Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91AF3C6/631CC160F33811EAA63D4154C4F9AE02/5B5CA3FA873811ED8BD19C43C4F9AE02.roa
File: 5B5CA3FA873811ED8BD19C43C4F9AE02.roa (raw, json)
Hash identifier: lljyYrV0m9fSNPe+IC7K/Ij7zU+p45B5pJqRGHSL9VA=
Subject key identifier: 09:01:B2:08:5F:07:EA:44:33:14:57:D0:BB:51:91:B5:30:93:D8:1C
Certificate issuer: /CN=A91AF3C6/serialNumber=606EE85DC3C467FC464A894ED47A9F1BD321B441
Certificate serial: 06B5
Authority key identifier: 60:6E:E8:5D:C3:C4:67:FC:46:4A:89:4E:D4:7A:9F:1B:D3:21:B4:41
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YG7oXcPEZ_xGSolO1HqfG9MhtEE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91AF3C6/631CC160F33811EAA63D4154C4F9AE02/5B5CA3FA873811ED8BD19C43C4F9AE02.roa
Signing time: Fri 03 Nov 2023 00:49:47 +0000
ROA not before: Fri 03 Nov 2023 00:49:47 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 132857
IP address blocks: 43.243.56.0/23 maxlen: 24
202.49.41.0/24 maxlen: 24
202.50.121.0/24 maxlen: 24
2407:2b00::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1717 (0x6b5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91AF3C6/serialNumber=606EE85DC3C467FC464A894ED47A9F1BD321B441
Validity
Not Before: Nov 3 00:49:47 2023 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=654443ab-5c62
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:b6:74:2c:7d:53:8c:ca:da:64:d2:44:87:b0:
50:5c:8d:74:e8:42:83:15:ed:5a:ff:2a:95:36:ab:
2c:46:00:cc:47:69:52:ee:cf:b8:42:bc:fa:d0:ea:
9e:e1:02:b2:04:d2:0c:89:3a:3f:df:f4:56:4a:2c:
62:34:81:aa:eb:52:a7:2f:16:ba:41:cd:b1:71:de:
b4:39:c1:2a:32:b3:98:38:8b:48:13:55:2c:08:c4:
6d:6e:2f:c5:d8:b7:80:65:cd:31:31:ac:d2:e5:55:
ba:ac:17:cb:a3:8a:fe:73:c5:c6:8d:cd:c6:0b:e9:
2a:89:d3:d4:c8:cb:e4:69:d4:db:5e:bf:b7:cf:cf:
34:c5:ce:91:53:4b:f3:34:7b:f5:4e:de:bb:2b:70:
85:08:be:dd:2b:36:23:06:8d:5e:18:75:a0:96:a5:
05:5d:f1:c4:5b:e3:26:99:a3:39:19:06:8b:7b:88:
80:8d:fa:f3:3d:2e:16:6f:ff:f1:08:25:17:4f:8d:
1c:66:15:14:e6:e6:d9:e3:42:80:67:51:22:f1:0b:
ba:39:32:24:8e:09:09:1e:21:4b:df:56:a9:73:92:
4b:09:15:3c:bd:bd:e0:88:48:d8:d4:c5:e3:6c:ac:
f9:f6:c7:53:2b:f1:40:ee:6e:58:3f:73:82:5e:e4:
75:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:01:B2:08:5F:07:EA:44:33:14:57:D0:BB:51:91:B5:30:93:D8:1C
X509v3 Authority Key Identifier:
keyid:60:6E:E8:5D:C3:C4:67:FC:46:4A:89:4E:D4:7A:9F:1B:D3:21:B4:41
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91AF3C6/631CC160F33811EAA63D4154C4F9AE02/YG7oXcPEZ_xGSolO1HqfG9MhtEE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YG7oXcPEZ_xGSolO1HqfG9MhtEE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AF3C6/631CC160F33811EAA63D4154C4F9AE02/5B5CA3FA873811ED8BD19C43C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.243.56.0/23
202.49.41.0/24
202.50.121.0/24
IPv6:
2407:2b00::/32
Signature Algorithm: sha256WithRSAEncryption
99:d3:6f:65:9c:28:9f:4c:d2:6b:9f:7e:7f:9d:90:a4:f1:e6:
59:bf:48:e7:6c:c9:ed:c8:22:f4:12:cb:dc:9e:c9:cf:0c:57:
df:4a:7b:7f:5d:5f:eb:65:1e:ae:33:77:ae:30:4c:b1:cb:ea:
5f:b9:b0:49:01:59:bf:a2:24:16:99:0d:cd:e1:a7:a2:ed:fa:
69:ad:07:cb:30:78:76:31:32:e4:d9:0d:60:cc:98:85:6e:ef:
8c:08:a1:ad:5e:73:27:01:fc:c0:f3:db:86:5b:2b:5d:e2:34:
5c:b4:64:2c:fc:4f:20:1c:bf:46:49:ca:62:76:2e:1b:e1:44:
bf:53:68:ca:62:f6:0b:99:9d:18:ad:e4:63:2c:2b:2c:78:bf:
29:24:1c:e1:f1:bb:1c:be:d9:58:52:d6:d1:14:81:36:eb:1e:
4e:f4:e7:bb:9e:98:05:8a:0d:21:e9:12:f7:83:38:5f:a2:94:
e0:dd:0e:11:dd:aa:f3:ca:8b:95:b1:fa:b0:05:9b:e3:53:9f:
36:bc:93:4b:03:14:c9:9a:42:b4:56:64:9a:8f:7d:79:9d:8c:
d7:fd:89:cc:4a:88:25:a3:23:09:53:38:4b:c9:9b:84:c9:b5:
02:07:d3:72:d3:9f:23:10:f1:71:0d:5e:66:f0:b4:0e:21:20:
e1:5e:56:63
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICBrUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUYzQzYxMTAvBgNVBAUTKDYwNkVFODVEQzNDNDY3RkM0NjRBODk0RUQ0N0E5RjFC
RDMyMUI0NDEwHhcNMjMxMTAzMDA0OTQ3WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTQ0NDNhYi01YzYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzbZ0LH1TjMraZNJEh7BQXI106EKDFe1a/yqVNqssRgDMR2lS7s+4Qrz60Oqe
4QKyBNIMiTo/3/RWSixiNIGq61KnLxa6Qc2xcd60OcEqMrOYOItIE1UsCMRtbi/F
2LeAZc0xMazS5VW6rBfLo4r+c8XGjc3GC+kqidPUyMvkadTbXr+3z880xc6RU0vz
NHv1Tt67K3CFCL7dKzYjBo1eGHWglqUFXfHEW+MmmaM5GQaLe4iAjfrzPS4Wb//x
CCUXT40cZhUU5ubZ40KAZ1Ei8Qu6OTIkjgkJHiFL31apc5JLCRU8vb3giEjY1MXj
bKz59sdTK/FA7m5YP3OCXuR15QIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFAkBsghf
B+pEMxRX0LtRkbUwk9gcMB8GA1UdIwQYMBaAFGBu6F3DxGf8RkqJTtR6nxvTIbRB
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBRjNDNi82MzFDQzE2MEYz
MzgxMUVBQTYzRDQxNTRDNEY5QUUwMi9ZRzdvWGNQRVpfeEdTb2xPMUhxZkc5TWh0
RUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1lHN29YY1BFWl94R1NvbE8xSHFmRzlNaHRFRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUYzQzYvNjMxQ0MxNjBGMzM4MTFFQUE2M0Q0MTU0QzRGOUFFMDIvNUI1Q0EzRkE4
NzM4MTFFRDhCRDE5QzQzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAEr8zgDBADKMSkDBADKMnkwDQQCAAIwBwMFACQHKwAwDQYJ
KoZIhvcNAQELBQADggEBAJnTb2WcKJ9M0muffn+dkKTx5lm/SOdsye3IIvQSy9ye
yc8MV99Ke39dX+tlHq4zd64wTLHL6l+5sEkBWb+iJBaZDc3hp6Lt+mmtB8sweHYx
MuTZDWDMmIVu74wIoa1ecycB/MDz24ZbK13iNFy0ZCz8TyAcv0ZJymJ2LhvhRL9T
aMpi9guZnRit5GMsKyx4vykkHOHxuxy+2VhS1tEUgTbrHk7057uemAWKDSHpEveD
OF+ilODdDhHdqvPKi5Wx+rAFm+NTnza8k0sDFMmaQrRWZJqPfXmdjNf9icxKiCWj
IwlTOEvJm4TJtQIH03LTnyMQ8XENXmbwtA4hIOFeVmM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:37 2024 by rpki-client on console-fra.rpki-client.org