Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C4D7C/4CF65A86DE3C11EC954ECA59C4F9AE02/34583D42E1DD11EC9EEC002CC4F9AE02.roa
File: 34583D42E1DD11EC9EEC002CC4F9AE02.roa (raw, json)
Hash identifier: PFrI3VCG1WQwWMMcwA/3VEwDeWMREgitfFaArd8Uy9A=
Subject key identifier: 29:C5:EC:9A:07:F2:06:C8:AB:D4:5A:9E:62:1A:BE:FD:41:45:91:7A
Certificate issuer: /CN=A91C4D7C/serialNumber=CA960B652B78670AFA3E0927C2849989F9F954CE
Certificate serial: 0F
Authority key identifier: CA:96:0B:65:2B:78:67:0A:FA:3E:09:27:C2:84:99:89:F9:F9:54:CE
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ypYLZSt4Zwr6PgknwoSZifn5VM4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C4D7C/4CF65A86DE3C11EC954ECA59C4F9AE02/34583D42E1DD11EC9EEC002CC4F9AE02.roa
Signing time: Wed 01 Jun 2022 19:01:13 +0000
ROA not before: Wed 01 Jun 2022 19:01:12 +0000
ROA not after: Mon 31 Oct 2022 00:00:00 +0000
asID: 399686
IP address blocks: 103.171.26.0/23 maxlen: 24
2407:bd40:188::/48 maxlen: 48
2407:bd40:8000::/36 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15 (0xf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C4D7C/serialNumber=CA960B652B78670AFA3E0927C2849989F9F954CE
Validity
Not Before: Jun 1 19:01:12 2022 GMT
Not After : Oct 31 00:00:00 2022 GMT
Subject: CN=6297b778-7d5a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:9c:e1:3f:50:f5:48:f5:a0:20:8d:3d:57:e9:
c1:73:0d:1b:d6:7e:75:c7:20:9a:f5:aa:02:17:0f:
eb:74:a9:f5:c7:fb:11:b7:1d:d8:fa:9c:2c:52:85:
66:12:34:19:7a:bc:73:a2:de:fb:e2:15:f0:ab:9d:
92:5b:26:ec:d6:5e:0d:ed:a2:06:cc:e8:db:72:eb:
37:04:8a:de:10:cc:30:56:e9:f4:3d:3b:74:61:a5:
62:9c:59:f8:d8:ca:8e:af:b0:07:a3:6d:6f:08:7d:
27:47:07:68:18:92:59:5f:4f:90:4c:f6:82:a9:f7:
5e:88:ef:f9:a6:13:c9:b5:c0:fc:d7:d1:fd:69:8b:
e2:28:7b:35:2d:0f:5b:d4:a3:a6:70:db:f8:de:7d:
26:0f:a0:f5:3b:f2:a2:02:64:bb:f9:fb:3b:8c:26:
3f:10:d8:2c:e7:8f:d9:79:67:b6:5c:a7:c4:51:2a:
6d:d8:dc:be:1f:6d:c3:4a:f0:22:54:64:d0:32:3c:
a6:61:e7:8e:46:67:ce:6b:ce:6f:e3:61:7e:17:1c:
3a:1c:e3:a5:3a:5e:3c:d9:dc:e6:32:7c:9d:8d:78:
c9:28:0a:ac:f5:30:c9:57:4d:2e:42:55:fc:f2:d7:
70:d8:ea:7d:13:7d:00:bd:4c:82:38:4b:7f:16:6c:
f0:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:C5:EC:9A:07:F2:06:C8:AB:D4:5A:9E:62:1A:BE:FD:41:45:91:7A
X509v3 Authority Key Identifier:
keyid:CA:96:0B:65:2B:78:67:0A:FA:3E:09:27:C2:84:99:89:F9:F9:54:CE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C4D7C/4CF65A86DE3C11EC954ECA59C4F9AE02/ypYLZSt4Zwr6PgknwoSZifn5VM4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ypYLZSt4Zwr6PgknwoSZifn5VM4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C4D7C/4CF65A86DE3C11EC954ECA59C4F9AE02/34583D42E1DD11EC9EEC002CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.171.26.0/23
IPv6:
2407:bd40:188::/48
2407:bd40:8000::/36
Signature Algorithm: sha256WithRSAEncryption
2e:0a:1d:eb:de:75:9b:4e:1e:93:7e:e3:39:6e:e2:00:db:82:
a4:ef:c3:e9:40:72:a8:c2:39:06:ff:b0:59:af:51:a0:67:15:
84:1d:51:a8:cf:db:e7:9b:f3:22:fa:f3:57:9c:ac:6c:57:de:
ea:9f:77:6f:63:a1:5a:b3:d2:3e:49:93:d6:04:ee:95:3c:d0:
9b:d4:ca:74:1c:07:59:d2:7e:fb:68:69:01:11:9d:ff:ee:9b:
ea:2f:50:03:0f:5e:26:cf:a7:7b:bf:25:17:21:ca:51:b2:8f:
8a:e1:83:e6:f1:e8:8e:0c:55:b5:8b:ba:1f:0c:3f:52:eb:2d:
94:e4:ce:e5:73:ed:03:6a:73:ae:e8:c4:55:aa:61:6b:4c:e6:
6f:d5:50:82:82:04:6d:f1:7c:dc:31:26:1c:24:6e:3d:ef:f4:
b6:c5:72:d3:60:4e:f5:f6:bc:f5:1d:03:7a:f6:a1:bc:eb:fb:
ab:b4:d4:84:9c:66:59:a5:d2:8d:cc:23:57:64:7f:e4:de:8b:
70:1c:75:b7:6a:6c:e2:4b:2c:eb:16:5e:ec:a0:22:af:a1:bd:
6b:d0:03:01:4f:fc:8d:05:1d:ee:ba:5a:af:79:2c:92:c3:ee:
fe:28:b4:f2:30:95:0f:41:ca:49:d9:06:89:43:b3:5c:e0:ab:
6e:29:ca:59
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
NEQ3QzExMC8GA1UEBRMoQ0E5NjBCNjUyQjc4NjcwQUZBM0UwOTI3QzI4NDk5ODlG
OUY5NTRDRTAeFw0yMjA2MDExOTAxMTJaFw0yMjEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYyOTdiNzc4LTdkNWEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCtnOE/UPVI9aAgjT1X6cFzDRvWfnXHIJr1qgIXD+t0qfXH+xG3Hdj6nCxShWYS
NBl6vHOi3vviFfCrnZJbJuzWXg3togbM6Nty6zcEit4QzDBW6fQ9O3RhpWKcWfjY
yo6vsAejbW8IfSdHB2gYkllfT5BM9oKp916I7/mmE8m1wPzX0f1pi+IoezUtD1vU
o6Zw2/jefSYPoPU78qICZLv5+zuMJj8Q2Cznj9l5Z7Zcp8RRKm3Y3L4fbcNK8CJU
ZNAyPKZh545GZ85rzm/jYX4XHDoc46U6XjzZ3OYyfJ2NeMkoCqz1MMlXTS5CVfzy
13DY6n0TfQC9TII4S38WbPDnAgMBAAGjggKuMIICqjAdBgNVHQ4EFgQUKcXsmgfy
Bsir1FqeYhq+/UFFkXowHwYDVR0jBBgwFoAUypYLZSt4Zwr6PgknwoSZifn5VM4w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUM0RDdDLzRDRjY1QTg2REUz
QzExRUM5NTRFQ0E1OUM0RjlBRTAyL3lwWUxaU3Q0WndyNlBna253b1NaaWZuNVZN
NC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIveXBZTFpTdDRad3I2UGdrbndvU1ppZm41Vk00LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
NEQ3Qy80Q0Y2NUE4NkRFM0MxMUVDOTU0RUNBNTlDNEY5QUUwMi8zNDU4M0Q0MkUx
REQxMUVDOUVFQzAwMkNDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA4BggrBgEFBQcBBwEB/wQp
MCcwDAQCAAEwBgMEAWerGjAXBAIAAjARAwcAJAe9QAGIAwYEJAe9QIAwDQYJKoZI
hvcNAQELBQADggEBAC4KHevedZtOHpN+4zlu4gDbgqTvw+lAcqjCOQb/sFmvUaBn
FYQdUajP2+eb8yL681ecrGxX3uqfd29joVqz0j5Jk9YE7pU80JvUynQcB1nSfvto
aQERnf/um+ovUAMPXibPp3u/JRchylGyj4rhg+bx6I4MVbWLuh8MP1LrLZTkzuVz
7QNqc67oxFWqYWtM5m/VUIKCBG3xfNwxJhwkbj3v9LbFctNgTvX2vPUdA3r2obzr
+6u01IScZlml0o3MI1dkf+Tei3AcdbdqbOJLLOsWXuygIq+hvWvQAwFP/I0FHe66
Wq95LJLD7v4otPIwlQ9ByknZBolDs1zgq24pylk=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:04 2023 by rpki-client on console-ams.rpki-client.org