Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/4680D8AE874911EE8D0BEC2EC4F9AE02.roa
File: 4680D8AE874911EE8D0BEC2EC4F9AE02.roa (raw, json)
Hash identifier: agbsDmz/HtH5fIQP0FtwUUJdXzPhkRrJC332XvzIMZU=
Subject key identifier: CF:5A:0A:37:4B:32:33:40:2E:AC:48:3E:AB:E8:F4:55:0D:61:9E:28
Certificate issuer: /CN=A9152F52/serialNumber=81428A01C51691E7A8C5D843ECB6B1D3D9AE424E
Certificate serial: 0B0F
Authority key identifier: 81:42:8A:01:C5:16:91:E7:A8:C5:D8:43:EC:B6:B1:D3:D9:AE:42:4E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gUKKAcUWkeeoxdhD7Lax09muQk4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/4680D8AE874911EE8D0BEC2EC4F9AE02.roa
Signing time: Mon 20 Nov 2023 02:05:28 +0000
ROA not before: Mon 20 Nov 2023 02:05:28 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 7496
IP address blocks: 101.2.208.0/20 maxlen: 20
101.2.210.0/24 maxlen: 24
113.20.0.0/20 maxlen: 24
202.93.4.0/23 maxlen: 24
203.2.122.0/24 maxlen: 24
203.8.188.0/23 maxlen: 23
203.19.190.0/23 maxlen: 23
203.31.198.0/23 maxlen: 24
203.210.96.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2831 (0xb0f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9152F52/serialNumber=81428A01C51691E7A8C5D843ECB6B1D3D9AE424E
Validity
Not Before: Nov 20 02:05:28 2023 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=655abee8-0ea1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:5f:bf:a4:a9:89:13:3a:23:1a:14:d1:f3:13:
a2:ea:44:e2:13:15:6b:0c:bc:1a:61:10:e9:f6:20:
dc:71:b3:fa:e7:21:55:da:9f:70:a8:05:d9:41:c5:
79:ee:50:7e:96:1d:6b:4e:c5:88:1d:d2:05:d7:7c:
d9:ae:99:f5:5b:47:de:5d:ea:b9:3d:90:91:68:77:
74:bb:d4:9f:d9:aa:44:f6:65:94:14:53:7c:d6:34:
8b:70:1e:41:4b:01:b2:c2:36:a7:bf:77:63:83:0f:
0e:a2:06:6a:13:93:8f:0a:fc:ff:26:60:a8:cc:b6:
2e:e6:c4:0b:66:fc:5f:03:17:14:61:04:01:2b:f1:
9a:92:fc:4c:3f:c9:ef:d3:f0:65:36:88:f4:ed:30:
a1:7d:2e:70:3d:61:e4:e3:30:6a:9c:4b:75:3f:9f:
2f:a4:c5:01:6d:5c:97:9d:9e:b4:de:5d:12:d8:80:
6b:88:4e:76:7c:48:96:75:af:92:d9:05:e4:3e:7f:
63:86:6c:bc:b2:23:04:b6:cb:0b:aa:96:96:a3:87:
e0:af:a7:29:8a:2e:6a:e7:d5:47:0a:3c:ac:e1:f1:
8c:e0:25:f0:85:e9:17:79:6c:62:c6:6c:9c:0b:0a:
66:13:4c:7e:62:b8:b4:6f:b5:15:7d:a8:6f:1d:f7:
f4:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:5A:0A:37:4B:32:33:40:2E:AC:48:3E:AB:E8:F4:55:0D:61:9E:28
X509v3 Authority Key Identifier:
keyid:81:42:8A:01:C5:16:91:E7:A8:C5:D8:43:EC:B6:B1:D3:D9:AE:42:4E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/gUKKAcUWkeeoxdhD7Lax09muQk4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gUKKAcUWkeeoxdhD7Lax09muQk4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/4680D8AE874911EE8D0BEC2EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
101.2.208.0/20
113.20.0.0/20
202.93.4.0/23
203.2.122.0/24
203.8.188.0/23
203.19.190.0/23
203.31.198.0/23
203.210.96.0/19
Signature Algorithm: sha256WithRSAEncryption
c1:84:f4:5b:48:7a:3f:ca:cd:47:1e:95:04:30:f8:95:52:c8:
06:8f:7d:cf:0c:fb:75:1e:97:db:ad:a4:0f:9f:a6:0c:0c:ba:
49:3e:4f:e9:fa:0b:4d:00:f2:83:c0:42:f7:60:5b:ee:99:71:
10:b5:d5:d6:50:c0:78:3d:bb:d4:93:7a:9f:c1:c7:e4:1a:f0:
44:f6:1e:a3:4a:40:fa:7c:d2:0c:4e:cb:e8:72:bf:44:5a:c7:
84:70:a5:2c:22:82:b0:50:e5:c4:29:97:2c:10:ef:68:54:9a:
09:50:de:0e:f7:09:7e:3d:65:6f:d0:d2:68:b8:b7:5a:10:f1:
55:5e:a9:84:8e:8c:f8:c0:20:5f:1e:e2:34:63:92:f1:39:52:
06:85:52:6a:d3:58:a2:15:98:1a:cd:68:52:01:a1:1c:e4:42:
42:1d:76:e2:03:fe:18:51:cc:a9:ad:fb:e9:a2:66:6e:fb:d7:
45:37:23:62:51:f4:fc:5c:e7:6c:82:97:25:ff:48:67:d6:66:
7a:a9:64:a6:95:1e:a0:31:13:7c:99:d9:12:12:34:1a:8b:f2:
4d:04:4a:c5:d1:4c:7a:03:59:d1:41:b8:9a:12:f3:4b:a5:44:
0d:f2:34:c1:ba:88:28:2d:f9:1d:5d:5e:ca:54:c3:27:df:bd:
96:4d:05:ce
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgICCw8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTJGNTIxMTAvBgNVBAUTKDgxNDI4QTAxQzUxNjkxRTdBOEM1RDg0M0VDQjZCMUQz
RDlBRTQyNEUwHhcNMjMxMTIwMDIwNTI4WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTVhYmVlOC0wZWExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzF+/pKmJEzojGhTR8xOi6kTiExVrDLwaYRDp9iDccbP65yFV2p9wqAXZQcV5
7lB+lh1rTsWIHdIF13zZrpn1W0feXeq5PZCRaHd0u9Sf2apE9mWUFFN81jSLcB5B
SwGywjanv3djgw8OogZqE5OPCvz/JmCozLYu5sQLZvxfAxcUYQQBK/GakvxMP8nv
0/BlNoj07TChfS5wPWHk4zBqnEt1P58vpMUBbVyXnZ603l0S2IBriE52fEiWda+S
2QXkPn9jhmy8siMEtssLqpaWo4fgr6cpii5q59VHCjys4fGM4CXwhekXeWxixmyc
CwpmE0x+Yri0b7UVfahvHff0LwIDAQABo4ICvzCCArswHQYDVR0OBBYEFM9aCjdL
MjNALqxIPqvo9FUNYZ4oMB8GA1UdIwQYMBaAFIFCigHFFpHnqMXYQ+y2sdPZrkJO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MkY1Mi84OEVCQ0ZEQzFE
NDkxMUVBQUU3NzVCMzRDNEY5QUUwMi9nVUtLQWNVV2tlZW94ZGhEN0xheDA5bXVR
azQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2dVS0tBY1VXa2Vlb3hkaEQ3TGF4MDltdVFrNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTJGNTIvODhFQkNGREMxRDQ5MTFFQUFFNzc1QjM0QzRGOUFFMDIvNDY4MEQ4QUU4
NzQ5MTFFRThEMEJFQzJFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSQYIKwYBBQUHAQcBAf8E
OjA4MDYEAgABMDADBARlAtADBARxFAADBAHKXQQDBADLAnoDBAHLCLwDBAHLE74D
BAHLH8YDBAXL0mAwDQYJKoZIhvcNAQELBQADggEBAMGE9FtIej/KzUcelQQw+JVS
yAaPfc8M+3Uel9utpA+fpgwMukk+T+n6C00A8oPAQvdgW+6ZcRC11dZQwHg9u9ST
ep/Bx+Qa8ET2HqNKQPp80gxOy+hyv0Rax4RwpSwigrBQ5cQplywQ72hUmglQ3g73
CX49ZW/Q0mi4t1oQ8VVeqYSOjPjAIF8e4jRjkvE5UgaFUmrTWKIVmBrNaFIBoRzk
QkIdduID/hhRzKmt++miZm7710U3I2JR9Pxc52yClyX/SGfWZnqpZKaVHqAxE3yZ
2RISNBqL8k0ESsXRTHoDWdFBuJoS80ulRA3yNMG6iCgt+R1dXspUwyffvZZNBc4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:06 2024 by rpki-client on console-fra.rpki-client.org