Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E8A41/A4742092140411EDB6BE681DC4F9AE02/09BBF470C4E911EE941B385FC4F9AE02.roa
File: 09BBF470C4E911EE941B385FC4F9AE02.roa (raw, json)
Hash identifier: HhO14HmPwWC5GMqICC/XQBtStx7RsFR2cXkeBR+MHMs=
Subject key identifier: B7:69:51:D4:9D:D7:9A:74:F8:D6:42:B6:3D:26:5E:0F:AE:DB:F9:DC
Certificate issuer: /CN=A91E8A41/serialNumber=A5BE6A44B900A4001173951685606B7BB53CA6B2
Certificate serial: 01B7
Authority key identifier: A5:BE:6A:44:B9:00:A4:00:11:73:95:16:85:60:6B:7B:B5:3C:A6:B2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pb5qRLkApAARc5UWhWBre7U8prI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E8A41/A4742092140411EDB6BE681DC4F9AE02/09BBF470C4E911EE941B385FC4F9AE02.roa
Signing time: Wed 17 Apr 2024 04:37:15 +0000
ROA not before: Wed 17 Apr 2024 04:37:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 55592
IP address blocks: 43.224.31.0/24 maxlen: 24
45.114.92.0/24 maxlen: 24
103.57.200.0/24 maxlen: 24
103.57.203.0/24 maxlen: 24
103.60.56.0/24 maxlen: 24
103.60.57.0/24 maxlen: 24
103.60.59.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 439 (0x1b7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E8A41, serialNumber=A5BE6A44B900A4001173951685606B7BB53CA6B2
Validity
Not Before: Apr 17 04:37:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=661f51fa-06b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:34:2a:7c:d1:82:3f:8c:01:8a:b5:38:b3:59:
76:52:2c:0a:bc:3d:ad:8b:e9:98:87:d3:1f:32:0d:
a6:ca:63:6a:ed:aa:6c:51:78:f8:85:42:c1:d0:fa:
35:6e:75:cc:2e:f5:9a:7d:2b:09:c2:eb:1c:b5:ef:
88:42:a5:ac:5b:ae:3c:7f:52:29:c7:f9:9d:ab:3b:
1a:95:35:e6:50:35:bb:d2:02:3f:06:64:66:e8:9a:
08:54:cd:fa:2c:0d:ce:35:55:04:c1:97:4d:14:10:
8a:96:b3:7b:1b:73:31:b5:ba:3a:e8:c2:14:dc:2d:
48:6b:6a:20:63:ed:25:9a:5a:ad:b8:84:40:37:d8:
9e:75:84:2f:a8:12:b2:28:aa:54:0d:a8:1e:17:75:
44:d6:60:dd:5b:be:a2:33:3c:83:b5:a0:80:df:99:
5d:4d:9c:dd:b1:56:90:95:37:71:d2:5a:90:05:ca:
44:39:aa:ef:7d:f1:81:72:c6:68:f9:fc:ed:c5:a6:
ec:ba:3f:d9:27:53:7d:ba:cd:63:de:1b:2b:9c:d2:
52:a5:31:7a:2f:ed:f0:e2:54:97:b5:2c:d1:32:c9:
20:a5:09:fb:7b:20:59:04:b3:68:0b:0f:5a:09:0c:
59:f5:4a:ec:4f:11:60:28:e5:14:27:d0:05:a3:fc:
37:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:69:51:D4:9D:D7:9A:74:F8:D6:42:B6:3D:26:5E:0F:AE:DB:F9:DC
X509v3 Authority Key Identifier:
keyid:A5:BE:6A:44:B9:00:A4:00:11:73:95:16:85:60:6B:7B:B5:3C:A6:B2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E8A41/A4742092140411EDB6BE681DC4F9AE02/pb5qRLkApAARc5UWhWBre7U8prI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pb5qRLkApAARc5UWhWBre7U8prI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E8A41/A4742092140411EDB6BE681DC4F9AE02/09BBF470C4E911EE941B385FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.224.31.0/24
45.114.92.0/24
103.57.200.0/24
103.57.203.0/24
103.60.56.0/23
103.60.59.0/24
Signature Algorithm: sha256WithRSAEncryption
b3:0e:28:b6:02:74:72:98:9d:84:c7:e9:4f:54:3d:5b:b9:c4:
d3:c3:ba:a8:67:ca:50:3b:00:b3:1d:96:6c:c1:ce:33:36:bc:
60:d9:fe:da:5b:c8:2b:41:c4:fe:b9:d6:d6:e0:ed:6b:7c:fe:
89:be:ec:13:b6:7e:ae:aa:97:a2:4d:33:9f:3a:21:d7:4c:03:
bb:1f:f1:bd:77:47:43:db:dc:25:52:ae:5d:96:89:1c:b2:96:
55:c3:44:22:1d:c9:8a:d7:b8:62:f5:29:63:1e:d0:99:6c:de:
7a:a3:dd:df:36:78:42:89:2a:4d:15:d7:41:c1:d0:eb:29:93:
70:c8:32:17:f1:46:ec:9f:9f:13:35:b3:69:27:77:84:db:e3:
a7:6a:0d:01:83:52:8d:f0:55:93:93:76:f0:24:5f:68:1b:1a:
1f:93:59:0e:98:f5:e5:79:4b:19:be:0c:80:05:0e:4e:ce:d5:
f0:cf:6e:a5:6b:57:1d:ae:b5:c5:4c:f9:df:57:44:b0:5e:e7:
7d:bc:89:c0:09:f0:f1:14:31:9e:88:29:89:98:f1:c4:75:7c:
8d:6a:82:d2:7d:2e:f0:11:33:41:fe:b8:a4:34:67:a8:31:f8:
f7:51:53:33:ad:d9:cc:1a:16:d7:f1:41:d1:40:c2:22:03:d1:
ca:8e:ac:d4
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgICAbcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RThBNDExMTAvBgNVBAUTKEE1QkU2QTQ0QjkwMEE0MDAxMTczOTUxNjg1NjA2QjdC
QjUzQ0E2QjIwHhcNMjQwNDE3MDQzNzE1WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjFmNTFmYS0wNmI0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1DQqfNGCP4wBirU4s1l2UiwKvD2ti+mYh9MfMg2mymNq7apsUXj4hULB0Po1
bnXMLvWafSsJwuscte+IQqWsW648f1Ipx/mdqzsalTXmUDW70gI/BmRm6JoIVM36
LA3ONVUEwZdNFBCKlrN7G3Mxtbo66MIU3C1Ia2ogY+0lmlqtuIRAN9iedYQvqBKy
KKpUDageF3VE1mDdW76iMzyDtaCA35ldTZzdsVaQlTdx0lqQBcpEOarvffGBcsZo
+fztxabsuj/ZJ1N9us1j3hsrnNJSpTF6L+3w4lSXtSzRMskgpQn7eyBZBLNoCw9a
CQxZ9UrsTxFgKOUUJ9AFo/w3swIDAQABo4ICszCCAq8wHQYDVR0OBBYEFLdpUdSd
15p0+NZCtj0mXg+u2/ncMB8GA1UdIwQYMBaAFKW+akS5AKQAEXOVFoVga3u1PKay
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFOEE0MS9BNDc0MjA5MjE0
MDQxMUVEQjZCRTY4MURDNEY5QUUwMi9wYjVxUkxrQXBBQVJjNVVXaFdCcmU3VThw
ckkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3BiNXFSTGtBcEFBUmM1VVdoV0JyZTdVOHBySS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RThBNDEvQTQ3NDIwOTIxNDA0MTFFREI2QkU2ODFEQzRGOUFFMDIvMDlCQkY0NzBD
NEU5MTFFRTk0MUIzODVGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPQYIKwYBBQUHAQcBAf8E
LjAsMCoEAgABMCQDBAAr4B8DBAAtclwDBABnOcgDBABnOcsDBAFnPDgDBABnPDsw
DQYJKoZIhvcNAQELBQADggEBALMOKLYCdHKYnYTH6U9UPVu5xNPDuqhnylA7ALMd
lmzBzjM2vGDZ/tpbyCtBxP651tbg7Wt8/om+7BO2fq6ql6JNM586IddMA7sf8b13
R0Pb3CVSrl2WiRyyllXDRCIdyYrXuGL1KWMe0Jls3nqj3d82eEKJKk0V10HB0Osp
k3DIMhfxRuyfnxM1s2knd4Tb46dqDQGDUo3wVZOTdvAkX2gbGh+TWQ6Y9eV5Sxm+
DIAFDk7O1fDPbqVrVx2utcVM+d9XRLBe5328icAJ8PEUMZ6IKYmY8cR1fI1qgtJ9
LvARM0H+uKQ0Z6gx+PdRUzOt2cwaFtfxQdFAwiID0cqOrNQ=
-----END CERTIFICATE-----
Generated at Sat Apr 26 08:13:24 2025 by rpki-client