Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91D176D/F02A35E8A91411EEB2712D3FC4F9AE02/D8829F98A93711EE8E5E9C0BC4F9AE02.roa
File: D8829F98A93711EE8E5E9C0BC4F9AE02.roa (raw, json)
Hash identifier: H4BlcfF+2qRPfBz3eUzkVJSC0Rfyy8KlWydhYYDpW5o=
Subject key identifier: 85:C1:19:AD:3B:0B:5F:40:C0:17:C8:F8:A1:7B:B8:13:CA:AC:AB:B4
Certificate issuer: /CN=A91D176D/serialNumber=AA0178EA78511A15B1470EBFC0C5721A70E2769F
Certificate serial: 2B
Authority key identifier: AA:01:78:EA:78:51:1A:15:B1:47:0E:BF:C0:C5:72:1A:70:E2:76:9F
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qgF46nhRGhWxRw6_wMVyGnDidp8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91D176D/F02A35E8A91411EEB2712D3FC4F9AE02/D8829F98A93711EE8E5E9C0BC4F9AE02.roa
Signing time: Tue 05 Mar 2024 07:49:26 +0000
ROA not before: Tue 05 Mar 2024 07:49:26 +0000
ROA not after: Thu 01 May 2025 00:00:00 +0000
asID: 23979
IP address blocks: 202.8.40.0/24 maxlen: 24
202.8.43.0/24 maxlen: 24
203.84.131.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 43 (0x2b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91D176D/serialNumber=AA0178EA78511A15B1470EBFC0C5721A70E2769F
Validity
Not Before: Mar 5 07:49:26 2024 GMT
Not After : May 1 00:00:00 2025 GMT
Subject: CN=65e6ce86-15fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:2a:a5:a9:c6:0f:c3:d1:ce:59:0f:a7:f6:dd:
fc:71:bb:76:4f:cc:a2:f3:be:f5:42:44:e6:3d:47:
14:2d:2b:b3:85:b9:38:aa:22:db:72:b9:d3:02:53:
ff:3d:b0:74:8b:ed:76:7e:0b:1f:f7:ea:d0:0e:ce:
90:9c:4f:71:9c:01:54:50:35:c0:48:bb:ba:68:dd:
f1:1f:02:78:5c:f4:20:fb:8f:b1:bd:c7:6b:f0:b0:
6b:60:a0:1c:77:77:ae:41:67:d0:f8:2e:fc:17:d3:
44:0d:ec:c6:87:cd:96:07:d2:e9:39:5a:5f:20:c6:
37:32:78:ae:e7:19:8b:b9:19:b0:3b:53:3c:25:40:
15:33:1d:fc:94:91:85:00:3a:b2:b4:1f:66:8a:7f:
e4:59:6c:de:d0:32:80:b1:90:02:11:2d:45:cd:93:
a3:a6:16:bf:3f:60:fd:af:4a:38:4e:23:00:88:32:
b0:65:16:a0:1c:10:05:b5:bd:92:d4:86:d5:12:79:
9a:5b:21:e8:4d:e9:7b:b4:7e:c6:83:c0:34:db:ca:
5b:cb:a0:c6:51:a3:a9:c3:2c:49:12:59:b5:79:2c:
87:43:ff:3f:11:5a:5a:c5:eb:ad:0a:7b:18:ed:94:
a0:71:f2:74:d1:cb:81:c2:9a:21:c7:a3:a3:1d:36:
bd:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:C1:19:AD:3B:0B:5F:40:C0:17:C8:F8:A1:7B:B8:13:CA:AC:AB:B4
X509v3 Authority Key Identifier:
keyid:AA:01:78:EA:78:51:1A:15:B1:47:0E:BF:C0:C5:72:1A:70:E2:76:9F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91D176D/F02A35E8A91411EEB2712D3FC4F9AE02/qgF46nhRGhWxRw6_wMVyGnDidp8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qgF46nhRGhWxRw6_wMVyGnDidp8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D176D/F02A35E8A91411EEB2712D3FC4F9AE02/D8829F98A93711EE8E5E9C0BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
202.8.40.0/24
202.8.43.0/24
203.84.131.0/24
Signature Algorithm: sha256WithRSAEncryption
62:06:09:61:33:19:52:53:ac:d2:a2:92:50:ef:30:ab:06:cf:
ec:4d:42:ef:94:49:1c:7c:11:4c:51:e9:b4:6c:c3:24:df:fd:
60:af:80:4f:7e:79:2a:51:1a:1e:e2:23:0f:c7:57:5b:48:5c:
c3:98:7c:41:0a:f0:7a:fc:7b:19:14:c3:94:e5:42:c5:dc:ab:
77:cd:b6:b4:7a:24:50:0e:06:43:27:d3:6d:93:ac:0e:75:2f:
6a:a8:6a:63:7b:ea:2f:e3:b5:4f:2b:dc:74:21:98:f3:8a:0e:
78:c4:64:28:86:60:de:f3:dc:a1:42:42:dc:a2:a4:06:1a:fc:
ac:ed:89:b6:6f:b2:fa:fb:ef:cb:e4:fc:f6:dd:d9:37:49:ce:
3f:c8:36:48:35:1a:79:b0:c6:de:09:9d:8a:d9:b8:82:75:55:
b9:34:0a:db:8d:89:f6:e2:8b:9e:a4:6c:0e:17:cd:e4:2f:c1:
31:9f:1a:1c:d0:2c:d2:1c:ee:b6:12:00:2b:f0:89:4a:0a:38:
d5:9c:88:f0:9c:31:2d:16:ce:be:77:a5:72:f1:d1:2d:41:84:
2b:59:e7:b5:82:40:00:ae:78:b0:e5:b7:78:9a:0f:13:a4:6f:
10:99:e6:8c:af:75:05:49:77:53:b1:cd:68:36:11:3c:a4:3c:
a2:dc:a8:36
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgIBKzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFE
MTc2RDExMC8GA1UEBRMoQUEwMTc4RUE3ODUxMUExNUIxNDcwRUJGQzBDNTcyMUE3
MEUyNzY5RjAeFw0yNDAzMDUwNzQ5MjZaFw0yNTA1MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1ZTZjZTg2LTE1ZmIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDHKqWpxg/D0c5ZD6f23fxxu3ZPzKLzvvVCROY9RxQtK7OFuTiqIttyudMCU/89
sHSL7XZ+Cx/36tAOzpCcT3GcAVRQNcBIu7po3fEfAnhc9CD7j7G9x2vwsGtgoBx3
d65BZ9D4LvwX00QN7MaHzZYH0uk5Wl8gxjcyeK7nGYu5GbA7UzwlQBUzHfyUkYUA
OrK0H2aKf+RZbN7QMoCxkAIRLUXNk6OmFr8/YP2vSjhOIwCIMrBlFqAcEAW1vZLU
htUSeZpbIehN6Xu0fsaDwDTbylvLoMZRo6nDLEkSWbV5LIdD/z8RWlrF660Kexjt
lKBx8nTRy4HCmiHHo6MdNr13AgMBAAGjggKhMIICnTAdBgNVHQ4EFgQUhcEZrTsL
X0DAF8j4oXu4E8qsq7QwHwYDVR0jBBgwFoAUqgF46nhRGhWxRw6/wMVyGnDidp8w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUQxNzZEL0YwMkEzNUU4QTkx
NDExRUVCMjcxMkQzRkM0RjlBRTAyL3FnRjQ2bmhSR2hXeFJ3Nl93TVZ5R25EaWRw
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvcWdGNDZuaFJHaFd4Unc2X3dNVnlHbkRpZHA4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFE
MTc2RC9GMDJBMzVFOEE5MTQxMUVFQjI3MTJEM0ZDNEY5QUUwMi9EODgyOUY5OEE5
MzcxMUVFOEU1RTlDMEJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDArBggrBgEFBQcBBwEB/wQc
MBowGAQCAAEwEgMEAMoIKAMEAMoIKwMEAMtUgzANBgkqhkiG9w0BAQsFAAOCAQEA
YgYJYTMZUlOs0qKSUO8wqwbP7E1C75RJHHwRTFHptGzDJN/9YK+AT355KlEaHuIj
D8dXW0hcw5h8QQrwevx7GRTDlOVCxdyrd822tHokUA4GQyfTbZOsDnUvaqhqY3vq
L+O1TyvcdCGY84oOeMRkKIZg3vPcoUJC3KKkBhr8rO2Jtm+y+vvvy+T89t3ZN0nO
P8g2SDUaebDG3gmditm4gnVVuTQK242J9uKLnqRsDhfN5C/BMZ8aHNAs0hzuthIA
K/CJSgo41ZyI8JwxLRbOvnelcvHRLUGEK1nntYJAAK54sOW3eJoPE6RvEJnmjK91
BUl3U7HNaDYRPKQ8otyoNg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:41 2024 by rpki-client on console-fra.rpki-client.org