Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/F1705A50F8E811EC87229B6BC4F9AE02.roa
File: F1705A50F8E811EC87229B6BC4F9AE02.roa (raw, json)
Hash identifier: cCxQa4eKpWv51t+orlr8/0JxiF6Cy170WFTvzYyH4Vw=
Subject key identifier: FE:C0:D4:7E:A2:0D:10:38:20:A4:69:95:78:E6:F6:91:CC:8F:02:AD
Certificate issuer: /CN=A912BE25/serialNumber=A760ADE0C9D05EE679EC304122BC3350C8D2A439
Certificate serial: 23
Authority key identifier: A7:60:AD:E0:C9:D0:5E:E6:79:EC:30:41:22:BC:33:50:C8:D2:A4:39
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p2Ct4MnQXuZ57DBBIrwzUMjSpDk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/F1705A50F8E811EC87229B6BC4F9AE02.roa
Signing time: Fri 01 Jul 2022 02:53:11 +0000
ROA not before: Fri 01 Jul 2022 02:53:11 +0000
ROA not after: Thu 01 Dec 2022 00:00:00 +0000
asID: 23887
IP address blocks: 119.63.0.0/20 maxlen: 20
119.63.0.0/22 maxlen: 22
202.71.176.0/20 maxlen: 20
202.71.182.0/24 maxlen: 24
202.71.183.0/24 maxlen: 24
202.71.190.0/24 maxlen: 24
202.71.191.0/24 maxlen: 24
2406:2a00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 35 (0x23)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A912BE25/serialNumber=A760ADE0C9D05EE679EC304122BC3350C8D2A439
Validity
Not Before: Jul 1 02:53:11 2022 GMT
Not After : Dec 1 00:00:00 2022 GMT
Subject: CN=62be6197-7df1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:d3:2a:24:89:d1:f5:6c:6d:6a:81:db:68:a7:
71:19:7e:01:d2:41:32:8a:38:07:fa:89:c9:69:a0:
cb:45:c1:83:5a:40:01:4e:b9:35:ea:44:25:25:b8:
a0:9e:6d:89:4e:84:89:f2:95:c7:ab:90:9c:6e:fd:
c1:2a:59:0f:97:7f:1b:37:88:95:cb:3d:aa:ac:6b:
7e:12:b5:84:01:b0:1f:0b:9e:0f:00:61:a3:dc:ee:
ab:c0:6a:13:37:d9:13:92:c9:78:78:a7:4b:e1:c6:
fc:20:2b:76:f7:53:71:3b:fa:44:0a:26:e3:3f:30:
d2:52:87:52:08:35:34:53:20:9c:8a:17:37:69:9d:
50:38:35:c5:77:3e:71:a4:76:d3:37:1e:71:5c:9f:
60:14:e5:6e:a5:da:e7:a3:80:b3:81:27:f5:42:50:
cc:22:82:c8:3b:09:b1:e2:a8:51:97:d4:3c:ac:5f:
2f:43:71:45:3b:3b:56:1a:f8:45:72:43:09:3c:af:
9d:d4:89:4e:12:0c:9e:c4:96:10:73:f5:cb:a1:6d:
27:63:0a:0c:22:d6:da:bd:9d:be:fb:b7:6d:78:37:
97:46:c2:4b:50:56:af:62:5c:57:96:50:c6:45:2a:
aa:53:4a:0e:12:fe:16:9a:11:9a:d8:f9:33:ff:c6:
7f:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:C0:D4:7E:A2:0D:10:38:20:A4:69:95:78:E6:F6:91:CC:8F:02:AD
X509v3 Authority Key Identifier:
keyid:A7:60:AD:E0:C9:D0:5E:E6:79:EC:30:41:22:BC:33:50:C8:D2:A4:39
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/p2Ct4MnQXuZ57DBBIrwzUMjSpDk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p2Ct4MnQXuZ57DBBIrwzUMjSpDk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/F1705A50F8E811EC87229B6BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
119.63.0.0/20
202.71.176.0/20
IPv6:
2406:2a00::/32
Signature Algorithm: sha256WithRSAEncryption
78:15:78:14:ee:4d:b6:ad:07:51:df:3f:72:19:e2:12:c9:76:
72:01:dc:cf:49:e5:72:91:b5:e4:27:bd:02:95:13:e7:66:e4:
05:fc:49:47:22:74:1a:5b:5f:83:d0:eb:2b:75:68:72:12:ee:
c9:41:a3:f4:65:57:a5:b4:9c:19:e9:7b:50:bf:44:b2:05:5a:
97:cd:9b:5c:5b:d2:64:e5:b5:71:99:16:38:cb:e5:5f:79:87:
a5:08:c8:49:64:3a:b4:21:e1:8e:8b:38:b5:a0:f0:23:85:1c:
e5:d1:ea:f5:c1:01:f1:2c:32:89:50:2a:b3:e2:25:a9:7b:f3:
8e:24:48:18:36:ac:96:e1:f5:e7:9b:d4:f5:de:f9:9c:c0:29:
2f:61:64:b0:78:1f:08:9a:e6:96:a9:61:f3:1e:29:b0:aa:12:
4e:c0:cf:0b:b5:35:20:8c:ec:e6:79:75:b6:65:4e:e9:a1:ed:
d8:9f:1b:90:ee:ff:b7:98:80:53:ac:e9:ab:b9:79:57:b9:12:
9c:93:72:a6:82:13:15:76:59:8b:91:79:3f:4d:bd:f7:a2:a2:
db:7c:a8:ab:b6:45:6b:90:92:04:30:00:1b:a8:29:55:5a:95:
8f:cf:a7:c3:6d:bd:8e:b3:1e:4b:77:a8:1b:fc:cc:31:01:16:
e9:28:f0:12
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgIBIzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEy
QkUyNTExMC8GA1UEBRMoQTc2MEFERTBDOUQwNUVFNjc5RUMzMDQxMjJCQzMzNTBD
OEQyQTQzOTAeFw0yMjA3MDEwMjUzMTFaFw0yMjEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYyYmU2MTk3LTdkZjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCy0yokidH1bG1qgdtop3EZfgHSQTKKOAf6iclpoMtFwYNaQAFOuTXqRCUluKCe
bYlOhInylcerkJxu/cEqWQ+Xfxs3iJXLPaqsa34StYQBsB8Lng8AYaPc7qvAahM3
2ROSyXh4p0vhxvwgK3b3U3E7+kQKJuM/MNJSh1IINTRTIJyKFzdpnVA4NcV3PnGk
dtM3HnFcn2AU5W6l2uejgLOBJ/VCUMwigsg7CbHiqFGX1DysXy9DcUU7O1Ya+EVy
Qwk8r53UiU4SDJ7ElhBz9cuhbSdjCgwi1tq9nb77t214N5dGwktQVq9iXFeWUMZF
KqpTSg4S/haaEZrY+TP/xn8nAgMBAAGjggKqMIICpjAdBgNVHQ4EFgQU/sDUfqIN
EDggpGmVeOb2kcyPAq0wHwYDVR0jBBgwFoAUp2Ct4MnQXuZ57DBBIrwzUMjSpDkw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTJCRTI1L0Q5MDUyNkU0RUUx
MTExRUM5NTI5OTk4MkM0RjlBRTAyL3AyQ3Q0TW5RWHVaNTdEQkJJcnd6VU1qU3BE
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvcDJDdDRNblFYdVo1N0RCQklyd3pVTWpTcERrLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEy
QkUyNS9EOTA1MjZFNEVFMTExMUVDOTUyOTk5ODJDNEY5QUUwMi9GMTcwNUE1MEY4
RTgxMUVDODcyMjlCNkJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA0BggrBgEFBQcBBwEB/wQl
MCMwEgQCAAEwDAMEBHc/AAMEBMpHsDANBAIAAjAHAwUAJAYqADANBgkqhkiG9w0B
AQsFAAOCAQEAeBV4FO5Ntq0HUd8/chniEsl2cgHcz0nlcpG15Ce9ApUT52bkBfxJ
RyJ0Gltfg9DrK3VochLuyUGj9GVXpbScGel7UL9EsgVal82bXFvSZOW1cZkWOMvl
X3mHpQjISWQ6tCHhjos4taDwI4Uc5dHq9cEB8SwyiVAqs+IlqXvzjiRIGDasluH1
55vU9d75nMApL2FksHgfCJrmlqlh8x4psKoSTsDPC7U1IIzs5nl1tmVO6aHt2J8b
kO7/t5iAU6zpq7l5V7kSnJNypoITFXZZi5F5P02996Ki23yoq7ZFa5CSBDAAG6gp
VVqVj8+nw229jrMeS3eoG/zMMQEW6SjwEg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:49 2024 by rpki-client on console-ams.rpki-client.org