Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/0D6E1D8AA5EC11EE8E521143C4F9AE02.roa
File: 0D6E1D8AA5EC11EE8E521143C4F9AE02.roa (raw, json)
Hash identifier: K6LhmOEOZdjxvJmIL7tCAh0ACjcGAYX58EG8nQTxFMQ=
Subject key identifier: D7:17:21:7C:AC:6E:0C:95:69:22:9E:63:56:9A:45:96:38:2A:4E:20
Certificate issuer: /CN=A91C6504/serialNumber=0E44D19B7C9589B2342D051EB094493748DEEB4F
Certificate serial: 7F
Authority key identifier: 0E:44:D1:9B:7C:95:89:B2:34:2D:05:1E:B0:94:49:37:48:DE:EB:4F
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DkTRm3yVibI0LQUesJRJN0je608.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/0D6E1D8AA5EC11EE8E521143C4F9AE02.roa
Signing time: Fri 29 Dec 2023 01:46:15 +0000
ROA not before: Fri 29 Dec 2023 01:46:15 +0000
ROA not after: Thu 31 Oct 2024 00:00:00 +0000
asID: 136993
IP address blocks: 180.149.236.0/24 maxlen: 24
180.149.237.0/24 maxlen: 24
180.149.238.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 127 (0x7f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C6504/serialNumber=0E44D19B7C9589B2342D051EB094493748DEEB4F
Validity
Not Before: Dec 29 01:46:15 2023 GMT
Not After : Oct 31 00:00:00 2024 GMT
Subject: CN=658e24e7-e4bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:03:28:d9:a6:0e:4f:d9:5b:f7:33:bb:bd:e3:
67:40:ff:20:d5:f6:8c:da:03:3c:c9:b3:c3:36:ba:
79:e3:6e:be:1c:cb:d9:e3:ab:ce:27:01:ff:39:d8:
38:5b:5c:b6:50:21:a3:07:ee:00:2f:c1:c9:64:02:
82:e7:33:85:b0:9a:5a:a0:c1:f8:06:83:02:01:76:
58:e9:78:50:2e:4a:30:e2:a5:b3:38:6f:06:4b:a8:
9a:12:82:26:97:61:1e:21:fa:04:7e:95:bd:39:39:
aa:6b:8e:34:a4:85:ae:34:36:c4:da:0e:5d:37:06:
ec:04:af:fd:05:63:1c:6c:a8:5d:bd:f6:9c:eb:5e:
e5:db:83:4d:e7:de:b2:63:71:94:77:62:c5:41:a6:
97:0a:5e:27:3c:3e:5b:2f:e4:39:b8:16:6a:ac:11:
92:7d:33:8b:df:6c:7d:b1:26:d8:a6:22:cd:ca:4e:
11:76:80:70:9b:47:9e:47:9e:16:a0:0c:be:ed:43:
43:51:5a:15:86:57:4b:5d:e0:34:d7:bd:19:68:62:
da:d6:78:23:90:5a:c5:cf:bd:e1:f0:1f:55:72:ab:
2d:91:2a:64:28:59:f2:02:75:d6:47:95:82:b8:51:
46:4b:92:ff:36:46:f4:27:aa:aa:ae:15:6f:0e:05:
5c:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:17:21:7C:AC:6E:0C:95:69:22:9E:63:56:9A:45:96:38:2A:4E:20
X509v3 Authority Key Identifier:
keyid:0E:44:D1:9B:7C:95:89:B2:34:2D:05:1E:B0:94:49:37:48:DE:EB:4F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/DkTRm3yVibI0LQUesJRJN0je608.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DkTRm3yVibI0LQUesJRJN0je608.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/0D6E1D8AA5EC11EE8E521143C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
180.149.236.0/22
Signature Algorithm: sha256WithRSAEncryption
61:28:9b:49:9c:8e:85:f6:41:5b:d7:98:69:e4:f8:30:c0:64:
fe:88:dc:96:58:46:2a:b7:9c:9f:39:52:fd:ad:71:1e:d6:04:
ab:54:84:28:fa:91:54:ce:c5:c8:1a:69:24:42:e3:88:8a:bc:
ec:00:a9:fc:44:fe:dd:8f:4f:43:8b:0c:24:86:4b:e9:82:87:
be:bb:4f:69:a1:b8:d6:ca:7c:18:a4:24:6c:ed:ae:71:8e:6c:
89:cd:ae:2f:3b:34:82:a4:ff:12:49:1a:ed:8e:3f:7d:21:ad:
84:e3:e5:1f:f2:67:31:f2:8e:f3:67:b0:b0:0c:e3:c2:12:09:
14:52:f4:f0:d9:96:62:bd:d4:a2:8a:e6:a0:3c:c2:3c:51:32:
09:cf:25:ea:e5:3d:69:b7:cc:1e:64:d3:9e:66:1d:23:e9:ee:
6d:6c:7d:87:c4:94:33:72:be:7d:01:cb:ff:77:9f:fb:a5:3c:
be:39:84:54:b5:cf:4c:f4:60:79:b5:15:2b:bb:d3:2c:98:16:
5b:53:76:47:4f:a1:30:94:8b:58:e8:4c:e2:47:68:9d:e0:b8:
c6:36:7c:ec:1d:3e:e3:3d:81:cf:b1:f9:a8:e1:74:f0:1c:04:
03:3c:bc:9d:2e:4c:f2:4e:fd:2e:42:24:0f:79:a2:b2:a1:5a:
81:1f:a7:f9
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBfzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
NjUwNDExMC8GA1UEBRMoMEU0NEQxOUI3Qzk1ODlCMjM0MkQwNTFFQjA5NDQ5Mzc0
OERFRUI0RjAeFw0yMzEyMjkwMTQ2MTVaFw0yNDEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1OGUyNGU3LWU0YmIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC4AyjZpg5P2Vv3M7u942dA/yDV9ozaAzzJs8M2unnjbr4cy9njq84nAf852Dhb
XLZQIaMH7gAvwclkAoLnM4WwmlqgwfgGgwIBdljpeFAuSjDipbM4bwZLqJoSgiaX
YR4h+gR+lb05OaprjjSkha40NsTaDl03BuwEr/0FYxxsqF299pzrXuXbg03n3rJj
cZR3YsVBppcKXic8Plsv5Dm4FmqsEZJ9M4vfbH2xJtimIs3KThF2gHCbR55Hnhag
DL7tQ0NRWhWGV0td4DTXvRloYtrWeCOQWsXPveHwH1Vyqy2RKmQoWfICddZHlYK4
UUZLkv82RvQnqqquFW8OBVw7AgMBAAGjggKVMIICkTAdBgNVHQ4EFgQU1xchfKxu
DJVpIp5jVppFljgqTiAwHwYDVR0jBBgwFoAUDkTRm3yVibI0LQUesJRJN0je608w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUM2NTA0LzkxRTA2RTg0RUZB
NzExRUQ5QjI3MzU2RUM0RjlBRTAyL0RrVFJtM3lWaWJJMExRVWVzSlJKTjBqZTYw
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvRGtUUm0zeVZpYkkwTFFVZXNKUkpOMGplNjA4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
NjUwNC85MUUwNkU4NEVGQTcxMUVEOUIyNzM1NkVDNEY5QUUwMi8wRDZFMUQ4QUE1
RUMxMUVFOEU1MjExNDNDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEArSV7DANBgkqhkiG9w0BAQsFAAOCAQEAYSibSZyOhfZBW9eY
aeT4MMBk/ojcllhGKrecnzlS/a1xHtYEq1SEKPqRVM7FyBppJELjiIq87ACp/ET+
3Y9PQ4sMJIZL6YKHvrtPaaG41sp8GKQkbO2ucY5sic2uLzs0gqT/Ekka7Y4/fSGt
hOPlH/JnMfKO82ewsAzjwhIJFFL08NmWYr3UoormoDzCPFEyCc8l6uU9abfMHmTT
nmYdI+nubWx9h8SUM3K+fQHL/3ef+6U8vjmEVLXPTPRgebUVK7vTLJgWW1N2R0+h
MJSLWOhM4kdoneC4xjZ87B0+4z2Bz7H5qOF08BwEAzy8nS5M8k79LkIkD3misqFa
gR+n+Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:40 2024 by rpki-client on console-fra.rpki-client.org