7:c4:8e:fc:f6:cd:bb:
b0:3b:48:79:f5:3e:bf:3d:ee:52:55:b4:31:09:c1:5a:0f:d4:
03:b3:27:3d:c8:6b:a3:6f:4b:08:c0:46:c9:ad:ef:fc:df:5b:
e7:31:c2:ee:2c:bb:d9:32:5f:6a:35:c3:a2:2c:12:44:31:e7:
d1:ea:cc:bd:06:17:45:8e:8d:63:8b:e9:a3:0e:3e:1d:c2:9f:
41:8d:c8:37:ad:4b:a0:d6:47:eb:4b:54:58:6e:8e:21:ea:22:
df:72:57:5b:71:cf:ab:be:1c:d6:51:ab:50:fe:d6:35:32:f6:
fd:8c:2d:92:d1:9e:60:da:66:41:32:17:38:6d:b6:91:85:f3:
2b:f8:4c:7a:4b:a5:54:cc:07:e6:c1:9d:87:65:94:39:b8:a9:
2b:1c:ba:d7
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgICBaowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjMwMjIyMjAxMTM3WhcNMjQwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2Y2NzZmOC1mMzY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArA3qbgHvRkggYrCXb7a5xNy02Rfbz+GrVOcI9RHXN0W7mSSqwoiboYc4M5td
pSwdiOPjTb0b+yoxLrd7Iapn96264ToiknogI48Tl5W1bEEAHsXb/sklDka1fLe9
+GXw6bOiUrOZgZLbXkRlpM6s4MZ3KXFG4eo/1wBRsV1yxaDf8eEaS3O5TeN99AQV
TfwwhWt9LSOTinmbVfeC9rynPO8nwsRMaeBczp0ZKZxfXF5/mZck/2UnX8eyCRbP
KHBcTUL6bWGR9zXqmybBtEQgyIevYT2LR68QEPZEuT0R8ZFB6fDAsLSz9IbIBMfV
ErPtsKVY+qlwsAnZCPPtrds6+QIDAQABo4ICtTCCArEwHQYDVR0OBBYEFICtvWUA
/OwFvjcyuPGSwj5Yexg6MB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvMUMxMUM3OTRC
MkVEMTFFRDk0QjY0NjJDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPwYIKwYBBQUHAQcBAf8E
MDAuMCwEAgABMCYDBATKi/ADBAXKlIADBAXLk4ADBAbLk8AwDAMEB9L3gAMEBNL3
4DANBgkqhkiG9w0BAQsFAAOCAQEAp3aOOQVqFB8wG6er0oJ7+1Cm8BCMxnKgg+pa
iTzx3fJvG90Od1or+mYuJXQ8vDnszwRUzus1iC75p91YvJ/Zvd/NKY09Lg6IpnHg
DdNqR9JWD6YZW9evFe7JWAc31NFB6abpAxHHxI789s27sDtIefU+vz3uUlW0MQnB
Wg/UA7MnPchro29LCMBGya3v/N9b5zHC7iy72TJfajXDoiwSRDHn0erMvQYXRY6N
Y4vpow4+HcKfQY3IN61LoNZH60tUWG6OIeoi33JXW3HPq74c1lGrUP7WNTL2/Ywt
ktGeYNpmQTIXOG22kYXzK/hMekulVMwH5sGdh2WUObipKxy61w==
-----END CERTIFICATE-----
Generated at Sat Apr 26 13:57:45 2025 by rpki-client