Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/1F31D58ED1C111EDB2C87D22C4F9AE02.roa
File: 1F31D58ED1C111EDB2C87D22C4F9AE02.roa (raw, json)
Hash identifier: 6NfQk6ln9Hj05wufLt3K/DKI10SOwbze/rlLs3vEGNM=
Subject key identifier: 97:0A:55:12:63:1F:2B:F3:EF:25:E2:57:96:20:CC:26:98:4D:75:2B
Certificate issuer: /CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Certificate serial: 1682
Authority key identifier: C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/1F31D58ED1C111EDB2C87D22C4F9AE02.roa
Signing time: Mon 03 Apr 2023 07:47:12 +0000
ROA not before: Mon 03 Apr 2023 07:47:11 +0000
ROA not after: Wed 01 May 2024 00:00:00 +0000
asID: 38285
IP address blocks: 122.148.0.0/17 maxlen: 17
122.148.0.0/19 maxlen: 19
122.150.0.0/24 maxlen: 24
122.151.0.0/24 maxlen: 24
122.151.2.0/24 maxlen: 24
123.2.0.0/16 maxlen: 16
123.2.0.0/19 maxlen: 19
123.3.0.0/24 maxlen: 24
202.136.32.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5762 (0x1682)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Validity
Not Before: Apr 3 07:47:11 2023 GMT
Not After : May 1 00:00:00 2024 GMT
Subject: CN=642a847f-a9a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:bb:03:cd:7f:08:ca:b8:1f:ba:83:d4:6b:cb:
72:f4:85:fe:e4:01:d4:43:ff:18:cc:2a:43:68:c2:
01:71:bb:33:d8:03:33:0b:8e:f6:f7:fa:1b:05:8f:
1b:98:2f:30:5b:31:c4:30:c0:be:69:76:43:f0:a2:
92:a4:1c:d5:3e:03:45:df:58:dd:2c:70:98:d7:93:
d0:04:0a:46:94:a3:a5:43:a2:53:f6:0a:62:38:20:
fe:49:25:b6:52:cb:c3:e7:5d:8e:2b:cd:37:a2:63:
5c:f4:6c:af:b6:87:6a:64:b9:c3:d6:97:84:c8:be:
5e:0a:21:9b:fa:eb:7f:2b:ea:13:9f:84:5d:62:87:
76:6d:1a:cd:9a:b5:be:a5:74:96:a7:77:8c:e4:0f:
d1:75:35:de:22:13:0c:d1:49:b4:1a:bb:48:20:3e:
30:e1:51:9e:f7:81:e5:b0:c8:48:fb:f4:f8:89:42:
3f:ee:a2:17:e5:f2:24:33:87:96:92:90:44:8e:19:
36:6b:46:bc:18:1e:52:63:0c:f0:7d:b0:f0:60:b4:
6e:c2:22:06:e9:c0:d4:a1:de:59:b1:5c:bf:d7:81:
37:8d:7f:7a:de:a3:ad:80:c3:1f:1f:04:6c:d7:4a:
c9:3a:6b:16:9d:ad:f9:9e:4a:80:96:4f:96:e0:45:
10:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:0A:55:12:63:1F:2B:F3:EF:25:E2:57:96:20:CC:26:98:4D:75:2B
X509v3 Authority Key Identifier:
keyid:C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/1F31D58ED1C111EDB2C87D22C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
122.148.0.0/17
122.150.0.0/24
122.151.0.0/24
122.151.2.0/24
123.2.0.0-123.3.0.255
202.136.32.0/20
Signature Algorithm: sha256WithRSAEncryption
ae:10:e9:de:a1:cd:5f:6a:15:63:f9:80:7a:e0:13:3c:47:39:
95:44:9e:71:f7:e4:76:c5:4d:6e:bc:8e:4f:45:d8:94:98:45:
53:d7:14:89:67:e4:c6:49:dd:44:55:6b:92:39:dd:b2:ce:d8:
69:72:77:6c:63:c9:bb:75:30:2b:eb:d0:04:32:a9:a0:dc:fa:
e3:8e:c4:1a:75:55:5e:46:36:03:6e:97:9e:ce:7d:b5:ba:dd:
87:dc:3f:e8:cf:0b:bc:35:67:04:56:a7:c9:63:14:0b:95:87:
f3:6c:9f:fb:e7:44:56:53:4b:da:7b:37:9f:24:db:ed:a2:ab:
76:66:ad:7e:42:4d:9b:2d:a6:e1:ff:c5:86:d2:cc:ff:a1:96:
c9:92:a7:7f:18:79:89:f1:22:32:d0:9e:dd:c3:64:63:9e:5b:
d9:de:ca:e3:e0:3e:2c:8c:ba:e0:07:79:2a:60:18:c3:16:11:
ac:c5:87:b2:97:de:19:6f:e1:c7:6b:c0:9e:b5:b3:9f:e8:c6:
08:f3:ca:65:28:02:d8:50:fc:c4:1f:a7:1b:f3:10:fa:47:2e:
4c:58:5a:68:5a:56:6b:fe:20:fb:df:91:b8:91:46:fc:ad:26:
59:21:9b:eb:f3:77:63:3e:ed:c5:69:dd:1c:0c:16:fa:ed:21:
4c:ed:e6:41
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgICFoIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUFFM0QxMTAvBgNVBAUTKEM3MjY5QjEyNEM0MjBDNTVFMjlGQjUxRDNDMUIwRDlE
NDc2Q0JEMDAwHhcNMjMwNDAzMDc0NzExWhcNMjQwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDJhODQ3Zi1hOWExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt7sDzX8IyrgfuoPUa8ty9IX+5AHUQ/8YzCpDaMIBcbsz2AMzC4729/obBY8b
mC8wWzHEMMC+aXZD8KKSpBzVPgNF31jdLHCY15PQBApGlKOlQ6JT9gpiOCD+SSW2
UsvD512OK803omNc9GyvtodqZLnD1peEyL5eCiGb+ut/K+oTn4RdYod2bRrNmrW+
pXSWp3eM5A/RdTXeIhMM0Um0GrtIID4w4VGe94HlsMhI+/T4iUI/7qIX5fIkM4eW
kpBEjhk2a0a8GB5SYwzwfbDwYLRuwiIG6cDUod5ZsVy/14E3jX963qOtgMMfHwRs
10rJOmsWna35nkqAlk+W4EUQNwIDAQABo4ICujCCArYwHQYDVR0OBBYEFJcKVRJj
Hyvz7yXiV5YgzCaYTXUrMB8GA1UdIwQYMBaAFMcmmxJMQgxV4p+1HTwbDZ1HbL0A
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQUUzRC85N0I2RTBDRTc1
REUxMUU4QjcwNEEyNDZDNEY5QUUwMi94eWFiRWt4Q0RGWGluN1VkUEJzTm5VZHN2
UUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3h5YWJFa3hDREZYaW43VWRQQnNOblVkc3ZRQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUFFM0QvOTdCNkUwQ0U3NURFMTFFOEI3MDRBMjQ2QzRGOUFFMDIvMUYzMUQ1OEVE
MUMxMTFFREIyQzg3RDIyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRAYIKwYBBQUHAQcBAf8E
NTAzMDEEAgABMCsDBAd6lAADBAB6lgADBAB6lwADBAB6lwIwCwMDAXsCAwQAewMA
AwQEyoggMA0GCSqGSIb3DQEBCwUAA4IBAQCuEOneoc1fahVj+YB64BM8RzmVRJ5x
9+R2xU1uvI5PRdiUmEVT1xSJZ+TGSd1EVWuSOd2yzthpcndsY8m7dTAr69AEMqmg
3PrjjsQadVVeRjYDbpeezn21ut2H3D/ozwu8NWcEVqfJYxQLlYfzbJ/750RWU0va
ezefJNvtoqt2Zq1+Qk2bLabh/8WG0sz/oZbJkqd/GHmJ8SIy0J7dw2RjnlvZ3srj
4D4sjLrgB3kqYBjDFhGsxYeyl94Zb+HHa8CetbOf6MYI88plKALYUPzEH6cb8xD6
Ry5MWFpoWlZr/iD735G4kUb8rSZZIZvr83djPu3Fad0cDBb67SFM7eZB
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:36 2024 by rpki-client on console-ams.rpki-client.org