Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/AFFB52ACEA2611ED8A9F301CC4F9AE02.roa
File: AFFB52ACEA2611ED8A9F301CC4F9AE02.roa (raw, json)
Hash identifier: IJGqyMp/A1u+Di0AIaB9Lxxur+h2YnGUymZZc8D/ecw=
Subject key identifier: 3C:A7:1A:2E:57:71:C5:50:E2:51:42:4C:20:D6:E2:E9:34:48:4C:6E
Certificate issuer: /CN=A91CA496/serialNumber=A03969BAFFD67AAB75D493837FA1C7C69FFB2717
Certificate serial: 28E3
Authority key identifier: A0:39:69:BA:FF:D6:7A:AB:75:D4:93:83:7F:A1:C7:C6:9F:FB:27:17
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oDlpuv_Weqt11JODf6HHxp_7Jxc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/AFFB52ACEA2611ED8A9F301CC4F9AE02.roa
Signing time: Thu 04 May 2023 02:52:20 +0000
ROA not before: Thu 04 May 2023 02:52:20 +0000
ROA not after: Wed 01 May 2024 00:00:00 +0000
asID: 3507
IP address blocks: 183.90.185.0/24 maxlen: 24
183.90.186.0/24 maxlen: 24
183.90.191.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10467 (0x28e3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CA496/serialNumber=A03969BAFFD67AAB75D493837FA1C7C69FFB2717
Validity
Not Before: May 4 02:52:20 2023 GMT
Not After : May 1 00:00:00 2024 GMT
Subject: CN=64531de4-0f11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:31:f3:5c:f1:cd:47:02:22:13:6a:f6:c0:89:
e5:56:76:c6:07:c9:37:df:2b:72:e5:d1:97:11:73:
72:cc:2d:66:ce:49:1e:da:b2:aa:4a:32:73:6e:24:
c9:34:49:51:8b:80:ac:40:2e:d2:ac:43:97:e7:76:
4e:ee:0a:a1:c0:44:a9:c2:da:42:4c:e1:15:94:44:
c9:60:9c:a2:2b:c1:97:41:e1:17:45:f1:44:29:e1:
4d:49:47:03:a9:86:1d:4e:11:40:ee:32:84:cf:9f:
dd:50:c6:95:dd:fb:a9:b3:43:cb:ff:b1:98:9d:68:
c8:92:f9:ba:48:0c:d9:71:ad:69:af:a6:52:a3:4a:
e7:a8:18:1e:4d:9d:db:54:7c:25:51:3a:70:df:64:
9c:30:c2:87:1e:8e:97:22:36:bc:a7:0c:45:20:35:
24:cb:2b:a5:43:3f:cc:80:5b:c5:71:26:49:cb:c0:
75:bb:17:3f:9c:91:30:d0:6f:61:25:07:b7:c5:8f:
19:dd:a5:75:6e:7f:e6:de:6e:9a:e9:11:3a:24:57:
24:b0:07:fa:55:f7:d0:d8:e0:a6:f0:5a:58:fe:86:
4d:db:54:1f:15:ef:9b:64:6c:ca:be:8c:43:2b:cd:
f6:38:87:ce:d4:2a:7a:8e:55:39:c7:db:c4:2d:af:
fa:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:A7:1A:2E:57:71:C5:50:E2:51:42:4C:20:D6:E2:E9:34:48:4C:6E
X509v3 Authority Key Identifier:
keyid:A0:39:69:BA:FF:D6:7A:AB:75:D4:93:83:7F:A1:C7:C6:9F:FB:27:17
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/oDlpuv_Weqt11JODf6HHxp_7Jxc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oDlpuv_Weqt11JODf6HHxp_7Jxc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/AFFB52ACEA2611ED8A9F301CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
183.90.185.0-183.90.186.255
183.90.191.0/24
Signature Algorithm: sha256WithRSAEncryption
96:ca:16:e4:2d:5c:cb:25:58:4e:4e:ea:45:46:39:c9:64:28:
d3:54:86:0c:50:8b:a9:c8:8c:e5:36:21:6e:cf:e5:e4:13:8b:
f0:4a:ad:e3:7e:99:61:be:87:02:10:b3:fe:d7:2f:0a:67:85:
22:a5:ac:81:d7:7d:7e:c1:65:78:2f:07:d8:c3:84:65:be:02:
e1:65:8c:2b:3a:71:de:70:ae:f7:46:e1:1d:55:f8:55:3f:c1:
3e:47:78:58:a9:d5:6e:dc:50:9f:8e:1f:0a:d0:7a:c5:7f:c9:
d3:17:8e:5a:39:a2:76:30:6f:3a:a3:a4:e4:14:5b:eb:64:aa:
67:7d:35:49:88:72:10:08:a4:7a:3a:76:7d:89:2b:79:d9:47:
82:27:a7:49:23:38:5e:f4:d3:00:9a:06:8b:ba:1e:62:24:f6:
c3:b4:f9:79:92:e0:56:a2:51:dc:5c:e9:76:10:a9:68:5a:04:
e4:f0:52:82:0c:ba:27:8b:2c:54:e7:16:f2:79:cf:eb:24:e5:
0a:2f:c8:32:dd:c4:72:e6:ed:5a:68:8c:59:c2:a5:76:d5:69:
50:f4:33:51:35:e7:d2:95:0c:eb:08:26:0e:b6:66:17:dc:85:
a7:a6:bb:d4:c9:dc:d6:15:85:63:dd:5b:13:e9:30:9a:89:14:
6d:22:1b:ea
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICKOMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0E0OTYxMTAvBgNVBAUTKEEwMzk2OUJBRkZENjdBQUI3NUQ0OTM4MzdGQTFDN0M2
OUZGQjI3MTcwHhcNMjMwNTA0MDI1MjIwWhcNMjQwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDUzMWRlNC0wZjExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2zHzXPHNRwIiE2r2wInlVnbGB8k33yty5dGXEXNyzC1mzkke2rKqSjJzbiTJ
NElRi4CsQC7SrEOX53ZO7gqhwESpwtpCTOEVlETJYJyiK8GXQeEXRfFEKeFNSUcD
qYYdThFA7jKEz5/dUMaV3fups0PL/7GYnWjIkvm6SAzZca1pr6ZSo0rnqBgeTZ3b
VHwlUTpw32ScMMKHHo6XIja8pwxFIDUkyyulQz/MgFvFcSZJy8B1uxc/nJEw0G9h
JQe3xY8Z3aV1bn/m3m6a6RE6JFcksAf6VffQ2OCm8FpY/oZN21QfFe+bZGzKvoxD
K832OIfO1Cp6jlU5x9vELa/6uQIDAQABo4ICozCCAp8wHQYDVR0OBBYEFDynGi5X
ccVQ4lFCTCDW4uk0SExuMB8GA1UdIwQYMBaAFKA5abr/1nqrddSTg3+hx8af+ycX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQTQ5Ni9GQjEyQTI3ODND
MEYxMUU0Qjc4OEZGNEFDNEY5QUUwMi9vRGxwdXZfV2VxdDExSk9EZjZISHhwXzdK
eGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29EbHB1dl9XZXF0MTFKT0RmNkhIeHBfN0p4Yy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0E0OTYvRkIxMkEyNzgzQzBGMTFFNEI3ODhGRjRBQzRGOUFFMDIvQUZGQjUyQUNF
QTI2MTFFRDhBOUYzMDFDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQwDAMEALdauQMEALdaugMEALdavzANBgkqhkiG9w0BAQsFAAOC
AQEAlsoW5C1cyyVYTk7qRUY5yWQo01SGDFCLqciM5TYhbs/l5BOL8Eqt436ZYb6H
AhCz/tcvCmeFIqWsgdd9fsFleC8H2MOEZb4C4WWMKzpx3nCu90bhHVX4VT/BPkd4
WKnVbtxQn44fCtB6xX/J0xeOWjmidjBvOqOk5BRb62SqZ301SYhyEAikejp2fYkr
edlHgienSSM4XvTTAJoGi7oeYiT2w7T5eZLgVqJR3FzpdhCpaFoE5PBSggy6J4ss
VOcW8nnP6yTlCi/IMt3EcubtWmiMWcKldtVpUPQzUTXn0pUM6wgmDrZmF9yFp6a7
1Mnc1hWFY91bE+kwmokUbSIb6g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:26 2024 by rpki-client on console-ams.rpki-client.org