Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/65EB88D6EE8D11EFBB2A6E56C4F9AE02.roa
File: 65EB88D6EE8D11EFBB2A6E56C4F9AE02.roa (raw, json)
Hash identifier: kdCYvch1mWwgu3f+WFRVuwKvGxl9I2RxpEPJ0BXYRsE=
Subject key identifier: B5:6C:FF:C3:83:CB:A4:C2:F1:31:3D:C7:88:4C:7F:AE:28:13:F0:5A
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: A69A
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/65EB88D6EE8D11EFBB2A6E56C4F9AE02.roa
Signing time: Wed 19 Feb 2025 06:47:34 +0000
ROA not before: Wed 19 Feb 2025 06:47:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 142494
IP address blocks: 2001:df1:bcc0::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 42650 (0xa69a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Feb 19 06:47:34 2025 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=67b57e86-d7f6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:b0:01:6c:07:1b:59:0f:68:0b:53:9e:bc:76:
1e:1c:2b:6b:83:0b:88:99:b7:2d:9a:b5:9a:1f:a4:
60:02:10:fe:a4:90:a1:c3:e2:12:c2:c7:70:2d:0e:
08:39:51:40:e0:4b:11:85:32:18:b1:d1:a2:5c:5c:
96:74:e7:67:4c:08:3a:df:01:55:94:1e:02:ef:21:
b8:af:cf:5b:34:d4:cd:9e:84:1c:96:af:76:a6:65:
86:6d:fe:4c:3a:b7:30:bd:0a:72:7e:d5:09:ab:aa:
90:e5:3d:02:39:05:28:e7:bd:68:28:75:55:d4:8e:
67:52:2c:68:ae:d6:b2:7a:46:dd:dc:49:c3:d5:7f:
a4:08:94:94:7f:e0:a8:f5:dd:a5:bf:fc:ec:59:b2:
7a:12:fc:0b:10:1f:b2:4f:a3:bb:c1:4c:db:21:75:
db:8d:da:76:50:f7:f8:2e:e9:31:f8:66:6a:a4:9d:
fe:0e:e9:c0:52:34:8c:b8:cb:48:3d:3d:ed:b9:e9:
c8:a9:9c:93:0e:5f:5f:97:4a:86:27:b5:62:9e:1b:
2c:3a:ae:75:ea:32:2c:72:b3:86:55:9d:fe:b1:91:
f5:77:fc:a7:96:f6:1a:4d:b6:25:3b:ae:ba:c3:5f:
53:ee:0e:15:1f:b8:21:29:e8:af:b6:43:64:02:52:
6e:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:6C:FF:C3:83:CB:A4:C2:F1:31:3D:C7:88:4C:7F:AE:28:13:F0:5A
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/65EB88D6EE8D11EFBB2A6E56C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2001:df1:bcc0::/48
Signature Algorithm: sha256WithRSAEncryption
54:64:c0:20:38:4c:b5:cf:cd:95:af:bc:b5:48:43:21:e8:bb:
ef:8b:90:72:89:2f:98:9a:bc:ad:76:d1:62:5f:e0:43:31:e0:
de:ce:39:34:3e:18:cd:79:79:4f:39:ab:6b:2b:ce:01:af:04:
fb:05:92:4e:72:f0:4e:c5:78:75:c8:ee:e4:5b:da:5f:a8:b3:
9e:b7:34:08:a4:06:2f:3b:97:1e:b6:8c:74:41:71:f1:f7:e7:
88:97:5f:ed:f1:2f:63:b4:77:c4:63:04:b2:90:3e:8a:23:2e:
d6:06:b9:ba:bd:42:9c:14:54:60:71:0c:d4:ec:85:d8:d6:07:
e7:4f:ab:95:df:a5:9a:88:c3:c8:76:8e:82:4e:db:38:9e:f6:
40:9f:44:de:59:bf:d1:09:bd:80:93:8d:ad:20:f5:a9:fc:cf:
60:83:7c:1a:aa:28:36:8f:35:93:c4:ca:be:e6:56:2d:2a:81:
b0:25:fc:39:20:91:3c:15:1f:93:e0:0a:08:6d:82:53:60:77:
0b:1e:11:3c:29:5a:42:29:35:4c:68:3a:82:6e:63:5b:01:16:
c1:04:14:0f:10:f3:e2:3f:46:71:a2:6f:94:91:e1:b6:d8:c0:
25:d3:e0:d3:b1:6c:4c:bc:4b:0a:42:a2:44:29:ba:4d:5d:f2:
b2:88:92:eb
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgIDAKaaMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDIxOTA2NDczNFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjdiNTdlODYtZDdmNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOWwAWwHG1kPaAtTnrx2Hhwra4MLiJm3LZq1mh+kYAIQ/qSQocPiEsLHcC0O
CDlRQOBLEYUyGLHRolxclnTnZ0wIOt8BVZQeAu8huK/PWzTUzZ6EHJavdqZlhm3+
TDq3ML0Kcn7VCauqkOU9AjkFKOe9aCh1VdSOZ1IsaK7WsnpG3dxJw9V/pAiUlH/g
qPXdpb/87FmyehL8CxAfsk+ju8FM2yF1243adlD3+C7pMfhmaqSd/g7pwFI0jLjL
SD097bnpyKmckw5fX5dKhie1Yp4bLDqudeoyLHKzhlWd/rGR9Xf8p5b2Gk22JTuu
usNfU+4OFR+4ISnor7ZDZAJSbj0CAwEAAaOCApgwggKUMB0GA1UdDgQWBBS1bP/D
g8ukwvExPceITH+uKBPwWjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzY1RUI4OEQ2
RUU4RDExRUZCQjJBNkU1NkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMCIGCCsGAQUFBwEHAQH/
BBMwETAPBAIAAjAJAwcAIAEN8bzAMA0GCSqGSIb3DQEBCwUAA4IBAQBUZMAgOEy1
z82Vr7y1SEMh6Lvvi5ByiS+YmrytdtFiX+BDMeDezjk0PhjNeXlPOatrK84BrwT7
BZJOcvBOxXh1yO7kW9pfqLOetzQIpAYvO5cetox0QXHx9+eIl1/t8S9jtHfEYwSy
kD6KIy7WBrm6vUKcFFRgcQzU7IXY1gfnT6uV36WaiMPIdo6CTts4nvZAn0TeWb/R
Cb2Ak42tIPWp/M9gg3waqig2jzWTxMq+5lYtKoGwJfw5IJE8FR+T4AoIbYJTYHcL
HhE8KVpCKTVMaDqCbmNbARbBBBQPEPPiP0Zxom+UkeG22MAl0+DTsWxMvEsKQqJE
KbpNXfKyiJLr
-----END CERTIFICATE-----
Generated at Thu May 15 22:40:49 2025 by rpki-client