Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C7633/81DB5F821D7F11EB8AECD529C4F9AE02/DDFE4672243D11EE8F4C323FC4F9AE02.roa
File: DDFE4672243D11EE8F4C323FC4F9AE02.roa (raw, json)
Hash identifier: sBqSyN8EiGAZQF0g+8MRiz599XbSWkRNd7/ptCDX8iw=
Subject key identifier: D9:C7:1D:FD:FA:35:13:47:95:9B:0B:5A:8B:50:1C:DD:9C:93:9A:22
Certificate issuer: /CN=A91C7633/serialNumber=F1293940856BFD03AAA12C2DC952AEEB5486B1D8
Certificate serial: 0603
Authority key identifier: F1:29:39:40:85:6B:FD:03:AA:A1:2C:2D:C9:52:AE:EB:54:86:B1:D8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/8Sk5QIVr_QOqoSwtyVKu61SGsdg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C7633/81DB5F821D7F11EB8AECD529C4F9AE02/DDFE4672243D11EE8F4C323FC4F9AE02.roa
Signing time: Mon 17 Jul 2023 01:04:23 +0000
ROA not before: Mon 17 Jul 2023 01:04:23 +0000
ROA not after: Tue 31 Oct 2023 00:00:00 +0000
asID: 133579
IP address blocks: 101.100.129.0/24 maxlen: 24
101.100.130.0/24 maxlen: 24
101.100.131.0/24 maxlen: 24
101.100.132.0/24 maxlen: 24
101.100.133.0/24 maxlen: 24
101.100.134.0/24 maxlen: 24
101.100.135.0/24 maxlen: 24
101.100.136.0/24 maxlen: 24
101.100.137.0/24 maxlen: 24
101.100.138.0/24 maxlen: 24
101.100.139.0/24 maxlen: 24
101.100.140.0/24 maxlen: 24
101.100.141.0/24 maxlen: 24
101.100.142.0/24 maxlen: 24
101.100.143.0/24 maxlen: 24
101.100.144.0/24 maxlen: 24
101.100.145.0/24 maxlen: 24
101.100.146.0/24 maxlen: 24
101.100.147.0/24 maxlen: 24
101.100.148.0/24 maxlen: 24
101.100.149.0/24 maxlen: 24
101.100.150.0/24 maxlen: 24
101.100.151.0/24 maxlen: 24
101.100.152.0/24 maxlen: 24
101.100.153.0/24 maxlen: 24
101.100.154.0/24 maxlen: 24
101.100.155.0/24 maxlen: 24
101.100.156.0/24 maxlen: 24
101.100.158.0/24 maxlen: 24
101.100.159.0/24 maxlen: 24
103.237.40.0/24 maxlen: 24
103.237.41.0/24 maxlen: 24
103.237.42.0/24 maxlen: 24
103.237.43.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1539 (0x603)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C7633/serialNumber=F1293940856BFD03AAA12C2DC952AEEB5486B1D8
Validity
Not Before: Jul 17 01:04:23 2023 GMT
Not After : Oct 31 00:00:00 2023 GMT
Subject: CN=64b49397-e48b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:87:5a:7b:d2:35:79:d1:39:b9:3d:a0:7b:bf:
eb:5c:03:1f:b0:90:a8:e8:38:53:89:ed:1d:eb:08:
2a:e2:f0:b8:ec:cd:f7:85:30:84:b8:9f:0b:51:c9:
3c:e4:5b:c3:6c:4a:64:59:c1:9f:50:e6:d6:d6:fd:
71:6f:5a:25:db:12:f8:91:97:8e:91:c8:d6:af:7e:
71:82:0c:92:cb:ac:33:30:f6:33:a7:95:ba:52:b5:
5d:56:1c:19:ae:33:b6:5b:d2:46:f4:be:ec:05:79:
ca:9c:49:3b:d5:4a:6d:62:70:57:5d:76:8e:7b:9e:
f1:e4:98:d4:94:2e:4f:b5:b9:c7:da:37:ac:6d:84:
a7:56:6a:c4:86:73:bf:ec:75:5a:f1:fe:a4:bc:5c:
e8:89:ab:a6:29:f8:17:e2:2e:d6:f8:bc:3f:fc:21:
f5:3a:7d:26:a3:f7:0c:de:6e:e4:e7:cf:59:8f:01:
ac:a9:66:e6:45:d1:ac:c1:21:3d:9f:f8:a2:21:c3:
29:c6:1d:d0:25:e5:d7:b0:49:9d:08:8f:0c:2b:dd:
06:9a:06:89:a7:d3:57:ef:65:48:a2:61:67:df:47:
1a:29:55:19:e4:2b:0d:f3:88:b0:b8:be:02:9b:37:
66:dd:d8:02:9e:ae:b2:91:23:8e:62:f7:bc:b1:bc:
ea:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:C7:1D:FD:FA:35:13:47:95:9B:0B:5A:8B:50:1C:DD:9C:93:9A:22
X509v3 Authority Key Identifier:
keyid:F1:29:39:40:85:6B:FD:03:AA:A1:2C:2D:C9:52:AE:EB:54:86:B1:D8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C7633/81DB5F821D7F11EB8AECD529C4F9AE02/8Sk5QIVr_QOqoSwtyVKu61SGsdg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/8Sk5QIVr_QOqoSwtyVKu61SGsdg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C7633/81DB5F821D7F11EB8AECD529C4F9AE02/DDFE4672243D11EE8F4C323FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
101.100.129.0-101.100.156.255
101.100.158.0/23
103.237.40.0/22
Signature Algorithm: sha256WithRSAEncryption
20:06:a7:5c:a7:37:6c:d1:c9:57:fe:87:2a:80:fa:e6:ee:54:
eb:f3:d4:4b:03:5e:3d:6c:d5:4c:5f:64:be:f0:69:be:3d:d7:
56:d9:5a:24:2d:35:9e:3b:87:6a:9a:ff:16:25:ba:4e:9a:c0:
2c:16:7a:bc:c7:ca:88:8c:62:b4:54:36:70:6b:04:6e:56:d3:
8c:64:ef:0d:5c:79:f3:d1:72:af:55:7c:17:ed:0b:d3:4e:8c:
8e:47:b3:dd:3c:70:22:f4:49:81:7c:6e:3a:2d:6b:86:af:d6:
75:33:d4:5c:28:41:44:bf:89:df:b1:0f:8c:ff:bc:68:75:11:
ad:22:ef:6e:ac:92:37:9c:e8:a9:bc:c3:ab:50:49:2b:d2:c0:
e9:f3:ae:33:6e:44:dc:d5:72:24:65:c6:ad:a2:7b:aa:6b:a0:
ac:7e:72:9d:59:dc:3d:a9:62:e0:c4:5c:28:4f:19:03:b5:9d:
2c:50:91:3f:d1:17:34:13:a8:ad:60:d5:8d:88:a4:d1:3e:c5:
48:41:e0:c2:5f:12:f6:23:f3:99:c8:49:9e:39:42:1e:e8:c0:
79:4c:58:5b:65:4f:fc:6b:bd:72:1d:70:5f:11:6e:5d:a3:cb:
2e:93:21:f2:fe:67:3c:00:f9:e5:2d:54:24:8b:01:63:bd:6c:
02:fe:7a:5c
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICBgMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Qzc2MzMxMTAvBgNVBAUTKEYxMjkzOTQwODU2QkZEMDNBQUExMkMyREM5NTJBRUVC
NTQ4NkIxRDgwHhcNMjMwNzE3MDEwNDIzWhcNMjMxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGI0OTM5Ny1lNDhiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArIdae9I1edE5uT2ge7/rXAMfsJCo6DhTie0d6wgq4vC47M33hTCEuJ8LUck8
5FvDbEpkWcGfUObW1v1xb1ol2xL4kZeOkcjWr35xggySy6wzMPYzp5W6UrVdVhwZ
rjO2W9JG9L7sBXnKnEk71UptYnBXXXaOe57x5JjUlC5PtbnH2jesbYSnVmrEhnO/
7HVa8f6kvFzoiaumKfgX4i7W+Lw//CH1On0mo/cM3m7k589ZjwGsqWbmRdGswSE9
n/iiIcMpxh3QJeXXsEmdCI8MK90GmgaJp9NX72VIomFn30caKVUZ5CsN84iwuL4C
mzdm3dgCnq6ykSOOYve8sbzq0wIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFNnHHf36
NRNHlZsLWotQHN2ck5oiMB8GA1UdIwQYMBaAFPEpOUCFa/0DqqEsLclSrutUhrHY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDNzYzMy84MURCNUY4MjFE
N0YxMUVCOEFFQ0Q1MjlDNEY5QUUwMi84U2s1UUlWcl9RT3FvU3d0eVZLdTYxU0dz
ZGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzhTazVRSVZyX1FPcW9Td3R5Vkt1NjFTR3NkZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Qzc2MzMvODFEQjVGODIxRDdGMTFFQjhBRUNENTI5QzRGOUFFMDIvRERGRTQ2NzIy
NDNEMTFFRThGNEMzMjNGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBowDAMEAGVkgQMEAGVknAMEAWVkngMEAmftKDANBgkqhkiG9w0B
AQsFAAOCAQEAIAanXKc3bNHJV/6HKoD65u5U6/PUSwNePWzVTF9kvvBpvj3XVtla
JC01njuHapr/FiW6TprALBZ6vMfKiIxitFQ2cGsEblbTjGTvDVx589Fyr1V8F+0L
006Mjkez3TxwIvRJgXxuOi1rhq/WdTPUXChBRL+J37EPjP+8aHURrSLvbqySN5zo
qbzDq1BJK9LA6fOuM25E3NVyJGXGraJ7qmugrH5ynVncPali4MRcKE8ZA7WdLFCR
P9EXNBOorWDVjYik0T7FSEHgwl8S9iPzmchJnjlCHujAeUxYW2VP/Gu9ch1wXxFu
XaPLLpMh8v5nPAD55S1UJIsBY71sAv56XA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:40 2024 by rpki-client on console-fra.rpki-client.org