Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9149C2D/4D5A7880087311E79C839B09C4F9AE02/DDD1C6E61CA411EABABE1736C4F9AE02.roa
File: DDD1C6E61CA411EABABE1736C4F9AE02.roa (raw, json)
Hash identifier: JNSxtJ3fpHuYaEkq3hAX2+VRXbebZu7mhbYaLkD3/Uk=
Subject key identifier: 4B:FF:3B:F9:5A:8D:37:C0:6F:DD:B2:D4:FF:D1:24:87:DE:6E:1F:36
Certificate issuer: /CN=A9149C2D/serialNumber=1BDC4767A6D5EBE0BEFA5CA1235308F75E48891A
Certificate serial: 1A2D
Authority key identifier: 1B:DC:47:67:A6:D5:EB:E0:BE:FA:5C:A1:23:53:08:F7:5E:48:89:1A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/G9xHZ6bV6-C--lyhI1MI915IiRo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9149C2D/4D5A7880087311E79C839B09C4F9AE02/DDD1C6E61CA411EABABE1736C4F9AE02.roa
Signing time: Wed 21 Jun 2023 08:24:52 +0000
ROA not before: Wed 21 Jun 2023 08:24:52 +0000
ROA not after: Sun 31 Mar 2024 00:00:00 +0000
asID: 63927
IP address blocks: 43.224.188.0/22 maxlen: 24
43.226.4.0/22 maxlen: 24
103.18.64.0/22 maxlen: 24
103.43.212.0/22 maxlen: 24
103.44.232.0/22 maxlen: 24
203.28.64.0/22 maxlen: 24
2401:da80::/32 maxlen: 32
2401:da80::/36 maxlen: 36
2401:da80:1000::/36 maxlen: 36
2401:da80:2000::/36 maxlen: 36
2401:da80:3000::/36 maxlen: 36
2401:da80:4000::/36 maxlen: 36
2401:da80:5000::/36 maxlen: 36
2401:da80:6000::/36 maxlen: 36
2401:da80:7000::/36 maxlen: 36
2401:da80:8000::/36 maxlen: 36
2401:da80:9000::/36 maxlen: 36
2401:da80:a000::/36 maxlen: 36
2401:da80:b000::/36 maxlen: 36
2401:da80:c000::/36 maxlen: 36
2401:da80:d000::/36 maxlen: 36
2401:da80:e000::/36 maxlen: 36
2401:da80:f000::/36 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6701 (0x1a2d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9149C2D/serialNumber=1BDC4767A6D5EBE0BEFA5CA1235308F75E48891A
Validity
Not Before: Jun 21 08:24:52 2023 GMT
Not After : Mar 31 00:00:00 2024 GMT
Subject: CN=6492b3d4-f65a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:8d:51:83:9b:cb:e0:33:8d:13:8f:77:c9:13:
1d:a7:17:2f:54:96:53:3b:f2:bf:d3:1c:65:99:4e:
e9:d3:0f:bd:d1:b3:6a:fc:8e:f1:6c:61:32:35:04:
01:20:57:a3:ca:08:33:2f:f0:cd:0b:fb:f6:17:66:
e0:2d:ec:f5:0e:3f:e6:31:3e:37:a0:71:05:9e:d1:
23:98:9f:cf:1c:47:01:54:e1:73:a4:8d:16:b5:a0:
47:8c:36:d4:30:fa:8b:d9:54:47:c3:af:ab:04:7d:
d9:58:b2:a9:5a:a6:b1:51:5b:f7:ff:1f:09:6b:ce:
74:57:d5:fb:4d:ad:be:51:9b:ff:a8:0e:e0:d4:4d:
6e:38:7d:8e:6c:19:8d:d4:ef:4e:2e:32:0a:1f:48:
8f:74:ef:27:f3:79:ed:f4:d7:cc:64:57:10:fe:56:
05:fa:f6:5b:a4:42:0e:b2:62:70:70:a2:d6:9c:2f:
19:7e:e0:27:88:eb:4b:bd:cb:a8:30:90:c6:aa:c9:
0c:a2:55:34:33:90:6e:40:6d:6f:c3:20:d7:98:19:
b8:13:6b:40:56:14:de:61:cb:fc:17:67:67:8e:cf:
d4:63:fe:3e:3a:35:69:34:b9:7d:31:ee:c2:de:6c:
88:f8:03:14:19:bc:8a:7b:f6:b4:ea:48:11:dc:50:
e0:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:FF:3B:F9:5A:8D:37:C0:6F:DD:B2:D4:FF:D1:24:87:DE:6E:1F:36
X509v3 Authority Key Identifier:
keyid:1B:DC:47:67:A6:D5:EB:E0:BE:FA:5C:A1:23:53:08:F7:5E:48:89:1A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9149C2D/4D5A7880087311E79C839B09C4F9AE02/G9xHZ6bV6-C--lyhI1MI915IiRo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/G9xHZ6bV6-C--lyhI1MI915IiRo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9149C2D/4D5A7880087311E79C839B09C4F9AE02/DDD1C6E61CA411EABABE1736C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.224.188.0/22
43.226.4.0/22
103.18.64.0/22
103.43.212.0/22
103.44.232.0/22
203.28.64.0/22
IPv6:
2401:da80::/32
Signature Algorithm: sha256WithRSAEncryption
5c:17:9e:57:c5:8a:b9:bb:94:d0:44:11:9b:c2:cc:89:3b:91:
f5:18:46:b1:7d:00:a3:54:f3:b7:12:f8:a1:c9:71:e1:f3:84:
74:f8:89:74:4c:9c:ef:93:ea:07:3c:d9:59:df:88:3a:af:c9:
fd:c9:32:8c:c6:20:0d:35:b8:0e:d5:6f:ca:e5:6a:13:a7:0b:
b1:9f:f5:ab:7c:9a:5b:d2:63:0a:5c:20:61:32:d4:47:4c:e2:
eb:f3:e7:43:71:c8:29:39:56:8d:89:3f:a4:9f:64:85:91:e4:
54:46:c0:37:7d:b1:01:08:ef:3b:b2:fd:18:7c:80:09:8a:3a:
05:eb:db:f8:44:18:37:c3:4d:1d:b1:c0:c5:81:8e:d6:e0:e8:
17:3e:b0:37:9c:61:78:73:c4:a1:f1:69:11:f9:89:7c:7b:c6:
5f:17:e3:86:3b:75:c5:db:b4:23:0d:e6:50:4c:8e:00:d7:6c:
13:e2:ae:15:d9:10:23:5b:04:8b:a5:8f:9e:97:d3:89:4f:2f:
80:d0:c4:ec:1c:a0:8a:be:12:d9:b5:b1:79:44:dc:77:b8:ce:
64:72:57:ad:fb:52:56:f6:b9:cf:76:ed:03:f8:d5:47:18:30:
22:d7:f5:5d:e5:c4:a6:c3:96:18:18:dc:c4:59:89:71:33:eb:
61:26:60:04
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgICGi0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDlDMkQxMTAvBgNVBAUTKDFCREM0NzY3QTZENUVCRTBCRUZBNUNBMTIzNTMwOEY3
NUU0ODg5MUEwHhcNMjMwNjIxMDgyNDUyWhcNMjQwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDkyYjNkNC1mNjVhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7Y1Rg5vL4DONE493yRMdpxcvVJZTO/K/0xxlmU7p0w+90bNq/I7xbGEyNQQB
IFejyggzL/DNC/v2F2bgLez1Dj/mMT43oHEFntEjmJ/PHEcBVOFzpI0WtaBHjDbU
MPqL2VRHw6+rBH3ZWLKpWqaxUVv3/x8Ja850V9X7Ta2+UZv/qA7g1E1uOH2ObBmN
1O9OLjIKH0iPdO8n83nt9NfMZFcQ/lYF+vZbpEIOsmJwcKLWnC8ZfuAniOtLvcuo
MJDGqskMolU0M5BuQG1vwyDXmBm4E2tAVhTeYcv8F2dnjs/UY/4+OjVpNLl9Me7C
3myI+AMUGbyKe/a06kgR3FDgbQIDAQABo4ICwjCCAr4wHQYDVR0OBBYEFEv/O/la
jTfAb92y1P/RJIfebh82MB8GA1UdIwQYMBaAFBvcR2em1evgvvpcoSNTCPdeSIka
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OUMyRC80RDVBNzg4MDA4
NzMxMUU3OUM4MzlCMDlDNEY5QUUwMi9HOXhIWjZiVjYtQy0tbHloSTFNSTkxNUlp
Um8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0c5eEhaNmJWNi1DLS1seWhJMU1JOTE1SWlSby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDlDMkQvNEQ1QTc4ODAwODczMTFFNzlDODM5QjA5QzRGOUFFMDIvREREMUM2RTYx
Q0E0MTFFQUJBQkUxNzM2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTAYIKwYBBQUHAQcBAf8E
PTA7MCoEAgABMCQDBAIr4LwDBAIr4gQDBAJnEkADBAJnK9QDBAJnLOgDBALLHEAw
DQQCAAIwBwMFACQB2oAwDQYJKoZIhvcNAQELBQADggEBAFwXnlfFirm7lNBEEZvC
zIk7kfUYRrF9AKNU87cS+KHJceHzhHT4iXRMnO+T6gc82VnfiDqvyf3JMozGIA01
uA7Vb8rlahOnC7Gf9at8mlvSYwpcIGEy1EdM4uvz50NxyCk5Vo2JP6SfZIWR5FRG
wDd9sQEI7zuy/Rh8gAmKOgXr2/hEGDfDTR2xwMWBjtbg6Bc+sDecYXhzxKHxaRH5
iXx7xl8X44Y7dcXbtCMN5lBMjgDXbBPirhXZECNbBIulj56X04lPL4DQxOwcoIq+
Etm1sXlE3He4zmRyV637Ulb2uc927QP41UcYMCLX9V3lxKbDlhgY3MRZiXEz62Em
YAQ=
-----END CERTIFICATE-----
Generated at Sat Sep 30 04:44:27 2023 by rpki-client on console-fra.rpki-client.org