Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A913CA4B/DC2F0432BF8011EA96FE4A68C4F9AE02/0EF16654D2AB11EDB1F8C82EC4F9AE02.roa
File: 0EF16654D2AB11EDB1F8C82EC4F9AE02.roa (raw, json)
Hash identifier: MoqFna0m/LYuuALlzCJsx7acWrYoYzPPi5saDy1mLZg=
Subject key identifier: C0:27:1E:96:17:7F:6D:B1:4E:F7:54:84:D0:88:BB:76:1A:8D:50:6C
Certificate issuer: /CN=A913CA4B/serialNumber=709210CF761EC67FB394EA5896A5C647B305EEF1
Certificate serial: 0719
Authority key identifier: 70:92:10:CF:76:1E:C6:7F:B3:94:EA:58:96:A5:C6:47:B3:05:EE:F1
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cJIQz3Yexn-zlOpYlqXGR7MF7vE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A913CA4B/DC2F0432BF8011EA96FE4A68C4F9AE02/0EF16654D2AB11EDB1F8C82EC4F9AE02.roa
Signing time: Tue 04 Apr 2023 05:39:25 +0000
ROA not before: Tue 04 Apr 2023 05:39:25 +0000
ROA not after: Sat 30 Dec 2023 00:00:00 +0000
asID: 55745
IP address blocks: 117.55.192.0/24 maxlen: 24
117.55.193.0/24 maxlen: 24
117.55.198.0/24 maxlen: 24
117.55.199.0/24 maxlen: 24
117.55.200.0/22 maxlen: 22
117.55.200.0/24 maxlen: 24
117.55.201.0/24 maxlen: 24
117.55.202.0/24 maxlen: 24
117.55.203.0/24 maxlen: 24
117.55.204.0/24 maxlen: 24
117.55.206.0/24 maxlen: 24
117.55.207.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1817 (0x719)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A913CA4B/serialNumber=709210CF761EC67FB394EA5896A5C647B305EEF1
Validity
Not Before: Apr 4 05:39:25 2023 GMT
Not After : Dec 30 00:00:00 2023 GMT
Subject: CN=642bb80d-7441
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:ed:a8:15:87:43:f5:c8:f4:94:48:d2:1d:b9:
c1:c4:ef:07:fd:62:47:98:0b:75:47:81:25:91:23:
6f:65:6f:96:7a:e0:58:7f:0f:d5:87:07:78:a7:9f:
b6:e0:61:b7:cf:c8:a2:f3:c4:25:c0:ae:cc:55:1f:
7c:93:77:da:45:9e:a2:af:30:1b:e9:6b:0b:24:ec:
d4:37:94:30:21:a5:5a:0e:61:4a:97:17:9b:89:0f:
66:76:10:81:ef:a3:03:9e:51:2d:31:e4:87:0a:b2:
e3:99:89:40:8d:ec:95:84:c6:ca:98:48:dc:dd:a9:
56:60:8e:fe:3d:90:55:90:2a:79:7c:8f:0a:fd:3a:
9b:3a:f0:0b:b7:3a:7a:fa:fa:46:d6:40:f1:85:db:
01:da:f8:b0:6f:2d:66:fa:78:08:85:5f:05:79:fc:
9a:3d:6c:26:61:7d:e7:25:14:2f:96:a5:7a:59:5e:
e9:41:a2:46:02:b9:49:e1:9c:48:1e:44:ae:d9:6e:
04:41:25:e9:a1:46:2c:20:f6:d9:b1:93:55:ee:e6:
d8:28:4e:92:6d:51:7d:95:bc:5c:eb:1c:38:13:4a:
17:13:b5:f0:86:f1:2b:92:f9:ba:32:c1:a3:92:ed:
51:34:f7:5e:b6:84:92:89:26:31:d7:e7:c4:cf:c4:
20:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:27:1E:96:17:7F:6D:B1:4E:F7:54:84:D0:88:BB:76:1A:8D:50:6C
X509v3 Authority Key Identifier:
keyid:70:92:10:CF:76:1E:C6:7F:B3:94:EA:58:96:A5:C6:47:B3:05:EE:F1
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A913CA4B/DC2F0432BF8011EA96FE4A68C4F9AE02/cJIQz3Yexn-zlOpYlqXGR7MF7vE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cJIQz3Yexn-zlOpYlqXGR7MF7vE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913CA4B/DC2F0432BF8011EA96FE4A68C4F9AE02/0EF16654D2AB11EDB1F8C82EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
117.55.192.0/23
117.55.198.0-117.55.204.255
117.55.206.0/23
Signature Algorithm: sha256WithRSAEncryption
15:b5:61:00:ee:d3:44:86:11:cb:28:50:46:39:71:20:fc:bc:
16:a1:ad:5f:77:57:3b:73:44:3b:c2:15:e9:a4:dc:cd:6c:ba:
27:6b:a0:2c:36:b0:ef:92:f8:9c:26:85:f5:d7:8c:29:fb:43:
0f:a7:3a:0c:df:d7:73:ef:36:20:1c:9b:d9:53:e0:cf:79:f2:
d1:40:a8:86:4a:ae:f7:cd:99:2c:1d:45:de:24:14:37:42:8a:
f7:51:ae:87:71:1f:bf:28:8c:fd:4e:d8:f1:b4:77:ac:55:e1:
4c:27:a1:86:45:59:87:9d:0a:17:7b:c5:ab:71:d2:89:73:a6:
2c:2a:11:2d:ff:79:ce:11:f3:86:fc:a7:a4:4e:70:b2:85:d1:
b6:2f:51:aa:52:f2:f4:83:27:12:97:49:60:7c:0b:ac:af:5f:
2d:a2:ed:4b:85:19:88:67:9c:41:f2:27:97:1e:cc:77:c4:30:
05:1b:11:43:3c:8e:fc:72:a7:68:e7:32:c4:f0:a8:b5:0b:0c:
af:70:b6:28:bb:49:58:1f:17:e2:c2:cd:2c:70:97:10:89:6e:
e1:70:3b:69:b1:9e:9b:47:b5:fd:30:05:47:07:30:a9:d1:7f:
d2:de:0d:bc:36:70:b3:41:68:f8:e5:f4:9e:40:f9:64:42:f8:
f1:1d:a3:20
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICBxkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0NBNEIxMTAvBgNVBAUTKDcwOTIxMENGNzYxRUM2N0ZCMzk0RUE1ODk2QTVDNjQ3
QjMwNUVFRjEwHhcNMjMwNDA0MDUzOTI1WhcNMjMxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDJiYjgwZC03NDQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqu2oFYdD9cj0lEjSHbnBxO8H/WJHmAt1R4ElkSNvZW+WeuBYfw/Vhwd4p5+2
4GG3z8ii88QlwK7MVR98k3faRZ6irzAb6WsLJOzUN5QwIaVaDmFKlxebiQ9mdhCB
76MDnlEtMeSHCrLjmYlAjeyVhMbKmEjc3alWYI7+PZBVkCp5fI8K/TqbOvALtzp6
+vpG1kDxhdsB2viwby1m+ngIhV8FefyaPWwmYX3nJRQvlqV6WV7pQaJGArlJ4ZxI
HkSu2W4EQSXpoUYsIPbZsZNV7ubYKE6SbVF9lbxc6xw4E0oXE7XwhvErkvm6MsGj
ku1RNPdetoSSiSYx1+fEz8QgAQIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFMAnHpYX
f22xTvdUhNCIu3YajVBsMB8GA1UdIwQYMBaAFHCSEM92HsZ/s5TqWJalxkezBe7x
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzQ0E0Qi9EQzJGMDQzMkJG
ODAxMUVBOTZGRTRBNjhDNEY5QUUwMi9jSklRejNZZXhuLXpsT3BZbHFYR1I3TUY3
dkUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NKSVF6M1lleG4temxPcFlscVhHUjdNRjd2RS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0NBNEIvREMyRjA0MzJCRjgwMTFFQTk2RkU0QTY4QzRGOUFFMDIvMEVGMTY2NTRE
MkFCMTFFREIxRjhDODJFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBoDBAF1N8AwDAMEAXU3xgMEAHU3zAMEAXU3zjANBgkqhkiG9w0B
AQsFAAOCAQEAFbVhAO7TRIYRyyhQRjlxIPy8FqGtX3dXO3NEO8IV6aTczWy6J2ug
LDaw75L4nCaF9deMKftDD6c6DN/Xc+82IByb2VPgz3ny0UCohkqu982ZLB1F3iQU
N0KK91Guh3EfvyiM/U7Y8bR3rFXhTCehhkVZh50KF3vFq3HSiXOmLCoRLf95zhHz
hvynpE5wsoXRti9RqlLy9IMnEpdJYHwLrK9fLaLtS4UZiGecQfInlx7Md8QwBRsR
QzyO/HKnaOcyxPCotQsMr3C2KLtJWB8X4sLNLHCXEIlu4XA7abGem0e1/TAFRwcw
qdF/0t4NvDZws0Fo+OX0nkD5ZEL48R2jIA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:39 2023 by rpki-client on console-fra.rpki-client.org