Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C9D2A/5525F5E03DC111EAAF98CB35C4F9AE02/4AF74CE807D111EF98B3611FC4F9AE02.roa
File: 4AF74CE807D111EF98B3611FC4F9AE02.roa (raw, json)
Hash identifier: uoHELotSXJX0lUk10JiuS2h9/omqOu9CGDxbq7mloL0=
Subject key identifier: 83:01:34:AB:33:5A:E2:9A:4F:F9:B2:B7:68:2C:E8:49:BF:64:F1:A9
Certificate issuer: /CN=A91C9D2A/serialNumber=C99EF20F9F0B0077C70D5D7300E0BBFD8721EFFF
Certificate serial: 0A7C
Authority key identifier: C9:9E:F2:0F:9F:0B:00:77:C7:0D:5D:73:00:E0:BB:FD:87:21:EF:FF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yZ7yD58LAHfHDV1zAOC7_Ych7_8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C9D2A/5525F5E03DC111EAAF98CB35C4F9AE02/4AF74CE807D111EF98B3611FC4F9AE02.roa
Signing time: Wed 01 May 2024 15:41:36 +0000
ROA not before: Wed 01 May 2024 15:41:36 +0000
ROA not after: Tue 30 Jul 2024 00:00:00 +0000
asID: 134176
IP address blocks: 150.242.36.0/22 maxlen: 22
150.242.36.0/24 maxlen: 24
150.242.37.0/24 maxlen: 24
150.242.38.0/24 maxlen: 24
2403:6dc0:1000::/36 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2684 (0xa7c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C9D2A/serialNumber=C99EF20F9F0B0077C70D5D7300E0BBFD8721EFFF
Validity
Not Before: May 1 15:41:36 2024 GMT
Not After : Jul 30 00:00:00 2024 GMT
Subject: CN=663262b0-dcb4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:cc:3e:13:a8:9d:83:50:7f:d9:68:e9:79:54:
a1:8d:33:e8:e7:61:86:79:10:1a:91:e6:55:cd:28:
1b:6c:a1:33:43:dc:34:34:02:11:d0:c6:8b:6f:9d:
72:83:c0:7f:32:fe:9e:23:fa:c5:68:78:66:81:0f:
55:90:7c:ae:46:fa:4a:c9:38:ff:06:58:8f:5c:81:
cd:d3:f0:24:78:d7:ba:36:d6:2c:86:50:66:28:c1:
9a:01:8c:f3:b9:64:3f:46:d2:1a:52:56:5c:dc:11:
6b:f2:20:bd:de:d9:25:12:88:f2:18:7a:49:93:87:
12:da:76:72:61:77:6d:20:00:af:d5:27:35:97:01:
fc:89:4e:a2:0f:5e:12:63:ef:fb:03:9b:51:18:8a:
6c:ce:be:30:c6:6a:5f:8b:fa:7b:3f:fd:4f:de:ac:
26:84:cb:e5:86:0a:07:7a:43:f3:ba:2d:42:40:f3:
63:5d:18:5d:80:16:0a:af:bb:4c:82:b4:c5:eb:cd:
26:3f:fb:92:be:88:e3:f6:8f:f5:9e:2b:86:ba:aa:
6d:6e:2b:34:fc:90:17:d7:0a:56:8d:b7:cf:50:cd:
d9:11:b4:04:78:67:98:ba:7c:2a:d0:2f:19:92:61:
bc:17:7d:0c:2f:fc:64:a9:49:05:61:35:f4:bc:2d:
c5:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:01:34:AB:33:5A:E2:9A:4F:F9:B2:B7:68:2C:E8:49:BF:64:F1:A9
X509v3 Authority Key Identifier:
keyid:C9:9E:F2:0F:9F:0B:00:77:C7:0D:5D:73:00:E0:BB:FD:87:21:EF:FF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C9D2A/5525F5E03DC111EAAF98CB35C4F9AE02/yZ7yD58LAHfHDV1zAOC7_Ych7_8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yZ7yD58LAHfHDV1zAOC7_Ych7_8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C9D2A/5525F5E03DC111EAAF98CB35C4F9AE02/4AF74CE807D111EF98B3611FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
150.242.36.0/22
IPv6:
2403:6dc0:1000::/36
Signature Algorithm: sha256WithRSAEncryption
a9:a2:59:8b:1c:4a:d3:2e:bf:cd:a0:bc:cc:1b:c7:bc:6e:91:
02:3a:85:0a:8c:be:a6:5d:eb:86:33:6e:56:17:d2:44:5d:b0:
c1:88:9d:9d:cb:73:1f:e6:14:06:d1:1c:79:e3:bf:95:69:16:
57:70:de:83:12:e7:e7:8f:d9:cf:d3:d3:02:17:ee:f3:b7:34:
8d:b2:96:c6:77:4e:e5:72:58:f1:f6:21:e7:24:55:5b:89:4f:
ed:66:4a:7c:19:e9:4d:37:a8:a5:96:74:61:15:3b:22:e6:2f:
45:6c:ba:db:eb:8a:63:ce:de:29:e0:89:7e:bb:99:52:66:13:
ee:96:87:ff:c0:29:6b:9f:aa:ee:72:17:17:ce:0b:0c:fd:99:
bf:b6:65:38:39:52:fb:c8:4f:79:f1:ef:df:5e:a5:d4:3f:f3:
45:66:d4:94:99:00:22:68:05:c4:ac:9f:53:31:69:b3:95:1f:
90:bb:1d:6b:57:18:6d:c3:5e:7e:aa:cf:a7:e8:c6:1c:fa:38:
23:44:39:24:ca:a3:bc:ea:4c:ba:1a:36:8d:59:0d:4c:86:cf:
b8:d7:e7:0c:9c:c0:53:09:94:a7:6f:f6:0e:33:28:8a:49:bc:
8b:0d:e4:41:f7:00:77:b0:62:d8:e3:79:d6:a5:7d:f0:b8:1b:
1b:e8:ae:86
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgICCnwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzlEMkExMTAvBgNVBAUTKEM5OUVGMjBGOUYwQjAwNzdDNzBENUQ3MzAwRTBCQkZE
ODcyMUVGRkYwHhcNMjQwNTAxMTU0MTM2WhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjMyNjJiMC1kY2I0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy8w+E6idg1B/2WjpeVShjTPo52GGeRAakeZVzSgbbKEzQ9w0NAIR0MaLb51y
g8B/Mv6eI/rFaHhmgQ9VkHyuRvpKyTj/BliPXIHN0/AkeNe6NtYshlBmKMGaAYzz
uWQ/RtIaUlZc3BFr8iC93tklEojyGHpJk4cS2nZyYXdtIACv1Sc1lwH8iU6iD14S
Y+/7A5tRGIpszr4wxmpfi/p7P/1P3qwmhMvlhgoHekPzui1CQPNjXRhdgBYKr7tM
grTF680mP/uSvojj9o/1niuGuqptbis0/JAX1wpWjbfPUM3ZEbQEeGeYunwq0C8Z
kmG8F30ML/xkqUkFYTX0vC3FKQIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFIMBNKsz
WuKaT/myt2gs6Em/ZPGpMB8GA1UdIwQYMBaAFMme8g+fCwB3xw1dcwDgu/2HIe//
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDOUQyQS81NTI1RjVFMDNE
QzExMUVBQUY5OENCMzVDNEY5QUUwMi95Wjd5RDU4TEFIZkhEVjF6QU9DN19ZY2g3
XzguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3laN3lENThMQUhmSERWMXpBT0M3X1ljaDdfOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzlEMkEvNTUyNUY1RTAzREMxMTFFQUFGOThDQjM1QzRGOUFFMDIvNEFGNzRDRTgw
N0QxMTFFRjk4QjM2MTFGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLwYIKwYBBQUHAQcBAf8E
IDAeMAwEAgABMAYDBAKW8iQwDgQCAAIwCAMGBCQDbcAQMA0GCSqGSIb3DQEBCwUA
A4IBAQCpolmLHErTLr/NoLzMG8e8bpECOoUKjL6mXeuGM25WF9JEXbDBiJ2dy3Mf
5hQG0Rx547+VaRZXcN6DEufnj9nP09MCF+7ztzSNspbGd07lcljx9iHnJFVbiU/t
Zkp8GelNN6illnRhFTsi5i9FbLrb64pjzt4p4Il+u5lSZhPulof/wClrn6ruchcX
zgsM/Zm/tmU4OVL7yE958e/fXqXUP/NFZtSUmQAiaAXErJ9TMWmzlR+Qux1rVxht
w15+qs+n6MYc+jgjRDkkyqO86ky6GjaNWQ1Mhs+41+cMnMBTCZSnb/YOMyiKSbyL
DeRB9wB3sGLY43nWpX3wuBsb6K6G
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:26 2024 by rpki-client on console-ams.rpki-client.org