Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/47DA6ED0B17C11EC92E57138C4F9AE02.roa
File: 47DA6ED0B17C11EC92E57138C4F9AE02.roa (raw, json)
Hash identifier: UfHAcZ+stGNmhYwSmi+ChmrsP+Qy560se+SLgJMb1Lo=
Subject key identifier: AF:88:01:55:F3:72:92:61:84:A3:F9:A2:2A:88:59:7B:52:12:A6:33
Certificate issuer: /CN=A91536B7/serialNumber=981FA227A2A435C2B76E06C9C452D3EC751984D3
Certificate serial: 0380
Authority key identifier: 98:1F:A2:27:A2:A4:35:C2:B7:6E:06:C9:C4:52:D3:EC:75:19:84:D3
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/47DA6ED0B17C11EC92E57138C4F9AE02.roa
Signing time: Fri 01 Apr 2022 17:23:43 +0000
ROA not before: Fri 01 Apr 2022 17:23:42 +0000
ROA not after: Mon 01 Aug 2022 00:00:00 +0000
asID: 134409
IP address blocks: 116.206.128.0/24 maxlen: 24
2407:c280:ffff::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 896 (0x380)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91536B7/serialNumber=981FA227A2A435C2B76E06C9C452D3EC751984D3
Validity
Not Before: Apr 1 17:23:42 2022 GMT
Not After : Aug 1 00:00:00 2022 GMT
Subject: CN=6247351e-7007
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:1d:f8:e2:4f:98:8f:73:7a:71:6e:30:19:b6:
19:23:1a:7a:7e:7d:1a:94:22:1d:c2:c9:c7:16:b4:
27:e5:ba:36:37:92:c5:65:14:e7:60:08:8d:c4:41:
48:d7:0f:9c:74:4f:8f:bd:e4:0e:11:25:29:d7:5c:
37:5e:31:b2:00:8c:8f:cf:b1:cb:7a:77:2d:d2:0e:
9b:5c:4b:b2:a1:f0:c7:35:62:0e:ea:e3:1b:a8:5d:
7c:4b:d5:68:d7:bd:75:dd:34:66:91:c1:c0:a8:5a:
2f:a0:54:77:2c:bc:eb:77:d1:9e:4b:df:46:8d:d4:
35:6d:7e:09:f6:ed:d6:89:e4:23:e4:2c:1d:32:99:
aa:40:a6:cf:00:5f:49:73:df:25:57:c5:ba:22:82:
d9:ea:11:80:0e:de:df:5f:00:f3:8c:20:b7:c1:c2:
b2:2a:e0:ed:d2:a6:6d:44:75:b6:c0:e7:2c:a0:62:
20:f3:72:c9:56:14:fe:b5:cd:a5:88:88:52:32:2b:
94:fd:4a:e5:59:4a:79:70:2f:88:8e:69:ec:1b:67:
be:94:56:7f:00:6e:df:8d:ca:1f:ed:b2:f9:95:62:
7e:e4:bf:57:49:80:ff:99:0c:dd:59:e1:93:7f:7b:
20:5e:3b:b2:f8:8d:0a:b5:b0:d8:29:89:96:a2:2f:
92:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:88:01:55:F3:72:92:61:84:A3:F9:A2:2A:88:59:7B:52:12:A6:33
X509v3 Authority Key Identifier:
keyid:98:1F:A2:27:A2:A4:35:C2:B7:6E:06:C9:C4:52:D3:EC:75:19:84:D3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/47DA6ED0B17C11EC92E57138C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
116.206.128.0/24
IPv6:
2407:c280:ffff::/48
Signature Algorithm: sha256WithRSAEncryption
b1:43:3f:f7:52:9c:86:53:c3:21:d7:b0:a6:de:12:64:6a:f2:
75:25:55:6d:06:75:1e:b7:e3:37:72:ee:23:c5:aa:93:42:d6:
0b:a5:24:8e:19:ba:69:ad:b3:ad:e4:cb:0b:20:83:45:1c:47:
24:f6:f4:9d:52:81:d0:9b:6b:a6:1e:6e:f5:52:69:32:b1:01:
f3:8c:58:c0:60:bd:cb:bc:fe:d4:97:55:a8:3f:4f:12:7f:b3:
29:e6:91:60:17:6b:36:3b:8f:9b:8a:bb:9b:4e:91:0a:96:53:
a5:8f:05:e4:33:82:12:f5:e9:eb:54:74:f0:76:d9:2c:99:33:
4f:92:dc:ff:88:05:70:2e:03:27:07:b9:b8:10:7c:e2:ac:c4:
08:f2:e7:be:7b:a0:76:05:ee:18:11:64:88:3a:41:65:93:f7:
fc:49:7c:1f:4e:9a:0a:65:c8:17:97:a7:b7:c3:57:9b:e0:0e:
f7:fb:f9:8a:d9:12:bf:05:84:0d:11:bb:81:9b:1b:6b:60:74:
f4:ac:b8:a5:9e:ab:e3:ea:8e:92:8b:40:0c:57:d8:2e:18:5f:
09:46:62:71:10:a8:20:63:2c:41:d9:f7:16:16:d8:93:00:cf:
12:69:bc:9e:74:b2:93:5d:0c:4d:19:b6:4a:fe:d7:52:6d:d8:
f4:30:01:ce
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICA4AwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTM2QjcxMTAvBgNVBAUTKDk4MUZBMjI3QTJBNDM1QzJCNzZFMDZDOUM0NTJEM0VD
NzUxOTg0RDMwHhcNMjIwNDAxMTcyMzQyWhcNMjIwODAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjQ3MzUxZS03MDA3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0B344k+Yj3N6cW4wGbYZIxp6fn0alCIdwsnHFrQn5bo2N5LFZRTnYAiNxEFI
1w+cdE+PveQOESUp11w3XjGyAIyPz7HLenct0g6bXEuyofDHNWIO6uMbqF18S9Vo
17113TRmkcHAqFovoFR3LLzrd9GeS99GjdQ1bX4J9u3WieQj5CwdMpmqQKbPAF9J
c98lV8W6IoLZ6hGADt7fXwDzjCC3wcKyKuDt0qZtRHW2wOcsoGIg83LJVhT+tc2l
iIhSMiuU/UrlWUp5cC+IjmnsG2e+lFZ/AG7fjcof7bL5lWJ+5L9XSYD/mQzdWeGT
f3sgXjuy+I0KtbDYKYmWoi+SuwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFK+IAVXz
cpJhhKP5oiqIWXtSEqYzMB8GA1UdIwQYMBaAFJgfoieipDXCt24GycRS0+x1GYTT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MzZCNy9GMUNEMjdCNDcz
QUQxMUU3QUNCRDAyNUVDNEY5QUUwMi9tQi1pSjZLa05jSzNiZ2JKeEZMVDdIVVpo
Tk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21CLWlKNktrTmNLM2JnYkp4RkxUN0hVWmhOTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTM2QjcvRjFDRDI3QjQ3M0FEMTFFN0FDQkQwMjVFQzRGOUFFMDIvNDdEQTZFRDBC
MTdDMTFFQzkyRTU3MTM4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAB0zoAwDwQCAAIwCQMHACQHwoD//zANBgkqhkiG9w0BAQsF
AAOCAQEAsUM/91KchlPDIdewpt4SZGrydSVVbQZ1HrfjN3LuI8Wqk0LWC6Ukjhm6
aa2zreTLCyCDRRxHJPb0nVKB0Jtrph5u9VJpMrEB84xYwGC9y7z+1JdVqD9PEn+z
KeaRYBdrNjuPm4q7m06RCpZTpY8F5DOCEvXp61R08HbZLJkzT5Lc/4gFcC4DJwe5
uBB84qzECPLnvnugdgXuGBFkiDpBZZP3/El8H06aCmXIF5ent8NXm+AO9/v5itkS
vwWEDRG7gZsba2B09Ky4pZ6r4+qOkotADFfYLhhfCUZicRCoIGMsQdn3FhbYkwDP
Emm8nnSyk10MTRm2Sv7XUm3Y9DABzg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:06 2024 by rpki-client on console-ams.rpki-client.org