Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/CDC9661EE35211EDB7F6B44EC4F9AE02.roa
File: CDC9661EE35211EDB7F6B44EC4F9AE02.roa (raw, json)
Hash identifier: kQAVDd6q3UrjLuv4DOSNch6hTvKGleGq3+VUYBf0LeM=
Subject key identifier: F2:10:CF:32:28:04:8A:19:3C:DA:09:16:82:1E:20:4C:35:BF:57:D4
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 0A4A
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/CDC9661EE35211EDB7F6B44EC4F9AE02.roa
Signing time: Tue 25 Apr 2023 10:20:30 +0000
ROA not before: Tue 25 Apr 2023 10:20:30 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 7018
IP address blocks: 223.29.226.0/24 maxlen: 24
223.29.235.0/24 maxlen: 24
223.29.236.0/24 maxlen: 24
223.29.237.0/24 maxlen: 24
223.29.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2634 (0xa4a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Validity
Not Before: Apr 25 10:20:30 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=6447a96e-e209
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:db:fd:a5:8d:d6:54:ce:3e:ac:a0:d1:f0:ba:
8e:04:33:8f:c3:e1:5c:18:16:60:c3:a3:bc:0a:d9:
63:48:e7:e1:14:2a:f7:66:2c:e8:40:25:89:71:c9:
b7:8c:f8:3d:c1:97:b6:12:e8:5f:27:e3:99:81:b5:
6e:fe:18:16:e9:a8:30:4e:8d:9f:80:ed:51:d4:ef:
c2:fe:a2:84:7b:34:ca:29:bd:bf:bd:c3:b2:b4:85:
56:97:f7:a9:f0:0c:83:30:b1:6e:b5:fb:11:80:f1:
6c:33:d2:7a:99:c3:9d:10:64:55:4e:3c:ad:df:aa:
b4:0f:cc:ef:c1:d1:7e:a4:3a:63:9d:c7:23:1f:47:
7a:a8:23:97:40:55:84:e1:74:a5:ad:0e:47:e0:cb:
7c:17:2d:6a:48:30:41:7a:1e:2d:5e:f7:35:e4:cf:
da:75:75:9c:a0:0e:0d:7a:4e:20:ab:30:32:1d:d8:
d9:07:a7:a2:68:07:0f:d1:f6:32:3c:d6:f1:86:f2:
6d:c6:f7:15:89:44:3e:aa:73:fb:d9:c7:76:0b:7e:
1c:fd:d2:a1:81:53:d4:32:29:a1:5b:67:fc:b0:3a:
5e:f8:41:fe:4f:32:c7:1e:40:e8:70:5a:bf:d8:e5:
9d:c2:c7:d2:b7:da:f8:d0:68:25:52:50:7b:5f:82:
d3:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:10:CF:32:28:04:8A:19:3C:DA:09:16:82:1E:20:4C:35:BF:57:D4
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/CDC9661EE35211EDB7F6B44EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
223.29.226.0/24
223.29.235.0-223.29.238.255
Signature Algorithm: sha256WithRSAEncryption
67:2b:b9:de:94:09:23:0d:6c:15:57:32:d9:3f:75:90:79:0f:
e6:6b:7d:fd:44:5b:0d:df:63:05:1e:f5:0a:ee:52:a8:30:77:
7e:87:ce:37:4a:a5:d7:03:c9:e2:44:99:23:a5:b4:d0:03:3f:
f2:a7:20:fe:c0:08:39:28:3f:39:a2:fa:4e:78:0f:d1:4b:5f:
76:ba:a2:90:fc:bb:89:d8:f7:bf:ba:ef:54:d3:69:71:a0:a9:
b9:7c:4f:63:a1:57:71:b5:bd:84:92:2a:39:86:9f:d0:14:51:
cb:c1:e7:6b:71:c5:73:83:01:1c:f3:f1:ed:95:3e:6f:06:15:
dd:a7:0d:7a:61:ce:02:d0:33:64:c9:68:7b:f2:ae:1c:f8:f5:
42:65:b8:32:6b:ea:91:21:f3:c4:9e:8d:37:ef:5e:fe:40:fc:
0b:25:d2:c9:97:a9:61:49:47:39:79:1c:57:64:ec:f2:7a:b1:
6e:df:45:fb:2f:9e:96:8c:81:18:7e:90:9a:eb:91:87:d0:cf:
fe:2f:3f:3c:50:fb:ad:73:44:f6:98:72:dd:c1:ca:d5:fa:8e:
2e:c6:01:66:2c:17:88:3d:0d:90:e6:cc:c5:6c:30:2a:0f:98:
ef:f3:9f:d6:52:ec:0f:11:84:fb:6f:e9:29:4a:a1:bb:7e:f1:
e8:7f:38:06
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICCkowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwNDI1MTAyMDMwWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDQ3YTk2ZS1lMjA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2Nv9pY3WVM4+rKDR8LqOBDOPw+FcGBZgw6O8CtljSOfhFCr3ZizoQCWJccm3
jPg9wZe2EuhfJ+OZgbVu/hgW6agwTo2fgO1R1O/C/qKEezTKKb2/vcOytIVWl/ep
8AyDMLFutfsRgPFsM9J6mcOdEGRVTjyt36q0D8zvwdF+pDpjnccjH0d6qCOXQFWE
4XSlrQ5H4Mt8Fy1qSDBBeh4tXvc15M/adXWcoA4Nek4gqzAyHdjZB6eiaAcP0fYy
PNbxhvJtxvcViUQ+qnP72cd2C34c/dKhgVPUMimhW2f8sDpe+EH+TzLHHkDocFq/
2OWdwsfSt9r40GglUlB7X4LTbQIDAQABo4ICozCCAp8wHQYDVR0OBBYEFPIQzzIo
BIoZPNoJFoIeIEw1v1fUMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvQ0RDOTY2MUVF
MzUyMTFFREI3RjZCNDRFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQDBADfHeIwDAMEAN8d6wMEAN8d7jANBgkqhkiG9w0BAQsFAAOC
AQEAZyu53pQJIw1sFVcy2T91kHkP5mt9/URbDd9jBR71Cu5SqDB3fofON0ql1wPJ
4kSZI6W00AM/8qcg/sAIOSg/OaL6TngP0UtfdrqikPy7idj3v7rvVNNpcaCpuXxP
Y6FXcbW9hJIqOYaf0BRRy8Hna3HFc4MBHPPx7ZU+bwYV3acNemHOAtAzZMloe/Ku
HPj1QmW4MmvqkSHzxJ6NN+9e/kD8CyXSyZepYUlHOXkcV2Ts8nqxbt9F+y+eloyB
GH6QmuuRh9DP/i8/PFD7rXNE9phy3cHK1fqOLsYBZiwXiD0NkObMxWwwKg+Y7/Of
1lLsDxGE+2/pKUqhu37x6H84Bg==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:15 2023 by rpki-client on console-fra.rpki-client.org