Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9123B8B/7ACCCB409C6F11EA8C659B3FC4F9AE02/4FDCD6A6DA7911EC83712143C4F9AE02.roa
File: 4FDCD6A6DA7911EC83712143C4F9AE02.roa (raw, json)
Hash identifier: KIaLd+rtnojkHbC6jQdofFW4KU2A37F/loObiRB5h0Y=
Subject key identifier: 0A:3A:24:E1:24:3A:8E:7C:A4:B1:55:42:34:20:54:9A:16:65:6B:7D
Certificate issuer: /CN=A9123B8B/serialNumber=B6BB6364BCE485CEC06D3399491587A482591CBC
Certificate serial: 06A0
Authority key identifier: B6:BB:63:64:BC:E4:85:CE:C0:6D:33:99:49:15:87:A4:82:59:1C:BC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/trtjZLzkhc7AbTOZSRWHpIJZHLw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9123B8B/7ACCCB409C6F11EA8C659B3FC4F9AE02/4FDCD6A6DA7911EC83712143C4F9AE02.roa
Signing time: Thu 07 Jul 2022 10:09:16 +0000
ROA not before: Thu 07 Jul 2022 10:09:16 +0000
ROA not after: Thu 31 Aug 2023 00:00:00 +0000
asID: 140671
IP address blocks: 103.151.134.0/23 maxlen: 23
2400:7f20::/36 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1696 (0x6a0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9123B8B/serialNumber=B6BB6364BCE485CEC06D3399491587A482591CBC
Validity
Not Before: Jul 7 10:09:16 2022 GMT
Not After : Aug 31 00:00:00 2023 GMT
Subject: CN=62c6b0cc-4634
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:56:c8:83:2b:38:1f:01:c2:2d:4d:3e:8e:49:
e4:b5:d4:da:9f:8b:16:c0:39:bb:91:f5:53:d6:a5:
0c:ab:ab:14:d1:58:54:bf:6d:f2:40:c4:12:fe:91:
15:eb:e3:a2:a7:b7:8a:5c:07:ba:f2:e1:fc:5b:66:
5c:25:53:17:f3:58:80:66:82:8b:11:52:ea:1d:97:
e6:1a:01:ce:c4:03:28:53:fd:3b:5a:06:f5:32:69:
1f:9e:77:5e:ee:9c:48:c7:11:8b:cd:8a:3f:bd:b0:
68:19:df:22:0c:13:cc:0a:b5:21:a6:da:e7:b5:2b:
93:fc:ea:24:a1:33:ac:60:b4:cf:36:63:73:ae:5a:
8b:60:76:83:62:1e:1a:04:3b:b8:81:7d:aa:da:4a:
ca:eb:12:95:55:77:da:08:96:cc:6a:92:4b:d9:5d:
ed:4a:10:0d:59:1e:72:04:e5:7f:ab:61:00:35:b1:
a8:50:d9:8e:4a:2c:ce:1d:24:bb:1d:b9:c0:db:83:
59:ff:a0:ad:e6:fd:66:b2:f8:88:9c:c5:41:7f:6d:
76:ec:2f:bc:03:c1:7e:65:46:c9:43:82:d2:67:96:
39:09:fc:fe:f4:32:fc:2e:04:f1:02:d4:47:f2:20:
09:95:2e:e7:33:3e:1d:26:37:a5:30:76:92:59:98:
10:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:3A:24:E1:24:3A:8E:7C:A4:B1:55:42:34:20:54:9A:16:65:6B:7D
X509v3 Authority Key Identifier:
keyid:B6:BB:63:64:BC:E4:85:CE:C0:6D:33:99:49:15:87:A4:82:59:1C:BC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9123B8B/7ACCCB409C6F11EA8C659B3FC4F9AE02/trtjZLzkhc7AbTOZSRWHpIJZHLw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/trtjZLzkhc7AbTOZSRWHpIJZHLw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9123B8B/7ACCCB409C6F11EA8C659B3FC4F9AE02/4FDCD6A6DA7911EC83712143C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.151.134.0/23
IPv6:
2400:7f20::/36
Signature Algorithm: sha256WithRSAEncryption
53:93:ab:13:a1:1b:c3:c6:52:88:99:21:1c:93:eb:97:8e:1e:
7c:f7:fb:64:b7:2e:76:a9:70:fc:59:90:56:65:18:c3:0c:1f:
91:b4:57:07:ae:06:24:84:51:c5:7f:41:f3:86:16:fa:d6:c6:
85:0c:8e:6c:07:02:06:46:84:86:47:34:1c:3b:61:76:85:5e:
03:0a:bc:da:2b:3e:21:af:4e:69:02:7a:59:91:fe:f3:96:b1:
aa:4a:c4:97:fa:17:a5:0e:47:68:47:91:5b:de:f2:75:7f:3e:
6c:b3:88:90:8e:db:72:2e:33:fd:0e:35:c2:40:b1:d6:b2:0e:
8f:0a:f3:0a:77:43:b7:d0:75:75:fc:dd:91:c5:33:46:f2:64:
5e:08:8e:59:fd:e9:6f:4e:fc:05:19:9b:a8:e9:4e:4f:61:8c:
29:1a:b6:cb:43:49:00:b3:29:5b:21:d5:36:02:b9:2f:4e:e4:
99:31:61:23:0c:39:6d:1c:3a:d5:54:88:c8:2b:46:f2:d6:21:
54:12:df:0d:cb:44:40:45:23:18:96:79:21:49:d0:b7:f9:92:
78:0e:ad:38:16:01:5e:ad:f7:30:a4:c7:5b:5a:0f:8b:c3:79:
cb:f2:00:5d:a3:16:52:86:ac:99:fc:43:85:1e:87:1d:6e:a4:
2f:62:52:53
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgICBqAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjNCOEIxMTAvBgNVBAUTKEI2QkI2MzY0QkNFNDg1Q0VDMDZEMzM5OTQ5MTU4N0E0
ODI1OTFDQkMwHhcNMjIwNzA3MTAwOTE2WhcNMjMwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmM2YjBjYy00NjM0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7VbIgys4HwHCLU0+jknktdTan4sWwDm7kfVT1qUMq6sU0VhUv23yQMQS/pEV
6+Oip7eKXAe68uH8W2ZcJVMX81iAZoKLEVLqHZfmGgHOxAMoU/07Wgb1Mmkfnnde
7pxIxxGLzYo/vbBoGd8iDBPMCrUhptrntSuT/OokoTOsYLTPNmNzrlqLYHaDYh4a
BDu4gX2q2krK6xKVVXfaCJbMapJL2V3tShANWR5yBOV/q2EANbGoUNmOSizOHSS7
HbnA24NZ/6Ct5v1msviInMVBf2127C+8A8F+ZUbJQ4LSZ5Y5Cfz+9DL8LgTxAtRH
8iAJlS7nMz4dJjelMHaSWZgQjwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFAo6JOEk
Oo58pLFVQjQgVJoWZWt9MB8GA1UdIwQYMBaAFLa7Y2S85IXOwG0zmUkVh6SCWRy8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyM0I4Qi83QUNDQ0I0MDlD
NkYxMUVBOEM2NTlCM0ZDNEY5QUUwMi90cnRqWkx6a2hjN0FiVE9aU1JXSHBJSlpI
THcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3RydGpaTHpraGM3QWJUT1pTUldIcElKWkhMdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjNCOEIvN0FDQ0NCNDA5QzZGMTFFQThDNjU5QjNGQzRGOUFFMDIvNEZEQ0Q2QTZE
QTc5MTFFQzgzNzEyMTQzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLwYIKwYBBQUHAQcBAf8E
IDAeMAwEAgABMAYDBAFnl4YwDgQCAAIwCAMGBCQAfyAAMA0GCSqGSIb3DQEBCwUA
A4IBAQBTk6sToRvDxlKImSEck+uXjh589/tkty52qXD8WZBWZRjDDB+RtFcHrgYk
hFHFf0Hzhhb61saFDI5sBwIGRoSGRzQcO2F2hV4DCrzaKz4hr05pAnpZkf7zlrGq
SsSX+helDkdoR5Fb3vJ1fz5ss4iQjttyLjP9DjXCQLHWsg6PCvMKd0O30HV1/N2R
xTNG8mReCI5Z/elvTvwFGZuo6U5PYYwpGrbLQ0kAsylbIdU2ArkvTuSZMWEjDDlt
HDrVVIjIK0by1iFUEt8Ny0RARSMYlnkhSdC3+ZJ4Dq04FgFerfcwpMdbWg+Lw3nL
8gBdoxZShqyZ/EOFHocdbqQvYlJT
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:34 2023 by rpki-client on console-ams.rpki-client.org