Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/22AD620678C511EC99C79A6CC4F9AE02.roa
File: 22AD620678C511EC99C79A6CC4F9AE02.roa (raw, json)
Hash identifier: lJk2PmghchoxRAwxmvQHlslH28PeUwasLTniz9BXWbE=
Subject key identifier: 85:2A:1C:72:21:2F:82:E0:22:B1:CB:F7:46:5C:75:61:66:13:7D:06
Certificate issuer: /CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Certificate serial: 13D0
Authority key identifier: C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/22AD620678C511EC99C79A6CC4F9AE02.roa
Signing time: Fri 18 Feb 2022 06:24:26 +0000
ROA not before: Fri 18 Feb 2022 06:24:26 +0000
ROA not after: Mon 01 May 2023 00:00:00 +0000
asID: 10113
IP address blocks: 14.137.112.0/22 maxlen: 22
27.0.64.0/19 maxlen: 19
115.30.32.0/19 maxlen: 19
202.7.240.0/21 maxlen: 21
202.7.248.0/21 maxlen: 21
202.7.255.0/24 maxlen: 24
202.62.144.0/24 maxlen: 24
202.68.96.0/19 maxlen: 19
202.76.144.0/20 maxlen: 20
202.76.160.0/20 maxlen: 20
203.9.148.0/24 maxlen: 24
203.21.47.0/24 maxlen: 24
203.27.124.0/24 maxlen: 24
203.30.143.0/24 maxlen: 24
203.62.143.0/24 maxlen: 24
203.123.64.0/19 maxlen: 19
203.123.68.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5072 (0x13d0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Validity
Not Before: Feb 18 06:24:26 2022 GMT
Not After : May 1 00:00:00 2023 GMT
Subject: CN=620f3b9a-3883
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:a9:e9:05:d7:6a:67:a5:51:76:8a:48:4f:42:
e4:93:89:98:63:0b:be:ff:f7:93:b5:cc:b8:8f:0f:
5a:2c:6f:e2:c2:5c:b2:94:68:e0:d7:74:0e:f6:fd:
89:6b:cb:de:11:9b:c8:24:68:a7:43:49:3a:26:a3:
c9:24:ff:56:2c:98:a0:18:d8:df:5a:ef:f6:76:bb:
67:6c:a9:cd:11:c9:8d:0d:07:a3:bf:54:bc:6d:28:
f8:4f:21:9d:ed:df:91:ee:95:56:c1:8a:59:7b:9c:
e2:21:b7:03:d0:ba:ef:62:b5:98:79:93:ac:37:20:
b2:22:c7:6c:94:41:f7:f3:c0:3e:69:46:54:40:eb:
7a:97:2c:d8:49:8a:97:54:7f:95:3a:5f:ee:a0:82:
77:99:e1:3b:99:bd:1d:6d:fc:4a:03:cf:20:16:55:
10:e7:cd:e0:97:ec:e3:c0:9f:dc:2f:1d:57:74:3f:
c0:0c:79:41:1b:d1:27:b1:87:93:0c:2b:c2:e4:cb:
64:f5:de:7e:15:54:63:c7:27:1d:56:6e:63:44:db:
11:14:a1:b0:fe:83:65:e3:67:43:29:60:92:4c:3f:
03:a0:ac:e9:fa:57:52:d7:3f:8f:ee:e5:e6:e2:18:
e6:49:21:59:5e:8f:5e:84:2f:c4:77:c4:41:54:d5:
8d:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:2A:1C:72:21:2F:82:E0:22:B1:CB:F7:46:5C:75:61:66:13:7D:06
X509v3 Authority Key Identifier:
keyid:C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/22AD620678C511EC99C79A6CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.137.112.0/22
27.0.64.0/19
115.30.32.0/19
202.7.240.0/20
202.62.144.0/24
202.68.96.0/19
202.76.144.0-202.76.175.255
203.9.148.0/24
203.21.47.0/24
203.27.124.0/24
203.30.143.0/24
203.62.143.0/24
203.123.64.0/19
Signature Algorithm: sha256WithRSAEncryption
76:9d:a7:cc:ba:92:a5:c4:47:bb:fd:b0:1a:90:01:9e:e0:2e:
20:0d:27:88:c7:1d:39:46:14:7f:f6:40:33:f3:c3:26:97:c8:
68:f8:aa:0e:30:05:ac:6d:9f:d7:e2:5b:b5:05:4e:f8:34:0c:
f8:b2:7a:be:1a:b5:d7:7a:20:53:64:e8:e0:92:fc:3e:87:4c:
87:44:83:bf:91:98:b2:a0:27:ee:47:19:bb:7f:05:65:14:2a:
90:14:62:5a:fb:9b:fa:ce:c2:2d:78:1b:2f:77:78:04:40:34:
f9:23:18:9c:62:a6:cd:2c:16:4e:67:26:91:da:08:e8:a5:9e:
35:d1:b4:4a:97:1f:65:d1:0b:cb:51:1d:5c:58:75:e1:3a:59:
35:d2:44:3c:30:46:d3:35:00:b7:ff:1e:ce:ab:d6:85:10:65:
bd:6b:50:2a:c3:b3:00:1f:4a:80:fb:84:9e:e6:ff:e3:99:65:
08:c5:ac:ce:74:46:4a:69:b3:40:9d:d3:db:ef:1e:35:20:58:
e5:b4:b5:34:ab:bf:48:4e:36:78:5f:ec:d1:b1:f7:a4:53:8c:
5c:57:bd:bc:db:33:91:61:1e:e9:f5:a8:a3:8f:ce:dd:06:17:
50:e4:1f:61:e3:10:3b:4b:3b:f1:11:1f:df:15:b7:00:aa:fe:
0c:36:e1:51
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgICE9AwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUFFM0QxMTAvBgNVBAUTKEM3MjY5QjEyNEM0MjBDNTVFMjlGQjUxRDNDMUIwRDlE
NDc2Q0JEMDAwHhcNMjIwMjE4MDYyNDI2WhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjBmM2I5YS0zODgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyqnpBddqZ6VRdopIT0Lkk4mYYwu+//eTtcy4jw9aLG/iwlyylGjg13QO9v2J
a8veEZvIJGinQ0k6JqPJJP9WLJigGNjfWu/2drtnbKnNEcmNDQejv1S8bSj4TyGd
7d+R7pVWwYpZe5ziIbcD0LrvYrWYeZOsNyCyIsdslEH388A+aUZUQOt6lyzYSYqX
VH+VOl/uoIJ3meE7mb0dbfxKA88gFlUQ583gl+zjwJ/cLx1XdD/ADHlBG9EnsYeT
DCvC5Mtk9d5+FVRjxycdVm5jRNsRFKGw/oNl42dDKWCSTD8DoKzp+ldS1z+P7uXm
4hjmSSFZXo9ehC/Ed8RBVNWNawIDAQABo4IC5TCCAuEwHQYDVR0OBBYEFIUqHHIh
L4LgIrHL90ZcdWFmE30GMB8GA1UdIwQYMBaAFMcmmxJMQgxV4p+1HTwbDZ1HbL0A
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQUUzRC85N0I2RTBDRTc1
REUxMUU4QjcwNEEyNDZDNEY5QUUwMi94eWFiRWt4Q0RGWGluN1VkUEJzTm5VZHN2
UUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3h5YWJFa3hDREZYaW43VWRQQnNOblVkc3ZRQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUFFM0QvOTdCNkUwQ0U3NURFMTFFOEI3MDRBMjQ2QzRGOUFFMDIvMjJBRDYyMDY3
OEM1MTFFQzk5Qzc5QTZDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbwYIKwYBBQUHAQcBAf8E
YDBeMFwEAgABMFYDBAIOiXADBAUbAEADBAVzHiADBATKB/ADBADKPpADBAXKRGAw
DAMEBMpMkAMEBMpMoAMEAMsJlAMEAMsVLwMEAMsbfAMEAMsejwMEAMs+jwMEBct7
QDANBgkqhkiG9w0BAQsFAAOCAQEAdp2nzLqSpcRHu/2wGpABnuAuIA0niMcdOUYU
f/ZAM/PDJpfIaPiqDjAFrG2f1+JbtQVO+DQM+LJ6vhq113ogU2To4JL8PodMh0SD
v5GYsqAn7kcZu38FZRQqkBRiWvub+s7CLXgbL3d4BEA0+SMYnGKmzSwWTmcmkdoI
6KWeNdG0SpcfZdELy1EdXFh14TpZNdJEPDBG0zUAt/8ezqvWhRBlvWtQKsOzAB9K
gPuEnub/45llCMWsznRGSmmzQJ3T2+8eNSBY5bS1NKu/SE42eF/s0bH3pFOMXFe9
vNszkWEe6fWoo4/O3QYXUOQfYeMQO0s78REf3xW3AKr+DDbhUQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:11 2023 by rpki-client on console-ams.rpki-client.org