Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9168494/31B8263C099311EDB21C9B4BC4F9AE02/3DDDE43A099611EDAAD89651C4F9AE02.roa
File: 3DDDE43A099611EDAAD89651C4F9AE02.roa (raw, json)
Hash identifier: p8DIn9Ao4IZJGEkiTBcTlDDDiXhQ/WfMxMzxRQ9p6dE=
Subject key identifier: 65:0A:88:6C:23:C7:E9:92:18:7E:6B:88:8D:6E:C3:ED:C7:FF:DB:00
Certificate issuer: /CN=A9168494/serialNumber=B13EA4934F41FC4834CD2A6FF8218D40F7A97789
Certificate serial: 03
Authority key identifier: B1:3E:A4:93:4F:41:FC:48:34:CD:2A:6F:F8:21:8D:40:F7:A9:77:89
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/sT6kk09B_Eg0zSpv-CGNQPepd4k.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9168494/31B8263C099311EDB21C9B4BC4F9AE02/3DDDE43A099611EDAAD89651C4F9AE02.roa
Signing time: Fri 22 Jul 2022 08:14:01 +0000
ROA not before: Fri 22 Jul 2022 08:14:01 +0000
ROA not after: Sun 30 Jul 2023 00:00:00 +0000
asID: 3550
IP address blocks: 165.220.0.0/21 maxlen: 21
165.220.16.0/20 maxlen: 20
165.220.32.0/19 maxlen: 19
165.220.64.0/18 maxlen: 18
165.220.128.0/18 maxlen: 18
165.220.192.0/19 maxlen: 19
165.220.224.0/20 maxlen: 20
165.220.240.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9168494/serialNumber=B13EA4934F41FC4834CD2A6FF8218D40F7A97789
Validity
Not Before: Jul 22 08:14:01 2022 GMT
Not After : Jul 30 00:00:00 2023 GMT
Subject: CN=62da5c48-7c3f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:a6:0a:c5:9a:cb:49:b8:ca:39:d6:9d:92:70:
ae:d3:95:96:86:97:c6:c0:07:89:12:50:e6:d2:f9:
ee:6f:85:b0:06:69:bd:d5:7e:8b:09:1b:5a:01:e6:
7c:f3:ea:93:38:fe:df:6c:c0:00:dd:96:4b:7f:4b:
e4:fa:2c:19:e0:95:a6:ce:53:05:31:1c:de:41:8c:
a5:9e:49:81:e9:6e:75:b4:b6:b2:79:76:70:1b:48:
19:07:11:df:ec:bc:96:94:c4:bd:3a:b1:02:aa:9b:
7b:99:41:d2:7f:50:0e:30:e7:f0:29:88:11:37:dd:
02:8f:cb:6f:79:2c:15:1b:0e:a3:1c:ac:5c:f8:06:
98:ee:1d:c9:56:cb:5e:60:01:98:81:01:fb:b1:83:
1f:fb:a0:f2:96:dc:83:66:56:09:25:fd:07:fe:8a:
da:15:e4:86:3b:56:9a:21:6a:97:b8:80:10:5e:87:
ea:d3:56:12:d2:09:f7:8f:de:73:f0:9e:ba:fd:6a:
c8:28:12:d7:9d:b9:ad:b5:e4:16:56:ce:e9:fa:8a:
2a:eb:e0:1d:a9:10:d5:ce:b8:2d:ff:95:71:fb:b0:
f8:a6:58:d4:e6:cb:d6:34:42:5b:00:5e:28:69:f9:
1e:35:54:a6:9b:b3:a4:ac:5c:28:e6:05:51:d5:df:
71:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:0A:88:6C:23:C7:E9:92:18:7E:6B:88:8D:6E:C3:ED:C7:FF:DB:00
X509v3 Authority Key Identifier:
keyid:B1:3E:A4:93:4F:41:FC:48:34:CD:2A:6F:F8:21:8D:40:F7:A9:77:89
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9168494/31B8263C099311EDB21C9B4BC4F9AE02/sT6kk09B_Eg0zSpv-CGNQPepd4k.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/sT6kk09B_Eg0zSpv-CGNQPepd4k.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9168494/31B8263C099311EDB21C9B4BC4F9AE02/3DDDE43A099611EDAAD89651C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
165.220.0.0/21
165.220.16.0-165.220.247.255
Signature Algorithm: sha256WithRSAEncryption
29:b7:59:64:4e:86:1a:13:37:1e:30:76:b3:7a:62:1d:e4:99:
57:4d:41:b8:39:86:ad:60:80:7d:61:a7:51:5a:4b:a6:a2:12:
3a:be:ac:6d:9a:c8:1f:75:e7:f6:2f:a9:9c:f1:95:75:ee:0a:
39:85:aa:51:00:0f:77:9f:09:15:be:09:98:62:a8:e0:94:b4:
72:f0:b8:8b:e1:a8:e6:16:75:de:8b:c3:97:3b:1b:7c:ab:f9:
bc:28:81:b0:fd:15:0b:a7:56:08:76:5e:20:df:6c:24:b5:27:
51:fb:ee:04:ae:92:c6:8d:2a:99:6e:9e:3a:d0:6f:d6:bb:e5:
04:e7:3b:09:e4:3f:d4:82:17:a3:1a:0c:73:4c:b2:14:ed:66:
f1:8f:8f:87:9a:99:41:81:aa:1c:ee:21:68:29:1b:18:3c:88:
12:da:7f:b1:73:52:1d:4c:74:3a:ed:80:d1:63:a2:38:d9:66:
02:d8:fc:ea:61:2a:41:c5:15:c0:f0:d4:75:ac:ad:3f:77:2b:
61:a1:ce:0c:89:bd:fe:85:9e:14:8e:8d:77:52:a1:a4:ee:08:
1d:d0:fe:e9:fc:82:38:80:98:8f:e9:19:50:3c:26:3f:50:9b:
ca:83:04:8c:ec:41:ad:e5:3e:1f:61:4e:21:8d:fc:04:54:ac:
9a:ba:b8:60
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgIBAzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE2
ODQ5NDExMC8GA1UEBRMoQjEzRUE0OTM0RjQxRkM0ODM0Q0QyQTZGRjgyMThENDBG
N0E5Nzc4OTAeFw0yMjA3MjIwODE0MDFaFw0yMzA3MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTYyZGE1YzQ4LTdjM2YwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDPpgrFmstJuMo51p2ScK7TlZaGl8bAB4kSUObS+e5vhbAGab3VfosJG1oB5nzz
6pM4/t9swADdlkt/S+T6LBnglabOUwUxHN5BjKWeSYHpbnW0trJ5dnAbSBkHEd/s
vJaUxL06sQKqm3uZQdJ/UA4w5/ApiBE33QKPy295LBUbDqMcrFz4BpjuHclWy15g
AZiBAfuxgx/7oPKW3INmVgkl/Qf+itoV5IY7Vpohape4gBBeh+rTVhLSCfeP3nPw
nrr9asgoEtedua215BZWzun6iirr4B2pENXOuC3/lXH7sPimWNTmy9Y0QlsAXihp
+R41VKabs6SsXCjmBVHV33GVAgMBAAGjggKjMIICnzAdBgNVHQ4EFgQUZQqIbCPH
6ZIYfmuIjW7D7cf/2wAwHwYDVR0jBBgwFoAUsT6kk09B/Eg0zSpv+CGNQPepd4kw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTY4NDk0LzMxQjgyNjNDMDk5
MzExRURCMjFDOUI0QkM0RjlBRTAyL3NUNmtrMDlCX0VnMHpTcHYtQ0dOUVBlcGQ0
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvc1Q2a2swOUJfRWcwelNwdi1DR05RUGVwZDRrLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2
ODQ5NC8zMUI4MjYzQzA5OTMxMUVEQjIxQzlCNEJDNEY5QUUwMi8zRERERTQzQTA5
OTYxMUVEQUFEODk2NTFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAtBggrBgEFBQcBBwEB/wQe
MBwwGgQCAAEwFAMEA6XcADAMAwQEpdwQAwQDpdzwMA0GCSqGSIb3DQEBCwUAA4IB
AQApt1lkToYaEzceMHazemId5JlXTUG4OYatYIB9YadRWkumohI6vqxtmsgfdef2
L6mc8ZV17go5hapRAA93nwkVvgmYYqjglLRy8LiL4ajmFnXei8OXOxt8q/m8KIGw
/RULp1YIdl4g32wktSdR++4ErpLGjSqZbp460G/Wu+UE5zsJ5D/UghejGgxzTLIU
7Wbxj4+HmplBgaoc7iFoKRsYPIgS2n+xc1IdTHQ67YDRY6I42WYC2PzqYSpBxRXA
8NR1rK0/dythoc4Mib3+hZ4Ujo13UqGk7ggd0P7p/II4gJiP6RlQPCY/UJvKgwSM
7EGt5T4fYU4hjfwEVKyaurhg
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:45 2023 by rpki-client on console-fra.rpki-client.org