Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915059B/74FB42A8227311EA8A0F3822C4F9AE02/60134DC6A60C11EC996C8B40C4F9AE02.roa
File: 60134DC6A60C11EC996C8B40C4F9AE02.roa (raw, json)
Hash identifier: Joo4ACRgzgxshiCjX4OUKo17m9Bb2lZlvNimEXl4qN0=
Subject key identifier: 1D:F8:2A:7E:F2:E2:11:7C:65:E9:5B:46:BA:1A:CB:D4:B7:E3:D9:17
Certificate issuer: /CN=A915059B/serialNumber=CA877333B712345F05D2DC6706572E1CB6211778
Certificate serial: 0521
Authority key identifier: CA:87:73:33:B7:12:34:5F:05:D2:DC:67:06:57:2E:1C:B6:21:17:78
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yodzM7cSNF8F0txnBlcuHLYhF3g.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915059B/74FB42A8227311EA8A0F3822C4F9AE02/60134DC6A60C11EC996C8B40C4F9AE02.roa
Signing time: Thu 19 May 2022 08:45:25 +0000
ROA not before: Thu 19 May 2022 08:45:25 +0000
ROA not after: Sun 28 May 2023 00:00:00 +0000
asID: 133034
IP address blocks: 121.46.68.0/24 maxlen: 24
121.46.69.0/24 maxlen: 24
121.46.70.0/24 maxlen: 24
121.46.71.0/24 maxlen: 24
137.59.4.0/24 maxlen: 24
137.59.6.0/24 maxlen: 24
137.59.7.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1313 (0x521)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915059B/serialNumber=CA877333B712345F05D2DC6706572E1CB6211778
Validity
Not Before: May 19 08:45:25 2022 GMT
Not After : May 28 00:00:00 2023 GMT
Subject: CN=628603a5-b658
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:15:50:75:d2:06:ca:0f:a2:32:74:02:e9:6d:
7d:56:b1:f1:80:2f:1b:e7:aa:ea:b8:14:d0:59:d5:
62:90:11:f0:bc:70:51:16:04:c1:e1:47:8a:ba:8c:
53:36:63:05:1e:27:67:f2:39:a7:59:46:2e:9e:a1:
cb:81:05:68:08:6d:5f:3f:98:ba:f1:7e:13:5e:10:
cc:cf:e2:5f:1d:a7:e2:01:89:99:f4:37:06:25:16:
c5:1d:e9:8d:e6:ab:22:55:fa:69:db:05:29:d0:8f:
12:76:d2:84:03:d0:6a:ed:b6:45:2f:fa:c2:c9:08:
b2:d8:88:7d:1e:7e:8b:a8:ab:05:71:f3:a7:4e:b3:
82:4f:2b:ff:a3:cd:b0:c5:a2:e7:df:3e:43:fc:9d:
6e:db:f5:07:42:32:8e:30:dc:1c:e0:f6:db:73:f1:
39:3d:63:d2:54:c9:1d:f7:93:6d:eb:af:50:ca:a4:
27:ed:ff:df:78:0d:2d:c6:e4:38:bf:b8:47:a7:66:
4e:4b:d9:c7:97:da:57:d7:b6:70:cf:e4:59:82:65:
05:64:34:b5:a6:52:16:84:c2:7c:df:d1:b2:9c:2a:
8e:cd:f8:e9:de:7c:ac:e8:f4:85:b9:2f:b7:34:6b:
d2:85:a7:d2:7f:39:dd:bd:11:63:1b:62:a0:9b:33:
94:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:F8:2A:7E:F2:E2:11:7C:65:E9:5B:46:BA:1A:CB:D4:B7:E3:D9:17
X509v3 Authority Key Identifier:
keyid:CA:87:73:33:B7:12:34:5F:05:D2:DC:67:06:57:2E:1C:B6:21:17:78
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915059B/74FB42A8227311EA8A0F3822C4F9AE02/yodzM7cSNF8F0txnBlcuHLYhF3g.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yodzM7cSNF8F0txnBlcuHLYhF3g.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915059B/74FB42A8227311EA8A0F3822C4F9AE02/60134DC6A60C11EC996C8B40C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
121.46.68.0/22
137.59.4.0/24
137.59.6.0/23
Signature Algorithm: sha256WithRSAEncryption
68:ca:0d:72:fd:b1:de:53:c4:d9:e2:49:e7:55:33:5a:05:53:
c5:ad:20:e8:df:86:77:cd:43:db:21:5a:0c:fd:7e:56:d4:80:
7c:4a:58:39:9e:e1:00:f4:3e:ac:b7:e4:1f:b8:f7:ef:bf:ae:
bd:5a:5e:73:b4:e2:ab:b6:bf:b7:c9:f0:23:ac:d3:2e:6a:21:
2b:62:d5:be:0c:76:07:68:8d:8e:1f:a0:82:c1:35:76:67:79:
95:d5:c1:27:d7:c0:53:5c:c0:67:07:27:2d:09:fa:52:e8:fa:
01:82:70:98:35:9a:96:05:1b:2e:8e:c4:60:55:cf:ab:cd:e5:
95:bf:82:08:49:a8:b9:12:9e:2a:2e:62:30:16:c8:3c:f7:1e:
47:08:b9:13:aa:cb:8a:0c:c3:6e:5b:a9:60:c0:ef:7d:27:31:
2a:87:ab:3b:c2:59:5f:d4:62:7d:fd:14:fa:0e:b4:51:40:a0:
9a:a6:4e:46:7a:0c:41:18:89:28:ad:4e:db:1e:a4:10:a3:08:
3b:fd:f5:4c:b8:88:6f:96:dc:8e:ac:09:1d:48:7e:4c:6a:4d:
35:2a:20:4c:5a:34:64:64:e9:1a:95:e7:9b:61:46:c8:bc:fe:
79:0a:29:c6:de:08:b0:97:4e:bc:28:1c:49:2d:88:f8:73:fc:
df:4e:9d:00
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICBSEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTA1OUIxMTAvBgNVBAUTKENBODc3MzMzQjcxMjM0NUYwNUQyREM2NzA2NTcyRTFD
QjYyMTE3NzgwHhcNMjIwNTE5MDg0NTI1WhcNMjMwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02Mjg2MDNhNS1iNjU4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyhVQddIGyg+iMnQC6W19VrHxgC8b56rquBTQWdVikBHwvHBRFgTB4UeKuoxT
NmMFHidn8jmnWUYunqHLgQVoCG1fP5i68X4TXhDMz+JfHafiAYmZ9DcGJRbFHemN
5qsiVfpp2wUp0I8SdtKEA9Bq7bZFL/rCyQiy2Ih9Hn6LqKsFcfOnTrOCTyv/o82w
xaLn3z5D/J1u2/UHQjKOMNwc4Pbbc/E5PWPSVMkd95Nt669QyqQn7f/feA0txuQ4
v7hHp2ZOS9nHl9pX17Zwz+RZgmUFZDS1plIWhMJ839GynCqOzfjp3nys6PSFuS+3
NGvShafSfzndvRFjG2KgmzOUTwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFB34Kn7y
4hF8ZelbRroay9S349kXMB8GA1UdIwQYMBaAFMqHczO3EjRfBdLcZwZXLhy2IRd4
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MDU5Qi83NEZCNDJBODIy
NzMxMUVBOEEwRjM4MjJDNEY5QUUwMi95b2R6TTdjU05GOEYwdHhuQmxjdUhMWWhG
M2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lvZHpNN2NTTkY4RjB0eG5CbGN1SExZaEYzZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTA1OUIvNzRGQjQyQTgyMjczMTFFQThBMEYzODIyQzRGOUFFMDIvNjAxMzREQzZB
NjBDMTFFQzk5NkM4QjQwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAJ5LkQDBACJOwQDBAGJOwYwDQYJKoZIhvcNAQELBQADggEB
AGjKDXL9sd5TxNniSedVM1oFU8WtIOjfhnfNQ9shWgz9flbUgHxKWDme4QD0Pqy3
5B+49++/rr1aXnO04qu2v7fJ8COs0y5qISti1b4MdgdojY4foILBNXZneZXVwSfX
wFNcwGcHJy0J+lLo+gGCcJg1mpYFGy6OxGBVz6vN5ZW/gghJqLkSniouYjAWyDz3
HkcIuROqy4oMw25bqWDA730nMSqHqzvCWV/UYn39FPoOtFFAoJqmTkZ6DEEYiSit
TtsepBCjCDv99Uy4iG+W3I6sCR1IfkxqTTUqIExaNGRk6RqV55thRsi8/nkKKcbe
CLCXTrwoHEktiPhz/N9OnQA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:59 2024 by rpki-client on console-ams.rpki-client.org