Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/4C05F24AB17C11EC92E57138C4F9AE02.roa
File: 4C05F24AB17C11EC92E57138C4F9AE02.roa (raw, json)
Hash identifier: aMEqKdnuwqS+GUtXyfr9wcRGqrFXnMt0KZ4IdzOG2Z8=
Subject key identifier: 15:88:15:C6:F7:BC:7A:D7:ED:CD:54:3E:FD:59:A2:DD:F7:0A:F8:2D
Certificate issuer: /CN=A91536B7/serialNumber=981FA227A2A435C2B76E06C9C452D3EC751984D3
Certificate serial: 0384
Authority key identifier: 98:1F:A2:27:A2:A4:35:C2:B7:6E:06:C9:C4:52:D3:EC:75:19:84:D3
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/4C05F24AB17C11EC92E57138C4F9AE02.roa
Signing time: Fri 01 Apr 2022 17:23:47 +0000
ROA not before: Fri 01 Apr 2022 17:23:47 +0000
ROA not after: Mon 01 Aug 2022 00:00:00 +0000
asID: 211876
IP address blocks: 2407:c280:b100::/40 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 900 (0x384)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91536B7/serialNumber=981FA227A2A435C2B76E06C9C452D3EC751984D3
Validity
Not Before: Apr 1 17:23:47 2022 GMT
Not After : Aug 1 00:00:00 2022 GMT
Subject: CN=62473522-5ca2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:2b:f3:4b:8a:85:39:88:e8:38:52:4b:18:9c:
14:a3:4d:45:4a:c3:34:7b:67:c7:13:6f:f3:b3:f6:
a6:99:3f:9b:de:8c:97:7e:4e:f1:1b:d9:5f:83:6a:
74:a1:5f:8a:73:1c:00:8c:3d:99:d4:1f:0c:93:54:
97:86:f1:49:83:41:cf:2a:23:9e:21:76:56:06:09:
d2:e5:bc:30:b8:32:51:a6:4c:89:d6:00:91:7d:5c:
14:8a:db:fc:62:05:35:90:b3:3e:2e:39:ab:49:16:
30:9d:24:4e:22:7b:de:95:8e:f6:84:76:38:97:4c:
f7:11:0d:d0:b8:42:09:2f:72:0c:9b:a9:92:95:08:
5f:b4:15:78:c2:e5:cd:f9:48:42:70:39:45:c4:a1:
12:d8:7a:78:13:49:b4:c2:e3:a4:ea:ed:89:d8:5d:
fe:1d:23:e5:3b:60:14:1d:cb:b3:c9:c2:77:a9:52:
a8:fc:ca:48:7c:94:97:05:87:16:60:78:28:8c:76:
e9:3d:7e:b9:a2:f1:bd:3a:cf:10:34:52:48:97:6b:
cf:1e:9d:d5:49:f6:4c:ac:0d:aa:1f:fd:85:31:f8:
9c:12:2f:07:3c:65:4d:73:92:ef:48:31:4b:91:7d:
3d:e0:8e:20:2f:64:e4:fe:87:82:04:7e:d7:13:db:
6d:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:88:15:C6:F7:BC:7A:D7:ED:CD:54:3E:FD:59:A2:DD:F7:0A:F8:2D
X509v3 Authority Key Identifier:
keyid:98:1F:A2:27:A2:A4:35:C2:B7:6E:06:C9:C4:52:D3:EC:75:19:84:D3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/4C05F24AB17C11EC92E57138C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:c280:b100::/40
Signature Algorithm: sha256WithRSAEncryption
52:31:24:97:05:30:63:06:11:33:b2:2e:b6:e7:e8:61:ad:02:
aa:6f:c1:e4:17:a7:7e:24:b1:09:17:6d:d3:66:c7:59:cd:a2:
9a:e4:a5:16:0a:c5:be:c8:f6:f1:d0:4a:a6:03:e0:7d:54:94:
aa:d9:92:05:df:af:5f:ec:03:1b:a9:19:ea:3a:2c:86:9e:9a:
55:08:44:07:6a:d5:cb:29:9b:16:fd:f0:53:c2:f0:bd:5b:36:
55:4d:b4:47:bb:72:77:32:07:07:75:86:b9:44:21:e4:86:ea:
ed:50:b2:f9:19:ba:61:98:dd:77:ad:11:61:83:71:b6:93:7d:
81:f2:be:02:b4:38:44:ba:1f:b9:bf:b4:77:5e:b9:3f:64:be:
76:ab:3a:4f:69:f5:57:9b:01:ab:a1:84:7f:c1:39:bd:c2:c1:
68:a1:fb:9d:38:92:29:1a:da:9f:b3:50:70:4a:e4:9c:70:6c:
c9:6a:f7:ce:3a:3a:d7:a2:f5:9a:18:13:38:08:f5:b1:77:61:
c7:8e:46:cd:b1:95:7e:57:9f:36:e5:39:6d:54:21:cf:d3:13:
e1:c0:32:8a:e6:b4:9a:61:e3:0a:79:86:88:01:f2:ef:9e:57:
b4:fb:a3:ba:fb:0c:d0:3b:90:fa:1b:41:87:52:0c:0f:2e:09:
17:f3:07:07
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgICA4QwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTM2QjcxMTAvBgNVBAUTKDk4MUZBMjI3QTJBNDM1QzJCNzZFMDZDOUM0NTJEM0VD
NzUxOTg0RDMwHhcNMjIwNDAxMTcyMzQ3WhcNMjIwODAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjQ3MzUyMi01Y2EyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyCvzS4qFOYjoOFJLGJwUo01FSsM0e2fHE2/zs/ammT+b3oyXfk7xG9lfg2p0
oV+KcxwAjD2Z1B8Mk1SXhvFJg0HPKiOeIXZWBgnS5bwwuDJRpkyJ1gCRfVwUitv8
YgU1kLM+LjmrSRYwnSROInvelY72hHY4l0z3EQ3QuEIJL3IMm6mSlQhftBV4wuXN
+UhCcDlFxKES2Hp4E0m0wuOk6u2J2F3+HSPlO2AUHcuzycJ3qVKo/MpIfJSXBYcW
YHgojHbpPX65ovG9Os8QNFJIl2vPHp3VSfZMrA2qH/2FMficEi8HPGVNc5LvSDFL
kX094I4gL2Tk/oeCBH7XE9ttVwIDAQABo4IClzCCApMwHQYDVR0OBBYEFBWIFcb3
vHrX7c1UPv1Zot33CvgtMB8GA1UdIwQYMBaAFJgfoieipDXCt24GycRS0+x1GYTT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MzZCNy9GMUNEMjdCNDcz
QUQxMUU3QUNCRDAyNUVDNEY5QUUwMi9tQi1pSjZLa05jSzNiZ2JKeEZMVDdIVVpo
Tk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21CLWlKNktrTmNLM2JnYkp4RkxUN0hVWmhOTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTM2QjcvRjFDRDI3QjQ3M0FEMTFFN0FDQkQwMjVFQzRGOUFFMDIvNEMwNUYyNEFC
MTdDMTFFQzkyRTU3MTM4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAkB8KAsTANBgkqhkiG9w0BAQsFAAOCAQEAUjEklwUwYwYR
M7IutufoYa0Cqm/B5BenfiSxCRdt02bHWc2imuSlFgrFvsj28dBKpgPgfVSUqtmS
Bd+vX+wDG6kZ6joshp6aVQhEB2rVyymbFv3wU8LwvVs2VU20R7tydzIHB3WGuUQh
5Ibq7VCy+Rm6YZjdd60RYYNxtpN9gfK+ArQ4RLofub+0d165P2S+dqs6T2n1V5sB
q6GEf8E5vcLBaKH7nTiSKRran7NQcErknHBsyWr3zjo616L1mhgTOAj1sXdhx45G
zbGVflefNuU5bVQhz9MT4cAyiua0mmHjCnmGiAHy755XtPujuvsM0DuQ+htBh1IM
Dy4JF/MHBw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:42 2023 by rpki-client on console-fra.rpki-client.org