Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9113C02/4C406FB6405611E7AF041A35C4F9AE02/F23E43BA100811EEA072071CC4F9AE02.roa
File: F23E43BA100811EEA072071CC4F9AE02.roa (raw, json)
Hash identifier: VV4IkTEwytxrIRym+kc+nRVm88IvHlmrJJBxbhna0AQ=
Subject key identifier: 3F:F7:03:B8:9A:D7:EA:9A:31:15:FA:1A:CD:76:CC:B3:68:C6:48:61
Certificate issuer: /CN=A9113C02/serialNumber=28C56771EE49643FDFC44F8E3089A6BD795FFC84
Certificate serial: 02
Authority key identifier: 28:C5:67:71:EE:49:64:3F:DF:C4:4F:8E:30:89:A6:BD:79:5F:FC:84
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KMVnce5JZD_fxE-OMImmvXlf_IQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9113C02/4C406FB6405611E7AF041A35C4F9AE02/F23E43BA100811EEA072071CC4F9AE02.roa
Signing time: Wed 21 Jun 2023 07:55:11 +0000
ROA not before: Wed 21 Jun 2023 07:55:11 +0000
ROA not after: Wed 29 May 2024 00:00:00 +0000
asID: 133605
IP address blocks: 43.255.20.0/22 maxlen: 24
103.239.4.0/22 maxlen: 24
2401:2cc0::/32 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9113C02/serialNumber=28C56771EE49643FDFC44F8E3089A6BD795FFC84
Validity
Not Before: Jun 21 07:55:11 2023 GMT
Not After : May 29 00:00:00 2024 GMT
Subject: CN=6492acde-79e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:07:84:5d:92:ae:60:90:38:48:9f:54:a7:ee:
bc:bf:5d:f8:6e:f7:fc:ae:fb:50:f3:21:4e:ba:94:
b3:ca:e0:6d:e3:4d:5e:d9:8d:8f:59:d8:8c:66:16:
be:2b:29:1d:ec:2a:b8:be:55:5a:bc:c0:76:6d:6c:
ba:83:ea:1e:66:69:bb:30:a0:f0:df:51:47:37:5a:
e3:d6:bc:b7:7a:4c:4d:33:bf:74:c1:c2:5c:58:85:
f4:f0:90:be:bb:dd:d5:66:a7:f5:92:bd:67:fd:5a:
1a:72:76:45:57:1a:4a:4e:89:a5:aa:15:8f:35:9c:
4b:fc:73:e5:7b:88:42:19:10:2f:27:df:c1:a3:85:
18:04:1f:b5:d8:6c:4b:9c:ba:df:0c:55:20:3e:1f:
37:7b:a0:35:0b:b5:71:07:db:72:b1:5e:ee:3d:7f:
c9:21:c5:5d:67:31:fe:4f:4b:2e:56:0b:c4:f7:f0:
55:9e:f6:b6:59:03:58:ec:5d:a5:4c:ad:95:e2:70:
31:17:d7:7a:c5:c5:2c:df:1e:bc:f0:af:04:23:da:
9f:71:db:ae:5f:b8:cc:ff:da:cb:6f:fa:bd:97:d8:
e2:20:c6:26:c7:47:9e:36:c2:7e:f3:77:71:62:0c:
ba:87:67:f1:f8:56:71:17:49:59:4a:4f:c0:7c:20:
20:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:F7:03:B8:9A:D7:EA:9A:31:15:FA:1A:CD:76:CC:B3:68:C6:48:61
X509v3 Authority Key Identifier:
keyid:28:C5:67:71:EE:49:64:3F:DF:C4:4F:8E:30:89:A6:BD:79:5F:FC:84
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9113C02/4C406FB6405611E7AF041A35C4F9AE02/KMVnce5JZD_fxE-OMImmvXlf_IQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KMVnce5JZD_fxE-OMImmvXlf_IQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9113C02/4C406FB6405611E7AF041A35C4F9AE02/F23E43BA100811EEA072071CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.255.20.0/22
103.239.4.0/22
IPv6:
2401:2cc0::/32
Signature Algorithm: sha256WithRSAEncryption
3c:aa:d1:9e:ab:87:25:90:43:ad:8c:30:c5:1a:c2:97:97:99:
42:15:d4:c4:17:7c:cb:a5:64:90:13:66:c6:56:27:69:9d:55:
35:b8:ec:99:16:0c:f1:e9:c4:10:b0:c6:60:f9:be:7f:6f:34:
ed:a2:da:17:18:ee:d5:a0:05:df:60:2c:52:20:54:80:bd:67:
8d:62:e0:34:12:67:da:c0:c2:a9:19:28:10:35:3f:64:7b:0e:
ad:ac:db:10:5a:e9:33:d8:e4:26:98:3c:7e:e5:01:3e:b6:7c:
b8:48:72:af:06:f1:73:af:f4:b2:d5:c3:b7:34:13:35:df:7e:
c9:72:53:35:f6:dc:74:f5:97:5a:c8:f9:4c:5d:28:f0:62:81:
be:8b:d1:63:1d:81:fe:9a:5e:b1:f7:d9:97:c2:c9:8b:e5:56:
21:12:55:b3:37:4f:34:57:56:e0:18:4c:87:fa:38:51:ce:ac:
b4:24:3b:e4:1f:e2:f1:e0:fb:d4:8d:aa:a6:71:7f:f3:1c:ea:
2d:fb:b4:a0:fe:c7:68:47:23:74:a8:65:c9:7b:22:7b:52:ec:
72:70:17:ce:d3:80:b9:66:29:7f:1e:b8:4a:17:09:3f:d0:34:
e8:ef:2e:ea:2f:71:66:3c:cc:ca:22:77:8f:03:d9:9a:37:e9:
45:74:22:ea
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEx
M0MwMjExMC8GA1UEBRMoMjhDNTY3NzFFRTQ5NjQzRkRGQzQ0RjhFMzA4OUE2QkQ3
OTVGRkM4NDAeFw0yMzA2MjEwNzU1MTFaFw0yNDA1MjkwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0OTJhY2RlLTc5ZTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC4B4Rdkq5gkDhIn1Sn7ry/Xfhu9/yu+1DzIU66lLPK4G3jTV7ZjY9Z2IxmFr4r
KR3sKri+VVq8wHZtbLqD6h5mabswoPDfUUc3WuPWvLd6TE0zv3TBwlxYhfTwkL67
3dVmp/WSvWf9WhpydkVXGkpOiaWqFY81nEv8c+V7iEIZEC8n38GjhRgEH7XYbEuc
ut8MVSA+Hzd7oDULtXEH23KxXu49f8khxV1nMf5PSy5WC8T38FWe9rZZA1jsXaVM
rZXicDEX13rFxSzfHrzwrwQj2p9x265fuMz/2stv+r2X2OIgxibHR542wn7zd3Fi
DLqHZ/H4VnEXSVlKT8B8ICBtAgMBAAGjggKqMIICpjAdBgNVHQ4EFgQUP/cDuJrX
6poxFfoazXbMs2jGSGEwHwYDVR0jBBgwFoAUKMVnce5JZD/fxE+OMImmvXlf/IQw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTEzQzAyLzRDNDA2RkI2NDA1
NjExRTdBRjA0MUEzNUM0RjlBRTAyL0tNVm5jZTVKWkRfZnhFLU9NSW1tdlhsZl9J
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvS01WbmNlNUpaRF9meEUtT01JbW12WGxmX0lRLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEx
M0MwMi80QzQwNkZCNjQwNTYxMUU3QUYwNDFBMzVDNEY5QUUwMi9GMjNFNDNCQTEw
MDgxMUVFQTA3MjA3MUNDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA0BggrBgEFBQcBBwEB/wQl
MCMwEgQCAAEwDAMEAiv/FAMEAmfvBDANBAIAAjAHAwUAJAEswDANBgkqhkiG9w0B
AQsFAAOCAQEAPKrRnquHJZBDrYwwxRrCl5eZQhXUxBd8y6VkkBNmxlYnaZ1VNbjs
mRYM8enEELDGYPm+f2807aLaFxju1aAF32AsUiBUgL1njWLgNBJn2sDCqRkoEDU/
ZHsOrazbEFrpM9jkJpg8fuUBPrZ8uEhyrwbxc6/0stXDtzQTNd9+yXJTNfbcdPWX
Wsj5TF0o8GKBvovRYx2B/ppesffZl8LJi+VWIRJVszdPNFdW4BhMh/o4Uc6stCQ7
5B/i8eD71I2qpnF/8xzqLfu0oP7HaEcjdKhlyXsie1LscnAXztOAuWYpfx64ShcJ
P9A06O8u6i9xZjzMyiJ3jwPZmjfpRXQi6g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:54 2024 by rpki-client on console-fra.rpki-client.org