Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CEAA2/D2AB292C1D9911E2BA529A8608B02CD2/B2C73B66F3F911EAB9D11D26C4F9AE02.roa
File: B2C73B66F3F911EAB9D11D26C4F9AE02.roa (raw, json)
Hash identifier: Y0MBzkJ4X5PeEnEJnMq29pciy5StUsdMVZJYKtuer2c=
Subject key identifier: 8C:BB:98:81:20:EE:9E:C8:B5:9A:64:D4:76:0D:3C:D5:66:1E:A2:CE
Certificate issuer: /CN=A91CEAA2/serialNumber=FF495293CB5F15E5D14BACC2DB1052B2E2C825C8
Certificate serial: 3183
Authority key identifier: FF:49:52:93:CB:5F:15:E5:D1:4B:AC:C2:DB:10:52:B2:E2:C8:25:C8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_0lSk8tfFeXRS6zC2xBSsuLIJcg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CEAA2/D2AB292C1D9911E2BA529A8608B02CD2/B2C73B66F3F911EAB9D11D26C4F9AE02.roa
Signing time: Wed 11 May 2022 04:00:45 +0000
ROA not before: Wed 11 May 2022 04:00:45 +0000
ROA not after: Mon 31 Oct 2022 00:00:00 +0000
asID: 16509
IP address blocks: 116.214.100.0/24 maxlen: 24
116.214.101.0/24 maxlen: 24
202.75.240.0/24 maxlen: 24
202.75.241.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12675 (0x3183)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CEAA2/serialNumber=FF495293CB5F15E5D14BACC2DB1052B2E2C825C8
Validity
Not Before: May 11 04:00:45 2022 GMT
Not After : Oct 31 00:00:00 2022 GMT
Subject: CN=627b34ec-2275
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:a2:03:e1:40:40:87:b7:78:8f:18:1d:83:60:
af:61:9f:03:06:54:d3:5f:41:be:7c:47:af:02:c8:
89:50:1a:ca:25:de:48:cf:ab:df:b2:0a:47:14:f8:
de:2e:9c:e8:c6:67:b3:c2:cc:09:2e:fc:bb:1a:a9:
a4:81:01:ab:57:bb:61:2c:dd:7a:3e:9b:db:6d:2f:
cc:a2:0e:2f:08:20:c0:90:1e:68:ad:e7:9e:db:27:
8e:85:b4:a3:66:0d:39:b5:76:de:6d:eb:78:61:a8:
71:75:bf:34:81:ec:65:a3:37:38:7f:fc:db:81:41:
c2:1c:7c:d0:cf:07:9b:71:c3:a9:2f:6b:65:c4:22:
7e:d5:d3:5c:01:4a:f1:e6:07:69:05:63:6a:2d:1e:
63:11:fe:e8:73:57:89:b8:a9:d9:70:ff:bb:39:42:
e5:3e:7b:55:82:90:dc:4a:55:d0:b9:65:4a:74:0f:
93:c8:8c:ea:3d:89:5c:85:c2:75:d6:bf:33:e3:4b:
7f:ef:95:b7:8d:22:70:cf:20:36:ef:95:fb:d6:d5:
f9:dc:46:39:d0:d1:f6:8b:23:50:74:15:4d:74:25:
a1:d2:1e:f6:c1:cc:31:1e:8f:2f:2d:95:2e:a8:9a:
81:7f:90:37:19:e6:3a:1b:7f:48:c5:64:e0:56:c3:
d6:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:BB:98:81:20:EE:9E:C8:B5:9A:64:D4:76:0D:3C:D5:66:1E:A2:CE
X509v3 Authority Key Identifier:
keyid:FF:49:52:93:CB:5F:15:E5:D1:4B:AC:C2:DB:10:52:B2:E2:C8:25:C8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CEAA2/D2AB292C1D9911E2BA529A8608B02CD2/_0lSk8tfFeXRS6zC2xBSsuLIJcg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_0lSk8tfFeXRS6zC2xBSsuLIJcg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CEAA2/D2AB292C1D9911E2BA529A8608B02CD2/B2C73B66F3F911EAB9D11D26C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
116.214.100.0/23
202.75.240.0/23
Signature Algorithm: sha256WithRSAEncryption
5a:a2:70:1c:26:0d:42:a7:e1:cb:c2:d7:0c:e9:43:6a:c8:ae:
10:d3:f5:4b:bd:82:36:c0:93:d5:fc:3f:34:06:ba:4e:cd:8a:
ac:a3:fc:83:b2:ed:6b:05:c6:e7:06:1c:b0:a2:ef:87:fb:cf:
f6:9a:18:3e:ec:dc:22:62:da:11:44:bc:5d:18:d5:2a:c4:4d:
b7:ce:16:5e:83:7f:b3:66:44:ce:5b:25:2d:b7:62:32:45:9c:
c0:68:e6:5d:a4:ca:5b:64:3d:04:ef:54:03:f6:8f:50:ea:8b:
d5:2f:b1:02:a5:39:d5:fc:37:e4:d6:c5:55:d6:96:07:f5:55:
e6:9f:ef:3f:d1:86:53:4b:8a:80:cd:4b:d4:bd:4a:cb:43:81:
d1:98:86:96:8a:ba:cc:10:60:3f:09:83:50:5c:ca:54:be:7a:
18:31:0e:5a:47:44:7c:74:da:0e:d0:4a:37:c1:d6:c5:bf:60:
b3:5c:25:65:f9:8e:be:90:0b:15:a4:e4:e8:f3:f6:f6:ac:0f:
79:ae:6b:bc:1d:40:c1:31:e1:80:4f:b2:3d:e6:5e:75:54:53:
c6:f7:e0:7a:7e:85:4d:d3:d1:e1:45:fb:0e:c2:0b:63:c5:ee:
89:85:3c:3b:22:71:93:77:22:5a:b6:e4:d9:46:ec:1a:e5:06:
b1:44:52:ea
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICMYMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0VBQTIxMTAvBgNVBAUTKEZGNDk1MjkzQ0I1RjE1RTVEMTRCQUNDMkRCMTA1MkIy
RTJDODI1QzgwHhcNMjIwNTExMDQwMDQ1WhcNMjIxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjdiMzRlYy0yMjc1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzqID4UBAh7d4jxgdg2CvYZ8DBlTTX0G+fEevAsiJUBrKJd5Iz6vfsgpHFPje
LpzoxmezwswJLvy7GqmkgQGrV7thLN16PpvbbS/Mog4vCCDAkB5oreee2yeOhbSj
Zg05tXbebet4Yahxdb80gexlozc4f/zbgUHCHHzQzwebccOpL2tlxCJ+1dNcAUrx
5gdpBWNqLR5jEf7oc1eJuKnZcP+7OULlPntVgpDcSlXQuWVKdA+TyIzqPYlchcJ1
1r8z40t/75W3jSJwzyA275X71tX53EY50NH2iyNQdBVNdCWh0h72wcwxHo8vLZUu
qJqBf5A3GeY6G39IxWTgVsPWTwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFIy7mIEg
7p7ItZpk1HYNPNVmHqLOMB8GA1UdIwQYMBaAFP9JUpPLXxXl0UuswtsQUrLiyCXI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRUFBMi9EMkFCMjkyQzFE
OTkxMUUyQkE1MjlBODYwOEIwMkNEMi9fMGxTazh0ZkZlWFJTNnpDMnhCU3N1TElK
Y2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL18wbFNrOHRmRmVYUlM2ekMyeEJTc3VMSUpjZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0VBQTIvRDJBQjI5MkMxRDk5MTFFMkJBNTI5QTg2MDhCMDJDRDIvQjJDNzNCNjZG
M0Y5MTFFQUI5RDExRDI2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAF01mQDBAHKS/AwDQYJKoZIhvcNAQELBQADggEBAFqicBwm
DUKn4cvC1wzpQ2rIrhDT9Uu9gjbAk9X8PzQGuk7Niqyj/IOy7WsFxucGHLCi74f7
z/aaGD7s3CJi2hFEvF0Y1SrETbfOFl6Df7NmRM5bJS23YjJFnMBo5l2kyltkPQTv
VAP2j1Dqi9UvsQKlOdX8N+TWxVXWlgf1Veaf7z/RhlNLioDNS9S9SstDgdGYhpaK
uswQYD8Jg1BcylS+ehgxDlpHRHx02g7QSjfB1sW/YLNcJWX5jr6QCxWk5Ojz9vas
D3mua7wdQMEx4YBPsj3mXnVUU8b34Hp+hU3T0eFF+w7CC2PF7omFPDsicZN3Ilq2
5NlG7BrlBrFEUuo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:27 2024 by rpki-client on console-ams.rpki-client.org