Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/C933326253E611EC949BFB3DC4F9AE02.roa
File: C933326253E611EC949BFB3DC4F9AE02.roa (raw, json)
Hash identifier: e6+vbRnbBOlPNdUf5g9Dfc86b3fgEsLduscFONay6Wc=
Subject key identifier: B2:AB:67:6A:D3:47:7D:63:D7:22:F8:19:9F:6F:0A:88:38:D7:D0:68
Certificate issuer: /CN=A91CA496/serialNumber=A03969BAFFD67AAB75D493837FA1C7C69FFB2717
Certificate serial: 269D
Authority key identifier: A0:39:69:BA:FF:D6:7A:AB:75:D4:93:83:7F:A1:C7:C6:9F:FB:27:17
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oDlpuv_Weqt11JODf6HHxp_7Jxc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/C933326253E611EC949BFB3DC4F9AE02.roa
Signing time: Tue 01 Mar 2022 16:22:07 +0000
ROA not before: Tue 01 Mar 2022 16:22:07 +0000
ROA not after: Mon 01 May 2023 00:00:00 +0000
asID: 133115
IP address blocks: 43.243.123.0/24 maxlen: 24
103.245.211.0/24 maxlen: 24
183.90.187.0/24 maxlen: 24
183.90.189.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9885 (0x269d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CA496/serialNumber=A03969BAFFD67AAB75D493837FA1C7C69FFB2717
Validity
Not Before: Mar 1 16:22:07 2022 GMT
Not After : May 1 00:00:00 2023 GMT
Subject: CN=621e482f-4cfc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:6e:88:c6:7c:5b:f3:7b:f8:85:df:95:8f:5e:
0b:26:9d:c3:7a:67:78:fd:80:4b:0b:2f:93:c0:79:
b4:95:ec:c4:ed:49:7c:0e:9e:38:43:1d:3b:fc:e4:
bc:24:0c:a5:47:65:ab:47:b8:bb:fa:1f:58:43:93:
49:34:40:ff:48:0b:c4:a7:5e:73:6a:f8:9f:df:23:
01:e9:aa:3f:ef:6b:60:c9:e6:1b:ae:2e:ff:66:45:
08:88:3a:16:ea:e8:85:f6:cf:01:e2:de:2c:54:7b:
ff:31:64:0e:7f:54:69:3c:ee:c6:6a:fe:44:43:2a:
45:88:31:8b:de:d1:03:38:56:37:01:b9:3b:49:05:
1b:63:2f:a8:0d:0c:3f:57:81:d8:3a:3a:a5:24:0b:
1a:78:55:8b:5d:6b:8e:28:ab:75:40:dd:21:ec:38:
ca:2f:13:86:9c:00:de:9f:25:e3:be:06:50:e3:a1:
12:2b:3f:7c:82:8f:70:ca:03:c8:31:64:a4:e0:04:
35:a3:06:a9:2e:c2:d2:09:a1:d5:ba:64:a7:1b:d6:
18:63:e8:1a:30:88:ed:77:9b:61:ec:33:ea:99:aa:
dc:b3:d2:80:39:32:4c:47:db:9a:2f:d8:05:12:37:
c2:70:6f:e8:1f:d1:bf:84:7c:d7:45:ff:23:cd:96:
65:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:AB:67:6A:D3:47:7D:63:D7:22:F8:19:9F:6F:0A:88:38:D7:D0:68
X509v3 Authority Key Identifier:
keyid:A0:39:69:BA:FF:D6:7A:AB:75:D4:93:83:7F:A1:C7:C6:9F:FB:27:17
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/oDlpuv_Weqt11JODf6HHxp_7Jxc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oDlpuv_Weqt11JODf6HHxp_7Jxc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/C933326253E611EC949BFB3DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.243.123.0/24
103.245.211.0/24
183.90.187.0/24
183.90.189.0/24
Signature Algorithm: sha256WithRSAEncryption
47:bd:4a:d9:e1:7a:26:31:9d:6e:1a:b0:c0:1f:02:a3:d6:80:
a3:57:35:35:51:2d:67:7f:4f:45:47:21:43:3a:f5:52:a3:fc:
29:94:3d:5c:a9:e7:e6:af:8f:94:e2:89:b4:72:9e:15:51:f7:
de:f8:4d:b0:f9:c6:f7:a1:14:8c:ac:7b:c4:d2:32:8e:5c:d1:
6f:a8:06:a0:6d:26:d5:15:8e:c2:3e:95:44:a4:c6:f9:37:11:
7d:fe:4a:e4:f4:74:25:e9:44:0c:59:69:25:ef:28:06:e2:87:
c6:a4:66:90:f7:1e:43:68:82:67:cf:6c:07:8d:13:51:db:20:
50:1f:cf:9a:1c:5d:3b:dd:2e:8d:34:00:13:b5:cb:2f:c4:9d:
54:36:f1:44:87:fa:f6:b4:de:ea:9d:0a:9c:a8:2b:75:5a:8a:
b1:54:0e:58:c2:81:db:1e:24:47:96:46:32:09:b1:d1:d3:dd:
c1:81:37:cd:63:df:3e:e8:ac:23:ad:cc:14:ca:8a:18:70:eb:
24:2e:30:ea:dc:5b:af:3b:e2:2f:83:0c:3a:b9:37:d1:c0:0d:
bf:59:ee:ca:f4:8e:7f:ea:24:93:73:01:ac:62:2a:98:8d:c9:
9b:4a:21:dc:53:79:f6:48:f9:64:d5:02:da:1e:8b:d7:7c:6f:
0e:5f:95:c1
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICJp0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0E0OTYxMTAvBgNVBAUTKEEwMzk2OUJBRkZENjdBQUI3NUQ0OTM4MzdGQTFDN0M2
OUZGQjI3MTcwHhcNMjIwMzAxMTYyMjA3WhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjFlNDgyZi00Y2ZjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAs26Ixnxb83v4hd+Vj14LJp3Demd4/YBLCy+TwHm0lezE7Ul8Dp44Qx07/OS8
JAylR2WrR7i7+h9YQ5NJNED/SAvEp15zavif3yMB6ao/72tgyeYbri7/ZkUIiDoW
6uiF9s8B4t4sVHv/MWQOf1RpPO7Gav5EQypFiDGL3tEDOFY3Abk7SQUbYy+oDQw/
V4HYOjqlJAsaeFWLXWuOKKt1QN0h7DjKLxOGnADenyXjvgZQ46ESKz98go9wygPI
MWSk4AQ1owapLsLSCaHVumSnG9YYY+gaMIjtd5th7DPqmarcs9KAOTJMR9uaL9gF
EjfCcG/oH9G/hHzXRf8jzZZl5QIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFLKrZ2rT
R31j1yL4GZ9vCog419BoMB8GA1UdIwQYMBaAFKA5abr/1nqrddSTg3+hx8af+ycX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQTQ5Ni9GQjEyQTI3ODND
MEYxMUU0Qjc4OEZGNEFDNEY5QUUwMi9vRGxwdXZfV2VxdDExSk9EZjZISHhwXzdK
eGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29EbHB1dl9XZXF0MTFKT0RmNkhIeHBfN0p4Yy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0E0OTYvRkIxMkEyNzgzQzBGMTFFNEI3ODhGRjRBQzRGOUFFMDIvQzkzMzMyNjI1
M0U2MTFFQzk0OUJGQjNEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBAAr83sDBABn9dMDBAC3WrsDBAC3Wr0wDQYJKoZIhvcNAQEL
BQADggEBAEe9StnheiYxnW4asMAfAqPWgKNXNTVRLWd/T0VHIUM69VKj/CmUPVyp
5+avj5TiibRynhVR9974TbD5xvehFIyse8TSMo5c0W+oBqBtJtUVjsI+lUSkxvk3
EX3+SuT0dCXpRAxZaSXvKAbih8akZpD3HkNogmfPbAeNE1HbIFAfz5ocXTvdLo00
ABO1yy/EnVQ28USH+va03uqdCpyoK3VairFUDljCgdseJEeWRjIJsdHT3cGBN81j
3z7orCOtzBTKihhw6yQuMOrcW6874i+DDDq5N9HADb9Z7sr0jn/qJJNzAaxiKpiN
yZtKIdxTefZI+WTVAtoei9d8bw5flcE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:26 2024 by rpki-client on console-ams.rpki-client.org