Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91597D0/CD4572203DB311EA8BF93A0EC4F9AE02/839C46B8780D11EBB5B88E7EC4F9AE02.roa
File: 839C46B8780D11EBB5B88E7EC4F9AE02.roa (raw, json)
Hash identifier: Nv6nLTTv4uVyxQjR55RR5pZMYmicjG2BkWlIuTd3hss=
Subject key identifier: D6:19:7B:F9:0A:D2:09:75:FF:AF:61:6C:FA:FB:30:1F:71:E3:27:70
Certificate issuer: /CN=A91597D0/serialNumber=314246901FA7D6505D97AA1C0140BBCA0E8C294F
Certificate serial: 077F
Authority key identifier: 31:42:46:90:1F:A7:D6:50:5D:97:AA:1C:01:40:BB:CA:0E:8C:29:4F
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MUJGkB-n1lBdl6ocAUC7yg6MKU8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91597D0/CD4572203DB311EA8BF93A0EC4F9AE02/839C46B8780D11EBB5B88E7EC4F9AE02.roa
Signing time: Sun 27 Feb 2022 21:27:15 +0000
ROA not before: Sun 27 Feb 2022 21:27:15 +0000
ROA not after: Tue 31 Jan 2023 00:00:00 +0000
asID: 134824
IP address blocks: 103.202.52.0/22 maxlen: 24
202.88.40.0/22 maxlen: 24
2404:c180::/32 maxlen: 32
2404:c180:2000::/36 maxlen: 36
2404:c180:3000::/36 maxlen: 36
2404:c180:4000::/34 maxlen: 36
2404:c180:8000::/33 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1919 (0x77f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91597D0/serialNumber=314246901FA7D6505D97AA1C0140BBCA0E8C294F
Validity
Not Before: Feb 27 21:27:15 2022 GMT
Not After : Jan 31 00:00:00 2023 GMT
Subject: CN=621becb3-ce92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:a3:9f:52:51:20:64:97:99:5f:0a:05:25:76:
5c:49:a4:85:66:7c:d2:bf:34:05:dd:2a:7e:2f:3f:
80:2d:a1:a1:7f:76:cb:12:96:79:10:d2:15:67:b4:
a1:cb:4c:ba:a3:61:d6:97:65:9f:26:21:c0:1f:59:
59:77:fd:0c:02:ac:99:4a:a1:a8:cf:70:2f:72:53:
85:b6:aa:f7:db:65:f8:b2:32:9d:21:ee:01:92:24:
63:f6:7c:cd:9e:9e:a1:a4:b8:11:70:1e:f1:b7:6a:
91:e9:32:2b:5e:48:d7:85:83:2f:cc:51:c8:1e:c6:
e1:76:ce:f0:e2:47:a9:b3:e9:1d:b1:b7:db:6b:29:
37:eb:57:79:e7:c4:f1:7b:b9:79:47:dc:bd:cf:e8:
5b:e2:e0:1d:83:44:c6:03:77:3d:13:82:75:d2:ef:
97:28:d4:64:23:2e:84:1f:bd:01:db:7c:42:22:ec:
21:42:47:cd:41:8c:6b:49:f5:14:a5:09:8b:71:46:
95:0b:c6:f9:bf:6d:ab:9f:ec:bd:fd:d5:98:d1:e3:
92:e3:16:b5:3d:61:af:ec:8e:4d:ae:8b:f4:95:fc:
80:0e:73:8a:d2:c1:81:f9:99:5c:00:d5:ce:18:68:
5a:2d:24:50:9b:81:e2:1c:c4:47:a9:ed:67:bc:48:
53:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:19:7B:F9:0A:D2:09:75:FF:AF:61:6C:FA:FB:30:1F:71:E3:27:70
X509v3 Authority Key Identifier:
keyid:31:42:46:90:1F:A7:D6:50:5D:97:AA:1C:01:40:BB:CA:0E:8C:29:4F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91597D0/CD4572203DB311EA8BF93A0EC4F9AE02/MUJGkB-n1lBdl6ocAUC7yg6MKU8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MUJGkB-n1lBdl6ocAUC7yg6MKU8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91597D0/CD4572203DB311EA8BF93A0EC4F9AE02/839C46B8780D11EBB5B88E7EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.202.52.0/22
202.88.40.0/22
IPv6:
2404:c180::/32
Signature Algorithm: sha256WithRSAEncryption
68:e9:9e:d3:50:86:16:0e:4e:fd:5a:46:c5:3f:c4:81:ba:a7:
6d:fc:f3:53:cd:07:d4:44:5a:25:fe:1c:75:6f:93:ed:d9:26:
47:ab:ef:94:45:5a:dd:65:45:59:60:69:9f:da:08:a4:d0:5b:
2c:66:3a:4f:6d:3e:2d:ca:b1:14:a0:c3:b6:c3:71:b1:e1:b1:
fd:18:80:30:fc:8d:46:e7:25:6c:2c:0a:04:eb:8c:41:a3:57:
ae:c3:2b:1a:b3:6c:85:05:4f:ab:6a:c8:72:fe:d6:0e:ae:8a:
f7:cc:84:2d:fa:51:82:0c:31:10:a7:40:51:c3:78:90:fa:d6:
c2:27:8f:84:26:5e:25:87:c9:f3:72:97:83:82:14:50:1e:b4:
65:5d:ac:f8:d0:cf:02:97:9e:8d:3a:1d:a1:e9:cc:18:45:e8:
aa:a2:5b:28:50:83:fa:de:c1:e6:cf:a5:cd:bd:f5:0a:67:3d:
54:e5:01:46:2a:ad:93:83:99:2f:88:6b:5e:86:84:89:a0:a0:
5e:73:d2:d3:f0:f5:85:3a:2a:be:a8:a8:1a:fe:74:d7:fb:9e:
32:c2:31:a7:5a:98:bf:5a:47:97:68:8f:12:55:92:09:f3:18:
4c:05:7a:9f:09:16:17:40:1c:f7:0a:05:5d:ef:43:f0:0d:6c:
01:f9:e1:00
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICB38wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTk3RDAxMTAvBgNVBAUTKDMxNDI0NjkwMUZBN0Q2NTA1RDk3QUExQzAxNDBCQkNB
MEU4QzI5NEYwHhcNMjIwMjI3MjEyNzE1WhcNMjMwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjFiZWNiMy1jZTkyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzaOfUlEgZJeZXwoFJXZcSaSFZnzSvzQF3Sp+Lz+ALaGhf3bLEpZ5ENIVZ7Sh
y0y6o2HWl2WfJiHAH1lZd/0MAqyZSqGoz3AvclOFtqr322X4sjKdIe4BkiRj9nzN
np6hpLgRcB7xt2qR6TIrXkjXhYMvzFHIHsbhds7w4keps+kdsbfbayk361d558Tx
e7l5R9y9z+hb4uAdg0TGA3c9E4J10u+XKNRkIy6EH70B23xCIuwhQkfNQYxrSfUU
pQmLcUaVC8b5v22rn+y9/dWY0eOS4xa1PWGv7I5Nrov0lfyADnOK0sGB+ZlcANXO
GGhaLSRQm4HiHMRHqe1nvEhT8wIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFNYZe/kK
0gl1/69hbPr7MB9x4ydwMB8GA1UdIwQYMBaAFDFCRpAfp9ZQXZeqHAFAu8oOjClP
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1OTdEMC9DRDQ1NzIyMDNE
QjMxMUVBOEJGOTNBMEVDNEY5QUUwMi9NVUpHa0ItbjFsQmRsNm9jQVVDN3lnNk1L
VTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL01VSkdrQi1uMWxCZGw2b2NBVUM3eWc2TUtVOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTk3RDAvQ0Q0NTcyMjAzREIzMTFFQThCRjkzQTBFQzRGOUFFMDIvODM5QzQ2Qjg3
ODBEMTFFQkI1Qjg4RTdFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJnyjQDBALKWCgwDQQCAAIwBwMFACQEwYAwDQYJKoZIhvcN
AQELBQADggEBAGjpntNQhhYOTv1aRsU/xIG6p23881PNB9REWiX+HHVvk+3ZJker
75RFWt1lRVlgaZ/aCKTQWyxmOk9tPi3KsRSgw7bDcbHhsf0YgDD8jUbnJWwsCgTr
jEGjV67DKxqzbIUFT6tqyHL+1g6uivfMhC36UYIMMRCnQFHDeJD61sInj4QmXiWH
yfNyl4OCFFAetGVdrPjQzwKXno06HaHpzBhF6KqiWyhQg/rewebPpc299QpnPVTl
AUYqrZODmS+Ia16GhImgoF5z0tPw9YU6Kr6oqBr+dNf7njLCMadamL9aR5dojxJV
kgnzGEwFep8JFhdAHPcKBV3vQ/ANbAH54QA=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:43 2023 by rpki-client on console-fra.rpki-client.org