Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9168494/31B8263C099311EDB21C9B4BC4F9AE02/3D45A206099611EDAAD89651C4F9AE02.roa
File: 3D45A206099611EDAAD89651C4F9AE02.roa (raw, json)
Hash identifier: 7roR+NGRB9vtCBKb1zVZ/id9uZ8gWFiKqaK5x60E0WU=
Subject key identifier: 1E:CA:FD:05:EA:A4:42:ED:52:69:C8:0B:05:0F:55:EC:82:65:6D:B0
Certificate issuer: /CN=A9168494/serialNumber=B13EA4934F41FC4834CD2A6FF8218D40F7A97789
Certificate serial: 02
Authority key identifier: B1:3E:A4:93:4F:41:FC:48:34:CD:2A:6F:F8:21:8D:40:F7:A9:77:89
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/sT6kk09B_Eg0zSpv-CGNQPepd4k.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9168494/31B8263C099311EDB21C9B4BC4F9AE02/3D45A206099611EDAAD89651C4F9AE02.roa
Signing time: Fri 22 Jul 2022 08:14:00 +0000
ROA not before: Fri 22 Jul 2022 08:14:00 +0000
ROA not after: Sun 30 Jul 2023 00:00:00 +0000
asID: 136961
IP address blocks: 165.220.8.0/21 maxlen: 21
165.220.232.0/21 maxlen: 21
165.220.232.0/24 maxlen: 24
165.220.233.0/24 maxlen: 24
165.220.234.0/23 maxlen: 23
165.220.236.0/23 maxlen: 23
165.220.238.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9168494/serialNumber=B13EA4934F41FC4834CD2A6FF8218D40F7A97789
Validity
Not Before: Jul 22 08:14:00 2022 GMT
Not After : Jul 30 00:00:00 2023 GMT
Subject: CN=62da5c47-3dc3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:80:99:db:aa:71:ac:0e:c1:d6:11:a8:1a:3f:
6c:77:63:56:1b:14:96:fd:39:e7:27:4a:f0:50:24:
5c:fa:5c:3e:cd:4a:f2:9f:e4:e1:e3:28:1c:9d:48:
e7:4e:15:ca:b4:02:61:7d:b8:12:9e:90:40:ed:17:
01:fd:53:3f:a8:96:e6:4a:69:26:73:d0:54:56:aa:
8d:80:6e:05:48:2d:c6:d6:e5:25:aa:79:54:45:5b:
f4:e6:b3:94:b5:d9:6c:25:0a:cc:ec:cc:d2:b6:2a:
0f:0c:cd:b3:72:43:bf:4d:93:4b:cf:30:bf:41:74:
ff:08:f2:38:52:1c:25:52:ff:0c:a3:ad:81:c3:88:
08:21:a1:f4:7a:f1:4b:51:46:34:e4:82:1c:cb:83:
1e:e3:2e:7b:f9:c1:c6:7c:ff:57:2a:27:aa:dc:f5:
61:4d:67:4b:36:fd:2a:68:28:98:d1:02:5b:6b:b1:
11:8a:b4:79:b1:f1:e3:d1:6c:76:0f:46:fb:d4:f8:
8f:0c:d5:c9:3c:38:75:95:64:f4:7a:9f:86:79:02:
43:38:fb:7a:34:35:7a:eb:79:4a:78:44:59:11:1d:
0d:ea:a2:0d:56:f6:30:34:ee:40:78:1b:ad:10:e5:
b9:e2:cc:d0:18:32:af:33:af:5b:6f:28:7d:37:8d:
33:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:CA:FD:05:EA:A4:42:ED:52:69:C8:0B:05:0F:55:EC:82:65:6D:B0
X509v3 Authority Key Identifier:
keyid:B1:3E:A4:93:4F:41:FC:48:34:CD:2A:6F:F8:21:8D:40:F7:A9:77:89
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9168494/31B8263C099311EDB21C9B4BC4F9AE02/sT6kk09B_Eg0zSpv-CGNQPepd4k.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/sT6kk09B_Eg0zSpv-CGNQPepd4k.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9168494/31B8263C099311EDB21C9B4BC4F9AE02/3D45A206099611EDAAD89651C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
165.220.8.0/21
165.220.232.0/21
Signature Algorithm: sha256WithRSAEncryption
11:46:31:6c:b8:f0:26:36:c7:96:63:5d:8d:2e:41:59:0a:9f:
da:37:05:35:02:38:73:6e:12:40:9d:5e:a2:22:17:fd:32:ee:
73:58:69:c1:55:c2:7b:c2:a1:ca:08:e6:27:7c:a4:29:a9:16:
7b:9a:ff:24:a5:fd:99:64:82:3c:97:a5:bd:b4:59:12:83:69:
b3:27:b3:1f:bc:3e:81:54:d4:15:23:98:fe:37:41:97:0a:a8:
fb:78:cd:3f:7f:1b:a3:12:14:89:fd:f2:a4:da:77:5d:d2:fb:
26:4f:b3:ef:e6:44:8e:56:41:36:87:00:b5:45:a3:b0:96:11:
c3:9d:d9:ab:c5:47:f4:e3:cd:5f:40:36:cc:cb:3b:35:c4:6d:
9a:a5:da:d9:79:42:18:56:fc:f2:92:4b:d7:c5:10:bc:14:c1:
98:a4:70:8f:6f:79:cc:85:00:3e:37:be:14:49:03:4b:33:97:
c8:82:c8:5c:cd:40:35:1d:1a:ad:40:2c:09:9d:16:4d:3f:4e:
d2:be:0b:cc:f6:47:db:85:f2:cd:92:e7:05:c3:81:ec:c6:88:
7d:07:9e:a8:e1:8e:ef:84:b4:4c:2e:7a:c2:62:a6:5b:e6:79:
0d:d0:ca:52:28:39:09:f3:7f:31:c4:16:97:dc:13:07:27:14:
0f:14:b3:02
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE2
ODQ5NDExMC8GA1UEBRMoQjEzRUE0OTM0RjQxRkM0ODM0Q0QyQTZGRjgyMThENDBG
N0E5Nzc4OTAeFw0yMjA3MjIwODE0MDBaFw0yMzA3MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTYyZGE1YzQ3LTNkYzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCugJnbqnGsDsHWEagaP2x3Y1YbFJb9OecnSvBQJFz6XD7NSvKf5OHjKBydSOdO
Fcq0AmF9uBKekEDtFwH9Uz+oluZKaSZz0FRWqo2AbgVILcbW5SWqeVRFW/Tms5S1
2WwlCszszNK2Kg8MzbNyQ79Nk0vPML9BdP8I8jhSHCVS/wyjrYHDiAghofR68UtR
RjTkghzLgx7jLnv5wcZ8/1cqJ6rc9WFNZ0s2/SpoKJjRAltrsRGKtHmx8ePRbHYP
RvvU+I8M1ck8OHWVZPR6n4Z5AkM4+3o0NXrreUp4RFkRHQ3qog1W9jA07kB4G60Q
5bnizNAYMq8zr1tvKH03jTOPAgMBAAGjggKbMIIClzAdBgNVHQ4EFgQUHsr9Beqk
Qu1SacgLBQ9V7IJlbbAwHwYDVR0jBBgwFoAUsT6kk09B/Eg0zSpv+CGNQPepd4kw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTY4NDk0LzMxQjgyNjNDMDk5
MzExRURCMjFDOUI0QkM0RjlBRTAyL3NUNmtrMDlCX0VnMHpTcHYtQ0dOUVBlcGQ0
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvc1Q2a2swOUJfRWcwelNwdi1DR05RUGVwZDRrLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2
ODQ5NC8zMUI4MjYzQzA5OTMxMUVEQjIxQzlCNEJDNEY5QUUwMi8zRDQ1QTIwNjA5
OTYxMUVEQUFEODk2NTFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEA6XcCAMEA6Xc6DANBgkqhkiG9w0BAQsFAAOCAQEAEUYxbLjw
JjbHlmNdjS5BWQqf2jcFNQI4c24SQJ1eoiIX/TLuc1hpwVXCe8KhygjmJ3ykKakW
e5r/JKX9mWSCPJelvbRZEoNpsyezH7w+gVTUFSOY/jdBlwqo+3jNP38boxIUif3y
pNp3XdL7Jk+z7+ZEjlZBNocAtUWjsJYRw53Zq8VH9OPNX0A2zMs7NcRtmqXa2XlC
GFb88pJL18UQvBTBmKRwj295zIUAPje+FEkDSzOXyILIXM1ANR0arUAsCZ0WTT9O
0r4LzPZH24XyzZLnBcOB7MaIfQeeqOGO74S0TC56wmKmW+Z5DdDKUig5CfN/McQW
l9wTBycUDxSzAg==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:42 2023 by rpki-client on console-ams.rpki-client.org