Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9146944/43BD1C6E8E9511EAA9D73A2EC4F9AE02/FF7AEE88705E11ED95098E58C4F9AE02.roa
File: FF7AEE88705E11ED95098E58C4F9AE02.roa (raw, json)
Hash identifier: QHMEE387VTSq79lW24gdoWPHbJM9K/TtXIw+A/YPHG4=
Subject key identifier: EE:35:1D:5C:C4:E2:FE:7A:6C:EB:5A:0E:96:5E:8F:8D:11:76:90:DD
Certificate issuer: /CN=A9146944/serialNumber=ED1F958CB604B576E82214B4CF3CC0FE620EF9F4
Certificate serial: 07E3
Authority key identifier: ED:1F:95:8C:B6:04:B5:76:E8:22:14:B4:CF:3C:C0:FE:62:0E:F9:F4
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7R-VjLYEtXboIhS0zzzA_mIO-fQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9146944/43BD1C6E8E9511EAA9D73A2EC4F9AE02/FF7AEE88705E11ED95098E58C4F9AE02.roa
Signing time: Wed 30 Nov 2022 03:28:04 +0000
ROA not before: Wed 30 Nov 2022 03:28:04 +0000
ROA not after: Thu 31 Aug 2023 00:00:00 +0000
asID: 131340
IP address blocks: 45.250.229.0/24 maxlen: 24
103.202.220.0/24 maxlen: 24
103.202.221.0/24 maxlen: 24
103.209.198.0/24 maxlen: 24
202.133.90.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2019 (0x7e3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9146944/serialNumber=ED1F958CB604B576E82214B4CF3CC0FE620EF9F4
Validity
Not Before: Nov 30 03:28:04 2022 GMT
Not After : Aug 31 00:00:00 2023 GMT
Subject: CN=6386cdc3-a244
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:ec:39:e6:86:44:77:1d:f9:48:c5:f9:a0:19:
09:a2:a1:d5:ba:64:44:bb:5e:70:a9:4f:14:06:bd:
7b:8e:61:e1:f0:72:a0:99:3a:a9:97:3e:93:ca:90:
48:87:c9:7b:3a:ab:71:8c:ef:1b:86:f2:82:70:4d:
d1:fc:10:e7:58:e4:4c:a3:cb:bb:1c:8e:cd:57:b9:
4d:46:52:5f:ac:5d:ca:20:95:3b:f4:58:6a:e4:c9:
fa:b4:2e:2e:35:94:10:15:44:7c:4a:c8:98:ac:38:
7a:e8:df:19:26:3b:f0:8a:7f:de:a4:ff:9d:0a:93:
90:cc:d0:51:50:be:c7:11:02:d2:83:95:e0:fc:7c:
e2:a0:ce:40:b4:a5:3c:7b:7e:2b:84:40:aa:74:77:
62:a2:5e:fa:0f:63:56:ce:cd:50:83:71:e4:3b:71:
af:91:b0:5e:d4:13:d5:9f:29:ed:65:99:96:b4:89:
6c:97:bc:8c:ee:53:96:da:55:30:f0:1f:96:21:3b:
dc:6a:b5:d7:b0:f0:dc:16:0a:17:7b:53:b2:d6:0c:
93:33:32:fb:b3:de:68:54:6a:3b:45:67:6e:5e:23:
a7:4d:7b:2b:ff:0c:87:96:4f:49:87:36:61:15:99:
22:f7:24:f7:e8:2f:e0:c0:f5:63:ef:4d:ea:48:3f:
bb:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:35:1D:5C:C4:E2:FE:7A:6C:EB:5A:0E:96:5E:8F:8D:11:76:90:DD
X509v3 Authority Key Identifier:
keyid:ED:1F:95:8C:B6:04:B5:76:E8:22:14:B4:CF:3C:C0:FE:62:0E:F9:F4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9146944/43BD1C6E8E9511EAA9D73A2EC4F9AE02/7R-VjLYEtXboIhS0zzzA_mIO-fQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7R-VjLYEtXboIhS0zzzA_mIO-fQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9146944/43BD1C6E8E9511EAA9D73A2EC4F9AE02/FF7AEE88705E11ED95098E58C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.250.229.0/24
103.202.220.0/23
103.209.198.0/24
202.133.90.0/24
Signature Algorithm: sha256WithRSAEncryption
16:cd:d6:f1:ff:c0:ef:f8:2c:68:6f:5f:ed:73:32:be:30:29:
1b:01:25:79:1d:a7:46:2f:fc:59:01:a5:7d:bf:4f:77:73:b4:
cd:a4:0c:6b:87:0b:25:97:40:c4:2c:98:65:6b:06:29:31:9a:
6a:3a:27:c5:67:7e:3f:b2:fc:19:d4:41:e5:2d:ea:56:7d:bf:
5c:d1:35:de:96:33:b3:66:c8:da:95:80:d2:2d:08:5f:5e:e5:
78:d7:41:f2:36:f4:42:21:e2:cc:31:2a:1e:4f:16:c5:97:7d:
29:a0:40:cb:9a:8d:ef:77:46:2e:8b:84:20:1c:0b:47:71:d7:
cc:df:7e:44:a9:44:3f:12:81:f6:3e:54:e1:43:e2:23:d3:05:
df:86:91:2e:b1:7b:a3:47:89:97:46:8a:e5:96:a4:d5:a7:0a:
55:e2:e8:b5:74:03:be:c2:23:8b:12:63:4a:0d:05:e7:eb:bd:
dd:66:cf:71:cd:ce:48:2a:63:7c:52:74:78:a3:41:23:7e:e6:
73:89:5e:9c:cb:a7:f8:3b:34:20:e6:d3:52:fe:ec:66:54:d6:
e3:5f:ed:d3:2d:45:ef:7d:3f:ca:df:d5:5e:0d:e6:ea:6e:a2:
f9:57:17:ae:33:58:f3:15:75:24:af:36:20:8e:4f:db:1a:f2:
65:3a:d3:b4
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICB+MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDY5NDQxMTAvBgNVBAUTKEVEMUY5NThDQjYwNEI1NzZFODIyMTRCNENGM0NDMEZF
NjIwRUY5RjQwHhcNMjIxMTMwMDMyODA0WhcNMjMwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Mzg2Y2RjMy1hMjQ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyOw55oZEdx35SMX5oBkJoqHVumREu15wqU8UBr17jmHh8HKgmTqplz6TypBI
h8l7OqtxjO8bhvKCcE3R/BDnWORMo8u7HI7NV7lNRlJfrF3KIJU79Fhq5Mn6tC4u
NZQQFUR8SsiYrDh66N8ZJjvwin/epP+dCpOQzNBRUL7HEQLSg5Xg/HzioM5AtKU8
e34rhECqdHdiol76D2NWzs1Qg3HkO3GvkbBe1BPVnyntZZmWtIlsl7yM7lOW2lUw
8B+WITvcarXXsPDcFgoXe1Oy1gyTMzL7s95oVGo7RWduXiOnTXsr/wyHlk9JhzZh
FZki9yT36C/gwPVj703qSD+7DwIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFO41HVzE
4v56bOtaDpZej40RdpDdMB8GA1UdIwQYMBaAFO0flYy2BLV26CIUtM88wP5iDvn0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0Njk0NC80M0JEMUM2RThF
OTUxMUVBQTlENzNBMkVDNEY5QUUwMi83Ui1WakxZRXRYYm9JaFMwenp6QV9tSU8t
ZlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzdSLVZqTFlFdFhib0loUzB6enpBX21JTy1mUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDY5NDQvNDNCRDFDNkU4RTk1MTFFQUE5RDczQTJFQzRGOUFFMDIvRkY3QUVFODg3
MDVFMTFFRDk1MDk4RTU4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBAAt+uUDBAFnytwDBABn0cYDBADKhVowDQYJKoZIhvcNAQEL
BQADggEBABbN1vH/wO/4LGhvX+1zMr4wKRsBJXkdp0Yv/FkBpX2/T3dztM2kDGuH
CyWXQMQsmGVrBikxmmo6J8Vnfj+y/BnUQeUt6lZ9v1zRNd6WM7NmyNqVgNItCF9e
5XjXQfI29EIh4swxKh5PFsWXfSmgQMuaje93Ri6LhCAcC0dx18zffkSpRD8SgfY+
VOFD4iPTBd+GkS6xe6NHiZdGiuWWpNWnClXi6LV0A77CI4sSY0oNBefrvd1mz3HN
zkgqY3xSdHijQSN+5nOJXpzLp/g7NCDm01L+7GZU1uNf7dMtRe99P8rf1V4N5upu
ovlXF64zWPMVdSSvNiCOT9sa8mU607Q=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:04 2024 by rpki-client on console-fra.rpki-client.org