Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91814CB/ADEC543A1D7811EA8D301744C4F9AE02/634CCBC01D7911EA81841C45C4F9AE02.roa
File: 634CCBC01D7911EA81841C45C4F9AE02.roa (raw, json)
Hash identifier: zjccL5BVAoJZedYExy0f/lGmTLRoU802Azu/jwhnjUU=
Subject key identifier: E1:57:ED:9D:E7:8A:0D:F8:AF:96:67:81:A9:E5:DB:8E:57:54:AB:E6
Certificate issuer: /CN=A91814CB/serialNumber=9AA53D27BE1BB614953C379D39E0BBC5F1C124A7
Certificate serial: 09F2
Authority key identifier: 9A:A5:3D:27:BE:1B:B6:14:95:3C:37:9D:39:E0:BB:C5:F1:C1:24:A7
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mqU9J74bthSVPDedOeC7xfHBJKc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91814CB/ADEC543A1D7811EA8D301744C4F9AE02/634CCBC01D7911EA81841C45C4F9AE02.roa
Signing time: Mon 28 Nov 2022 20:47:04 +0000
ROA not before: Mon 28 Nov 2022 20:47:04 +0000
ROA not after: Wed 31 Jan 2024 00:00:00 +0000
asID: 135673
IP address blocks: 103.78.160.0/22 maxlen: 24
123.108.88.0/22 maxlen: 24
2407:d380::/32 maxlen: 33
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2546 (0x9f2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91814CB/serialNumber=9AA53D27BE1BB614953C379D39E0BBC5F1C124A7
Validity
Not Before: Nov 28 20:47:04 2022 GMT
Not After : Jan 31 00:00:00 2024 GMT
Subject: CN=63851e47-fdb8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:6e:e5:c4:ac:42:b3:71:4d:c0:f1:b5:20:f2:
50:07:8d:c8:86:0a:73:64:43:d5:14:97:54:ea:89:
fa:c0:f0:a9:e6:22:81:b0:6a:09:49:9d:69:54:b2:
5c:db:1d:ca:16:8e:e6:a6:94:14:b9:07:21:4c:02:
f3:9a:36:cd:88:54:41:14:63:0b:05:06:47:d9:52:
6f:5f:22:e7:62:11:8d:50:8c:f2:1b:05:1e:70:d3:
35:cd:4b:2a:0a:dd:f4:21:dd:9a:d0:94:40:e9:a5:
d1:53:82:32:5d:b0:77:08:b2:67:56:9f:dc:0c:05:
4e:b7:4e:b5:bc:98:a6:55:c6:ed:98:6a:f4:09:4c:
73:16:cf:ec:78:47:28:6d:0e:b1:f2:30:b3:f8:22:
d9:5b:03:66:35:1d:9a:ac:ed:9f:77:18:b6:b2:7a:
ee:f9:60:07:33:3b:fc:f2:b9:c0:80:ec:ab:e7:41:
b0:a1:20:ad:00:be:09:4c:b5:9f:20:e1:e7:db:bb:
1c:96:8a:70:a7:02:35:ec:3e:b7:2c:b7:a0:18:7e:
ef:18:fe:44:10:85:d5:51:70:63:77:cb:6c:3b:67:
f3:86:80:ae:ac:d7:50:d0:dd:6a:83:a1:f4:f5:2e:
2f:8e:46:4c:fa:95:e4:dd:d9:c7:44:e4:95:3b:bd:
32:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:57:ED:9D:E7:8A:0D:F8:AF:96:67:81:A9:E5:DB:8E:57:54:AB:E6
X509v3 Authority Key Identifier:
keyid:9A:A5:3D:27:BE:1B:B6:14:95:3C:37:9D:39:E0:BB:C5:F1:C1:24:A7
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91814CB/ADEC543A1D7811EA8D301744C4F9AE02/mqU9J74bthSVPDedOeC7xfHBJKc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mqU9J74bthSVPDedOeC7xfHBJKc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91814CB/ADEC543A1D7811EA8D301744C4F9AE02/634CCBC01D7911EA81841C45C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.78.160.0/22
123.108.88.0/22
IPv6:
2407:d380::/32
Signature Algorithm: sha256WithRSAEncryption
c5:26:ea:c2:55:61:1d:5b:40:48:a2:68:62:9e:15:6e:be:5f:
ec:7c:7d:26:39:35:e5:6f:66:6d:d8:ba:a9:d5:68:72:80:96:
bb:61:a6:66:60:83:bc:e3:62:96:5d:63:0e:2c:19:1f:6a:95:
83:4f:44:fd:26:e2:dc:aa:6b:d3:e3:de:f4:11:38:dc:d4:1a:
e6:0f:77:a1:9f:55:6e:08:4a:9e:5f:b1:bb:ea:7f:1d:08:9d:
56:ef:2c:d9:2e:f7:2b:d2:cd:7f:2e:de:d3:37:7d:f3:52:91:
5e:5b:0c:30:60:8c:42:db:ee:ee:43:61:d9:a3:a0:8c:32:31:
18:30:63:20:cd:05:d7:da:8c:4b:f7:1b:f2:0b:60:20:4f:60:
25:32:4a:14:f4:53:6a:3a:dd:ea:f2:c2:64:bf:b5:32:3e:c2:
d1:7d:15:55:78:31:36:4c:9c:55:b7:af:f2:fe:f4:4e:e5:d2:
4a:e6:19:66:9c:be:1c:9a:20:82:3d:b4:f3:1c:4a:dc:9b:87:
ba:ea:82:16:03:ea:72:cd:08:aa:29:04:33:78:07:a0:e1:8a:
d9:79:1d:ab:21:cb:0a:a5:5d:a6:00:9a:07:3c:a5:96:13:ac:
63:ee:92:b9:1e:0d:fc:e0:10:6d:6e:57:a1:f1:a4:0c:0d:54:
91:e9:fc:38
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICCfIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODE0Q0IxMTAvBgNVBAUTKDlBQTUzRDI3QkUxQkI2MTQ5NTNDMzc5RDM5RTBCQkM1
RjFDMTI0QTcwHhcNMjIxMTI4MjA0NzA0WhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Mzg1MWU0Ny1mZGI4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu27lxKxCs3FNwPG1IPJQB43IhgpzZEPVFJdU6on6wPCp5iKBsGoJSZ1pVLJc
2x3KFo7mppQUuQchTALzmjbNiFRBFGMLBQZH2VJvXyLnYhGNUIzyGwUecNM1zUsq
Ct30Id2a0JRA6aXRU4IyXbB3CLJnVp/cDAVOt061vJimVcbtmGr0CUxzFs/seEco
bQ6x8jCz+CLZWwNmNR2arO2fdxi2snru+WAHMzv88rnAgOyr50GwoSCtAL4JTLWf
IOHn27sclopwpwI17D63LLegGH7vGP5EEIXVUXBjd8tsO2fzhoCurNdQ0N1qg6H0
9S4vjkZM+pXk3dnHROSVO70ydwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFOFX7Z3n
ig34r5Znganl245XVKvmMB8GA1UdIwQYMBaAFJqlPSe+G7YUlTw3nTngu8XxwSSn
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4MTRDQi9BREVDNTQzQTFE
NzgxMUVBOEQzMDE3NDRDNEY5QUUwMi9tcVU5Sjc0YnRoU1ZQRGVkT2VDN3hmSEJK
S2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21xVTlKNzRidGhTVlBEZWRPZUM3eGZIQkpLYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODE0Q0IvQURFQzU0M0ExRDc4MTFFQThEMzAxNzQ0QzRGOUFFMDIvNjM0Q0NCQzAx
RDc5MTFFQTgxODQxQzQ1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJnTqADBAJ7bFgwDQQCAAIwBwMFACQH04AwDQYJKoZIhvcN
AQELBQADggEBAMUm6sJVYR1bQEiiaGKeFW6+X+x8fSY5NeVvZm3YuqnVaHKAlrth
pmZgg7zjYpZdYw4sGR9qlYNPRP0m4tyqa9Pj3vQRONzUGuYPd6GfVW4ISp5fsbvq
fx0InVbvLNku9yvSzX8u3tM3ffNSkV5bDDBgjELb7u5DYdmjoIwyMRgwYyDNBdfa
jEv3G/ILYCBPYCUyShT0U2o63erywmS/tTI+wtF9FVV4MTZMnFW3r/L+9E7l0krm
GWacvhyaIII9tPMcStybh7rqghYD6nLNCKopBDN4B6Dhitl5HashywqlXaYAmgc8
pZYTrGPukrkeDfzgEG1uV6HxpAwNVJHp/Dg=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:45 2023 by rpki-client on console-ams.rpki-client.org