Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91647F5/D69896E6A0C811EEA7B8D02CC4F9AE02/C79704F6A12311EEB481B00CC4F9AE02.roa
File: C79704F6A12311EEB481B00CC4F9AE02.roa (raw, json)
Hash identifier: JqWh+3Y4XjooVJaSQXWCoAr9e2z2BpzLtinulIRWX1U=
Subject key identifier: 4F:79:F8:6D:F6:AD:7D:5D:63:81:52:4E:0A:23:B6:6E:D8:13:99:2A
Certificate issuer: /CN=A91647F5/serialNumber=579118B148E27D1571751568BA070FE1E62C7EB9
Certificate serial: 02
Authority key identifier: 57:91:18:B1:48:E2:7D:15:71:75:15:68:BA:07:0F:E1:E6:2C:7E:B9
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/V5EYsUjifRVxdRVougcP4eYsfrk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91647F5/D69896E6A0C811EEA7B8D02CC4F9AE02/C79704F6A12311EEB481B00CC4F9AE02.roa
Signing time: Fri 22 Dec 2023 23:42:34 +0000
ROA not before: Fri 22 Dec 2023 23:42:34 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203963
IP address blocks: 203.22.241.0/24 maxlen: 24
203.28.216.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91647F5/serialNumber=579118B148E27D1571751568BA070FE1E62C7EB9
Validity
Not Before: Dec 22 23:42:34 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=65861eea-c837
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:b1:65:5d:01:2d:a4:d5:12:19:d9:17:99:11:
89:e7:29:c5:d9:dd:37:87:20:45:fa:eb:5b:d9:4c:
91:cf:3d:48:28:1f:19:db:a2:48:f7:fe:c4:85:c1:
bd:71:97:38:e1:2b:45:6d:99:4c:50:bb:c2:fe:ea:
e0:ce:71:e9:17:28:4b:6a:b3:1f:06:d8:5b:fa:89:
dd:ae:45:b7:73:3e:5f:93:1c:22:bd:b3:ea:98:2d:
09:51:d9:ba:2b:dd:bb:41:29:b4:8b:5e:07:ae:80:
09:b1:ad:bc:33:a9:b3:68:be:f2:ef:0b:e5:a2:1c:
05:e9:ce:1e:0e:67:be:5a:cc:d0:a8:8f:6a:4f:45:
7c:f2:5b:c8:e5:c5:1e:59:a9:23:c9:c9:c2:48:03:
44:6b:9c:68:22:77:f8:b3:1a:bd:f1:01:39:67:f9:
83:92:64:bc:9c:6f:fd:db:5e:71:75:a3:35:15:7f:
6c:a4:ed:12:00:f0:ff:c4:bc:b1:a9:36:93:7e:5b:
29:81:de:e2:9c:d8:11:e1:fc:e6:7e:19:af:3f:73:
3e:5e:c5:58:63:08:e3:7b:02:7c:44:dc:b3:01:53:
55:3f:fd:fa:54:9f:5b:e9:fc:62:1a:b4:8c:62:b6:
cb:83:67:7c:62:9b:73:49:af:2c:6d:dd:12:d1:d0:
48:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:79:F8:6D:F6:AD:7D:5D:63:81:52:4E:0A:23:B6:6E:D8:13:99:2A
X509v3 Authority Key Identifier:
keyid:57:91:18:B1:48:E2:7D:15:71:75:15:68:BA:07:0F:E1:E6:2C:7E:B9
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91647F5/D69896E6A0C811EEA7B8D02CC4F9AE02/V5EYsUjifRVxdRVougcP4eYsfrk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/V5EYsUjifRVxdRVougcP4eYsfrk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91647F5/D69896E6A0C811EEA7B8D02CC4F9AE02/C79704F6A12311EEB481B00CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
203.22.241.0/24
203.28.216.0/22
Signature Algorithm: sha256WithRSAEncryption
2a:eb:9c:0f:ff:de:dd:a5:6b:94:0f:8c:5d:91:9d:7e:96:e3:
7d:c3:6d:df:94:2a:ae:8f:ae:d2:a3:8f:3a:2c:70:0a:46:81:
3a:19:7d:84:58:ea:84:01:ad:57:1c:2d:06:70:12:de:09:51:
f3:e0:62:d7:78:0c:61:d9:34:e0:93:c9:7b:46:42:ad:f7:de:
d1:1a:36:9e:2d:1d:56:fd:53:e1:e4:3d:9b:2b:b8:bf:a5:84:
b0:5f:a5:5a:0d:7c:7b:eb:f2:47:ea:45:c8:fc:c9:93:95:9a:
c0:9d:10:91:bc:1c:37:89:0d:5c:ff:8b:bb:28:ff:e3:f3:94:
90:7d:14:3b:45:4c:a3:fe:6d:90:a0:6b:02:24:f1:27:38:64:
22:cb:fa:f4:63:e4:b6:30:60:85:f5:26:db:35:f0:7f:a3:5e:
6c:24:2f:12:a3:e2:fb:98:a4:e7:fb:b4:9c:09:43:55:be:e0:
f4:58:d8:ac:f6:13:c3:a2:8d:22:15:20:45:1f:ef:f9:cc:d4:
af:e0:1a:b4:ba:fd:82:a1:6f:2d:38:f0:aa:8e:21:83:87:bd:
ca:bf:9b:28:f7:5a:74:94:4c:75:8c:ca:8b:61:04:2c:ab:89:
5b:43:12:12:61:b3:a3:d0:f4:83:c7:ee:7c:9d:58:06:f2:62:
6d:3f:4e:71
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE2
NDdGNTExMC8GA1UEBRMoNTc5MTE4QjE0OEUyN0QxNTcxNzUxNTY4QkEwNzBGRTFF
NjJDN0VCOTAeFw0yMzEyMjIyMzQyMzRaFw0yNDA3MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1ODYxZWVhLWM4MzcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC2sWVdAS2k1RIZ2ReZEYnnKcXZ3TeHIEX661vZTJHPPUgoHxnbokj3/sSFwb1x
lzjhK0VtmUxQu8L+6uDOcekXKEtqsx8G2Fv6id2uRbdzPl+THCK9s+qYLQlR2bor
3btBKbSLXgeugAmxrbwzqbNovvLvC+WiHAXpzh4OZ75azNCoj2pPRXzyW8jlxR5Z
qSPJycJIA0RrnGgid/izGr3xATln+YOSZLycb/3bXnF1ozUVf2yk7RIA8P/EvLGp
NpN+WymB3uKc2BHh/OZ+Ga8/cz5exVhjCON7AnxE3LMBU1U//fpUn1vp/GIatIxi
tsuDZ3xim3NJryxt3RLR0EghAgMBAAGjggKbMIIClzAdBgNVHQ4EFgQUT3n4bfat
fV1jgVJOCiO2btgTmSowHwYDVR0jBBgwFoAUV5EYsUjifRVxdRVougcP4eYsfrkw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTY0N0Y1L0Q2OTg5NkU2QTBD
ODExRUVBN0I4RDAyQ0M0RjlBRTAyL1Y1RVlzVWppZlJWeGRSVm91Z2NQNGVZc2Zy
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvVjVFWXNVamlmUlZ4ZFJWb3VnY1A0ZVlzZnJrLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2
NDdGNS9ENjk4OTZFNkEwQzgxMUVFQTdCOEQwMkNDNEY5QUUwMi9DNzk3MDRGNkEx
MjMxMUVFQjQ4MUIwMENDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEAMsW8QMEAssc2DANBgkqhkiG9w0BAQsFAAOCAQEAKuucD//e
3aVrlA+MXZGdfpbjfcNt35Qqro+u0qOPOixwCkaBOhl9hFjqhAGtVxwtBnAS3glR
8+Bi13gMYdk04JPJe0ZCrffe0Ro2ni0dVv1T4eQ9myu4v6WEsF+lWg18e+vyR+pF
yPzJk5WawJ0QkbwcN4kNXP+Luyj/4/OUkH0UO0VMo/5tkKBrAiTxJzhkIsv69GPk
tjBghfUm2zXwf6NebCQvEqPi+5ik5/u0nAlDVb7g9FjYrPYTw6KNIhUgRR/v+czU
r+AatLr9gqFvLTjwqo4hg4e9yr+bKPdadJRMdYzKi2EELKuJW0MSEmGzo9D0g8fu
fJ1YBvJibT9OcQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:09 2024 by rpki-client on console-ams.rpki-client.org