Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F9090/F52E9A20C53611EC93978E29C4F9AE02/98CE395CC53B11EC879E6E2FC4F9AE02.roa
File: 98CE395CC53B11EC879E6E2FC4F9AE02.roa (raw, json)
Hash identifier: vRYHrs0ZYk9+PB658Qr0W5ujhnnlPPmEHa1sWBiWhxs=
Subject key identifier: 7A:1A:F3:D6:AE:07:98:B2:99:3A:1E:6D:6D:27:FD:38:27:0C:AC:C0
Certificate issuer: /CN=A91F9090/serialNumber=732AEDA41C3EB1F6AD9943422170FE7C0249E5B4
Certificate serial: 02
Authority key identifier: 73:2A:ED:A4:1C:3E:B1:F6:AD:99:43:42:21:70:FE:7C:02:49:E5:B4
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cyrtpBw-sfatmUNCIXD-fAJJ5bQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F9090/F52E9A20C53611EC93978E29C4F9AE02/98CE395CC53B11EC879E6E2FC4F9AE02.roa
Signing time: Tue 26 Apr 2022 08:33:50 +0000
ROA not before: Tue 26 Apr 2022 08:33:50 +0000
ROA not after: Thu 01 Dec 2022 00:00:00 +0000
asID: 132742
IP address blocks: 43.242.44.0/22 maxlen: 22
103.37.248.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F9090/serialNumber=732AEDA41C3EB1F6AD9943422170FE7C0249E5B4
Validity
Not Before: Apr 26 08:33:50 2022 GMT
Not After : Dec 1 00:00:00 2022 GMT
Subject: CN=6267ae6e-634e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:05:42:da:80:59:4b:13:44:9f:22:e9:33:f7:
2a:51:fb:a2:fc:7b:09:5e:46:fc:49:99:62:6a:64:
7a:26:ff:ed:d2:67:80:fe:7f:ea:e5:69:5f:2c:1a:
9c:5a:83:0c:5b:45:12:3e:59:e2:6f:9d:66:ef:30:
a3:42:b3:d0:35:4f:24:50:40:9b:1e:d9:d4:45:0d:
99:94:4f:19:08:1a:d2:36:4c:50:d4:5f:1b:42:80:
d3:85:b0:3d:1d:66:81:49:a7:4d:c4:4c:14:5d:92:
59:fb:19:23:92:d2:0d:4a:a6:2c:85:19:de:81:d4:
44:6b:a3:cf:b7:54:d0:3a:60:10:f8:40:bf:1d:23:
ca:15:e7:b9:38:20:6b:0b:f6:fe:15:00:5b:94:8e:
e6:85:d2:7f:4c:96:04:35:29:0f:cc:24:9a:03:20:
db:14:4f:16:95:38:4f:75:dc:56:a4:0a:df:47:a7:
65:dc:a7:cb:7e:7d:c5:6b:ab:f0:d5:b5:0d:90:29:
c9:d4:72:f1:cd:af:54:c1:13:f7:ef:7d:3f:5e:ca:
2b:b7:ec:a8:bc:84:b6:c0:c7:70:44:d8:3a:7c:98:
bd:61:01:3b:59:c7:31:97:43:77:6e:9b:e1:9f:67:
75:da:f1:ca:d3:1e:7b:82:1a:44:99:3f:d1:19:07:
8e:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:1A:F3:D6:AE:07:98:B2:99:3A:1E:6D:6D:27:FD:38:27:0C:AC:C0
X509v3 Authority Key Identifier:
keyid:73:2A:ED:A4:1C:3E:B1:F6:AD:99:43:42:21:70:FE:7C:02:49:E5:B4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F9090/F52E9A20C53611EC93978E29C4F9AE02/cyrtpBw-sfatmUNCIXD-fAJJ5bQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cyrtpBw-sfatmUNCIXD-fAJJ5bQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F9090/F52E9A20C53611EC93978E29C4F9AE02/98CE395CC53B11EC879E6E2FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.242.44.0/22
103.37.248.0/22
Signature Algorithm: sha256WithRSAEncryption
68:30:b7:45:26:05:b7:8a:77:f2:eb:3a:e4:c6:b0:3c:4a:52:
d3:03:ef:68:6b:70:10:40:b0:f8:20:26:7b:24:8f:42:bd:5d:
52:f4:c4:8f:84:ce:81:31:29:c3:2d:c7:eb:95:16:20:5a:78:
3a:ca:22:79:7c:cf:cf:3e:50:57:61:50:b1:83:47:5e:28:76:
09:59:ec:da:d9:93:e7:24:e5:b3:5f:16:80:2e:24:a3:36:cc:
1d:d7:55:c9:93:9a:34:6f:df:93:42:e9:8f:62:eb:d2:cd:e5:
8f:9f:0b:07:ce:bc:f1:26:82:fc:ab:5a:b1:fe:95:ff:b1:67:
1c:76:96:1c:59:b2:d8:45:2e:0c:29:ad:b3:98:28:cf:f2:35:
6d:95:3b:d2:d7:2c:4c:80:c7:52:ec:42:be:b4:1b:4c:6e:f6:
fa:62:f0:46:51:5a:21:2e:44:87:47:16:f0:24:82:fd:b6:ac:
1e:da:be:b6:40:32:71:5d:02:65:ab:fc:d2:93:d2:01:96:67:
e5:b2:aa:67:eb:ea:ea:d1:2d:00:78:f9:5b:bc:21:59:86:7b:
73:c6:e2:03:5b:b3:b9:93:c1:fb:9b:35:46:b7:60:fc:03:ce:
51:4d:28:bd:3d:78:8b:b0:9a:1e:eb:f6:ea:fa:bf:1a:e1:90:
91:79:45:45
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFG
OTA5MDExMC8GA1UEBRMoNzMyQUVEQTQxQzNFQjFGNkFEOTk0MzQyMjE3MEZFN0Mw
MjQ5RTVCNDAeFw0yMjA0MjYwODMzNTBaFw0yMjEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYyNjdhZTZlLTYzNGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDTBULagFlLE0SfIukz9ypR+6L8ewleRvxJmWJqZHom/+3SZ4D+f+rlaV8sGpxa
gwxbRRI+WeJvnWbvMKNCs9A1TyRQQJse2dRFDZmUTxkIGtI2TFDUXxtCgNOFsD0d
ZoFJp03ETBRdkln7GSOS0g1KpiyFGd6B1ERro8+3VNA6YBD4QL8dI8oV57k4IGsL
9v4VAFuUjuaF0n9MlgQ1KQ/MJJoDINsUTxaVOE913FakCt9Hp2Xcp8t+fcVrq/DV
tQ2QKcnUcvHNr1TBE/fvfT9eyiu37Ki8hLbAx3BE2Dp8mL1hATtZxzGXQ3dum+Gf
Z3Xa8crTHnuCGkSZP9EZB465AgMBAAGjggKbMIIClzAdBgNVHQ4EFgQUehrz1q4H
mLKZOh5tbSf9OCcMrMAwHwYDVR0jBBgwFoAUcyrtpBw+sfatmUNCIXD+fAJJ5bQw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUY5MDkwL0Y1MkU5QTIwQzUz
NjExRUM5Mzk3OEUyOUM0RjlBRTAyL2N5cnRwQnctc2ZhdG1VTkNJWEQtZkFKSjVi
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvY3lydHBCdy1zZmF0bVVOQ0lYRC1mQUpKNWJRLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFG
OTA5MC9GNTJFOUEyMEM1MzYxMUVDOTM5NzhFMjlDNEY5QUUwMi85OENFMzk1Q0M1
M0IxMUVDODc5RTZFMkZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEAivyLAMEAmcl+DANBgkqhkiG9w0BAQsFAAOCAQEAaDC3RSYF
t4p38us65MawPEpS0wPvaGtwEECw+CAmeySPQr1dUvTEj4TOgTEpwy3H65UWIFp4
OsoieXzPzz5QV2FQsYNHXih2CVns2tmT5yTls18WgC4kozbMHddVyZOaNG/fk0Lp
j2Lr0s3lj58LB8688SaC/Ktasf6V/7FnHHaWHFmy2EUuDCmts5goz/I1bZU70tcs
TIDHUuxCvrQbTG72+mLwRlFaIS5Eh0cW8CSC/basHtq+tkAycV0CZav80pPSAZZn
5bKqZ+vq6tEtAHj5W7whWYZ7c8biA1uzuZPB+5s1Rrdg/APOUU0ovT14i7CaHuv2
6vq/GuGQkXlFRQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:52 2024 by rpki-client on console-fra.rpki-client.org