Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/445680F602D311EE88E55B80C4F9AE02.roa
File: 445680F602D311EE88E55B80C4F9AE02.roa (raw, json)
Hash identifier: iP+ZIqKgYKGUmUSFoV0LlcqYHwmUFDa3/NHsi5cqpsA=
Subject key identifier: B4:61:A1:1B:58:05:FD:4F:45:B0:92:31:12:F0:62:F4:3F:6F:A5:65
Certificate issuer: /CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
Certificate serial: 0CA0
Authority key identifier: C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/445680F602D311EE88E55B80C4F9AE02.roa
Signing time: Sun 04 Jun 2023 12:28:10 +0000
ROA not before: Sun 04 Jun 2023 12:28:10 +0000
ROA not after: Wed 29 May 2024 00:00:00 +0000
asID: 18230
IP address blocks: 59.152.0.0/20 maxlen: 20
59.152.0.0/24 maxlen: 24
59.152.5.0/24 maxlen: 24
59.152.8.0/24 maxlen: 24
59.152.9.0/24 maxlen: 24
59.152.10.0/24 maxlen: 24
59.152.12.0/24 maxlen: 24
59.152.13.0/24 maxlen: 24
59.152.15.0/24 maxlen: 24
2404:1b40::/32 maxlen: 32
2404:1b40::/48 maxlen: 48
2404:1b40:1::/48 maxlen: 48
2404:1b40:2::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3232 (0xca0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
Validity
Not Before: Jun 4 12:28:10 2023 GMT
Not After : May 29 00:00:00 2024 GMT
Subject: CN=647c835a-c9a6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:2d:91:ac:ed:47:21:e0:d8:ce:eb:c3:c1:c5:
fd:48:6b:17:b0:bd:ae:ac:64:a5:db:b8:f3:d3:31:
e7:f5:26:ff:d7:9a:dc:59:d4:70:0d:1c:5c:f7:ec:
93:40:b6:50:98:02:d0:07:7c:af:7f:7f:eb:66:79:
09:e1:11:88:36:54:41:3f:f8:d3:f3:d1:5b:7d:16:
ef:6e:0e:71:23:09:aa:10:64:b3:a7:59:63:36:72:
d4:62:ce:97:62:67:6f:fc:0f:66:11:dd:68:af:68:
55:d6:7b:00:61:03:9c:33:f6:f7:2e:fc:4a:12:a2:
dd:a9:dd:10:d7:7b:3f:15:d9:18:7e:0a:ce:01:64:
b8:57:0d:d3:82:ef:c0:0e:a0:7d:81:aa:fe:93:a2:
be:ad:c8:b4:ca:c3:a2:bb:4b:32:f7:a1:e1:67:17:
9a:6e:d8:61:69:7d:a0:96:1f:b2:33:bd:20:87:15:
25:07:34:8e:11:71:11:b7:70:55:9d:79:a3:3a:5e:
fc:84:a8:c5:91:dc:e4:13:f2:24:6f:08:3a:fe:93:
2c:a0:65:51:2e:61:9b:6a:2d:0f:59:a3:f0:4f:89:
26:5e:25:7c:af:c3:26:b2:d3:4a:32:d8:e5:bc:46:
dc:9e:2d:ff:15:53:1a:d6:bb:eb:a9:be:46:70:03:
7c:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:61:A1:1B:58:05:FD:4F:45:B0:92:31:12:F0:62:F4:3F:6F:A5:65
X509v3 Authority Key Identifier:
keyid:C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/yDSTwCl8y1jSg3lG1gY_FKfe6YY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/445680F602D311EE88E55B80C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
59.152.0.0/20
IPv6:
2404:1b40::/32
Signature Algorithm: sha256WithRSAEncryption
50:4b:52:b7:d4:60:95:e7:46:c2:06:f3:66:b1:20:e5:28:f7:
57:db:90:c1:91:cc:a8:d4:06:90:99:ea:24:bb:05:f3:e0:e3:
16:ea:b9:b9:78:3d:f1:27:4f:c0:a8:bb:12:ca:c3:35:83:09:
e2:8d:71:db:4a:8c:91:0b:f9:bb:3b:c5:9c:5f:6b:64:19:0b:
f8:89:fe:71:84:86:84:55:98:85:18:0e:bf:b4:07:6b:09:6d:
a8:08:7d:b3:19:20:4a:95:68:25:e4:9c:8a:23:8c:22:e2:9b:
c0:65:85:5d:c2:72:29:1c:0a:d4:74:d4:27:71:2d:67:fb:5d:
15:c9:a3:46:e4:f7:9b:5c:38:99:cd:5b:84:84:ce:ed:99:79:
3f:e5:22:6d:4f:5c:14:a5:a8:a9:5f:4f:b3:36:b5:c9:e0:01:
86:93:57:1e:29:3c:42:bc:b4:b1:06:60:19:ee:6d:e5:df:a3:
a2:c1:c3:35:00:49:6c:c8:4c:33:2e:bf:85:bb:9b:f2:28:6e:
cf:5c:5b:d1:b8:cd:e5:11:b4:6c:e3:6b:ce:49:a4:4b:5f:3f:
bd:f7:ff:38:b1:f5:d5:33:a5:41:46:eb:b9:2b:a2:6c:5b:46:
57:f0:e6:cf:63:88:58:43:ae:15:7a:82:98:60:1a:09:ef:c1:
f5:9c:ef:b4
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICDKAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUIwNkMxMTAvBgNVBAUTKEM4MzQ5M0MwMjk3Q0NCNThEMjgzNzk0NkQ2MDYzRjE0
QTdERUU5ODYwHhcNMjMwNjA0MTIyODEwWhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02NDdjODM1YS1jOWE2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoi2RrO1HIeDYzuvDwcX9SGsXsL2urGSl27jz0zHn9Sb/15rcWdRwDRxc9+yT
QLZQmALQB3yvf3/rZnkJ4RGINlRBP/jT89FbfRbvbg5xIwmqEGSzp1ljNnLUYs6X
Ymdv/A9mEd1or2hV1nsAYQOcM/b3LvxKEqLdqd0Q13s/FdkYfgrOAWS4Vw3Tgu/A
DqB9gar+k6K+rci0ysOiu0sy96HhZxeabthhaX2glh+yM70ghxUlBzSOEXERt3BV
nXmjOl78hKjFkdzkE/Ikbwg6/pMsoGVRLmGbai0PWaPwT4kmXiV8r8MmstNKMtjl
vEbcni3/FVMa1rvrqb5GcAN8LwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFLRhoRtY
Bf1PRbCSMRLwYvQ/b6VlMB8GA1UdIwQYMBaAFMg0k8ApfMtY0oN5RtYGPxSn3umG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QjA2Qy9FOUQ2MkU3NEZF
QUUxMUU4OTEwRDRENjZDNEY5QUUwMi95RFNUd0NsOHkxalNnM2xHMWdZX0ZLZmU2
WVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lEU1R3Q2w4eTFqU2czbEcxZ1lfRktmZTZZWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUIwNkMvRTlENjJFNzRGRUFFMTFFODkxMEQ0RDY2QzRGOUFFMDIvNDQ1NjgwRjYw
MkQzMTFFRTg4RTU1QjgwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAQ7mAAwDQQCAAIwBwMFACQEG0AwDQYJKoZIhvcNAQELBQAD
ggEBAFBLUrfUYJXnRsIG82axIOUo91fbkMGRzKjUBpCZ6iS7BfPg4xbqubl4PfEn
T8CouxLKwzWDCeKNcdtKjJEL+bs7xZxfa2QZC/iJ/nGEhoRVmIUYDr+0B2sJbagI
fbMZIEqVaCXknIojjCLim8BlhV3CcikcCtR01CdxLWf7XRXJo0bk95tcOJnNW4SE
zu2ZeT/lIm1PXBSlqKlfT7M2tcngAYaTVx4pPEK8tLEGYBnubeXfo6LBwzUASWzI
TDMuv4W7m/Iobs9cW9G4zeURtGzja85JpEtfP733/zix9dUzpUFG67kromxbRlfw
5s9jiFhDrhV6gphgGgnvwfWc77Q=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:48 2024 by rpki-client on console-ams.rpki-client.org