Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/A2D64506AEC111EC8D8D1B0CC4F9AE02.roa
File: A2D64506AEC111EC8D8D1B0CC4F9AE02.roa (raw, json)
Hash identifier: qgY1jyYLkU8GsPbIF7FQE8inuUYS7l6Ojxnap/vkbzA=
Subject key identifier: 8F:1F:14:03:4B:78:64:C5:55:FA:D8:56:8F:1B:86:D7:1F:F1:3F:38
Certificate issuer: /CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
Certificate serial: 0ACC
Authority key identifier: C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/A2D64506AEC111EC8D8D1B0CC4F9AE02.roa
Signing time: Thu 12 May 2022 18:44:51 +0000
ROA not before: Thu 12 May 2022 18:44:51 +0000
ROA not after: Sun 28 May 2023 00:00:00 +0000
asID: 18230
IP address blocks: 59.152.0.0/20 maxlen: 20
59.152.0.0/24 maxlen: 24
59.152.1.0/24 maxlen: 24
59.152.2.0/24 maxlen: 24
59.152.4.0/24 maxlen: 24
59.152.5.0/24 maxlen: 24
59.152.6.0/24 maxlen: 24
59.152.7.0/24 maxlen: 24
59.152.8.0/24 maxlen: 24
59.152.9.0/24 maxlen: 24
59.152.10.0/24 maxlen: 24
59.152.11.0/24 maxlen: 24
59.152.12.0/24 maxlen: 24
59.152.13.0/24 maxlen: 24
59.152.88.0/21 maxlen: 24
203.189.224.0/21 maxlen: 24
2404:1b40::/32 maxlen: 32
2404:1b40::/48 maxlen: 48
2404:1b40:1::/48 maxlen: 48
2404:1b40:2::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2764 (0xacc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
Validity
Not Before: May 12 18:44:51 2022 GMT
Not After : May 28 00:00:00 2023 GMT
Subject: CN=627d55a3-d30c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:1b:49:4a:59:11:ba:5e:0d:ee:1b:3a:86:0d:
8b:d9:87:d5:d7:50:47:a3:99:99:e8:11:37:db:b9:
c2:a1:f6:02:19:ed:39:80:39:4f:8a:32:83:73:bc:
ce:a8:8c:13:00:f6:af:58:4f:57:db:5f:69:66:5d:
ad:03:2b:c6:35:f2:fd:21:32:75:cb:17:38:d3:73:
6d:02:75:21:7a:e2:76:b1:a3:f9:43:ad:8d:46:1c:
4b:f7:f8:6e:3d:18:73:93:cb:13:c3:80:9c:5b:db:
56:27:43:74:3a:2b:b1:79:d1:33:27:fa:e2:8f:20:
a1:14:c2:ef:5b:89:aa:0a:a0:24:2a:75:5b:2b:7d:
7c:17:85:7f:6b:11:e8:81:3d:ec:a0:67:d3:2e:32:
a0:05:eb:1b:59:90:ae:ea:2c:5c:3d:6c:e9:99:3f:
48:c0:ed:dd:bc:b6:19:2e:9c:7f:dc:af:df:2d:ba:
1b:dd:58:74:ed:83:95:29:99:bd:63:50:15:ac:7b:
db:58:97:96:e4:ab:ae:3a:5b:b0:ee:8b:af:01:11:
4b:4b:8d:29:e8:e6:d2:75:fa:ff:d8:93:16:d1:b3:
ec:eb:16:ee:9c:a4:f0:fb:68:72:a7:9b:31:eb:aa:
0c:a4:62:46:76:99:36:a9:fa:54:42:98:e7:de:c7:
30:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:1F:14:03:4B:78:64:C5:55:FA:D8:56:8F:1B:86:D7:1F:F1:3F:38
X509v3 Authority Key Identifier:
keyid:C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/yDSTwCl8y1jSg3lG1gY_FKfe6YY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/A2D64506AEC111EC8D8D1B0CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
59.152.0.0/20
59.152.88.0/21
203.189.224.0/21
IPv6:
2404:1b40::/32
Signature Algorithm: sha256WithRSAEncryption
5c:eb:68:2c:9c:db:46:a6:95:2d:d6:2d:cd:a3:c9:dd:6d:37:
45:cf:82:0a:8a:43:3e:83:10:1d:2d:57:fc:22:39:bf:fa:64:
14:21:5a:b3:65:69:9e:91:1c:a5:56:fb:b9:58:3b:a5:63:0b:
e1:53:d8:8c:9a:9e:ae:10:08:5e:2e:ea:34:6f:43:31:3d:d8:
21:8d:0a:81:25:11:d5:90:8f:df:59:5a:af:e2:29:4f:ad:9d:
b9:98:0d:53:92:ee:b4:4c:a1:75:3c:de:84:f7:0c:82:bd:f2:
ad:77:e6:de:eb:1f:b4:ab:d7:6e:45:7f:e3:e1:3a:7f:06:2b:
6a:8d:74:32:88:7f:5c:48:38:28:98:de:a1:d5:9d:76:a1:b7:
12:45:2e:2b:93:52:a1:f4:ed:e6:b0:c5:7f:8c:76:25:aa:78:
72:34:60:27:8b:f5:bd:fe:46:01:8e:87:26:6f:0b:4e:0a:f6:
65:d2:a4:23:ec:4a:32:77:dd:0d:92:83:84:ce:f6:c0:d0:f7:
18:ee:29:b5:1f:4f:b3:3b:a7:b6:95:6c:36:5e:16:17:1a:3c:
91:4e:1b:6b:19:78:b1:76:51:6a:cd:0f:bf:d9:b4:4f:f0:e1:
92:b4:76:89:66:34:32:0e:e4:11:20:b5:ff:80:db:f1:35:df:
02:5a:11:62
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICCswwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUIwNkMxMTAvBgNVBAUTKEM4MzQ5M0MwMjk3Q0NCNThEMjgzNzk0NkQ2MDYzRjE0
QTdERUU5ODYwHhcNMjIwNTEyMTg0NDUxWhcNMjMwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02MjdkNTVhMy1kMzBjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAthtJSlkRul4N7hs6hg2L2YfV11BHo5mZ6BE327nCofYCGe05gDlPijKDc7zO
qIwTAPavWE9X219pZl2tAyvGNfL9ITJ1yxc403NtAnUheuJ2saP5Q62NRhxL9/hu
PRhzk8sTw4CcW9tWJ0N0OiuxedEzJ/rijyChFMLvW4mqCqAkKnVbK318F4V/axHo
gT3soGfTLjKgBesbWZCu6ixcPWzpmT9IwO3dvLYZLpx/3K/fLbob3Vh07YOVKZm9
Y1AVrHvbWJeW5KuuOluw7ouvARFLS40p6ObSdfr/2JMW0bPs6xbunKTw+2hyp5sx
66oMpGJGdpk2qfpUQpjn3scwcQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFI8fFANL
eGTFVfrYVo8bhtcf8T84MB8GA1UdIwQYMBaAFMg0k8ApfMtY0oN5RtYGPxSn3umG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QjA2Qy9FOUQ2MkU3NEZF
QUUxMUU4OTEwRDRENjZDNEY5QUUwMi95RFNUd0NsOHkxalNnM2xHMWdZX0ZLZmU2
WVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lEU1R3Q2w4eTFqU2czbEcxZ1lfRktmZTZZWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUIwNkMvRTlENjJFNzRGRUFFMTFFODkxMEQ0RDY2QzRGOUFFMDIvQTJENjQ1MDZB
RUMxMTFFQzhEOEQxQjBDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAQ7mAADBAM7mFgDBAPLveAwDQQCAAIwBwMFACQEG0AwDQYJ
KoZIhvcNAQELBQADggEBAFzraCyc20amlS3WLc2jyd1tN0XPggqKQz6DEB0tV/wi
Ob/6ZBQhWrNlaZ6RHKVW+7lYO6VjC+FT2Iyanq4QCF4u6jRvQzE92CGNCoElEdWQ
j99ZWq/iKU+tnbmYDVOS7rRMoXU83oT3DIK98q135t7rH7Sr125Ff+PhOn8GK2qN
dDKIf1xIOCiY3qHVnXahtxJFLiuTUqH07eawxX+MdiWqeHI0YCeL9b3+RgGOhyZv
C04K9mXSpCPsSjJ33Q2Sg4TO9sDQ9xjuKbUfT7M7p7aVbDZeFhcaPJFOG2sZeLF2
UWrND7/ZtE/w4ZK0dolmNDIO5BEgtf+A2/E13wJaEWI=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:00 2023 by rpki-client on console-fra.rpki-client.org