Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911E403/A1CCECFEF8BB11EA87B1DE6BC4F9AE02/6979DD6A7A9D11EDAB620123C4F9AE02.roa
File: 6979DD6A7A9D11EDAB620123C4F9AE02.roa (raw, json)
Hash identifier: xgjmCB7ZWJuBWAgyGPeLRGy5sKUdcLC2MgG2qtGcFDU=
Subject key identifier: 9D:C7:94:D3:18:B3:32:CB:65:0B:2B:AD:9D:DE:B9:6F:2A:0D:D5:BC
Certificate issuer: /CN=A911E403/serialNumber=5FE30CAF6F5A32C919D335AA94D0E7333CD05435
Certificate serial: 06B3
Authority key identifier: 5F:E3:0C:AF:6F:5A:32:C9:19:D3:35:AA:94:D0:E7:33:3C:D0:54:35
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/X-MMr29aMskZ0zWqlNDnMzzQVDU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911E403/A1CCECFEF8BB11EA87B1DE6BC4F9AE02/6979DD6A7A9D11EDAB620123C4F9AE02.roa
Signing time: Mon 30 Oct 2023 21:33:41 +0000
ROA not before: Mon 30 Oct 2023 21:33:41 +0000
ROA not after: Thu 31 Oct 2024 00:00:00 +0000
asID: 10080
IP address blocks: 203.34.11.0/24 maxlen: 24
2001:df0:e9c0::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1715 (0x6b3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911E403/serialNumber=5FE30CAF6F5A32C919D335AA94D0E7333CD05435
Validity
Not Before: Oct 30 21:33:41 2023 GMT
Not After : Oct 31 00:00:00 2024 GMT
Subject: CN=65402134-fbb8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:06:f0:1b:40:ab:cb:68:8d:da:ab:75:ee:4d:
01:d8:c4:5d:00:7e:29:3b:f8:e6:31:22:f5:80:2f:
1a:de:21:c7:f7:d3:17:06:bd:21:3e:c3:4a:38:fc:
0b:af:7a:69:8a:7c:87:fd:0a:6c:65:c6:2d:6f:0d:
82:37:94:76:55:b2:3c:fa:9d:8b:7b:88:e2:02:06:
42:4d:6f:23:38:ce:f0:8d:61:84:c4:d8:05:24:ce:
72:d5:fe:e5:2d:1a:95:6c:44:7d:3f:bd:53:e9:47:
8f:98:28:ea:3e:0c:22:db:ab:15:ab:24:ae:a1:ba:
a0:bc:ab:3a:db:96:86:75:63:6c:5f:c0:75:a7:fd:
ef:dd:0d:97:3f:20:5d:32:05:2b:0c:c4:00:fc:01:
cc:90:f6:9c:17:f8:50:93:a9:a9:24:4d:e5:12:4b:
a3:95:54:da:85:d3:ba:cb:92:7d:bc:2b:4e:15:3f:
9e:cf:88:91:9a:4a:d0:a8:16:d8:22:a6:5f:bb:72:
19:df:48:f4:81:13:32:ce:29:e9:d6:0c:14:da:b8:
d4:ae:35:32:a9:80:16:bd:4b:6b:9c:e4:ae:bc:87:
cd:ab:17:7d:c1:78:3c:fa:26:a3:d9:1c:80:02:c6:
05:32:76:96:c3:ff:92:88:15:77:be:1a:33:ec:2e:
e8:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:C7:94:D3:18:B3:32:CB:65:0B:2B:AD:9D:DE:B9:6F:2A:0D:D5:BC
X509v3 Authority Key Identifier:
keyid:5F:E3:0C:AF:6F:5A:32:C9:19:D3:35:AA:94:D0:E7:33:3C:D0:54:35
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911E403/A1CCECFEF8BB11EA87B1DE6BC4F9AE02/X-MMr29aMskZ0zWqlNDnMzzQVDU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/X-MMr29aMskZ0zWqlNDnMzzQVDU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911E403/A1CCECFEF8BB11EA87B1DE6BC4F9AE02/6979DD6A7A9D11EDAB620123C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
203.34.11.0/24
IPv6:
2001:df0:e9c0::/48
Signature Algorithm: sha256WithRSAEncryption
c6:e2:c5:46:b2:fb:15:e8:5b:3d:6c:03:b7:3f:9f:53:39:34:
31:6f:8a:17:07:5e:e2:db:ba:d9:51:bb:c7:d8:c6:e3:61:77:
23:8c:fd:ad:ca:f2:ce:8b:e8:80:7d:bd:78:7b:68:86:2f:cb:
87:83:fd:33:1c:dc:52:18:8b:eb:f8:0b:9a:b1:80:ab:91:b2:
1d:60:7b:a4:75:a7:4d:e4:2a:c8:c4:74:b6:73:75:ce:63:bf:
78:1a:01:70:89:b3:61:16:11:0d:c1:67:b0:ae:29:82:a4:8a:
25:b4:3a:1f:bf:4a:af:c8:ff:a1:63:92:51:6d:5d:e6:25:58:
b3:71:72:6e:ac:1f:0d:02:cb:4a:a3:07:36:38:75:51:88:c2:
85:20:af:b3:c8:23:bf:e1:2e:9e:cb:8f:e2:45:03:ad:a5:9e:
20:a7:3c:2a:3b:04:03:df:f4:02:0a:df:ea:d1:e1:ed:da:d5:
d4:9b:87:f4:ae:61:8e:bd:5f:8c:aa:a4:07:96:1b:ab:f0:f1:
49:aa:04:34:49:9f:41:7d:38:6e:9c:7b:e8:dc:e4:71:41:40:
f1:2e:42:27:f5:94:64:66:a3:19:95:7e:85:59:12:5f:6f:a1:
3b:e7:4a:da:cc:48:aa:93:66:8a:f1:9c:40:a6:db:13:5b:5a:
94:b2:fd:4c
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICBrMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUU0MDMxMTAvBgNVBAUTKDVGRTMwQ0FGNkY1QTMyQzkxOUQzMzVBQTk0RDBFNzMz
M0NEMDU0MzUwHhcNMjMxMDMwMjEzMzQxWhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTQwMjEzNC1mYmI4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2AbwG0Cry2iN2qt17k0B2MRdAH4pO/jmMSL1gC8a3iHH99MXBr0hPsNKOPwL
r3ppinyH/QpsZcYtbw2CN5R2VbI8+p2Le4jiAgZCTW8jOM7wjWGExNgFJM5y1f7l
LRqVbER9P71T6UePmCjqPgwi26sVqySuobqgvKs625aGdWNsX8B1p/3v3Q2XPyBd
MgUrDMQA/AHMkPacF/hQk6mpJE3lEkujlVTahdO6y5J9vCtOFT+ez4iRmkrQqBbY
IqZfu3IZ30j0gRMyzinp1gwU2rjUrjUyqYAWvUtrnOSuvIfNqxd9wXg8+iaj2RyA
AsYFMnaWw/+SiBV3vhoz7C7owwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFJ3HlNMY
szLLZQsrrZ3euW8qDdW8MB8GA1UdIwQYMBaAFF/jDK9vWjLJGdM1qpTQ5zM80FQ1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRTQwMy9BMUNDRUNGRUY4
QkIxMUVBODdCMURFNkJDNEY5QUUwMi9YLU1NcjI5YU1za1oweldxbE5Ebk16elFW
RFUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1gtTU1yMjlhTXNrWjB6V3FsTkRuTXp6UVZEVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUU0MDMvQTFDQ0VDRkVGOEJCMTFFQTg3QjFERTZCQzRGOUFFMDIvNjk3OURENkE3
QTlEMTFFREFCNjIwMTIzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBADLIgswDwQCAAIwCQMHACABDfDpwDANBgkqhkiG9w0BAQsF
AAOCAQEAxuLFRrL7FehbPWwDtz+fUzk0MW+KFwde4tu62VG7x9jG42F3I4z9rcry
zovogH29eHtohi/Lh4P9MxzcUhiL6/gLmrGAq5GyHWB7pHWnTeQqyMR0tnN1zmO/
eBoBcImzYRYRDcFnsK4pgqSKJbQ6H79Kr8j/oWOSUW1d5iVYs3FybqwfDQLLSqMH
Njh1UYjChSCvs8gjv+EunsuP4kUDraWeIKc8KjsEA9/0Agrf6tHh7drV1JuH9K5h
jr1fjKqkB5Ybq/DxSaoENEmfQX04bpx76NzkcUFA8S5CJ/WUZGajGZV+hVkSX2+h
O+dK2sxIqpNmivGcQKbbE1talLL9TA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:47 2024 by rpki-client on console-ams.rpki-client.org