Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91BF979/1B465AA69EED11EC9381DF0CC4F9AE02/156F05309F5411ECBFA5C51CC4F9AE02.roa
File: 156F05309F5411ECBFA5C51CC4F9AE02.roa (raw, json)
Hash identifier: QQ/cBQW71JBc3iBQ4Rd7QibZScyWecckArYSiKEFzNc=
Subject key identifier: CA:A5:FE:9A:E9:2D:4F:45:D4:CA:65:5C:FA:20:CC:1E:BF:FA:F0:C6
Certificate issuer: /CN=A91BF979/serialNumber=311510B620B6E0CD422E1C2B6E952B6048A5F1E2
Certificate serial: 02
Authority key identifier: 31:15:10:B6:20:B6:E0:CD:42:2E:1C:2B:6E:95:2B:60:48:A5:F1:E2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MRUQtiC24M1CLhwrbpUrYEil8eI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91BF979/1B465AA69EED11EC9381DF0CC4F9AE02/156F05309F5411ECBFA5C51CC4F9AE02.roa
Signing time: Wed 09 Mar 2022 02:53:23 +0000
ROA not before: Wed 09 Mar 2022 02:53:23 +0000
ROA not after: Thu 01 Dec 2022 00:00:00 +0000
asID: 135025
IP address blocks: 103.204.60.0/22 maxlen: 22
103.204.60.0/24 maxlen: 24
103.204.61.0/24 maxlen: 24
103.204.62.0/24 maxlen: 24
103.204.63.0/24 maxlen: 24
202.136.92.0/22 maxlen: 22
202.136.92.0/24 maxlen: 24
202.136.93.0/24 maxlen: 24
202.136.94.0/24 maxlen: 24
202.136.95.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91BF979/serialNumber=311510B620B6E0CD422E1C2B6E952B6048A5F1E2
Validity
Not Before: Mar 9 02:53:23 2022 GMT
Not After : Dec 1 00:00:00 2022 GMT
Subject: CN=622816a3-5b3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:5a:f7:9a:56:a2:e4:40:8f:ce:14:ec:56:54:
b8:cc:76:12:5c:21:be:af:3b:36:8b:c3:88:a7:5d:
36:73:bb:0d:92:55:05:25:f9:9e:85:5d:f0:aa:f2:
cd:c3:e8:97:75:94:da:36:c9:25:7f:b1:2d:3d:84:
66:98:92:0c:fe:7c:dd:f8:89:3b:50:7e:d5:d2:a2:
f8:48:24:94:c5:7d:fa:95:3e:64:b9:dd:c9:65:87:
b4:80:fc:de:4b:9c:8d:70:4d:32:02:55:e7:61:93:
24:45:0e:8c:52:35:12:04:0b:a9:2a:81:36:6c:76:
be:1c:00:94:c5:14:10:43:d0:38:38:fa:8d:9e:16:
c8:c7:b8:06:f8:7e:f3:67:01:84:2d:b2:19:98:54:
27:b6:09:07:00:de:3d:d7:62:96:b1:d6:a1:08:64:
37:ac:15:3d:fe:8d:34:34:01:a5:8a:4a:08:b2:ed:
a7:7a:01:08:96:77:ae:44:ff:44:d7:62:c1:94:04:
86:04:43:7e:e5:dc:6b:91:c0:43:84:7e:8c:23:a7:
d5:19:32:70:cc:c0:99:97:ba:29:40:bc:5e:cd:4d:
aa:03:cf:e1:01:47:3a:52:eb:db:0d:e4:18:58:e5:
23:d7:47:97:0e:9d:68:f3:c4:35:e3:af:2b:1f:7f:
44:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:A5:FE:9A:E9:2D:4F:45:D4:CA:65:5C:FA:20:CC:1E:BF:FA:F0:C6
X509v3 Authority Key Identifier:
keyid:31:15:10:B6:20:B6:E0:CD:42:2E:1C:2B:6E:95:2B:60:48:A5:F1:E2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91BF979/1B465AA69EED11EC9381DF0CC4F9AE02/MRUQtiC24M1CLhwrbpUrYEil8eI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MRUQtiC24M1CLhwrbpUrYEil8eI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BF979/1B465AA69EED11EC9381DF0CC4F9AE02/156F05309F5411ECBFA5C51CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.204.60.0/22
202.136.92.0/22
Signature Algorithm: sha256WithRSAEncryption
7a:0a:4c:95:00:ee:8c:41:83:46:a4:62:21:7f:90:76:98:e5:
33:2f:11:53:2c:52:02:a1:8e:72:b6:5a:1a:50:cb:cc:ea:88:
d9:64:75:19:66:4a:16:d8:f4:e3:cb:ef:ac:60:91:90:06:7b:
00:6e:1a:fa:40:50:e9:15:2c:82:61:68:72:2b:3f:3a:4c:68:
29:64:63:49:af:1d:54:6b:a8:e4:1c:7b:bb:41:34:73:30:58:
12:32:84:58:42:6f:8b:a7:1a:01:d5:2f:4b:f8:f2:1c:91:f5:
a6:b8:1f:fc:ef:b8:35:9c:d6:97:22:20:2d:6a:14:7a:cc:e4:
30:64:ae:d2:15:0e:23:8a:43:5b:40:87:a8:3d:d7:1d:7c:66:
b5:b1:bc:2a:b3:d6:99:b4:c8:24:41:9a:d1:cc:5f:af:3a:7e:
3a:a3:7d:70:68:c6:02:ef:b8:d4:25:75:5e:c0:83:bf:94:95:
87:85:de:86:1f:62:93:99:1c:cd:17:4c:42:35:ca:79:96:20:
87:77:0d:a6:1a:14:7c:7c:1c:ae:a8:6a:4c:c8:af:9d:49:86:
37:90:dd:8f:d7:f6:af:de:d0:8a:25:77:3d:a8:9e:b7:dc:73:
0d:34:e9:f3:d1:3d:0c:2c:63:4e:92:37:96:59:d0:04:5b:49:
bd:2c:d5:fe
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
Rjk3OTExMC8GA1UEBRMoMzExNTEwQjYyMEI2RTBDRDQyMkUxQzJCNkU5NTJCNjA0
OEE1RjFFMjAeFw0yMjAzMDkwMjUzMjNaFw0yMjEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYyMjgxNmEzLTViM2QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDCWveaVqLkQI/OFOxWVLjMdhJcIb6vOzaLw4inXTZzuw2SVQUl+Z6FXfCq8s3D
6Jd1lNo2ySV/sS09hGaYkgz+fN34iTtQftXSovhIJJTFffqVPmS53cllh7SA/N5L
nI1wTTICVedhkyRFDoxSNRIEC6kqgTZsdr4cAJTFFBBD0Dg4+o2eFsjHuAb4fvNn
AYQtshmYVCe2CQcA3j3XYpax1qEIZDesFT3+jTQ0AaWKSgiy7ad6AQiWd65E/0TX
YsGUBIYEQ37l3GuRwEOEfowjp9UZMnDMwJmXuilAvF7NTaoDz+EBRzpS69sN5BhY
5SPXR5cOnWjzxDXjrysff0Q1AgMBAAGjggKbMIIClzAdBgNVHQ4EFgQUyqX+mukt
T0XUymVc+iDMHr/68MYwHwYDVR0jBBgwFoAUMRUQtiC24M1CLhwrbpUrYEil8eIw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUJGOTc5LzFCNDY1QUE2OUVF
RDExRUM5MzgxREYwQ0M0RjlBRTAyL01SVVF0aUMyNE0xQ0xod3JicFVyWUVpbDhl
SS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvTVJVUXRpQzI0TTFDTGh3cmJwVXJZRWlsOGVJLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
Rjk3OS8xQjQ2NUFBNjlFRUQxMUVDOTM4MURGMENDNEY5QUUwMi8xNTZGMDUzMDlG
NTQxMUVDQkZBNUM1MUNDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEAmfMPAMEAsqIXDANBgkqhkiG9w0BAQsFAAOCAQEAegpMlQDu
jEGDRqRiIX+QdpjlMy8RUyxSAqGOcrZaGlDLzOqI2WR1GWZKFtj048vvrGCRkAZ7
AG4a+kBQ6RUsgmFocis/OkxoKWRjSa8dVGuo5Bx7u0E0czBYEjKEWEJvi6caAdUv
S/jyHJH1prgf/O+4NZzWlyIgLWoUeszkMGSu0hUOI4pDW0CHqD3XHXxmtbG8KrPW
mbTIJEGa0cxfrzp+OqN9cGjGAu+41CV1XsCDv5SVh4Xehh9ik5kczRdMQjXKeZYg
h3cNphoUfHwcrqhqTMivnUmGN5Ddj9f2r97QiiV3Paiet9xzDTTp89E9DCxjTpI3
llnQBFtJvSzV/g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:39 2024 by rpki-client on console-fra.rpki-client.org