Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91814CB/ADEC543A1D7811EA8D301744C4F9AE02/D6053E5E70AF11ED82AA237FC4F9AE02.roa
File: D6053E5E70AF11ED82AA237FC4F9AE02.roa (raw, json)
Hash identifier: LcZiSap/pCq98U2hlqwiWPZ/vHB2EmiG7Kil6cLWj2c=
Subject key identifier: 9A:99:3F:AD:25:56:A8:8C:31:5B:AE:A9:CF:2A:85:40:45:73:2E:94
Certificate issuer: /CN=A91814CB/serialNumber=9AA53D27BE1BB614953C379D39E0BBC5F1C124A7
Certificate serial: 09F4
Authority key identifier: 9A:A5:3D:27:BE:1B:B6:14:95:3C:37:9D:39:E0:BB:C5:F1:C1:24:A7
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mqU9J74bthSVPDedOeC7xfHBJKc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91814CB/ADEC543A1D7811EA8D301744C4F9AE02/D6053E5E70AF11ED82AA237FC4F9AE02.roa
Signing time: Wed 30 Nov 2022 13:06:43 +0000
ROA not before: Wed 30 Nov 2022 13:06:43 +0000
ROA not after: Wed 31 Jan 2024 00:00:00 +0000
asID: 135673
IP address blocks: 123.108.88.0/22 maxlen: 24
2407:d380::/32 maxlen: 33
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2548 (0x9f4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91814CB/serialNumber=9AA53D27BE1BB614953C379D39E0BBC5F1C124A7
Validity
Not Before: Nov 30 13:06:43 2022 GMT
Not After : Jan 31 00:00:00 2024 GMT
Subject: CN=63875563-794b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:26:e9:9e:f6:54:73:0a:be:2b:b3:13:f6:3f:
64:28:1e:de:a0:5e:53:1f:75:2f:6e:7f:d1:31:e9:
5d:2e:5a:bb:b7:f8:b8:e9:36:e0:0b:68:4e:7a:24:
a0:c4:77:32:3b:8a:1d:a8:5c:02:f6:00:6f:c3:2e:
d5:97:f4:94:d4:48:30:43:df:d0:74:a0:57:10:25:
f3:bc:73:ca:2b:11:0a:9e:57:b4:33:6d:2d:2b:79:
b3:43:3b:bf:ef:63:ec:b5:d5:f3:cc:34:a0:4a:a9:
e9:f4:cc:0a:79:c4:f7:a4:da:a3:b5:7a:64:1d:5b:
fd:41:b1:71:81:08:2b:19:45:e3:ed:54:cc:3b:6e:
0e:54:ec:59:46:18:d2:79:b2:ef:da:fc:d6:c8:3f:
2e:99:55:4e:4f:39:1c:8a:09:d4:7d:4b:40:dc:de:
21:3f:c2:13:04:05:14:ca:d1:21:58:ae:3a:c5:2e:
3c:78:b0:88:45:8f:3e:7c:e1:5d:96:90:65:57:d7:
13:af:8b:fd:84:3c:06:07:ca:e0:f2:57:ee:43:cd:
11:50:ac:19:5d:e1:e5:46:d0:1a:f6:7b:de:d9:4b:
0f:68:a8:46:d5:ec:cf:c6:05:29:13:a4:ca:78:77:
b5:e7:45:ef:8d:91:bd:e1:a6:03:3e:bc:6c:4c:02:
e3:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:99:3F:AD:25:56:A8:8C:31:5B:AE:A9:CF:2A:85:40:45:73:2E:94
X509v3 Authority Key Identifier:
keyid:9A:A5:3D:27:BE:1B:B6:14:95:3C:37:9D:39:E0:BB:C5:F1:C1:24:A7
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91814CB/ADEC543A1D7811EA8D301744C4F9AE02/mqU9J74bthSVPDedOeC7xfHBJKc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mqU9J74bthSVPDedOeC7xfHBJKc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91814CB/ADEC543A1D7811EA8D301744C4F9AE02/D6053E5E70AF11ED82AA237FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
123.108.88.0/22
IPv6:
2407:d380::/32
Signature Algorithm: sha256WithRSAEncryption
4a:b3:08:af:d8:6f:1c:68:f6:a8:fa:d3:36:ab:73:9b:52:42:
f2:7a:be:0b:25:b0:1e:50:00:86:f7:c5:4b:12:b6:85:c5:0a:
68:ee:56:c5:2e:9f:08:59:83:a1:15:e6:b3:9d:fe:b9:2a:13:
c0:97:31:a8:03:79:6f:73:06:8a:c1:14:aa:81:6e:72:7f:79:
ad:e2:4d:4c:2c:e5:83:18:ba:d2:83:27:a8:5c:22:f9:49:b0:
6a:04:e6:56:c1:95:b0:13:6b:29:87:94:c1:82:b8:a8:c6:df:
79:19:1b:9d:fc:a8:f0:70:dd:95:69:57:83:b9:46:33:0b:b1:
36:03:2e:04:45:b0:c9:c1:23:05:fa:6e:b2:8c:8e:d4:91:c9:
68:b9:fc:4f:e6:15:c7:f8:77:ae:1d:40:b4:ef:56:e7:ca:9e:
a7:f7:60:e5:cc:3b:4b:94:b1:98:0e:bb:2c:ca:44:95:2b:9d:
f5:90:b6:27:a3:d9:15:19:95:74:c1:c3:e6:bc:0d:f4:97:44:
71:6a:c6:89:97:9c:4b:a6:4f:62:b5:f8:3a:06:49:b2:03:b3:
49:37:03:51:78:f3:f7:b6:12:e3:b5:f3:f3:c6:3d:46:2a:fb:
b9:8c:ab:89:7e:37:29:bd:a7:a6:6d:7d:6a:41:5b:64:23:91:
38:72:60:48
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICCfQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODE0Q0IxMTAvBgNVBAUTKDlBQTUzRDI3QkUxQkI2MTQ5NTNDMzc5RDM5RTBCQkM1
RjFDMTI0QTcwHhcNMjIxMTMwMTMwNjQzWhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Mzg3NTU2My03OTRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxibpnvZUcwq+K7MT9j9kKB7eoF5TH3Uvbn/RMeldLlq7t/i46TbgC2hOeiSg
xHcyO4odqFwC9gBvwy7Vl/SU1EgwQ9/QdKBXECXzvHPKKxEKnle0M20tK3mzQzu/
72PstdXzzDSgSqnp9MwKecT3pNqjtXpkHVv9QbFxgQgrGUXj7VTMO24OVOxZRhjS
ebLv2vzWyD8umVVOTzkcignUfUtA3N4hP8ITBAUUytEhWK46xS48eLCIRY8+fOFd
lpBlV9cTr4v9hDwGB8rg8lfuQ80RUKwZXeHlRtAa9nve2UsPaKhG1ezPxgUpE6TK
eHe150XvjZG94aYDPrxsTALjuQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFJqZP60l
VqiMMVuuqc8qhUBFcy6UMB8GA1UdIwQYMBaAFJqlPSe+G7YUlTw3nTngu8XxwSSn
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4MTRDQi9BREVDNTQzQTFE
NzgxMUVBOEQzMDE3NDRDNEY5QUUwMi9tcVU5Sjc0YnRoU1ZQRGVkT2VDN3hmSEJK
S2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21xVTlKNzRidGhTVlBEZWRPZUM3eGZIQkpLYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODE0Q0IvQURFQzU0M0ExRDc4MTFFQThEMzAxNzQ0QzRGOUFFMDIvRDYwNTNFNUU3
MEFGMTFFRDgyQUEyMzdGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJ7bFgwDQQCAAIwBwMFACQH04AwDQYJKoZIhvcNAQELBQAD
ggEBAEqzCK/Ybxxo9qj60zarc5tSQvJ6vgslsB5QAIb3xUsStoXFCmjuVsUunwhZ
g6EV5rOd/rkqE8CXMagDeW9zBorBFKqBbnJ/ea3iTUws5YMYutKDJ6hcIvlJsGoE
5lbBlbATaymHlMGCuKjG33kZG538qPBw3ZVpV4O5RjMLsTYDLgRFsMnBIwX6brKM
jtSRyWi5/E/mFcf4d64dQLTvVufKnqf3YOXMO0uUsZgOuyzKRJUrnfWQtiej2RUZ
lXTBw+a8DfSXRHFqxomXnEumT2K1+DoGSbIDs0k3A1F48/e2EuO18/PGPUYq+7mM
q4l+Nym9p6ZtfWpBW2QjkThyYEg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:24 2024 by rpki-client on console-ams.rpki-client.org