Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91304A9/A374A1B6467111EA81ABB25FC4F9AE02/6A53487C467311EAAF14DD62C4F9AE02.roa
File: 6A53487C467311EAAF14DD62C4F9AE02.roa (raw, json)
Hash identifier: uTrTMdLeR/+Ovt51la0OBdYnqkgOF106mQVnDkAVn44=
Subject key identifier: 06:15:C4:DB:01:34:22:80:91:5C:C1:F3:CA:B9:91:59:3C:07:5E:84
Certificate issuer: /CN=A91304A9/serialNumber=580553B883DEC3DDB24F688E6C2D1BFA93C263AA
Certificate serial: 09C4
Authority key identifier: 58:05:53:B8:83:DE:C3:DD:B2:4F:68:8E:6C:2D:1B:FA:93:C2:63:AA
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WAVTuIPew92yT2iObC0b-pPCY6o.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91304A9/A374A1B6467111EA81ABB25FC4F9AE02/6A53487C467311EAAF14DD62C4F9AE02.roa
Signing time: Mon 31 Jul 2023 20:37:45 +0000
ROA not before: Mon 31 Jul 2023 20:37:45 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 3491
IP address blocks: 116.66.208.0/20 maxlen: 20
116.66.210.0/23 maxlen: 24
116.66.212.0/22 maxlen: 22
116.66.216.0/22 maxlen: 22
116.66.217.0/24 maxlen: 24
116.66.220.0/22 maxlen: 22
203.91.128.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2500 (0x9c4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91304A9/serialNumber=580553B883DEC3DDB24F688E6C2D1BFA93C263AA
Validity
Not Before: Jul 31 20:37:45 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=64c81b99-5587
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:07:20:c2:2b:57:97:b3:c8:d1:3a:4a:8a:27:
19:17:5d:5b:6e:d9:5a:98:06:c8:16:3e:22:be:92:
02:b3:3a:4a:e4:8d:ea:a0:56:4e:d8:af:5c:09:40:
eb:bb:a2:77:1e:0c:f5:d4:9a:a4:c9:a9:a1:f0:46:
41:b4:95:44:42:f6:ea:b2:1b:7f:9e:f0:81:8b:2b:
22:22:51:2b:a1:a4:62:1a:5e:f8:da:f0:2d:17:4b:
8d:d9:50:67:91:4c:39:4a:88:dc:12:14:4a:25:8d:
39:5b:f0:1f:81:41:90:c4:e3:87:60:f3:6b:1a:89:
79:5d:a3:91:e0:1b:cf:b9:80:2d:2a:75:7d:2f:33:
43:6d:b9:27:ba:84:dd:99:0e:a5:51:63:71:cf:7d:
bb:16:80:59:8d:56:60:55:96:c8:0d:d8:8e:11:24:
7b:d5:3e:7a:4f:3b:4d:81:1b:a8:1c:40:6e:fb:69:
da:7a:bc:46:b3:11:a1:f8:16:5d:a2:4b:ba:22:7f:
8f:72:9e:17:48:c1:86:4d:88:2f:d4:68:8b:1b:e4:
9f:9f:e6:1f:de:2b:db:73:d9:39:5c:48:e8:d9:3c:
67:f0:51:a4:51:dc:70:6e:42:e0:bd:9e:98:20:ba:
3e:dd:cd:0c:e1:12:df:94:db:d1:ce:94:9d:ba:5b:
54:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:15:C4:DB:01:34:22:80:91:5C:C1:F3:CA:B9:91:59:3C:07:5E:84
X509v3 Authority Key Identifier:
keyid:58:05:53:B8:83:DE:C3:DD:B2:4F:68:8E:6C:2D:1B:FA:93:C2:63:AA
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91304A9/A374A1B6467111EA81ABB25FC4F9AE02/WAVTuIPew92yT2iObC0b-pPCY6o.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WAVTuIPew92yT2iObC0b-pPCY6o.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91304A9/A374A1B6467111EA81ABB25FC4F9AE02/6A53487C467311EAAF14DD62C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
116.66.208.0/20
203.91.128.0/19
Signature Algorithm: sha256WithRSAEncryption
77:87:c0:7f:ea:45:fc:c8:a2:32:a2:8b:88:6a:c1:7e:01:2a:
ef:de:86:7c:92:95:8d:16:75:6e:ec:42:92:fd:1b:59:c7:6a:
fc:36:97:13:31:f0:4b:13:bb:73:6a:19:87:9a:7b:4b:46:c3:
f5:33:13:b7:c4:61:1d:4c:c5:ad:a7:fd:81:c6:28:1e:b9:38:
e6:86:39:8d:d5:d0:6a:26:34:28:33:3d:8b:81:88:ff:0c:ed:
8d:15:f1:c7:05:87:c4:b0:f6:d8:0e:6d:8e:5b:0d:51:47:f5:
f7:a0:bf:3b:18:1d:08:fb:98:c3:ca:8c:b6:0b:54:be:6d:b6:
d9:c4:6e:59:5b:b5:ef:6c:78:bb:b8:a9:ac:20:eb:a6:f1:c7:
f3:98:0a:9a:1f:76:9d:63:a5:4f:76:03:63:c5:39:64:e4:fd:
32:67:3e:23:a7:40:10:a8:42:d9:f1:42:20:d2:e3:b4:3f:d7:
62:ea:4e:3a:2d:ec:88:6b:4a:9f:bd:f2:1c:39:57:2e:4f:21:
35:29:37:91:5f:64:c8:bf:b9:1e:5c:21:4c:5f:93:5b:92:dc:
f7:17:e5:32:ce:31:ef:b8:76:cb:9d:e2:77:18:ae:d1:81:c5:
55:23:47:b0:3e:07:3c:86:dc:cc:17:c9:a6:8b:0f:16:27:6e:
71:4f:22:e7
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICCcQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzA0QTkxMTAvBgNVBAUTKDU4MDU1M0I4ODNERUMzRERCMjRGNjg4RTZDMkQxQkZB
OTNDMjYzQUEwHhcNMjMwNzMxMjAzNzQ1WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGM4MWI5OS01NTg3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzgcgwitXl7PI0TpKiicZF11bbtlamAbIFj4ivpICszpK5I3qoFZO2K9cCUDr
u6J3Hgz11Jqkyamh8EZBtJVEQvbqsht/nvCBiysiIlEroaRiGl742vAtF0uN2VBn
kUw5SojcEhRKJY05W/AfgUGQxOOHYPNrGol5XaOR4BvPuYAtKnV9LzNDbbknuoTd
mQ6lUWNxz327FoBZjVZgVZbIDdiOESR71T56TztNgRuoHEBu+2naerxGsxGh+BZd
oku6In+Pcp4XSMGGTYgv1GiLG+Sfn+Yf3ivbc9k5XEjo2Txn8FGkUdxwbkLgvZ6Y
ILo+3c0M4RLflNvRzpSdultU0QIDAQABo4ICmzCCApcwHQYDVR0OBBYEFAYVxNsB
NCKAkVzB88q5kVk8B16EMB8GA1UdIwQYMBaAFFgFU7iD3sPdsk9ojmwtG/qTwmOq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzMDRBOS9BMzc0QTFCNjQ2
NzExMUVBODFBQkIyNUZDNEY5QUUwMi9XQVZUdUlQZXc5MnlUMmlPYkMwYi1wUENZ
Nm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1dBVlR1SVBldzkyeVQyaU9iQzBiLXBQQ1k2by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzA0QTkvQTM3NEExQjY0NjcxMTFFQTgxQUJCMjVGQzRGOUFFMDIvNkE1MzQ4N0M0
NjczMTFFQUFGMTRERDYyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAR0QtADBAXLW4AwDQYJKoZIhvcNAQELBQADggEBAHeHwH/q
RfzIojKii4hqwX4BKu/ehnySlY0WdW7sQpL9G1nHavw2lxMx8EsTu3NqGYeae0tG
w/UzE7fEYR1Mxa2n/YHGKB65OOaGOY3V0GomNCgzPYuBiP8M7Y0V8ccFh8Sw9tgO
bY5bDVFH9fegvzsYHQj7mMPKjLYLVL5tttnEbllbte9seLu4qawg66bxx/OYCpof
dp1jpU92A2PFOWTk/TJnPiOnQBCoQtnxQiDS47Q/12LqTjot7IhrSp+98hw5Vy5P
ITUpN5FfZMi/uR5cIUxfk1uS3PcX5TLOMe+4dsud4ncYrtGBxVUjR7A+BzyG3MwX
yaaLDxYnbnFPIuc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:58 2024 by rpki-client on console-fra.rpki-client.org