Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/45AF1FF8874911EE8D0BEC2EC4F9AE02.roa
File: 45AF1FF8874911EE8D0BEC2EC4F9AE02.roa (raw, json)
Hash identifier: kA+xEQikbOJDgxi6Y4bg2kj6I/OurDNcXHWslLnAccU=
Subject key identifier: 3A:A8:31:F8:1E:B7:5C:47:2B:2C:3C:E5:12:98:07:EB:CD:76:25:FC
Certificate issuer: /CN=A9152F52/serialNumber=81428A01C51691E7A8C5D843ECB6B1D3D9AE424E
Certificate serial: 0B0E
Authority key identifier: 81:42:8A:01:C5:16:91:E7:A8:C5:D8:43:EC:B6:B1:D3:D9:AE:42:4E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gUKKAcUWkeeoxdhD7Lax09muQk4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/45AF1FF8874911EE8D0BEC2EC4F9AE02.roa
Signing time: Mon 20 Nov 2023 02:05:27 +0000
ROA not before: Mon 20 Nov 2023 02:05:27 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 24557
IP address blocks: 103.7.136.0/24 maxlen: 24
103.7.137.0/24 maxlen: 24
103.11.76.0/24 maxlen: 24
103.11.78.0/24 maxlen: 24
113.20.0.0/24 maxlen: 24
113.20.1.0/24 maxlen: 24
113.20.2.0/24 maxlen: 24
113.20.3.0/24 maxlen: 24
113.20.4.0/22 maxlen: 22
113.20.8.0/21 maxlen: 21
117.55.224.0/21 maxlen: 21
117.55.232.0/21 maxlen: 21
175.107.144.0/20 maxlen: 20
175.107.172.0/24 maxlen: 24
175.107.174.0/24 maxlen: 24
175.107.175.0/24 maxlen: 24
175.107.177.0/24 maxlen: 24
175.107.178.0/24 maxlen: 24
175.107.185.0/24 maxlen: 24
175.107.188.0/23 maxlen: 23
175.107.190.0/24 maxlen: 24
2405:5000::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2830 (0xb0e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9152F52/serialNumber=81428A01C51691E7A8C5D843ECB6B1D3D9AE424E
Validity
Not Before: Nov 20 02:05:27 2023 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=655abee6-ee29
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:83:f5:d4:d1:f9:2c:48:1b:15:94:5e:88:bf:
d2:45:9f:96:52:03:b6:25:47:06:85:f8:ed:5f:79:
b7:a6:07:30:85:06:81:40:2c:15:15:be:c9:6f:d5:
a6:49:b1:c3:4d:29:cc:f3:84:b8:37:14:c3:bd:b1:
08:d8:cf:06:b1:2b:21:e8:c8:0e:bf:65:0b:82:01:
82:5c:71:4e:fb:a7:ad:6f:4f:4a:6f:a1:df:15:44:
9d:d1:25:da:b7:30:89:71:a1:83:ed:62:5d:c8:54:
62:02:65:74:99:6d:c6:d9:af:96:4f:cb:c3:73:e4:
af:2c:fd:a9:2e:b1:e4:8c:c1:6d:d3:fc:fd:56:c1:
e9:4b:52:fb:d8:96:84:71:ca:f3:32:53:99:0c:dc:
05:bb:01:e2:ec:26:c2:5d:62:13:5e:a0:0f:f8:91:
70:61:2f:08:4f:c9:55:57:b8:8e:de:b7:bc:fe:93:
c3:81:e2:9d:6e:c2:e1:4f:6f:4d:2f:ef:1c:97:c7:
f0:fd:3d:71:c6:93:10:f6:cb:99:84:e5:2e:f2:85:
35:0c:c7:56:ff:1a:94:b1:8a:aa:08:51:c5:e1:e9:
dd:d6:90:ee:3b:e1:78:42:8e:96:17:75:41:07:ff:
f8:67:10:5b:83:77:61:6e:fe:22:26:df:cb:b8:06:
08:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:A8:31:F8:1E:B7:5C:47:2B:2C:3C:E5:12:98:07:EB:CD:76:25:FC
X509v3 Authority Key Identifier:
keyid:81:42:8A:01:C5:16:91:E7:A8:C5:D8:43:EC:B6:B1:D3:D9:AE:42:4E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/gUKKAcUWkeeoxdhD7Lax09muQk4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gUKKAcUWkeeoxdhD7Lax09muQk4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/45AF1FF8874911EE8D0BEC2EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.7.136.0/23
103.11.76.0/24
103.11.78.0/24
113.20.0.0/20
117.55.224.0/20
175.107.144.0/20
175.107.172.0/24
175.107.174.0/23
175.107.177.0-175.107.178.255
175.107.185.0/24
175.107.188.0-175.107.190.255
IPv6:
2405:5000::/32
Signature Algorithm: sha256WithRSAEncryption
e1:2a:a2:de:f4:ed:4d:84:60:b7:d9:9a:22:c1:8a:51:6c:68:
5c:c4:4d:d1:5a:6a:c7:9e:f6:76:f3:ff:fa:6d:5b:a7:9b:08:
b5:ca:99:53:a4:db:43:56:15:b6:b8:6a:c8:24:79:58:33:c7:
7d:37:3f:6c:fc:c9:1a:68:1f:ca:08:e3:48:32:24:3d:1a:5b:
63:63:75:0b:08:6c:5d:50:d0:4a:18:79:fd:f5:f6:7c:4a:64:
ab:9b:4c:45:6e:d6:57:c2:e9:55:9a:83:9d:94:d1:7f:d0:00:
db:87:50:92:6a:df:52:d3:a2:44:f0:d0:ea:c1:2b:c2:15:1d:
37:72:62:42:23:fd:1f:0f:fa:29:35:66:64:a6:06:16:10:cc:
54:27:9f:6a:4c:db:28:b5:b7:99:50:cd:f5:86:b4:2f:8d:3d:
8e:97:e9:dd:40:e1:ea:a6:ef:da:0c:81:fa:32:d1:72:c6:37:
3a:24:f9:1e:8b:84:b8:8c:0d:73:ab:0f:bf:04:27:98:5c:69:
91:a5:b6:ef:3a:94:bd:3d:ca:fe:ef:79:fb:5f:98:83:3e:be:
c3:9b:bf:2e:34:95:2f:70:ca:35:c2:62:08:76:10:6e:f9:8c:
e5:6e:f5:51:90:1d:8b:82:da:7c:81:b8:d3:3b:c2:12:ed:a2:
79:19:d4:09
-----BEGIN CERTIFICATE-----
MIIFzDCCBLSgAwIBAgICCw4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTJGNTIxMTAvBgNVBAUTKDgxNDI4QTAxQzUxNjkxRTdBOEM1RDg0M0VDQjZCMUQz
RDlBRTQyNEUwHhcNMjMxMTIwMDIwNTI3WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTVhYmVlNi1lZTI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2IP11NH5LEgbFZReiL/SRZ+WUgO2JUcGhfjtX3m3pgcwhQaBQCwVFb7Jb9Wm
SbHDTSnM84S4NxTDvbEI2M8GsSsh6MgOv2ULggGCXHFO+6etb09Kb6HfFUSd0SXa
tzCJcaGD7WJdyFRiAmV0mW3G2a+WT8vDc+SvLP2pLrHkjMFt0/z9VsHpS1L72JaE
ccrzMlOZDNwFuwHi7CbCXWITXqAP+JFwYS8IT8lVV7iO3re8/pPDgeKdbsLhT29N
L+8cl8fw/T1xxpMQ9suZhOUu8oU1DMdW/xqUsYqqCFHF4end1pDuO+F4Qo6WF3VB
B//4ZxBbg3dhbv4iJt/LuAYI0wIDAQABo4IC8DCCAuwwHQYDVR0OBBYEFDqoMfge
t1xHKyw85RKYB+vNdiX8MB8GA1UdIwQYMBaAFIFCigHFFpHnqMXYQ+y2sdPZrkJO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MkY1Mi84OEVCQ0ZEQzFE
NDkxMUVBQUU3NzVCMzRDNEY5QUUwMi9nVUtLQWNVV2tlZW94ZGhEN0xheDA5bXVR
azQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2dVS0tBY1VXa2Vlb3hkaEQ3TGF4MDltdVFrNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTJGNTIvODhFQkNGREMxRDQ5MTFFQUFFNzc1QjM0QzRGOUFFMDIvNDVBRjFGRjg4
NzQ5MTFFRThEMEJFQzJFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwegYIKwYBBQUHAQcBAf8E
azBpMFgEAgABMFIDBAFnB4gDBABnC0wDBABnC04DBARxFAADBAR1N+ADBASva5AD
BACva6wDBAGva64wDAMEAK9rsQMEAK9rsgMEAK9ruTAMAwQCr2u8AwQAr2u+MA0E
AgACMAcDBQAkBVAAMA0GCSqGSIb3DQEBCwUAA4IBAQDhKqLe9O1NhGC32ZoiwYpR
bGhcxE3RWmrHnvZ28//6bVunmwi1yplTpNtDVhW2uGrIJHlYM8d9Nz9s/MkaaB/K
CONIMiQ9GltjY3ULCGxdUNBKGHn99fZ8SmSrm0xFbtZXwulVmoOdlNF/0ADbh1CS
at9S06JE8NDqwSvCFR03cmJCI/0fD/opNWZkpgYWEMxUJ59qTNsotbeZUM31hrQv
jT2Ol+ndQOHqpu/aDIH6MtFyxjc6JPkei4S4jA1zqw+/BCeYXGmRpbbvOpS9Pcr+
73n7X5iDPr7Dm78uNJUvcMo1wmIIdhBu+YzlbvVRkB2Lgtp8gbjTO8IS7aJ5GdQJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:06 2024 by rpki-client on console-fra.rpki-client.org