Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2D2D2B30BCFB11EAB65E512FC4F9AE02.roa
File: 2D2D2B30BCFB11EAB65E512FC4F9AE02.roa (raw, json)
Hash identifier: LFGXZTnrKwfjazTVNAiKPEXhk2WKrwttAQMM1DUqWKo=
Subject key identifier: 43:4D:FF:A4:20:00:6E:16:C0:DC:BD:B4:C1:A6:E2:7F:B2:B6:37:27
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 504E
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2D2D2B30BCFB11EAB65E512FC4F9AE02.roa
Signing time: Mon 16 May 2022 04:10:21 +0000
ROA not before: Mon 16 May 2022 04:10:21 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 135260
IP address blocks: 45.250.8.0/22 maxlen: 24
103.219.16.0/22 maxlen: 24
2405:3480::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20558 (0x504e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 16 04:10:21 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6281cead-7f57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:47:95:f0:54:e5:61:a2:01:52:2a:d4:5f:ff:
75:7a:0b:f7:c5:91:d7:68:dc:9c:88:1b:57:23:5d:
66:39:00:58:18:67:79:eb:d1:0b:54:10:9d:8d:98:
35:1e:fa:db:d5:67:0e:56:d6:fa:63:b8:8d:98:af:
a7:c0:84:18:31:0a:de:8b:de:3d:d3:4e:1c:38:f6:
2b:7b:e6:d1:51:0a:8f:40:7a:e7:06:6b:e4:6d:8d:
89:30:44:fc:3e:20:d4:2c:d3:0d:0d:a9:f3:cc:57:
35:40:7a:0b:b0:17:2a:f2:8a:33:c9:0a:cf:40:d5:
4a:d6:7b:01:03:f5:a9:d6:d0:78:f4:3a:67:71:e3:
8e:7a:2d:ce:4c:71:01:21:c8:23:e0:f3:40:1a:28:
e9:49:12:9c:5d:db:c2:71:37:58:a6:fa:0a:26:15:
04:e4:15:8e:93:96:21:3a:69:5d:69:5a:23:87:8f:
ec:b9:91:d7:c9:0f:95:48:a1:6d:c8:4e:df:61:c5:
ff:c4:f4:2c:38:b1:c0:96:ec:8f:c9:99:5c:43:d9:
31:40:e1:b8:29:e1:76:1c:f1:0c:13:7a:f2:cc:1a:
b3:3c:26:65:c2:79:ec:03:f0:d1:cc:bc:eb:1a:66:
8a:83:77:d3:80:01:0f:1c:7d:21:cb:de:ec:0d:97:
fa:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:4D:FF:A4:20:00:6E:16:C0:DC:BD:B4:C1:A6:E2:7F:B2:B6:37:27
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2D2D2B30BCFB11EAB65E512FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.250.8.0/22
103.219.16.0/22
IPv6:
2405:3480::/32
Signature Algorithm: sha256WithRSAEncryption
9e:b4:cc:20:e6:39:0d:24:36:78:8f:15:68:1f:5d:8a:2a:ca:
33:f5:df:77:4a:5c:ef:da:c8:ba:11:71:bf:d5:f7:e3:37:fa:
3a:fb:a0:4b:0f:89:d2:db:5a:6e:fc:4b:82:4b:84:12:fc:3e:
96:02:ce:db:41:3b:d1:4c:55:c8:d4:4b:28:47:ce:b1:c3:26:
7e:ba:7c:73:c0:93:df:0a:ab:46:46:0b:0a:f3:33:f5:44:18:
a9:43:03:f7:73:d1:95:bd:b9:1f:86:15:57:09:5f:07:66:2b:
50:80:72:52:ca:ea:ae:53:7e:35:7f:5c:62:f5:2d:48:85:33:
73:4d:0c:56:9a:ae:c8:a5:af:76:ac:62:53:d6:b2:47:ee:80:
3c:8c:cf:5f:34:12:27:65:2e:4b:ca:45:90:79:36:e6:3d:d0:
d7:a3:d9:5f:fe:59:05:3f:cd:b8:33:19:77:c2:a4:c2:5d:31:
85:b7:42:7f:d2:fa:61:d3:a0:ab:3c:29:6f:94:7a:1a:c1:ea:
f7:08:db:a5:12:04:28:a2:d8:a0:14:fe:61:e7:40:87:d6:bf:
02:2b:fa:34:69:11:a8:f8:80:b0:27:81:c7:16:42:89:13:68:
72:d2:ea:fa:65:ab:b2:63:92:86:e7:2b:d2:93:89:9c:b1:57:
7e:0d:62:9b
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICUE4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwNTE2MDQxMDIxWhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjgxY2VhZC03ZjU3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4EeV8FTlYaIBUirUX/91egv3xZHXaNyciBtXI11mOQBYGGd569ELVBCdjZg1
Hvrb1WcOVtb6Y7iNmK+nwIQYMQrei949004cOPYre+bRUQqPQHrnBmvkbY2JMET8
PiDULNMNDanzzFc1QHoLsBcq8oozyQrPQNVK1nsBA/Wp1tB49DpnceOOei3OTHEB
Icgj4PNAGijpSRKcXdvCcTdYpvoKJhUE5BWOk5YhOmldaVojh4/suZHXyQ+VSKFt
yE7fYcX/xPQsOLHAluyPyZlcQ9kxQOG4KeF2HPEME3ryzBqzPCZlwnnsA/DRzLzr
GmaKg3fTgAEPHH0hy97sDZf6sQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFENN/6Qg
AG4WwNy9tMGm4n+ytjcnMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvMkQyRDJCMzBC
Q0ZCMTFFQUI2NUU1MTJGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAIt+ggDBAJn2xAwDQQCAAIwBwMFACQFNIAwDQYJKoZIhvcN
AQELBQADggEBAJ60zCDmOQ0kNniPFWgfXYoqyjP133dKXO/ayLoRcb/V9+M3+jr7
oEsPidLbWm78S4JLhBL8PpYCzttBO9FMVcjUSyhHzrHDJn66fHPAk98Kq0ZGCwrz
M/VEGKlDA/dz0ZW9uR+GFVcJXwdmK1CAclLK6q5TfjV/XGL1LUiFM3NNDFaarsil
r3asYlPWskfugDyMz180EidlLkvKRZB5NuY90Nej2V/+WQU/zbgzGXfCpMJdMYW3
Qn/S+mHToKs8KW+UehrB6vcI26USBCii2KAU/mHnQIfWvwIr+jRpEaj4gLAngccW
QokTaHLS6vplq7JjkobnK9KTiZyxV34NYps=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:48 2023 by rpki-client on console-ams.rpki-client.org