Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9159E90/A572B67C1F3211EEB364DD53C4F9AE02/D2D4E66420B111EE8980295BC4F9AE02.roa
File: D2D4E66420B111EE8980295BC4F9AE02.roa (raw, json)
Hash identifier: ObRGCzP91IRNFzqhFMWQbCG+oUYcC9VVI0Vhl4CEGVE=
Subject key identifier: B9:6E:04:C8:B9:86:EE:65:34:74:34:4B:F1:9F:23:AA:0C:00:C1:AC
Certificate issuer: /CN=A9159E90/serialNumber=591E2C8973C63F0B50EEFA13446BCB15EC52E51F
Certificate serial: 04
Authority key identifier: 59:1E:2C:89:73:C6:3F:0B:50:EE:FA:13:44:6B:CB:15:EC:52:E5:1F
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WR4siXPGPwtQ7voTRGvLFexS5R8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9159E90/A572B67C1F3211EEB364DD53C4F9AE02/D2D4E66420B111EE8980295BC4F9AE02.roa
Signing time: Wed 12 Jul 2023 12:44:21 +0000
ROA not before: Wed 12 Jul 2023 12:44:21 +0000
ROA not after: Thu 31 Oct 2024 00:00:00 +0000
asID: 58251
IP address blocks: 2401:13a0:1::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9159E90/serialNumber=591E2C8973C63F0B50EEFA13446BCB15EC52E51F
Validity
Not Before: Jul 12 12:44:21 2023 GMT
Not After : Oct 31 00:00:00 2024 GMT
Subject: CN=64aea025-90ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:5a:f2:9e:fa:24:66:da:f3:a1:df:95:0e:31:
b1:21:57:20:ec:a4:e5:e2:27:58:13:8e:a1:13:f1:
c4:27:a3:1f:ae:55:da:53:f2:8f:4f:bf:40:fb:c9:
b1:d9:7a:42:dc:a0:80:4c:91:b1:6b:12:e2:55:f7:
28:88:5b:39:bc:c7:df:16:f1:36:0a:61:bb:94:c8:
77:de:6e:96:69:6f:d3:30:7b:2e:75:14:20:d6:13:
4a:6c:98:ef:ff:32:7e:e4:6e:f2:85:7f:37:94:ef:
d6:48:29:a3:3f:bf:3e:2b:ed:0e:17:01:4c:82:ec:
85:6a:f9:30:6b:e1:db:a7:c8:46:42:7c:84:e8:26:
78:dc:ac:b7:c9:67:28:eb:45:ff:c3:fb:b3:9b:5b:
38:d1:da:67:2c:3f:2c:b9:01:3a:37:1f:6c:a1:6a:
88:9e:ed:ef:ba:b9:79:4d:58:41:8a:e9:a6:05:c3:
02:7f:4f:67:a9:50:2c:a9:2b:3f:c6:68:48:bd:a7:
92:98:72:78:65:66:f5:2f:7a:f8:32:a9:f4:15:a7:
31:08:44:01:f2:c1:d5:15:ac:5f:3c:84:76:c7:28:
40:55:ed:00:b5:c6:3f:c5:48:89:53:14:37:b3:5f:
a3:00:55:a8:bd:20:5d:25:c0:a0:20:8c:c1:ca:92:
40:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:6E:04:C8:B9:86:EE:65:34:74:34:4B:F1:9F:23:AA:0C:00:C1:AC
X509v3 Authority Key Identifier:
keyid:59:1E:2C:89:73:C6:3F:0B:50:EE:FA:13:44:6B:CB:15:EC:52:E5:1F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9159E90/A572B67C1F3211EEB364DD53C4F9AE02/WR4siXPGPwtQ7voTRGvLFexS5R8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WR4siXPGPwtQ7voTRGvLFexS5R8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9159E90/A572B67C1F3211EEB364DD53C4F9AE02/D2D4E66420B111EE8980295BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv6:
2401:13a0:1::/48
Signature Algorithm: sha256WithRSAEncryption
8a:c7:68:5f:50:25:80:6e:8d:8f:62:27:58:93:12:8f:a3:5b:
39:c2:09:34:fc:1e:f9:04:a5:09:a7:62:0a:b2:f2:09:2c:77:
2d:53:8e:c3:09:ed:07:75:b8:94:23:db:3b:ff:3d:36:f5:09:
da:9d:fc:9b:ed:d8:40:fa:f1:33:44:a5:48:4f:30:ad:23:89:
ab:08:66:43:67:c5:e7:3b:fd:73:39:07:26:cb:8f:fb:55:ce:
0a:2d:5f:a4:19:57:ae:49:fb:61:cc:06:95:a8:44:e0:99:e0:
06:d3:0e:39:e9:b7:03:32:f4:33:fa:f1:f7:60:63:94:2f:bd:
b6:24:1b:9c:21:5a:38:3d:81:d1:b3:e7:0f:41:b8:46:2e:b2:
4a:28:ee:51:10:2f:bf:7f:42:d6:8e:78:7b:17:b0:18:98:0b:
91:65:9a:00:9f:67:08:bc:10:61:27:1c:84:5c:df:fe:10:4d:
65:79:86:08:b8:9c:60:95:ea:a3:21:6e:ac:83:ab:a3:09:0f:
de:51:9b:91:d6:2c:3e:bb:85:f3:9b:fc:ad:c0:a2:df:f1:2b:
fd:24:df:00:cf:0e:40:6a:d4:04:ba:fc:85:a9:a2:e0:a8:c7:
ff:77:5a:71:f1:78:9d:7e:4c:a8:f5:7b:6b:01:72:8a:87:6b:
a4:ec:d8:df
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIBBDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE1
OUU5MDExMC8GA1UEBRMoNTkxRTJDODk3M0M2M0YwQjUwRUVGQTEzNDQ2QkNCMTVF
QzUyRTUxRjAeFw0yMzA3MTIxMjQ0MjFaFw0yNDEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0YWVhMDI1LTkwZWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDWWvKe+iRm2vOh35UOMbEhVyDspOXiJ1gTjqET8cQnox+uVdpT8o9Pv0D7ybHZ
ekLcoIBMkbFrEuJV9yiIWzm8x98W8TYKYbuUyHfebpZpb9Mwey51FCDWE0psmO//
Mn7kbvKFfzeU79ZIKaM/vz4r7Q4XAUyC7IVq+TBr4dunyEZCfIToJnjcrLfJZyjr
Rf/D+7ObWzjR2mcsPyy5ATo3H2yhaoie7e+6uXlNWEGK6aYFwwJ/T2epUCypKz/G
aEi9p5KYcnhlZvUvevgyqfQVpzEIRAHywdUVrF88hHbHKEBV7QC1xj/FSIlTFDez
X6MAVai9IF0lwKAgjMHKkkDDAgMBAAGjggKYMIIClDAdBgNVHQ4EFgQUuW4EyLmG
7mU0dDRL8Z8jqgwAwawwHwYDVR0jBBgwFoAUWR4siXPGPwtQ7voTRGvLFexS5R8w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTU5RTkwL0E1NzJCNjdDMUYz
MjExRUVCMzY0REQ1M0M0RjlBRTAyL1dSNHNpWFBHUHd0UTd2b1RSR3ZMRmV4UzVS
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvV1I0c2lYUEdQd3RRN3ZvVFJHdkxGZXhTNVI4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1
OUU5MC9BNTcyQjY3QzFGMzIxMUVFQjM2NERENTNDNEY5QUUwMi9EMkQ0RTY2NDIw
QjExMUVFODk4MDI5NUJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAiBggrBgEFBQcBBwEB/wQT
MBEwDwQCAAIwCQMHACQBE6AAATANBgkqhkiG9w0BAQsFAAOCAQEAisdoX1AlgG6N
j2InWJMSj6NbOcIJNPwe+QSlCadiCrLyCSx3LVOOwwntB3W4lCPbO/89NvUJ2p38
m+3YQPrxM0SlSE8wrSOJqwhmQ2fF5zv9czkHJsuP+1XOCi1fpBlXrkn7YcwGlahE
4JngBtMOOem3AzL0M/rx92BjlC+9tiQbnCFaOD2B0bPnD0G4Ri6ySijuURAvv39C
1o54exewGJgLkWWaAJ9nCLwQYScchFzf/hBNZXmGCLicYJXqoyFurIOrowkP3lGb
kdYsPruF85v8rcCi3/Er/STfAM8OQGrUBLr8hami4KjH/3dacfF4nX5MqPV7awFy
iodrpOzY3w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:07 2024 by rpki-client on console-ams.rpki-client.org