Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C9D2A/5525F5E03DC111EAAF98CB35C4F9AE02/4BC3B23807D111EF98B3611FC4F9AE02.roa
File: 4BC3B23807D111EF98B3611FC4F9AE02.roa (raw, json)
Hash identifier: pxXlVNc/IIc1rB9qBh50eSLEyCoUcOWnSaNi44zFdkU=
Subject key identifier: 2A:02:3F:FB:83:47:5F:80:10:20:98:C5:C7:8A:21:EB:3F:EE:95:B3
Certificate issuer: /CN=A91C9D2A/serialNumber=C99EF20F9F0B0077C70D5D7300E0BBFD8721EFFF
Certificate serial: 0A7D
Authority key identifier: C9:9E:F2:0F:9F:0B:00:77:C7:0D:5D:73:00:E0:BB:FD:87:21:EF:FF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yZ7yD58LAHfHDV1zAOC7_Ych7_8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C9D2A/5525F5E03DC111EAAF98CB35C4F9AE02/4BC3B23807D111EF98B3611FC4F9AE02.roa
Signing time: Wed 01 May 2024 15:41:37 +0000
ROA not before: Wed 01 May 2024 15:41:37 +0000
ROA not after: Tue 30 Jul 2024 00:00:00 +0000
asID: 38047
IP address blocks: 150.242.36.0/24 maxlen: 24
150.242.38.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2685 (0xa7d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C9D2A/serialNumber=C99EF20F9F0B0077C70D5D7300E0BBFD8721EFFF
Validity
Not Before: May 1 15:41:37 2024 GMT
Not After : Jul 30 00:00:00 2024 GMT
Subject: CN=663262b1-4e59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:57:03:92:e2:70:8a:50:11:3f:10:66:5d:0c:
a5:3f:f0:ce:98:bb:52:84:61:38:5e:4e:7b:cc:f3:
12:1e:ce:5e:90:b1:f3:d5:db:4a:ff:ac:9b:54:ef:
f0:fe:d2:b7:a8:16:20:17:98:60:ac:4d:30:ec:6d:
28:f3:ea:fc:4c:97:a8:3a:2b:89:07:76:b8:15:7b:
13:c3:3d:4c:de:8c:9b:e2:63:95:c9:61:85:a0:d7:
57:b7:6f:6a:22:fa:39:f2:91:3c:2e:eb:71:be:35:
5a:a7:d1:68:a5:75:3f:67:ee:93:38:50:78:4c:a4:
20:2f:3a:1d:b5:4f:8a:69:3c:e8:5e:0a:1b:43:23:
fb:7e:10:a6:7e:96:b8:67:e8:72:1d:1e:6f:cd:1f:
a3:7e:33:17:23:56:8f:5b:3a:c4:cd:af:a2:ad:2f:
22:eb:76:82:c7:31:0c:22:eb:a1:fe:71:82:e4:62:
8a:9f:7d:37:13:ce:71:76:3d:1c:17:cd:58:aa:7e:
25:53:ff:60:40:5f:d2:14:e3:dc:ae:cd:54:3a:69:
cb:d8:26:aa:eb:c4:df:f8:b2:dd:dc:d4:8d:db:5d:
74:2c:e3:90:e9:80:d4:fd:ee:4b:87:53:f5:06:e0:
2a:a1:10:0e:65:6b:5d:63:5c:44:e0:f5:82:32:12:
1a:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:02:3F:FB:83:47:5F:80:10:20:98:C5:C7:8A:21:EB:3F:EE:95:B3
X509v3 Authority Key Identifier:
keyid:C9:9E:F2:0F:9F:0B:00:77:C7:0D:5D:73:00:E0:BB:FD:87:21:EF:FF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C9D2A/5525F5E03DC111EAAF98CB35C4F9AE02/yZ7yD58LAHfHDV1zAOC7_Ych7_8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yZ7yD58LAHfHDV1zAOC7_Ych7_8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C9D2A/5525F5E03DC111EAAF98CB35C4F9AE02/4BC3B23807D111EF98B3611FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
150.242.36.0/24
150.242.38.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:fb:ec:27:f2:80:30:ac:a3:4c:50:05:df:66:30:75:b1:e8:
3d:6e:66:36:40:25:b6:b6:a4:ed:f1:4b:50:a9:5e:29:c3:25:
4b:4a:03:36:5f:a1:5d:5b:c0:b3:6d:cb:b2:dc:38:fd:1a:df:
5d:5b:80:1b:86:46:e2:73:a0:f7:38:5a:08:e6:be:d4:d2:5d:
8a:06:3e:06:d1:37:2e:95:2d:b4:d7:17:64:d7:57:9c:76:3f:
f4:91:ad:c6:35:d2:a0:20:db:e1:f7:2a:f1:a7:1f:88:af:ec:
d7:0e:57:d7:1c:de:eb:e0:0a:cc:5a:0b:e6:be:6f:05:b7:8a:
18:fd:b7:59:6d:64:24:e7:1c:9a:f0:98:b0:ac:3c:63:54:cc:
39:c6:1f:65:cf:62:f2:76:db:d6:95:e9:07:b2:1e:81:c2:7c:
57:21:ff:99:fb:3e:0b:07:59:3f:3d:73:c4:c0:17:75:ae:75:
ee:26:d9:b0:d8:81:75:3e:1c:58:9e:dd:2b:4d:64:07:54:a4:
0e:63:2c:a2:8d:a8:97:0d:33:ca:6e:84:a0:fd:b1:25:db:ce:
b8:60:47:71:40:2e:50:8d:ce:bc:cd:d9:ef:23:cf:17:ef:d2:
63:e2:60:54:bb:13:33:02:25:f6:8e:f1:9f:c4:7a:f3:fe:3a:
0e:0b:ea:de
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICCn0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzlEMkExMTAvBgNVBAUTKEM5OUVGMjBGOUYwQjAwNzdDNzBENUQ3MzAwRTBCQkZE
ODcyMUVGRkYwHhcNMjQwNTAxMTU0MTM3WhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjMyNjJiMS00ZTU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAolcDkuJwilARPxBmXQylP/DOmLtShGE4Xk57zPMSHs5ekLHz1dtK/6ybVO/w
/tK3qBYgF5hgrE0w7G0o8+r8TJeoOiuJB3a4FXsTwz1M3oyb4mOVyWGFoNdXt29q
Ivo58pE8LutxvjVap9FopXU/Z+6TOFB4TKQgLzodtU+KaTzoXgobQyP7fhCmfpa4
Z+hyHR5vzR+jfjMXI1aPWzrEza+irS8i63aCxzEMIuuh/nGC5GKKn303E85xdj0c
F81Yqn4lU/9gQF/SFOPcrs1UOmnL2Caq68Tf+LLd3NSN2110LOOQ6YDU/e5Lh1P1
BuAqoRAOZWtdY1xE4PWCMhIa7QIDAQABo4ICmzCCApcwHQYDVR0OBBYEFCoCP/uD
R1+AECCYxceKIes/7pWzMB8GA1UdIwQYMBaAFMme8g+fCwB3xw1dcwDgu/2HIe//
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDOUQyQS81NTI1RjVFMDNE
QzExMUVBQUY5OENCMzVDNEY5QUUwMi95Wjd5RDU4TEFIZkhEVjF6QU9DN19ZY2g3
XzguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3laN3lENThMQUhmSERWMXpBT0M3X1ljaDdfOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzlEMkEvNTUyNUY1RTAzREMxMTFFQUFGOThDQjM1QzRGOUFFMDIvNEJDM0IyMzgw
N0QxMTFFRjk4QjM2MTFGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBACW8iQDBACW8iYwDQYJKoZIhvcNAQELBQADggEBAE777Cfy
gDCso0xQBd9mMHWx6D1uZjZAJba2pO3xS1CpXinDJUtKAzZfoV1bwLNty7LcOP0a
311bgBuGRuJzoPc4WgjmvtTSXYoGPgbRNy6VLbTXF2TXV5x2P/SRrcY10qAg2+H3
KvGnH4iv7NcOV9cc3uvgCsxaC+a+bwW3ihj9t1ltZCTnHJrwmLCsPGNUzDnGH2XP
YvJ229aV6QeyHoHCfFch/5n7PgsHWT89c8TAF3Wude4m2bDYgXU+HFie3StNZAdU
pA5jLKKNqJcNM8puhKD9sSXbzrhgR3FALlCNzrzN2e8jzxfv0mPiYFS7EzMCJfaO
8Z/EevP+Og4L6t4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:26 2024 by rpki-client on console-ams.rpki-client.org