Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/38709062D53E11EAA6BF5E13C4F9AE02.roa
File: 38709062D53E11EAA6BF5E13C4F9AE02.roa (raw, json)
Hash identifier: hjSKotDXFvfCF1aUzeUWsQ30NOcEe4nX2K+ysJdncHM=
Subject key identifier: 7D:E1:C2:89:BB:7E:45:51:71:8F:FB:3B:2F:97:C1:F9:C9:E6:BC:7F
Certificate issuer: /CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Certificate serial: 1645
Authority key identifier: C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/38709062D53E11EAA6BF5E13C4F9AE02.roa
Signing time: Thu 16 Feb 2023 05:05:06 +0000
ROA not before: Thu 16 Feb 2023 05:05:06 +0000
ROA not after: Wed 01 May 2024 00:00:00 +0000
asID: 38285
IP address blocks: 122.148.0.0/17 maxlen: 17
122.149.240.0/20 maxlen: 20
122.150.0.0/24 maxlen: 24
122.151.0.0/24 maxlen: 24
122.151.2.0/24 maxlen: 24
123.2.0.0/16 maxlen: 16
123.3.0.0/24 maxlen: 24
202.136.32.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5701 (0x1645)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Validity
Not Before: Feb 16 05:05:06 2023 GMT
Not After : May 1 00:00:00 2024 GMT
Subject: CN=63edb981-5f6b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:b6:1f:ce:fa:e3:c2:91:fb:45:25:57:49:2e:
80:e0:30:fa:ad:6a:69:fa:ac:19:f1:df:e1:cb:37:
28:c0:81:52:b4:34:ac:98:1c:9b:f3:42:f4:3f:88:
e5:15:ab:d3:3d:94:6a:60:87:af:5d:0e:85:f2:cf:
e3:dc:6d:bb:0e:93:23:95:21:f2:83:26:8f:22:44:
ac:fb:5a:4f:c3:71:df:9c:0e:72:53:fc:2a:bf:1d:
25:fc:a2:24:4c:b2:47:e6:ab:5a:9e:1c:a9:06:a7:
a7:dd:bd:10:2f:20:50:7d:a1:6d:8f:00:16:4b:0b:
9f:db:af:2a:20:b9:db:4d:80:c5:ee:a8:ac:df:13:
3c:18:2c:20:d2:f1:c6:97:f0:85:07:41:30:b4:a6:
ea:60:65:98:ae:56:cd:f9:60:ae:0d:64:e7:80:3e:
dd:0c:c1:05:3f:76:c3:2d:0f:65:db:b5:66:5d:a2:
c3:bd:c0:e1:23:38:79:87:13:f4:31:7a:d4:01:f9:
8a:a2:3f:f9:c5:55:71:03:c3:e3:bb:7d:03:48:04:
d7:25:39:3f:74:12:57:5e:50:4b:d4:22:25:7a:13:
12:7d:5c:79:66:2b:e9:76:e8:ee:9f:a5:c5:48:98:
59:30:2f:99:63:85:13:b4:2b:f9:12:11:8d:cd:cf:
10:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:E1:C2:89:BB:7E:45:51:71:8F:FB:3B:2F:97:C1:F9:C9:E6:BC:7F
X509v3 Authority Key Identifier:
keyid:C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/38709062D53E11EAA6BF5E13C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
122.148.0.0/17
122.149.240.0-122.150.0.255
122.151.0.0/24
122.151.2.0/24
123.2.0.0-123.3.0.255
202.136.32.0/20
Signature Algorithm: sha256WithRSAEncryption
73:cc:96:19:09:e4:41:10:af:e5:0b:42:7e:37:30:72:ec:ba:
e4:6e:fa:30:08:5a:2a:40:c3:db:cd:6b:fe:51:6b:c6:b9:8f:
a3:39:87:fb:44:a6:67:77:7a:4b:fb:57:57:9d:84:98:fa:35:
41:eb:a0:ae:04:db:d2:d0:62:24:5e:53:92:38:5b:06:3c:b1:
b5:69:c6:1f:a7:c3:bc:c3:21:89:f7:48:64:09:ec:58:e7:36:
a1:b8:7f:00:6a:5a:e6:10:38:a7:27:58:d7:7d:9a:f4:0e:79:
f8:cf:f7:cf:ae:62:43:90:39:b6:86:a2:99:61:f5:d5:bc:1b:
b3:04:54:25:1d:d8:2c:5d:d9:30:3a:8a:0a:29:58:2a:0c:cb:
4e:81:d5:35:e7:d4:5d:9d:40:36:32:5c:15:5f:97:ac:51:de:
f6:0b:cd:ab:21:27:69:99:d2:47:fa:ae:f1:51:60:ca:45:97:
c5:af:22:41:6a:f3:9e:83:c5:40:65:46:3b:88:de:1c:9f:9d:
22:00:3c:2c:ca:1d:e8:0c:a7:86:a9:71:44:8b:b5:48:27:1f:
4b:c0:ce:79:42:0d:58:43:c9:f9:cc:57:73:c2:b8:ac:db:14:
c7:05:a2:03:01:c8:74:05:50:25:a1:dd:84:d9:1d:33:c1:e6:
67:20:56:16
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgICFkUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUFFM0QxMTAvBgNVBAUTKEM3MjY5QjEyNEM0MjBDNTVFMjlGQjUxRDNDMUIwRDlE
NDc2Q0JEMDAwHhcNMjMwMjE2MDUwNTA2WhcNMjQwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2VkYjk4MS01ZjZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqLYfzvrjwpH7RSVXSS6A4DD6rWpp+qwZ8d/hyzcowIFStDSsmByb80L0P4jl
FavTPZRqYIevXQ6F8s/j3G27DpMjlSHygyaPIkSs+1pPw3HfnA5yU/wqvx0l/KIk
TLJH5qtanhypBqen3b0QLyBQfaFtjwAWSwuf268qILnbTYDF7qis3xM8GCwg0vHG
l/CFB0EwtKbqYGWYrlbN+WCuDWTngD7dDMEFP3bDLQ9l27VmXaLDvcDhIzh5hxP0
MXrUAfmKoj/5xVVxA8Pju30DSATXJTk/dBJXXlBL1CIlehMSfVx5Zivpdujun6XF
SJhZMC+ZY4UTtCv5EhGNzc8QaQIDAQABo4ICwjCCAr4wHQYDVR0OBBYEFH3hwom7
fkVRcY/7Oy+XwfnJ5rx/MB8GA1UdIwQYMBaAFMcmmxJMQgxV4p+1HTwbDZ1HbL0A
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQUUzRC85N0I2RTBDRTc1
REUxMUU4QjcwNEEyNDZDNEY5QUUwMi94eWFiRWt4Q0RGWGluN1VkUEJzTm5VZHN2
UUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3h5YWJFa3hDREZYaW43VWRQQnNOblVkc3ZRQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUFFM0QvOTdCNkUwQ0U3NURFMTFFOEI3MDRBMjQ2QzRGOUFFMDIvMzg3MDkwNjJE
NTNFMTFFQUE2QkY1RTEzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTAYIKwYBBQUHAQcBAf8E
PTA7MDkEAgABMDMDBAd6lAAwDAMEBHqV8AMEAHqWAAMEAHqXAAMEAHqXAjALAwMB
ewIDBAB7AwADBATKiCAwDQYJKoZIhvcNAQELBQADggEBAHPMlhkJ5EEQr+ULQn43
MHLsuuRu+jAIWipAw9vNa/5Ra8a5j6M5h/tEpmd3ekv7V1edhJj6NUHroK4E29LQ
YiReU5I4WwY8sbVpxh+nw7zDIYn3SGQJ7FjnNqG4fwBqWuYQOKcnWNd9mvQOefjP
98+uYkOQObaGoplh9dW8G7MEVCUd2Cxd2TA6igopWCoMy06B1TXn1F2dQDYyXBVf
l6xR3vYLzashJ2mZ0kf6rvFRYMpFl8WvIkFq856DxUBlRjuI3hyfnSIAPCzKHegM
p4apcUSLtUgnH0vAznlCDVhDyfnMV3PCuKzbFMcFogMByHQFUCWh3YTZHTPB5mcg
VhY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:36 2024 by rpki-client on console-ams.rpki-client.org