Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914BC7A/4C528F78450311E2BDCA1F732979BB20/EC7590CC1B6411ECAAB1D328C4F9AE02.roa
File: EC7590CC1B6411ECAAB1D328C4F9AE02.roa (raw, json)
Hash identifier: EoubOcxHSyLRa/ha39M1XXMQ2tsZr5h2wTO3LdvTztk=
Subject key identifier: 98:1A:B7:6F:68:EA:22:38:69:91:7A:2F:9D:00:45:B2:95:25:76:DD
Certificate issuer: /CN=A914BC7A/serialNumber=5312F399A6F7EB0DDCD51C039F83F7B7A47A5F09
Certificate serial: 32B4
Authority key identifier: 53:12:F3:99:A6:F7:EB:0D:DC:D5:1C:03:9F:83:F7:B7:A4:7A:5F:09
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UxLzmab36w3c1RwDn4P3t6R6Xwk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914BC7A/4C528F78450311E2BDCA1F732979BB20/EC7590CC1B6411ECAAB1D328C4F9AE02.roa
Signing time: Thu 05 Jan 2023 12:11:00 +0000
ROA not before: Thu 05 Jan 2023 12:11:00 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 9885
IP address blocks: 2001:fff:a000::/40 maxlen: 48
2001:fff:b000::/40 maxlen: 48
2001:fff:c000::/40 maxlen: 48
2001:fff:d000::/40 maxlen: 48
2001:fff:e000::/40 maxlen: 48
2001:fff:f000::/40 maxlen: 48
2405:8a00:ffff::/48 maxlen: 48
240a:eabc:d00d::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12980 (0x32b4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914BC7A/serialNumber=5312F399A6F7EB0DDCD51C039F83F7B7A47A5F09
Validity
Not Before: Jan 5 12:11:00 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=63b6be54-ee08
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:80:49:38:d8:e4:de:c3:7d:ff:12:06:a0:97:
48:9a:5a:df:ce:62:de:5b:a8:d1:1d:6d:7a:c2:f0:
31:ed:85:75:58:54:50:42:66:57:94:c3:f2:a8:62:
b7:29:b4:88:36:4c:38:4f:75:2c:5f:1e:e5:d9:17:
11:80:c8:fd:41:17:1b:62:6e:da:6a:13:86:74:9f:
00:48:3c:95:73:cd:35:7c:e2:0e:f3:4b:77:86:38:
fe:a6:88:b5:4f:42:b5:14:1e:02:29:b1:0d:2a:74:
b0:24:97:2e:85:5c:2c:2a:a3:01:b5:d8:2f:a4:b9:
cb:93:1b:98:70:ff:42:a8:75:62:99:f8:a1:db:47:
08:36:f8:5f:90:e8:30:63:fe:12:a5:dd:85:56:f3:
92:3e:89:b4:1f:51:75:62:28:8f:6c:11:a3:42:38:
68:e7:45:22:8a:20:33:b7:b8:74:8e:e3:a5:5d:99:
7a:68:95:0c:22:29:f0:84:3f:ee:f1:f3:08:fa:28:
af:a8:09:d4:ef:a7:d3:5c:44:93:47:5e:0c:90:a8:
a4:8b:f8:b5:ad:5f:e0:69:3b:e0:7d:32:e6:37:d2:
3e:50:d7:6d:d2:f7:cc:05:a3:72:96:08:0d:e9:61:
bd:b5:77:1f:c4:3d:cf:43:6c:9c:45:d2:42:a3:35:
73:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:1A:B7:6F:68:EA:22:38:69:91:7A:2F:9D:00:45:B2:95:25:76:DD
X509v3 Authority Key Identifier:
keyid:53:12:F3:99:A6:F7:EB:0D:DC:D5:1C:03:9F:83:F7:B7:A4:7A:5F:09
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914BC7A/4C528F78450311E2BDCA1F732979BB20/UxLzmab36w3c1RwDn4P3t6R6Xwk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UxLzmab36w3c1RwDn4P3t6R6Xwk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914BC7A/4C528F78450311E2BDCA1F732979BB20/EC7590CC1B6411ECAAB1D328C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2001:fff:a000::/40
2001:fff:b000::/40
2001:fff:c000::/40
2001:fff:d000::/40
2001:fff:e000::/40
2001:fff:f000::/40
2405:8a00:ffff::/48
240a:eabc:d00d::/48
Signature Algorithm: sha256WithRSAEncryption
0e:0e:84:ed:d6:d9:8a:e1:01:74:75:4b:a8:71:2b:fd:18:83:
9c:f2:e6:b8:0e:ab:09:ee:3f:dd:12:ea:06:d9:65:a0:44:ec:
90:d3:b2:27:41:d7:b1:69:15:52:29:a8:cb:49:d1:73:53:35:
1a:af:99:22:04:41:03:af:ee:39:97:1b:48:aa:bc:31:bc:dc:
e9:42:49:ab:fe:d7:0d:14:95:2d:d0:fb:e5:c8:0a:27:5b:73:
7d:2a:95:56:ab:9f:9b:69:b4:8c:df:cb:9c:09:64:87:d2:49:
75:3a:0f:74:24:9d:80:d0:25:1d:6f:28:3f:53:e7:76:03:c6:
d9:e9:92:e7:70:e5:0b:b0:0c:90:2a:9a:7e:32:2b:e7:92:fa:
dd:b4:9a:50:0d:89:dd:d9:c7:ef:eb:cb:07:b6:ee:9e:d1:cb:
84:2d:24:73:62:e4:8b:fa:db:55:82:98:9a:3e:cd:93:49:97:
e9:5c:35:ec:4c:a4:0d:a3:bd:3d:4e:75:0a:ae:2e:3f:6d:b9:
43:11:19:50:ad:00:0c:a7:1b:12:24:30:d9:bb:d4:7b:49:e1:
d1:6b:a2:c7:ce:df:70:45:d5:da:ec:25:3f:f0:c3:74:e3:01:
4f:a9:a9:b6:3b:26:e8:65:4e:46:98:e0:6d:64:48:cc:c2:95:
41:be:81:86
-----BEGIN CERTIFICATE-----
MIIFrTCCBJWgAwIBAgICMrQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEJDN0ExMTAvBgNVBAUTKDUzMTJGMzk5QTZGN0VCMEREQ0Q1MUMwMzlGODNGN0I3
QTQ3QTVGMDkwHhcNMjMwMTA1MTIxMTAwWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2I2YmU1NC1lZTA4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2YBJONjk3sN9/xIGoJdImlrfzmLeW6jRHW16wvAx7YV1WFRQQmZXlMPyqGK3
KbSINkw4T3UsXx7l2RcRgMj9QRcbYm7aahOGdJ8ASDyVc801fOIO80t3hjj+poi1
T0K1FB4CKbENKnSwJJcuhVwsKqMBtdgvpLnLkxuYcP9CqHVimfih20cINvhfkOgw
Y/4Spd2FVvOSPom0H1F1YiiPbBGjQjho50UiiiAzt7h0juOlXZl6aJUMIinwhD/u
8fMI+iivqAnU76fTXESTR14MkKiki/i1rV/gaTvgfTLmN9I+UNdt0vfMBaNylggN
6WG9tXcfxD3PQ2ycRdJCozVzywIDAQABo4IC0TCCAs0wHQYDVR0OBBYEFJgat29o
6iI4aZF6L50ARbKVJXbdMB8GA1UdIwQYMBaAFFMS85mm9+sN3NUcA5+D97ekel8J
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QkM3QS80QzUyOEY3ODQ1
MDMxMUUyQkRDQTFGNzMyOTc5QkIyMC9VeEx6bWFiMzZ3M2MxUndEbjRQM3Q2UjZY
d2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1V4THptYWIzNnczYzFSd0RuNFAzdDZSNlh3ay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEJDN0EvNEM1MjhGNzg0NTAzMTFFMkJEQ0ExRjczMjk3OUJCMjAvRUM3NTkwQ0Mx
QjY0MTFFQ0FBQjFEMzI4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWwYIKwYBBQUHAQcBAf8E
TDBKMEgEAgACMEIDBgAgAQ//oAMGACABD/+wAwYAIAEP/8ADBgAgAQ//0AMGACAB
D//gAwYAIAEP//ADBwAkBYoA//8DBwAkCuq80A0wDQYJKoZIhvcNAQELBQADggEB
AA4OhO3W2YrhAXR1S6hxK/0Yg5zy5rgOqwnuP90S6gbZZaBE7JDTsidB17FpFVIp
qMtJ0XNTNRqvmSIEQQOv7jmXG0iqvDG83OlCSav+1w0UlS3Q++XICidbc30qlVar
n5tptIzfy5wJZIfSSXU6D3QknYDQJR1vKD9T53YDxtnpkudw5QuwDJAqmn4yK+eS
+t20mlANid3Zx+/rywe27p7Ry4QtJHNi5Iv621WCmJo+zZNJl+lcNexMpA2jvT1O
dQquLj9tuUMRGVCtAAynGxIkMNm71HtJ4dFrosfO33BF1drsJT/ww3TjAU+pqbY7
JuhlTkaY4G1kSMzClUG+gYY=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:39 2023 by rpki-client on console-ams.rpki-client.org