Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/39CF76BE3FFE11EB9AE7EE80C4F9AE02.roa
File: 39CF76BE3FFE11EB9AE7EE80C4F9AE02.roa (raw, json)
Hash identifier: rXLaI51FbCaOkI1v6zGkhAi90+5A7757OX/uKgUjLNk=
Subject key identifier: 14:EF:F2:02:74:C8:AC:B8:0D:6F:6B:03:01:E3:7A:A4:10:9E:EA:4F
Certificate issuer: /CN=A9152F52/serialNumber=81428A01C51691E7A8C5D843ECB6B1D3D9AE424E
Certificate serial: 0ACF
Authority key identifier: 81:42:8A:01:C5:16:91:E7:A8:C5:D8:43:EC:B6:B1:D3:D9:AE:42:4E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gUKKAcUWkeeoxdhD7Lax09muQk4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/39CF76BE3FFE11EB9AE7EE80C4F9AE02.roa
Signing time: Mon 31 Jul 2023 19:57:30 +0000
ROA not before: Mon 31 Jul 2023 19:57:30 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 7496
IP address blocks: 101.2.192.0/20 maxlen: 20
101.2.208.0/20 maxlen: 20
101.2.210.0/24 maxlen: 24
113.20.0.0/20 maxlen: 24
202.93.4.0/23 maxlen: 24
203.2.122.0/24 maxlen: 24
203.8.188.0/23 maxlen: 23
203.19.190.0/23 maxlen: 23
203.31.198.0/23 maxlen: 24
203.210.96.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2767 (0xacf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9152F52/serialNumber=81428A01C51691E7A8C5D843ECB6B1D3D9AE424E
Validity
Not Before: Jul 31 19:57:30 2023 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=64c8122a-9624
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:ee:d6:10:43:0d:10:4b:dd:fd:24:1a:d6:3f:
5d:f5:eb:67:05:51:ed:27:13:f2:22:2e:24:4e:14:
92:68:bf:74:7c:59:4f:8f:aa:5c:d3:d4:37:2d:da:
0b:5f:0b:a9:fb:76:d5:4d:20:a6:0a:21:d3:ba:32:
02:3f:98:47:71:39:e6:90:07:1c:c5:5f:06:67:89:
f6:20:74:ea:9e:4a:c0:2d:4a:1f:28:17:67:eb:70:
09:c9:60:a9:30:1a:b2:cc:aa:dd:37:2a:92:ca:74:
8a:98:d9:b7:6f:48:ff:2b:5f:09:93:1b:d9:a9:00:
32:83:e1:46:53:53:95:49:ae:00:09:68:28:74:0f:
23:2a:56:b1:b4:9c:14:a5:05:e5:a1:71:a5:0f:ef:
0d:3b:88:4a:d4:c8:5d:39:8e:41:f3:e1:d5:96:9e:
48:05:d2:9e:d5:b9:bc:d8:e5:b3:1a:5e:bd:22:51:
97:d3:5b:2e:c6:b2:b7:91:11:53:b3:92:0f:41:d8:
95:20:98:24:19:aa:1e:3a:12:36:e8:69:06:39:25:
80:10:e3:1b:e5:0e:7f:43:43:59:38:9e:31:bb:e0:
91:8c:f1:51:0b:5d:98:54:98:96:c7:72:ce:63:48:
02:3e:21:af:bc:2e:c7:5b:c9:1e:1f:54:c9:38:1c:
4c:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:EF:F2:02:74:C8:AC:B8:0D:6F:6B:03:01:E3:7A:A4:10:9E:EA:4F
X509v3 Authority Key Identifier:
keyid:81:42:8A:01:C5:16:91:E7:A8:C5:D8:43:EC:B6:B1:D3:D9:AE:42:4E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/gUKKAcUWkeeoxdhD7Lax09muQk4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gUKKAcUWkeeoxdhD7Lax09muQk4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/39CF76BE3FFE11EB9AE7EE80C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
101.2.192.0/19
113.20.0.0/20
202.93.4.0/23
203.2.122.0/24
203.8.188.0/23
203.19.190.0/23
203.31.198.0/23
203.210.96.0/19
Signature Algorithm: sha256WithRSAEncryption
93:69:71:eb:83:86:47:f6:98:2c:d2:85:51:c3:76:80:50:59:
98:37:d9:e8:87:c4:3b:b2:a4:68:3b:56:f4:4f:d5:d1:00:a3:
6c:d9:d9:2d:22:56:b1:c9:74:2d:65:61:e9:1a:30:5e:44:8f:
a9:d0:30:e6:ee:3a:42:55:5e:ef:43:73:35:c6:f4:3b:95:3c:
d9:a2:8c:65:3e:c0:b2:97:4c:4f:3f:a2:38:f3:ce:84:71:9a:
76:31:11:09:fe:85:e5:dd:47:ca:11:e9:7c:37:a3:5d:06:8c:
f1:7f:9f:bc:c6:c1:91:f0:05:65:71:2a:b7:d9:21:5c:ce:ae:
f1:40:07:31:73:fe:a2:f5:1d:e6:5c:e9:10:37:46:58:a8:f2:
eb:77:75:28:e6:7d:b6:00:8b:d4:16:64:dc:cb:0f:f7:fb:4c:
47:b1:f2:b1:7a:22:d0:11:da:e5:73:66:be:1b:12:dd:78:ff:
e4:b6:ed:a5:a0:a8:6f:ba:0b:43:0e:47:cf:76:1d:8b:6b:10:
69:44:3a:f2:43:b4:9d:c6:31:01:88:42:9d:0f:3e:4c:be:69:
6f:04:d0:6a:19:6b:a7:1e:cd:89:43:27:42:a8:7e:6e:cc:a2:
87:5f:39:2c:47:a4:cb:10:be:99:50:dc:64:39:2a:97:68:b7:
f9:be:61:f6
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgICCs8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTJGNTIxMTAvBgNVBAUTKDgxNDI4QTAxQzUxNjkxRTdBOEM1RDg0M0VDQjZCMUQz
RDlBRTQyNEUwHhcNMjMwNzMxMTk1NzMwWhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGM4MTIyYS05NjI0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAz+7WEEMNEEvd/SQa1j9d9etnBVHtJxPyIi4kThSSaL90fFlPj6pc09Q3LdoL
Xwup+3bVTSCmCiHTujICP5hHcTnmkAccxV8GZ4n2IHTqnkrALUofKBdn63AJyWCp
MBqyzKrdNyqSynSKmNm3b0j/K18JkxvZqQAyg+FGU1OVSa4ACWgodA8jKlaxtJwU
pQXloXGlD+8NO4hK1MhdOY5B8+HVlp5IBdKe1bm82OWzGl69IlGX01suxrK3kRFT
s5IPQdiVIJgkGaoeOhI26GkGOSWAEOMb5Q5/Q0NZOJ4xu+CRjPFRC12YVJiWx3LO
Y0gCPiGvvC7HW8keH1TJOBxMDwIDAQABo4ICvzCCArswHQYDVR0OBBYEFBTv8gJ0
yKy4DW9rAwHjeqQQnupPMB8GA1UdIwQYMBaAFIFCigHFFpHnqMXYQ+y2sdPZrkJO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MkY1Mi84OEVCQ0ZEQzFE
NDkxMUVBQUU3NzVCMzRDNEY5QUUwMi9nVUtLQWNVV2tlZW94ZGhEN0xheDA5bXVR
azQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2dVS0tBY1VXa2Vlb3hkaEQ3TGF4MDltdVFrNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTJGNTIvODhFQkNGREMxRDQ5MTFFQUFFNzc1QjM0QzRGOUFFMDIvMzlDRjc2QkUz
RkZFMTFFQjlBRTdFRTgwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSQYIKwYBBQUHAQcBAf8E
OjA4MDYEAgABMDADBAVlAsADBARxFAADBAHKXQQDBADLAnoDBAHLCLwDBAHLE74D
BAHLH8YDBAXL0mAwDQYJKoZIhvcNAQELBQADggEBAJNpceuDhkf2mCzShVHDdoBQ
WZg32eiHxDuypGg7VvRP1dEAo2zZ2S0iVrHJdC1lYekaMF5Ej6nQMObuOkJVXu9D
czXG9DuVPNmijGU+wLKXTE8/ojjzzoRxmnYxEQn+heXdR8oR6Xw3o10GjPF/n7zG
wZHwBWVxKrfZIVzOrvFABzFz/qL1HeZc6RA3Rlio8ut3dSjmfbYAi9QWZNzLD/f7
TEex8rF6ItAR2uVzZr4bEt14/+S27aWgqG+6C0MOR892HYtrEGlEOvJDtJ3GMQGI
Qp0PPky+aW8E0GoZa6cezYlDJ0Kofm7MoodfOSxHpMsQvplQ3GQ5Kpdot/m+YfY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:05 2024 by rpki-client on console-ams.rpki-client.org