Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/D64782120BF211EE9EE24623C4F9AE02.roa
File: D64782120BF211EE9EE24623C4F9AE02.roa (raw, json)
Hash identifier: /C7eRYOUQAU0MQKQCSal/l/IVrYNZdiCWuR+oEW7dmQ=
Subject key identifier: 2F:1E:EA:C7:AD:71:02:72:3B:BE:35:CF:0F:40:2A:FD:2A:25:4D:EE
Certificate issuer: /CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Certificate serial: 16D1
Authority key identifier: C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/D64782120BF211EE9EE24623C4F9AE02.roa
Signing time: Fri 16 Jun 2023 03:06:50 +0000
ROA not before: Fri 16 Jun 2023 03:06:50 +0000
ROA not after: Wed 01 May 2024 00:00:00 +0000
asID: 10113
IP address blocks: 27.0.64.0/19 maxlen: 19
202.62.144.0/24 maxlen: 24
202.68.96.0/19 maxlen: 19
202.76.160.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5841 (0x16d1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Validity
Not Before: Jun 16 03:06:50 2023 GMT
Not After : May 1 00:00:00 2024 GMT
Subject: CN=648bd1ca-bfd6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:f5:f7:7a:7d:70:a8:34:b8:ba:71:ee:d0:97:
56:35:c9:b6:b9:91:f1:da:af:06:be:51:1b:1f:c7:
da:de:44:5b:4b:63:93:83:c8:c3:9a:b7:3c:53:34:
35:5d:de:91:8b:4a:b9:06:6e:1a:73:c6:a1:77:95:
7d:ba:7c:13:fe:3a:14:23:01:4f:f9:25:b6:c9:28:
fa:c3:dc:ac:b7:03:48:87:62:88:79:a7:00:a2:0e:
20:9c:1f:29:3c:1c:25:8a:3a:9c:fb:a5:15:75:43:
90:3c:49:09:b4:35:f0:e2:55:dd:ec:a7:41:c0:17:
23:11:d1:1a:7d:70:1d:cd:be:cf:31:76:fb:20:da:
55:ca:32:7b:0e:ff:64:00:ab:3d:d2:78:e7:a4:1c:
c5:21:56:1c:ef:f1:e9:a0:97:d7:fe:c2:08:79:e0:
82:e3:c7:8c:f8:a9:5b:90:be:74:e8:d4:ef:2a:5d:
bf:69:f2:fd:25:83:b3:c9:93:9a:d3:4f:29:fc:c6:
21:51:12:40:a4:22:b2:96:f2:ae:d8:c4:ef:70:7b:
6c:ee:04:c1:ee:bc:28:5a:f5:71:68:bf:4d:fb:4f:
04:14:df:79:7f:0b:68:69:51:0c:2b:bf:1c:71:54:
8e:5c:70:63:5e:1d:aa:95:1d:55:15:40:29:9e:df:
18:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:1E:EA:C7:AD:71:02:72:3B:BE:35:CF:0F:40:2A:FD:2A:25:4D:EE
X509v3 Authority Key Identifier:
keyid:C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/D64782120BF211EE9EE24623C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
27.0.64.0/19
202.62.144.0/24
202.68.96.0/19
202.76.160.0/20
Signature Algorithm: sha256WithRSAEncryption
39:92:a6:b0:da:a7:81:58:40:5c:30:42:45:19:6e:e4:17:9b:
26:e7:43:54:ee:31:bf:08:da:60:50:2b:d6:ef:b1:65:e2:e1:
0a:9a:09:e8:ce:f3:d6:df:08:04:0f:55:63:a0:c6:94:3e:e6:
32:ea:3e:d1:f3:c2:fd:72:58:ef:ed:d5:c7:08:b6:16:ec:e5:
7f:ed:06:18:8b:d1:51:1a:11:f9:a8:de:80:0e:30:52:d6:2a:
e7:06:dd:c6:c5:a5:2a:89:f3:15:e4:35:ec:b0:e8:dc:33:47:
03:69:f3:af:53:cd:b8:37:75:c7:37:5a:2c:7b:ea:90:0f:53:
78:87:30:d5:6a:ec:f1:62:69:f5:4e:12:64:f0:9d:ff:10:e5:
48:e5:b6:40:a8:66:b4:6c:e3:71:ef:d1:2d:a3:81:50:23:7b:
28:92:ea:d8:3e:3f:c1:ac:3c:36:e1:60:e7:ba:23:0f:2c:6e:
44:42:a8:22:c5:87:be:a1:26:b2:18:43:47:2b:02:e3:7d:cb:
9e:99:65:2c:e0:e3:6e:89:18:57:e7:d8:fd:e4:7b:e3:f6:da:
12:c6:bd:b2:c9:e4:f0:78:da:4b:a7:0f:32:88:b2:9c:30:39:
3d:d0:33:4e:c1:03:70:83:47:89:f5:f7:11:fb:ab:63:5f:14:
15:3f:86:50
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICFtEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUFFM0QxMTAvBgNVBAUTKEM3MjY5QjEyNEM0MjBDNTVFMjlGQjUxRDNDMUIwRDlE
NDc2Q0JEMDAwHhcNMjMwNjE2MDMwNjUwWhcNMjQwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDhiZDFjYS1iZmQ2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxvX3en1wqDS4unHu0JdWNcm2uZHx2q8GvlEbH8fa3kRbS2OTg8jDmrc8UzQ1
Xd6Ri0q5Bm4ac8ahd5V9unwT/joUIwFP+SW2ySj6w9ystwNIh2KIeacAog4gnB8p
PBwlijqc+6UVdUOQPEkJtDXw4lXd7KdBwBcjEdEafXAdzb7PMXb7INpVyjJ7Dv9k
AKs90njnpBzFIVYc7/HpoJfX/sIIeeCC48eM+KlbkL506NTvKl2/afL9JYOzyZOa
008p/MYhURJApCKylvKu2MTvcHts7gTB7rwoWvVxaL9N+08EFN95fwtoaVEMK78c
cVSOXHBjXh2qlR1VFUApnt8YnwIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFC8e6set
cQJyO741zw9AKv0qJU3uMB8GA1UdIwQYMBaAFMcmmxJMQgxV4p+1HTwbDZ1HbL0A
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQUUzRC85N0I2RTBDRTc1
REUxMUU4QjcwNEEyNDZDNEY5QUUwMi94eWFiRWt4Q0RGWGluN1VkUEJzTm5VZHN2
UUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3h5YWJFa3hDREZYaW43VWRQQnNOblVkc3ZRQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUFFM0QvOTdCNkUwQ0U3NURFMTFFOEI3MDRBMjQ2QzRGOUFFMDIvRDY0NzgyMTIw
QkYyMTFFRTlFRTI0NjIzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBAUbAEADBADKPpADBAXKRGADBATKTKAwDQYJKoZIhvcNAQEL
BQADggEBADmSprDap4FYQFwwQkUZbuQXmybnQ1TuMb8I2mBQK9bvsWXi4QqaCejO
89bfCAQPVWOgxpQ+5jLqPtHzwv1yWO/t1ccIthbs5X/tBhiL0VEaEfmo3oAOMFLW
KucG3cbFpSqJ8xXkNeyw6NwzRwNp869Tzbg3dcc3Wix76pAPU3iHMNVq7PFiafVO
EmTwnf8Q5UjltkCoZrRs43Hv0S2jgVAjeyiS6tg+P8GsPDbhYOe6Iw8sbkRCqCLF
h76hJrIYQ0crAuN9y56ZZSzg426JGFfn2P3ke+P22hLGvbLJ5PB42kunDzKIspww
OT3QM07BA3CDR4n19xH7q2NfFBU/hlA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:36 2024 by rpki-client on console-ams.rpki-client.org