Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91BE7CC/0CB606440A8E11EA8DB74658C4F9AE02/3018E1140A9911EAAF252A7CC4F9AE02.roa
File: 3018E1140A9911EAAF252A7CC4F9AE02.roa (raw, json)
Hash identifier: r8zJTCb4Ujur30lBWpyXpOr+UOuU4SiHR56lU56sJ9c=
Subject key identifier: DA:72:09:0A:02:1E:D3:A9:5D:50:EF:10:7E:4D:47:69:B8:4A:77:99
Certificate issuer: /CN=A91BE7CC/serialNumber=0CCB302B5CAE5280393748BEF85BA67A8B2E43E3
Certificate serial: 09D5
Authority key identifier: 0C:CB:30:2B:5C:AE:52:80:39:37:48:BE:F8:5B:A6:7A:8B:2E:43:E3
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DMswK1yuUoA5N0i--FumeosuQ-M.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91BE7CC/0CB606440A8E11EA8DB74658C4F9AE02/3018E1140A9911EAAF252A7CC4F9AE02.roa
Signing time: Thu 11 Aug 2022 08:26:28 +0000
ROA not before: Thu 11 Aug 2022 08:26:28 +0000
ROA not after: Sun 28 May 2023 00:00:00 +0000
asID: 135115
IP address blocks: 36.255.188.0/22 maxlen: 24
103.209.228.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2517 (0x9d5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91BE7CC/serialNumber=0CCB302B5CAE5280393748BEF85BA67A8B2E43E3
Validity
Not Before: Aug 11 08:26:28 2022 GMT
Not After : May 28 00:00:00 2023 GMT
Subject: CN=62f4bd34-a2ec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:40:f2:cf:20:dc:a0:ba:73:2d:fc:e5:84:30:
d1:5f:47:58:a3:6d:1c:47:83:16:a5:15:a7:a1:7b:
74:b1:d9:b8:f0:ea:dd:f9:f7:21:59:ee:9b:40:d0:
0f:ad:b4:df:d1:15:4e:13:6f:5f:cf:46:3a:25:d7:
8d:a0:ca:87:77:ba:da:ee:78:c9:8e:64:cc:9f:0e:
7c:e2:aa:41:66:c7:44:4d:55:ce:48:22:96:f7:7d:
2a:7d:27:4a:d9:5f:52:94:ca:d1:9a:52:54:59:94:
fa:e9:7f:9b:52:cf:67:45:ea:49:ea:ca:42:55:65:
34:44:4e:d1:38:b2:15:00:a9:10:ee:78:28:58:23:
37:11:1d:59:94:34:e0:9c:51:25:f3:eb:ce:2b:9a:
a1:06:df:5f:6d:e0:d3:a4:26:9d:1f:3f:99:a2:6f:
82:ec:b5:86:df:3e:45:24:87:1b:5e:ed:87:e0:75:
47:4a:31:ac:3b:cd:5d:01:0d:96:99:a9:38:fe:7e:
17:45:fa:a5:dc:2e:fa:26:d9:3d:37:15:ed:18:37:
f7:67:0f:94:8c:c7:31:bf:a6:7b:b5:6e:37:d0:18:
f8:d2:63:7d:54:11:60:cb:70:68:c0:b1:5f:88:a2:
10:b8:b1:e8:14:09:04:34:05:fa:83:79:c6:03:17:
cb:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:72:09:0A:02:1E:D3:A9:5D:50:EF:10:7E:4D:47:69:B8:4A:77:99
X509v3 Authority Key Identifier:
keyid:0C:CB:30:2B:5C:AE:52:80:39:37:48:BE:F8:5B:A6:7A:8B:2E:43:E3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91BE7CC/0CB606440A8E11EA8DB74658C4F9AE02/DMswK1yuUoA5N0i--FumeosuQ-M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DMswK1yuUoA5N0i--FumeosuQ-M.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BE7CC/0CB606440A8E11EA8DB74658C4F9AE02/3018E1140A9911EAAF252A7CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
36.255.188.0/22
103.209.228.0/22
Signature Algorithm: sha256WithRSAEncryption
0f:73:ca:48:c4:50:a5:0b:8a:ca:80:e6:28:04:cf:50:d0:68:
43:24:e4:06:18:4a:94:3e:2b:24:97:be:8b:a9:1c:e0:92:b8:
51:7f:a5:35:ea:48:ec:72:1d:8f:7a:ae:f7:82:1a:b8:b6:5e:
9e:5f:89:26:14:c5:79:7d:1a:c1:b2:ea:ef:c5:75:86:34:33:
84:89:a5:7e:4e:e8:73:5a:39:5b:56:32:dd:01:ce:a0:88:ab:
51:99:61:10:7f:d2:b6:04:81:9a:cd:09:f7:cb:42:b9:93:f9:
f7:3f:23:43:34:e5:ce:c1:b7:d3:35:3e:11:ea:3b:bc:36:d1:
c7:e4:08:ff:93:4f:64:92:30:5c:e3:5c:e4:21:42:fa:b4:34:
b0:c0:5a:dd:6a:99:62:de:5f:06:64:34:54:3b:87:23:d7:5d:
c0:d4:63:ac:ad:c1:03:20:ed:b5:1a:ac:1a:f8:d6:f5:5d:47:
f0:52:c0:7b:48:df:fa:82:d4:17:5d:02:24:0c:ad:2b:16:89:
32:67:af:12:37:b8:07:a2:37:a4:bc:b6:ea:c6:b7:48:cd:9f:
9e:90:d6:5f:f4:60:83:36:91:6a:fc:4f:a7:5e:d5:8d:33:f5:
d8:2f:bf:8c:5d:b3:e9:a1:10:3f:d3:76:07:91:17:de:8a:1d:
31:23:1c:b5
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICCdUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkU3Q0MxMTAvBgNVBAUTKDBDQ0IzMDJCNUNBRTUyODAzOTM3NDhCRUY4NUJBNjdB
OEIyRTQzRTMwHhcNMjIwODExMDgyNjI4WhcNMjMwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02MmY0YmQzNC1hMmVjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvkDyzyDcoLpzLfzlhDDRX0dYo20cR4MWpRWnoXt0sdm48Ord+fchWe6bQNAP
rbTf0RVOE29fz0Y6JdeNoMqHd7ra7njJjmTMnw584qpBZsdETVXOSCKW930qfSdK
2V9SlMrRmlJUWZT66X+bUs9nRepJ6spCVWU0RE7ROLIVAKkQ7ngoWCM3ER1ZlDTg
nFEl8+vOK5qhBt9fbeDTpCadHz+Zom+C7LWG3z5FJIcbXu2H4HVHSjGsO81dAQ2W
mak4/n4XRfql3C76Jtk9NxXtGDf3Zw+UjMcxv6Z7tW430Bj40mN9VBFgy3BowLFf
iKIQuLHoFAkENAX6g3nGAxfLdwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFNpyCQoC
HtOpXVDvEH5NR2m4SneZMB8GA1UdIwQYMBaAFAzLMCtcrlKAOTdIvvhbpnqLLkPj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCRTdDQy8wQ0I2MDY0NDBB
OEUxMUVBOERCNzQ2NThDNEY5QUUwMi9ETXN3SzF5dVVvQTVOMGktLUZ1bWVvc3VR
LU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0RNc3dLMXl1VW9BNU4waS0tRnVtZW9zdVEtTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkU3Q0MvMENCNjA2NDQwQThFMTFFQThEQjc0NjU4QzRGOUFFMDIvMzAxOEUxMTQw
QTk5MTFFQUFGMjUyQTdDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAIk/7wDBAJn0eQwDQYJKoZIhvcNAQELBQADggEBAA9zykjE
UKULisqA5igEz1DQaEMk5AYYSpQ+KySXvoupHOCSuFF/pTXqSOxyHY96rveCGri2
Xp5fiSYUxXl9GsGy6u/FdYY0M4SJpX5O6HNaOVtWMt0BzqCIq1GZYRB/0rYEgZrN
CffLQrmT+fc/I0M05c7Bt9M1PhHqO7w20cfkCP+TT2SSMFzjXOQhQvq0NLDAWt1q
mWLeXwZkNFQ7hyPXXcDUY6ytwQMg7bUarBr41vVdR/BSwHtI3/qC1BddAiQMrSsW
iTJnrxI3uAeiN6S8turGt0jNn56Q1l/0YIM2kWr8T6de1Y0z9dgvv4xds+mhED/T
dgeRF96KHTEjHLU=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:06 2023 by rpki-client on console-fra.rpki-client.org