Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/B04AC0108FCA11EC8E58E40AC4F9AE02.roa
File: B04AC0108FCA11EC8E58E40AC4F9AE02.roa (raw, json)
Hash identifier: pNedhkWJcCI1q/FzCAWcvmD7l9oJSmX8ux3YnuX1lBE=
Subject key identifier: 0A:E6:D9:08:C1:69:E3:9B:07:01:8A:77:74:97:1A:90:94:30:A3:7B
Certificate issuer: /CN=A91CA496/serialNumber=A03969BAFFD67AAB75D493837FA1C7C69FFB2717
Certificate serial: 269E
Authority key identifier: A0:39:69:BA:FF:D6:7A:AB:75:D4:93:83:7F:A1:C7:C6:9F:FB:27:17
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oDlpuv_Weqt11JODf6HHxp_7Jxc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/B04AC0108FCA11EC8E58E40AC4F9AE02.roa
Signing time: Tue 01 Mar 2022 16:22:08 +0000
ROA not before: Tue 01 Mar 2022 16:22:08 +0000
ROA not after: Mon 01 May 2023 00:00:00 +0000
asID: 133405
IP address blocks: 43.243.120.0/24 maxlen: 24
43.243.121.0/24 maxlen: 24
2401:a280::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9886 (0x269e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CA496/serialNumber=A03969BAFFD67AAB75D493837FA1C7C69FFB2717
Validity
Not Before: Mar 1 16:22:08 2022 GMT
Not After : May 1 00:00:00 2023 GMT
Subject: CN=621e4830-effe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:cb:fe:7f:c3:85:5a:32:cd:80:6b:40:61:a1:
60:9d:35:db:c6:9a:72:c4:a9:61:ef:fc:b0:7e:17:
59:e5:d2:33:88:22:01:5e:d7:eb:2b:e8:df:32:3f:
ab:c2:f8:d4:ad:5b:a5:83:69:2c:92:b2:92:fc:dc:
7e:8e:e9:ad:46:01:c9:78:d5:84:18:b7:19:93:7c:
73:a5:eb:a7:f2:d8:16:93:f1:24:df:17:86:4c:7d:
1c:eb:71:0a:a4:4b:f6:49:55:85:d4:18:14:ad:2c:
9e:ea:55:0a:8c:3e:ef:3c:c4:4b:e3:5d:17:2a:c0:
9f:41:4c:7a:a9:7c:99:39:05:b6:90:a3:29:5a:90:
34:7d:87:8e:db:3c:10:f0:62:41:9f:3f:85:91:1d:
61:99:e0:c4:b4:84:f0:76:88:41:9d:65:4f:ce:49:
a6:49:50:4d:62:55:b0:98:30:e9:c7:37:41:d3:3a:
29:28:97:e2:17:6d:b3:db:4c:b9:a5:c3:a4:66:57:
a4:1f:ed:1d:f6:8f:18:fb:e2:59:18:5a:3e:9e:b3:
2c:2b:2d:e1:a0:0a:95:b0:f7:d0:d5:6c:ee:32:0b:
36:92:31:0e:50:7c:6a:ff:6e:87:52:df:36:af:21:
3f:f7:62:f3:ea:b3:34:72:52:dc:3a:b0:35:79:7b:
3b:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:E6:D9:08:C1:69:E3:9B:07:01:8A:77:74:97:1A:90:94:30:A3:7B
X509v3 Authority Key Identifier:
keyid:A0:39:69:BA:FF:D6:7A:AB:75:D4:93:83:7F:A1:C7:C6:9F:FB:27:17
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/oDlpuv_Weqt11JODf6HHxp_7Jxc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oDlpuv_Weqt11JODf6HHxp_7Jxc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/B04AC0108FCA11EC8E58E40AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.243.120.0/23
IPv6:
2401:a280::/32
Signature Algorithm: sha256WithRSAEncryption
a8:5d:f3:d7:c2:bf:9e:c0:86:30:c5:19:e1:dc:ba:eb:02:9b:
a5:81:57:d5:11:2a:01:6d:17:ea:7a:2b:bc:8f:b7:e1:51:75:
3f:8e:70:19:ac:27:fa:86:36:c8:99:b6:cf:33:65:81:bf:fa:
10:cf:7e:f1:af:62:27:db:98:3e:fe:b1:a1:ea:ac:c0:c0:ca:
f6:34:07:cf:9f:f0:b7:8e:00:53:34:58:b5:6d:c3:83:1f:bb:
16:25:88:87:5a:0e:60:46:af:bb:e3:be:20:a5:96:b6:22:ef:
f8:cd:f3:32:c1:f6:14:cc:4f:58:c9:10:22:fb:82:04:a9:d9:
80:00:65:1a:e3:f0:0c:bc:69:60:a8:b7:b8:c5:53:ca:4b:09:
e9:c6:1e:41:d4:a0:17:22:b2:d4:e4:f9:45:b8:26:fc:34:95:
82:c6:a3:8f:6a:b3:f0:ff:70:f3:a2:3f:9f:0c:cb:56:9b:3f:
78:14:43:35:b0:83:a6:63:98:26:f1:91:db:84:84:db:4d:55:
5a:9e:d7:92:ed:05:ba:0b:0a:39:e1:cb:82:ef:e7:c1:56:e2:
45:13:d4:60:40:ae:a7:99:3c:27:f5:af:63:4f:5c:ae:ae:1c:
b6:60:b4:ba:f7:57:f5:7e:53:82:ac:ca:2a:24:01:07:d9:15:
46:03:0a:1f
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICJp4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0E0OTYxMTAvBgNVBAUTKEEwMzk2OUJBRkZENjdBQUI3NUQ0OTM4MzdGQTFDN0M2
OUZGQjI3MTcwHhcNMjIwMzAxMTYyMjA4WhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjFlNDgzMC1lZmZlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxMv+f8OFWjLNgGtAYaFgnTXbxppyxKlh7/ywfhdZ5dIziCIBXtfrK+jfMj+r
wvjUrVulg2kskrKS/Nx+jumtRgHJeNWEGLcZk3xzpeun8tgWk/Ek3xeGTH0c63EK
pEv2SVWF1BgUrSye6lUKjD7vPMRL410XKsCfQUx6qXyZOQW2kKMpWpA0fYeO2zwQ
8GJBnz+FkR1hmeDEtITwdohBnWVPzkmmSVBNYlWwmDDpxzdB0zopKJfiF22z20y5
pcOkZlekH+0d9o8Y++JZGFo+nrMsKy3hoAqVsPfQ1WzuMgs2kjEOUHxq/26HUt82
ryE/92Lz6rM0clLcOrA1eXs7DwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFArm2QjB
aeObBwGKd3SXGpCUMKN7MB8GA1UdIwQYMBaAFKA5abr/1nqrddSTg3+hx8af+ycX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQTQ5Ni9GQjEyQTI3ODND
MEYxMUU0Qjc4OEZGNEFDNEY5QUUwMi9vRGxwdXZfV2VxdDExSk9EZjZISHhwXzdK
eGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29EbHB1dl9XZXF0MTFKT0RmNkhIeHBfN0p4Yy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0E0OTYvRkIxMkEyNzgzQzBGMTFFNEI3ODhGRjRBQzRGOUFFMDIvQjA0QUMwMTA4
RkNBMTFFQzhFNThFNDBBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAEr83gwDQQCAAIwBwMFACQBooAwDQYJKoZIhvcNAQELBQAD
ggEBAKhd89fCv57AhjDFGeHcuusCm6WBV9URKgFtF+p6K7yPt+FRdT+OcBmsJ/qG
NsiZts8zZYG/+hDPfvGvYifbmD7+saHqrMDAyvY0B8+f8LeOAFM0WLVtw4MfuxYl
iIdaDmBGr7vjviCllrYi7/jN8zLB9hTMT1jJECL7ggSp2YAAZRrj8Ay8aWCot7jF
U8pLCenGHkHUoBcistTk+UW4Jvw0lYLGo49qs/D/cPOiP58My1abP3gUQzWwg6Zj
mCbxkduEhNtNVVqe15LtBboLCjnhy4Lv58FW4kUT1GBArqeZPCf1r2NPXK6uHLZg
tLr3V/V+U4KsyiokAQfZFUYDCh8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:40 2024 by rpki-client on console-fra.rpki-client.org