Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/237B105485CF11EC9517FA4AC4F9AE02.roa
File: 237B105485CF11EC9517FA4AC4F9AE02.roa (raw, json)
Hash identifier: iZ828lkvNTYgvY1LwZZzOETaigStf2E/jQ5cXjxuOD8=
Subject key identifier: C4:36:4F:78:69:7D:27:36:13:CF:8F:E6:6A:BD:F6:AA:44:50:9C:3B
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 065E
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/237B105485CF11EC9517FA4AC4F9AE02.roa
Signing time: Fri 04 Feb 2022 15:28:45 +0000
ROA not before: Fri 04 Feb 2022 15:28:45 +0000
ROA not after: Thu 01 Dec 2022 00:00:00 +0000
asID: 211252
IP address blocks: 223.29.236.0/24 maxlen: 24
223.29.237.0/24 maxlen: 24
223.29.238.0/24 maxlen: 24
223.29.239.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1630 (0x65e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Validity
Not Before: Feb 4 15:28:45 2022 GMT
Not After : Dec 1 00:00:00 2022 GMT
Subject: CN=61fd462c-9bf5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:b8:fc:61:ab:88:7c:b2:0c:f5:9a:20:58:9d:
60:e3:b8:68:af:21:2a:4e:9f:12:fa:8e:ff:a5:94:
10:1c:29:3d:9c:53:67:45:19:2c:b8:95:d6:13:3b:
42:0d:7e:6f:3c:ff:0f:43:2e:5d:8c:6c:77:f5:b3:
ec:d5:69:f1:c7:d6:16:20:fd:d9:5d:17:db:6c:cc:
6d:66:5f:0c:08:12:f7:1a:c9:ca:ae:fe:cf:f1:16:
98:24:5c:23:db:9e:28:a9:ce:88:3a:cc:71:ad:2e:
a9:93:c6:55:80:c9:f4:48:ef:27:9f:2f:f9:50:51:
7d:53:c1:a2:65:97:57:51:cd:32:49:62:34:fe:c1:
5e:9a:b1:35:b7:9e:93:10:a2:1b:fb:af:a7:c3:b0:
69:16:b8:bb:17:25:74:9a:36:b0:43:fc:9c:c5:f9:
d4:61:ea:33:a2:ce:1b:62:39:15:c2:dd:03:a6:af:
99:87:b1:8c:a4:bb:6e:2c:1b:c9:62:c2:9e:d8:cf:
e8:88:10:c8:f4:74:7f:d7:36:53:7c:67:c3:e5:6e:
1a:d4:c1:99:c4:54:c3:92:f1:43:3c:e7:d9:da:f2:
b0:a8:17:88:f7:7d:99:4d:39:4e:fa:de:34:a0:a5:
52:ab:7a:32:ee:70:ab:ce:6a:e6:c2:8e:b9:ee:55:
ba:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:36:4F:78:69:7D:27:36:13:CF:8F:E6:6A:BD:F6:AA:44:50:9C:3B
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/237B105485CF11EC9517FA4AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
223.29.236.0/22
Signature Algorithm: sha256WithRSAEncryption
1d:0a:3c:ae:d3:20:e0:ed:99:e4:ea:7a:1f:65:b7:df:70:f1:
50:2f:81:d4:5c:26:f3:13:e7:35:a5:b7:82:cc:a5:57:75:a8:
f7:ac:1b:a6:13:15:6a:21:d8:1e:67:c1:3e:9b:2f:94:72:98:
79:ff:3b:b7:7e:b6:49:1b:1c:77:5a:a2:af:26:a5:b6:90:9f:
72:76:04:21:df:93:cd:f9:b2:23:1f:26:d4:14:b8:c2:5d:9f:
01:3f:2a:fc:25:32:ef:6a:50:ce:ef:7f:f4:7b:d2:54:1f:73:
82:08:e0:36:ac:33:37:a3:45:9c:1a:1e:c1:3b:48:ca:97:fa:
63:c0:c6:61:b5:a2:ed:a2:bf:ff:1c:6b:a3:a8:23:e3:91:eb:
8c:4a:90:c0:71:02:23:03:88:51:58:94:6e:d6:b6:0b:cc:e0:
8a:bf:94:31:2f:69:f3:d0:8a:e9:f9:dc:c5:ff:6e:00:2d:8d:
97:b1:c3:38:40:98:98:a9:c6:92:a6:c0:f1:e7:b9:0e:9c:c0:
f6:2a:f4:bf:09:a9:fb:0c:2f:0c:4a:0f:da:89:cb:85:f5:1a:
af:80:31:74:9d:8f:52:33:71:28:50:a4:20:f2:04:f9:25:67:
49:e6:4d:67:59:a3:c2:43:11:a9:cc:7f:df:05:a9:c7:e0:1c:
a7:11:15:83
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBl4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjIwMjA0MTUyODQ1WhcNMjIxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MWZkNDYyYy05YmY1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA47j8YauIfLIM9ZogWJ1g47horyEqTp8S+o7/pZQQHCk9nFNnRRksuJXWEztC
DX5vPP8PQy5djGx39bPs1Wnxx9YWIP3ZXRfbbMxtZl8MCBL3GsnKrv7P8RaYJFwj
254oqc6IOsxxrS6pk8ZVgMn0SO8nny/5UFF9U8GiZZdXUc0ySWI0/sFemrE1t56T
EKIb+6+nw7BpFri7FyV0mjawQ/ycxfnUYeozos4bYjkVwt0Dpq+Zh7GMpLtuLBvJ
YsKe2M/oiBDI9HR/1zZTfGfD5W4a1MGZxFTDkvFDPOfZ2vKwqBeI932ZTTlO+t40
oKVSq3oy7nCrzmrmwo657lW6DQIDAQABo4IClTCCApEwHQYDVR0OBBYEFMQ2T3hp
fSc2E8+P5mq99qpEUJw7MB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvMjM3QjEwNTQ4
NUNGMTFFQzk1MTdGQTRBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBALfHewwDQYJKoZIhvcNAQELBQADggEBAB0KPK7TIODtmeTq
eh9lt99w8VAvgdRcJvMT5zWlt4LMpVd1qPesG6YTFWoh2B5nwT6bL5RymHn/O7d+
tkkbHHdaoq8mpbaQn3J2BCHfk835siMfJtQUuMJdnwE/KvwlMu9qUM7vf/R70lQf
c4II4DasMzejRZwaHsE7SMqX+mPAxmG1ou2iv/8ca6OoI+OR64xKkMBxAiMDiFFY
lG7WtgvM4Iq/lDEvafPQiun53MX/bgAtjZexwzhAmJipxpKmwPHnuQ6cwPYq9L8J
qfsMLwxKD9qJy4X1Gq+AMXSdj1IzcShQpCDyBPklZ0nmTWdZo8JDEanMf98Fqcfg
HKcRFYM=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:12 2023 by rpki-client on console-ams.rpki-client.org