Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B2D29/F71E7166552111E5ADB2092AC4F9AE02/64CA1C7E8AB011EA9C21FB32C4F9AE02.roa
File: 64CA1C7E8AB011EA9C21FB32C4F9AE02.roa (raw, json)
Hash identifier: Yz0RxypP0OONjlo8aWgCYARsvDALDG9OqNvd7UhVY5A=
Subject key identifier: CE:B5:92:80:98:19:D4:88:6C:88:9F:70:45:D7:E0:A7:B3:FC:E8:2C
Certificate issuer: /CN=A91B2D29/serialNumber=B8E96C6A0D9548A2A040CBE7199745BA7DB1ED28
Certificate serial: 04D6
Authority key identifier: B8:E9:6C:6A:0D:95:48:A2:A0:40:CB:E7:19:97:45:BA:7D:B1:ED:28
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uOlsag2VSKKgQMvnGZdFun2x7Sg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B2D29/F71E7166552111E5ADB2092AC4F9AE02/64CA1C7E8AB011EA9C21FB32C4F9AE02.roa
Signing time: Mon 04 Oct 2021 16:42:39 +0000
ROA not before: Mon 04 Oct 2021 16:42:39 +0000
ROA not after: Thu 01 Dec 2022 00:00:00 +0000
asID: 58895
IP address blocks: 43.246.220.0/22 maxlen: 24
43.246.224.0/22 maxlen: 24
103.35.208.0/22 maxlen: 24
103.35.212.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1238 (0x4d6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B2D29/serialNumber=B8E96C6A0D9548A2A040CBE7199745BA7DB1ED28
Validity
Not Before: Oct 4 16:42:39 2021 GMT
Not After : Dec 1 00:00:00 2022 GMT
Subject: CN=615b2efe-6ed0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:ff:47:0e:30:ec:d3:d5:d9:8a:a7:67:eb:04:
e1:1f:56:2f:e3:9c:84:0e:e9:ce:46:ac:47:52:be:
5e:91:e0:ee:a3:c9:11:7f:1f:ab:9e:9b:3a:68:9f:
47:08:85:4a:9e:ec:12:a1:69:9c:ab:33:31:bb:45:
5a:31:86:48:ad:b3:af:f0:ca:05:31:a5:25:fc:41:
6d:8a:6d:ea:52:c9:57:bd:7d:ad:c3:78:e2:44:e5:
d3:b0:9f:9f:af:5d:b8:7e:97:36:d4:2f:94:3d:b4:
7d:45:20:0f:8d:1b:4a:f2:4c:85:a3:8c:af:9a:5f:
3a:2f:70:d3:71:3d:2f:af:97:2a:b6:46:5e:18:65:
c4:e4:a8:af:6a:ad:87:dc:b0:9c:73:6f:10:fc:a5:
f1:79:9c:06:f0:62:e4:35:3f:1f:14:2a:0e:16:48:
4e:81:25:8a:39:3f:10:d6:f8:ca:ad:08:01:3c:8e:
41:f3:86:7e:2d:29:dd:f5:f0:8c:87:6a:4a:e7:22:
bc:09:23:ae:cb:bb:1e:71:bd:2a:13:e8:d9:a8:b5:
25:b6:2e:39:a7:c5:18:c4:b3:74:4f:39:2b:84:0d:
38:c3:c9:4c:d4:e8:44:4d:a7:b1:2f:b8:13:5a:41:
b0:08:81:ee:99:06:7b:48:ac:b4:8f:ae:df:37:ac:
74:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:B5:92:80:98:19:D4:88:6C:88:9F:70:45:D7:E0:A7:B3:FC:E8:2C
X509v3 Authority Key Identifier:
keyid:B8:E9:6C:6A:0D:95:48:A2:A0:40:CB:E7:19:97:45:BA:7D:B1:ED:28
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B2D29/F71E7166552111E5ADB2092AC4F9AE02/uOlsag2VSKKgQMvnGZdFun2x7Sg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uOlsag2VSKKgQMvnGZdFun2x7Sg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B2D29/F71E7166552111E5ADB2092AC4F9AE02/64CA1C7E8AB011EA9C21FB32C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.246.220.0-43.246.227.255
103.35.208.0/21
Signature Algorithm: sha256WithRSAEncryption
21:ce:04:7c:2c:41:f0:18:69:43:e8:5a:c1:ab:d1:86:33:7a:
a3:55:36:f4:2e:bc:90:ff:eb:ff:a0:47:68:5e:18:5d:aa:65:
a8:84:70:83:44:f4:68:c9:05:da:3f:b3:a5:47:c6:34:c3:24:
8b:54:2c:d7:57:36:4f:c2:ac:1e:2b:e4:16:d0:fc:1c:98:4b:
38:63:c5:5a:19:87:46:89:eb:bd:7f:54:4b:7a:fe:d6:71:a8:
bf:9f:55:e5:15:5d:05:da:94:00:c6:1e:fb:c0:77:2d:bd:96:
ae:ac:e3:ab:eb:c6:b0:fd:2f:98:e0:ca:ab:c0:7f:74:18:e0:
00:79:22:b6:b9:cb:02:43:e8:eb:94:e2:30:e1:20:4d:80:a4:
28:a5:f0:cd:1a:33:38:0b:ec:d5:6a:b0:c0:30:d0:5d:75:96:
04:a5:6b:74:55:e6:a0:3b:8b:93:c1:ab:67:38:80:c0:80:1a:
f6:3b:f3:7a:ac:30:6f:1b:e7:ee:e8:22:f2:d3:f9:40:bc:1a:
07:c5:7f:15:5d:96:70:bd:79:b0:9c:69:03:be:65:05:e4:3d:
65:83:e7:cb:12:00:77:33:89:50:04:4e:f5:50:64:3f:a2:5c:
73:8b:61:09:3d:cc:c9:ca:1b:f5:53:f7:bc:20:20:11:7e:53:
36:e7:53:b7
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICBNYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjJEMjkxMTAvBgNVBAUTKEI4RTk2QzZBMEQ5NTQ4QTJBMDQwQ0JFNzE5OTc0NUJB
N0RCMUVEMjgwHhcNMjExMDA0MTY0MjM5WhcNMjIxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MTViMmVmZS02ZWQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtv9HDjDs09XZiqdn6wThH1Yv45yEDunORqxHUr5ekeDuo8kRfx+rnps6aJ9H
CIVKnuwSoWmcqzMxu0VaMYZIrbOv8MoFMaUl/EFtim3qUslXvX2tw3jiROXTsJ+f
r124fpc21C+UPbR9RSAPjRtK8kyFo4yvml86L3DTcT0vr5cqtkZeGGXE5Kivaq2H
3LCcc28Q/KXxeZwG8GLkNT8fFCoOFkhOgSWKOT8Q1vjKrQgBPI5B84Z+LSnd9fCM
h2pK5yK8CSOuy7secb0qE+jZqLUlti45p8UYxLN0TzkrhA04w8lM1OhETaexL7gT
WkGwCIHumQZ7SKy0j67fN6x0rwIDAQABo4ICozCCAp8wHQYDVR0OBBYEFM61koCY
GdSIbIifcEXX4Kez/OgsMB8GA1UdIwQYMBaAFLjpbGoNlUiioEDL5xmXRbp9se0o
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMkQyOS9GNzFFNzE2NjU1
MjExMUU1QURCMjA5MkFDNEY5QUUwMi91T2xzYWcyVlNLS2dRTXZuR1pkRnVuMng3
U2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3VPbHNhZzJWU0tLZ1FNdm5HWmRGdW4yeDdTZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjJEMjkvRjcxRTcxNjY1NTIxMTFFNUFEQjIwOTJBQzRGOUFFMDIvNjRDQTFDN0U4
QUIwMTFFQTlDMjFGQjMyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQwDAMEAiv23AMEAiv24AMEA2cj0DANBgkqhkiG9w0BAQsFAAOC
AQEAIc4EfCxB8BhpQ+hawavRhjN6o1U29C68kP/r/6BHaF4YXaplqIRwg0T0aMkF
2j+zpUfGNMMki1Qs11c2T8KsHivkFtD8HJhLOGPFWhmHRonrvX9US3r+1nGov59V
5RVdBdqUAMYe+8B3Lb2Wrqzjq+vGsP0vmODKq8B/dBjgAHkitrnLAkPo65TiMOEg
TYCkKKXwzRozOAvs1WqwwDDQXXWWBKVrdFXmoDuLk8GrZziAwIAa9jvzeqwwbxvn
7ugi8tP5QLwaB8V/FV2WcL15sJxpA75lBeQ9ZYPnyxIAdzOJUARO9VBkP6Jcc4th
CT3Mycob9VP3vCAgEX5TNudTtw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:04 2023 by rpki-client on console-fra.rpki-client.org