Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/1342677CBF3111ED8F8E260BC4F9AE02.roa
File: 1342677CBF3111ED8F8E260BC4F9AE02.roa (raw, json)
Hash identifier: Wnvc6+/CCXuc+T03lBGRVmIKThH/7C6OPHirkLU6SJk=
Subject key identifier: 4A:24:1D:4D:33:A1:BF:D5:6E:F0:D0:89:1F:F5:FA:62:E9:60:C0:B7
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 09AC
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/1342677CBF3111ED8F8E260BC4F9AE02.roa
Signing time: Fri 10 Mar 2023 10:48:22 +0000
ROA not before: Fri 10 Mar 2023 10:48:22 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 136969
IP address blocks: 180.178.170.0/24 maxlen: 24
180.178.171.0/24 maxlen: 24
180.178.188.0/24 maxlen: 24
180.178.189.0/24 maxlen: 24
180.178.190.0/24 maxlen: 24
180.178.191.0/24 maxlen: 24
223.29.228.0/22 maxlen: 22
223.29.228.0/24 maxlen: 24
223.29.229.0/24 maxlen: 24
223.29.230.0/24 maxlen: 24
223.29.231.0/24 maxlen: 24
223.29.239.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2476 (0x9ac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Validity
Not Before: Mar 10 10:48:22 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=640b0af5-c5ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:45:0b:64:26:08:7a:a3:d0:87:36:b1:96:73:
de:43:00:f3:3d:20:bc:a1:c2:58:5d:70:6f:94:c2:
4b:a1:a5:2e:80:51:80:6c:46:f9:e0:5c:72:c0:82:
b7:dc:dd:5e:9b:31:07:1f:e3:34:d8:cc:24:41:82:
f8:8f:8e:68:0f:6d:6f:4c:12:21:5d:8e:7f:ec:d3:
98:e2:8f:71:f0:2a:dd:49:35:86:67:dc:83:f2:ee:
c7:e6:bb:14:c3:03:4c:6a:de:0e:67:18:80:0d:c1:
3f:15:52:ee:95:4f:9a:f3:fb:42:1b:1f:55:b4:be:
80:96:6d:d2:29:2e:54:b3:f3:79:41:38:84:ce:d4:
e0:c0:bc:ff:60:34:6e:aa:e6:f7:5c:9f:ac:51:3e:
7b:d2:ff:46:06:32:a1:4a:b8:4e:98:3a:88:02:37:
3d:61:f5:75:47:e9:62:9a:6b:57:33:c4:29:6e:a7:
73:8d:ae:e2:af:74:2a:9f:e6:00:07:68:3c:c5:f4:
db:33:1f:b9:2c:99:f0:b1:6e:5f:62:62:17:6c:6f:
01:c5:5a:97:8a:bb:ce:e3:53:32:cf:7f:3f:77:1f:
43:64:62:dc:10:c3:1a:50:1e:a0:64:7b:a9:67:0e:
9b:06:5f:39:b5:96:66:84:9e:86:ad:6b:aa:d2:54:
5d:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:24:1D:4D:33:A1:BF:D5:6E:F0:D0:89:1F:F5:FA:62:E9:60:C0:B7
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/1342677CBF3111ED8F8E260BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
180.178.170.0/23
180.178.188.0/22
223.29.228.0/22
223.29.239.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:5f:d8:d7:76:54:e1:da:58:05:63:a0:f0:49:70:06:ed:99:
63:df:a5:2d:4d:ba:f5:72:bf:c8:62:70:0c:1e:61:88:ff:e5:
ee:b2:0d:c4:56:27:c0:e0:98:ab:da:9b:2c:89:ba:d8:b6:cc:
8d:1c:13:65:26:2a:48:c7:5e:88:c2:19:ce:5a:06:71:c8:00:
66:f8:91:bb:23:f8:8c:d3:92:4f:9e:92:6a:3b:ca:7a:18:91:
d3:cf:2b:bd:b8:7a:02:d8:08:9c:16:59:0f:5d:80:81:2c:14:
a2:66:96:14:09:92:2c:65:da:72:75:4d:85:3a:24:85:3f:ee:
e0:04:62:dd:11:c7:21:e3:df:23:6b:75:c9:b9:e1:a2:19:92:
62:45:3e:a1:86:86:da:20:08:12:51:d8:53:31:6d:cd:10:4b:
e0:87:1a:8b:5c:7b:0c:2b:ec:44:b0:b3:78:29:5f:dd:16:f8:
5b:7e:3a:88:97:19:4f:57:29:fb:36:68:c5:02:91:37:71:d7:
54:5b:3b:d2:ae:3e:cf:e7:25:15:57:e2:fe:16:73:85:06:04:
2b:0b:08:67:52:f3:53:58:11:7d:d5:ef:19:29:b8:1f:15:0f:
b7:4d:bc:6b:0f:dd:0f:59:3c:04:04:c6:b6:07:17:fc:38:5c:
c0:e6:68:e9
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICCawwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwMzEwMTA0ODIyWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDBiMGFmNS1jNWFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA20ULZCYIeqPQhzaxlnPeQwDzPSC8ocJYXXBvlMJLoaUugFGAbEb54FxywIK3
3N1emzEHH+M02MwkQYL4j45oD21vTBIhXY5/7NOY4o9x8CrdSTWGZ9yD8u7H5rsU
wwNMat4OZxiADcE/FVLulU+a8/tCGx9VtL6Alm3SKS5Us/N5QTiEztTgwLz/YDRu
qub3XJ+sUT570v9GBjKhSrhOmDqIAjc9YfV1R+limmtXM8Qpbqdzja7ir3Qqn+YA
B2g8xfTbMx+5LJnwsW5fYmIXbG8BxVqXirvO41Myz38/dx9DZGLcEMMaUB6gZHup
Zw6bBl85tZZmhJ6GrWuq0lRdSQIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFEokHU0z
ob/VbvDQiR/1+mLpYMC3MB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvMTM0MjY3N0NC
RjMxMTFFRDhGOEUyNjBCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBAG0sqoDBAK0srwDBALfHeQDBADfHe8wDQYJKoZIhvcNAQEL
BQADggEBADtf2Nd2VOHaWAVjoPBJcAbtmWPfpS1NuvVyv8hicAweYYj/5e6yDcRW
J8DgmKvamyyJuti2zI0cE2UmKkjHXojCGc5aBnHIAGb4kbsj+IzTkk+ekmo7ynoY
kdPPK724egLYCJwWWQ9dgIEsFKJmlhQJkixl2nJ1TYU6JIU/7uAEYt0RxyHj3yNr
dcm54aIZkmJFPqGGhtogCBJR2FMxbc0QS+CHGotcewwr7ESws3gpX90W+Ft+OoiX
GU9XKfs2aMUCkTdx11RbO9KuPs/nJRVX4v4Wc4UGBCsLCGdS81NYEX3V7xkpuB8V
D7dNvGsP3Q9ZPAQExrYHF/w4XMDmaOk=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:12 2023 by rpki-client on console-ams.rpki-client.org