Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/1412F678CCF511ECAD813D42C4F9AE02.roa
File: 1412F678CCF511ECAD813D42C4F9AE02.roa (raw, json)
Hash identifier: JoNjBZkzXieDtchTTZsTaBvCDO79HfjPKwyiUn3AUY8=
Subject key identifier: E5:1D:97:E4:AA:BA:69:49:B1:24:FB:61:D8:15:F3:9F:BD:92:BF:CB
Certificate issuer: /CN=A911E509/serialNumber=AA8E1BE3624240DC3302047FB41A7D4E47808EF8
Certificate serial: 07BA
Authority key identifier: AA:8E:1B:E3:62:42:40:DC:33:02:04:7F:B4:1A:7D:4E:47:80:8E:F8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qo4b42JCQNwzAgR_tBp9TkeAjvg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/1412F678CCF511ECAD813D42C4F9AE02.roa
Signing time: Thu 29 Jun 2023 02:41:43 +0000
ROA not before: Thu 29 Jun 2023 02:41:43 +0000
ROA not after: Tue 30 Jul 2024 00:00:00 +0000
asID: 135391
IP address blocks: 43.230.88.0/22 maxlen: 24
45.253.244.0/24 maxlen: 24
45.253.245.0/24 maxlen: 24
45.253.246.0/24 maxlen: 24
45.253.247.0/24 maxlen: 24
61.29.240.0/24 maxlen: 24
61.29.241.0/24 maxlen: 24
61.29.242.0/24 maxlen: 24
61.29.243.0/24 maxlen: 24
61.29.244.0/24 maxlen: 24
61.29.245.0/24 maxlen: 24
61.29.246.0/24 maxlen: 24
61.29.247.0/24 maxlen: 24
61.29.248.0/24 maxlen: 24
61.29.249.0/24 maxlen: 24
61.29.250.0/23 maxlen: 24
61.29.254.0/23 maxlen: 24
103.49.132.0/22 maxlen: 24
103.211.228.0/22 maxlen: 24
103.216.100.0/22 maxlen: 24
146.196.76.0/23 maxlen: 24
146.196.78.0/24 maxlen: 24
146.196.79.0/24 maxlen: 24
157.119.232.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1978 (0x7ba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911E509/serialNumber=AA8E1BE3624240DC3302047FB41A7D4E47808EF8
Validity
Not Before: Jun 29 02:41:43 2023 GMT
Not After : Jul 30 00:00:00 2024 GMT
Subject: CN=649cef67-17d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:a4:94:78:c1:a0:a4:cf:70:9d:82:97:e2:9d:
fd:19:cf:b5:bf:7c:33:54:de:c1:e5:96:33:25:9a:
38:a1:33:09:ca:83:e2:2e:36:dd:12:b5:a3:61:06:
d8:5c:e2:2e:a8:74:6f:97:3e:e4:d6:2b:ed:71:f2:
00:d7:65:7a:1c:97:6d:9d:7c:10:75:14:54:8a:be:
2c:c3:c2:2d:ea:a4:71:80:fa:dc:55:ca:45:61:a1:
0e:2e:78:b1:63:a8:12:9b:94:4a:03:eb:fd:43:58:
e9:aa:0d:b6:12:31:4c:df:f9:98:8c:c1:ce:29:c7:
7e:24:49:71:95:02:2d:11:50:db:d8:f4:de:f5:20:
e0:f9:88:fd:b7:47:da:b1:00:7e:59:65:55:ff:a3:
74:3f:50:c4:85:64:90:4f:9f:4e:f8:8f:25:54:09:
48:8b:01:2d:9e:96:d3:e3:f0:15:96:64:7b:3c:8e:
c6:70:04:c0:87:07:17:e8:34:eb:1f:e7:db:18:e7:
51:84:9a:6b:c8:55:1d:56:15:4b:52:87:9b:1a:22:
74:85:db:2d:ba:ce:54:75:e5:25:97:06:3c:6f:e8:
50:65:aa:4a:27:c1:55:09:a4:52:bd:7a:86:a5:ed:
eb:ec:06:d2:b1:76:e3:8d:1a:6a:bc:7b:b4:e1:1c:
ea:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:1D:97:E4:AA:BA:69:49:B1:24:FB:61:D8:15:F3:9F:BD:92:BF:CB
X509v3 Authority Key Identifier:
keyid:AA:8E:1B:E3:62:42:40:DC:33:02:04:7F:B4:1A:7D:4E:47:80:8E:F8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/qo4b42JCQNwzAgR_tBp9TkeAjvg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qo4b42JCQNwzAgR_tBp9TkeAjvg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/1412F678CCF511ECAD813D42C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.230.88.0/22
45.253.244.0/22
61.29.240.0-61.29.251.255
61.29.254.0/23
103.49.132.0/22
103.211.228.0/22
103.216.100.0/22
146.196.76.0/22
157.119.232.0/22
Signature Algorithm: sha256WithRSAEncryption
78:22:c0:35:f1:6d:23:a9:e8:b6:f7:b1:fb:d8:58:dd:0b:76:
5e:5c:21:67:56:9a:37:d1:1e:f4:2a:1c:06:97:b7:90:52:f5:
fd:82:76:d7:a2:b9:69:97:d9:97:88:a7:ec:80:5c:9c:16:e0:
0e:41:9e:81:ca:3a:6a:c8:a0:70:da:0c:ba:43:1c:ad:b8:91:
e6:03:10:32:5d:9e:02:e2:1a:47:04:d3:d1:51:14:6a:24:7d:
18:2a:98:cb:98:b6:7d:bc:b6:a8:05:0f:d8:6b:c9:90:8a:27:
66:03:24:c6:14:90:4f:47:1e:9a:24:2e:ad:b1:44:32:3c:3f:
ea:7b:b4:d8:cf:2b:a9:3f:27:a2:7a:63:03:75:40:54:e0:e0:
97:2d:8e:66:19:1d:60:16:c1:3c:49:cd:09:7c:cc:6d:17:5a:
52:a9:b7:d9:1f:a1:f0:ed:6e:4e:f9:8c:38:3c:4b:4a:2e:a1:
58:79:9b:38:fc:9b:e9:b8:63:45:60:3b:ca:e0:a4:3c:fb:d3:
b5:37:50:d9:23:12:60:ff:1a:f3:04:7a:89:7d:b7:ea:b6:48:
a0:4c:7f:95:be:65:09:ec:cb:f4:cc:14:9e:b2:89:11:0f:76:
da:cd:b4:43:ef:93:39:63:1d:73:fc:2b:de:11:09:ee:aa:22:
35:85:46:2c
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgICB7owDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUU1MDkxMTAvBgNVBAUTKEFBOEUxQkUzNjI0MjQwREMzMzAyMDQ3RkI0MUE3RDRF
NDc4MDhFRjgwHhcNMjMwNjI5MDI0MTQzWhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDljZWY2Ny0xN2Q0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwKSUeMGgpM9wnYKX4p39Gc+1v3wzVN7B5ZYzJZo4oTMJyoPiLjbdErWjYQbY
XOIuqHRvlz7k1ivtcfIA12V6HJdtnXwQdRRUir4sw8It6qRxgPrcVcpFYaEOLnix
Y6gSm5RKA+v9Q1jpqg22EjFM3/mYjMHOKcd+JElxlQItEVDb2PTe9SDg+Yj9t0fa
sQB+WWVV/6N0P1DEhWSQT59O+I8lVAlIiwEtnpbT4/AVlmR7PI7GcATAhwcX6DTr
H+fbGOdRhJpryFUdVhVLUoebGiJ0hdstus5UdeUllwY8b+hQZapKJ8FVCaRSvXqG
pe3r7AbSsXbjjRpqvHu04RzqrwIDAQABo4ICzTCCAskwHQYDVR0OBBYEFOUdl+Sq
umlJsST7YdgV85+9kr/LMB8GA1UdIwQYMBaAFKqOG+NiQkDcMwIEf7QafU5HgI74
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRTUwOS83OUVBNTkxRUE3
QkQxMUVBQUFBNjI5NDhDNEY5QUUwMi9xbzRiNDJKQ1FOd3pBZ1JfdEJwOVRrZUFq
dmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FvNGI0MkpDUU53ekFnUl90QnA5VGtlQWp2Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUU1MDkvNzlFQTU5MUVBN0JEMTFFQUFBQTYyOTQ4QzRGOUFFMDIvMTQxMkY2NzhD
Q0Y1MTFFQ0FEODEzRDQyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVwYIKwYBBQUHAQcBAf8E
SDBGMEQEAgABMD4DBAIr5lgDBAIt/fQwDAMEBD0d8AMEAj0d+AMEAT0d/gMEAmcx
hAMEAmfT5AMEAmfYZAMEApLETAMEAp136DANBgkqhkiG9w0BAQsFAAOCAQEAeCLA
NfFtI6notvex+9hY3Qt2XlwhZ1aaN9Ee9CocBpe3kFL1/YJ216K5aZfZl4in7IBc
nBbgDkGegco6asigcNoMukMcrbiR5gMQMl2eAuIaRwTT0VEUaiR9GCqYy5i2fby2
qAUP2GvJkIonZgMkxhSQT0cemiQurbFEMjw/6nu02M8rqT8nonpjA3VAVODgly2O
ZhkdYBbBPEnNCXzMbRdaUqm32R+h8O1uTvmMODxLSi6hWHmbOPyb6bhjRWA7yuCk
PPvTtTdQ2SMSYP8a8wR6iX236rZIoEx/lb5lCezL9MwUnrKJEQ922s20Q++TOWMd
c/wr3hEJ7qoiNYVGLA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:47 2024 by rpki-client on console-ams.rpki-client.org