Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91AB74D/D359568CA8DC11EB979DA50EC4F9AE02/296B3C825E6E11ED94AD2383C4F9AE02.roa
File: 296B3C825E6E11ED94AD2383C4F9AE02.roa (raw, json)
Hash identifier: vxlXw7s09fzFFNfajTea5JSbIJaxOBleoZ3QKhuzA9U=
Subject key identifier: 6A:B2:AD:77:50:79:17:5C:E2:05:F6:B3:28:3B:E6:C1:A1:EF:29:01
Certificate issuer: /CN=A91AB74D/serialNumber=3AF09D28CA487A9326631A6BE9BD9BDBAA18DA75
Certificate serial: 0428
Authority key identifier: 3A:F0:9D:28:CA:48:7A:93:26:63:1A:6B:E9:BD:9B:DB:AA:18:DA:75
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/OvCdKMpIepMmYxpr6b2b26oY2nU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91AB74D/D359568CA8DC11EB979DA50EC4F9AE02/296B3C825E6E11ED94AD2383C4F9AE02.roa
Signing time: Mon 07 Nov 2022 07:31:15 +0000
ROA not before: Mon 07 Nov 2022 07:31:15 +0000
ROA not after: Sun 30 Jul 2023 00:00:00 +0000
asID: 150317
IP address blocks: 147.136.188.0/22 maxlen: 22
147.136.188.0/23 maxlen: 23
147.136.188.0/24 maxlen: 24
147.136.189.0/24 maxlen: 24
147.136.190.0/23 maxlen: 23
147.136.190.0/24 maxlen: 24
147.136.191.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1064 (0x428)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91AB74D/serialNumber=3AF09D28CA487A9326631A6BE9BD9BDBAA18DA75
Validity
Not Before: Nov 7 07:31:15 2022 GMT
Not After : Jul 30 00:00:00 2023 GMT
Subject: CN=6368b443-2502
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:aa:58:91:f1:67:df:08:00:b9:f7:b0:52:2e:
ae:fc:c1:86:96:d5:ba:18:1e:e8:5e:0b:a8:08:6a:
92:d6:55:bf:2b:a0:d4:94:2c:5d:0a:77:af:ed:4b:
ba:b2:6b:9b:77:33:fc:76:88:03:77:70:63:39:78:
29:4d:0c:4e:52:a2:e5:05:58:b9:da:45:a0:52:7f:
f7:b9:aa:83:c9:d1:8e:1a:0e:d8:fd:58:4a:8c:95:
e2:65:f1:23:0d:b4:9c:48:96:f8:4f:d5:8e:b6:8a:
50:16:2e:7b:f9:7a:4d:55:f4:9e:6b:09:37:2e:79:
ae:09:4f:ab:cb:15:a8:7b:5c:7c:01:8c:0b:aa:fd:
10:43:7f:29:41:8a:c8:6c:7b:3d:d7:1b:f1:1a:7a:
a5:6b:a7:72:01:88:3b:8c:8f:55:65:48:a0:5f:82:
bb:15:94:cb:54:ea:45:8b:e7:1a:ce:0b:2d:f0:c0:
a2:21:17:40:f3:ca:0a:74:48:1b:72:5f:de:c0:c9:
79:eb:62:ef:b1:4b:71:a9:80:c1:8e:5c:aa:3f:d7:
21:83:56:53:98:ae:72:4f:64:61:67:fe:8f:b0:3b:
bd:13:a9:0d:f2:43:a3:c2:56:e1:c6:74:ef:23:e8:
a2:73:b5:8e:d2:cb:dc:2f:d8:0d:66:1a:a1:3a:60:
ab:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:B2:AD:77:50:79:17:5C:E2:05:F6:B3:28:3B:E6:C1:A1:EF:29:01
X509v3 Authority Key Identifier:
keyid:3A:F0:9D:28:CA:48:7A:93:26:63:1A:6B:E9:BD:9B:DB:AA:18:DA:75
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91AB74D/D359568CA8DC11EB979DA50EC4F9AE02/OvCdKMpIepMmYxpr6b2b26oY2nU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/OvCdKMpIepMmYxpr6b2b26oY2nU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AB74D/D359568CA8DC11EB979DA50EC4F9AE02/296B3C825E6E11ED94AD2383C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
147.136.188.0/22
Signature Algorithm: sha256WithRSAEncryption
cb:d7:a4:6c:64:ba:13:24:29:fd:5f:a4:c1:16:30:f8:38:11:
90:7c:2b:4a:6b:b3:03:0c:69:73:b6:8c:2b:b1:1a:d5:27:b9:
29:71:15:e9:b4:4d:0d:3e:a9:10:4a:af:58:6e:63:b4:11:5e:
5b:fa:4c:12:50:7a:79:ef:f1:8b:d2:86:ad:74:14:21:63:a1:
c5:1c:4a:ee:49:1d:0f:86:8c:24:28:d6:16:39:1f:b3:71:27:
47:fa:01:03:98:dd:65:8d:7b:a8:1e:e9:59:67:94:8b:29:b9:
09:10:21:f2:06:01:62:8a:ba:9b:12:3b:af:ec:7a:2f:b3:a5:
b2:27:76:59:3c:86:69:13:fe:dd:71:e3:25:1a:28:0e:d5:63:
e4:68:aa:bf:f8:03:34:d1:50:7d:4c:ed:6d:cd:8b:3a:c5:ee:
f2:8c:a9:84:1e:d8:2b:f9:02:75:e0:01:c4:00:c0:9e:a8:51:
ce:e1:cd:af:f4:1c:e0:98:8a:7e:87:e5:20:61:5b:a0:2a:81:
da:b5:0b:51:7f:7a:4d:8c:5e:38:f5:c8:08:28:d5:3d:71:02:
be:d3:25:77:8e:5b:9d:ec:23:4b:58:d0:90:7c:aa:b3:9e:46:
26:db:ba:5a:90:d4:d8:25:53:85:69:26:bc:bb:43:22:48:63:
c6:f5:54:1a
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBCgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUI3NEQxMTAvBgNVBAUTKDNBRjA5RDI4Q0E0ODdBOTMyNjYzMUE2QkU5QkQ5QkRC
QUExOERBNzUwHhcNMjIxMTA3MDczMTE1WhcNMjMwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzY4YjQ0My0yNTAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1KpYkfFn3wgAufewUi6u/MGGltW6GB7oXguoCGqS1lW/K6DUlCxdCnev7Uu6
smubdzP8dogDd3BjOXgpTQxOUqLlBVi52kWgUn/3uaqDydGOGg7Y/VhKjJXiZfEj
DbScSJb4T9WOtopQFi57+XpNVfSeawk3LnmuCU+ryxWoe1x8AYwLqv0QQ38pQYrI
bHs91xvxGnqla6dyAYg7jI9VZUigX4K7FZTLVOpFi+cazgst8MCiIRdA88oKdEgb
cl/ewMl562LvsUtxqYDBjlyqP9chg1ZTmK5yT2RhZ/6PsDu9E6kN8kOjwlbhxnTv
I+iic7WO0svcL9gNZhqhOmCrXwIDAQABo4IClTCCApEwHQYDVR0OBBYEFGqyrXdQ
eRdc4gX2syg75sGh7ykBMB8GA1UdIwQYMBaAFDrwnSjKSHqTJmMaa+m9m9uqGNp1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQjc0RC9EMzU5NTY4Q0E4
REMxMUVCOTc5REE1MEVDNEY5QUUwMi9PdkNkS01wSWVwTW1ZeHByNmIyYjI2b1ky
blUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL092Q2RLTXBJZXBNbVl4cHI2YjJiMjZvWTJuVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUI3NEQvRDM1OTU2OENBOERDMTFFQjk3OURBNTBFQzRGOUFFMDIvMjk2QjNDODI1
RTZFMTFFRDk0QUQyMzgzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAKTiLwwDQYJKoZIhvcNAQELBQADggEBAMvXpGxkuhMkKf1f
pMEWMPg4EZB8K0prswMMaXO2jCuxGtUnuSlxFem0TQ0+qRBKr1huY7QRXlv6TBJQ
ennv8YvShq10FCFjocUcSu5JHQ+GjCQo1hY5H7NxJ0f6AQOY3WWNe6ge6VlnlIsp
uQkQIfIGAWKKupsSO6/sei+zpbIndlk8hmkT/t1x4yUaKA7VY+Roqr/4AzTRUH1M
7W3NizrF7vKMqYQe2Cv5AnXgAcQAwJ6oUc7hza/0HOCYin6H5SBhW6Aqgdq1C1F/
ek2MXjj1yAgo1T1xAr7TJXeOW53sI0tY0JB8qrOeRibbulqQ1NglU4VpJry7QyJI
Y8b1VBo=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:01 2023 by rpki-client on console-ams.rpki-client.org