Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F71E8/62B787A0EEE411E89E665D4DC4F9AE02/4F32C5E07CE511EC83489E2DC4F9AE02.roa
File: 4F32C5E07CE511EC83489E2DC4F9AE02.roa (raw, json)
Hash identifier: dam4I9iS0nDru59CjqH4QHrMUTqwXcQFSABoor5lg9g=
Subject key identifier: 49:DB:5F:71:75:48:9D:02:F3:F6:1F:49:1E:1B:60:B1:23:AE:0F:A9
Certificate issuer: /CN=A91F71E8/serialNumber=B3D793790E114AC8F8DC82BAE33C1D92BDBDB5EB
Certificate serial: 0434
Authority key identifier: B3:D7:93:79:0E:11:4A:C8:F8:DC:82:BA:E3:3C:1D:92:BD:BD:B5:EB
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/s9eTeQ4RSsj43IK64zwdkr29tes.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F71E8/62B787A0EEE411E89E665D4DC4F9AE02/4F32C5E07CE511EC83489E2DC4F9AE02.roa
Signing time: Mon 24 Jan 2022 07:14:46 +0000
ROA not before: Mon 24 Jan 2022 07:14:46 +0000
ROA not after: Fri 01 Jul 2022 00:00:00 +0000
asID: 134159
IP address blocks: 45.115.225.0/24 maxlen: 24
45.115.226.0/24 maxlen: 24
45.115.227.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1076 (0x434)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F71E8/serialNumber=B3D793790E114AC8F8DC82BAE33C1D92BDBDB5EB
Validity
Not Before: Jan 24 07:14:46 2022 GMT
Not After : Jul 1 00:00:00 2022 GMT
Subject: CN=61ee51e6-c53b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:46:c3:26:a0:76:47:7c:0f:36:53:e1:d0:e6:
89:34:b8:3d:6c:b7:bf:93:32:69:04:a5:22:75:54:
d4:28:4b:be:d3:2c:47:a9:30:9a:27:c0:67:23:d6:
e4:ac:91:60:bd:85:e3:1b:6e:91:0e:2f:12:3c:8f:
a8:7b:e1:ca:82:af:cf:c2:a8:b9:3f:32:8a:18:e3:
45:fa:f6:9c:cb:3d:64:13:cc:b6:da:20:63:10:29:
2b:de:ce:e7:20:33:b5:b6:a0:49:44:36:31:e0:43:
97:c6:12:8f:f7:c3:9b:be:e2:a2:e8:9d:12:54:1f:
0d:7a:71:ec:ba:0d:f0:94:1d:16:5f:1c:6b:52:af:
78:8a:85:f5:66:ca:9e:ee:4b:4a:3a:ad:a1:2d:df:
5a:68:14:c7:9f:f8:67:25:b6:63:3f:0c:e6:98:06:
ad:9f:c0:9a:3d:61:8b:22:ed:0c:fe:ed:16:b7:b5:
cf:8a:a9:58:15:64:bd:f1:b4:ea:02:06:e4:b7:1d:
cb:54:c5:cb:65:06:4c:09:9c:a7:46:c8:3f:e5:7c:
c6:ca:dd:5b:b2:c9:4b:04:b4:54:b4:c5:f1:ce:7b:
c9:b8:15:87:89:7c:1a:17:37:c5:1a:c1:39:14:36:
12:df:cf:73:dd:b7:c7:e3:02:8b:0f:f6:3b:cc:e2:
0a:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:DB:5F:71:75:48:9D:02:F3:F6:1F:49:1E:1B:60:B1:23:AE:0F:A9
X509v3 Authority Key Identifier:
keyid:B3:D7:93:79:0E:11:4A:C8:F8:DC:82:BA:E3:3C:1D:92:BD:BD:B5:EB
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F71E8/62B787A0EEE411E89E665D4DC4F9AE02/s9eTeQ4RSsj43IK64zwdkr29tes.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/s9eTeQ4RSsj43IK64zwdkr29tes.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F71E8/62B787A0EEE411E89E665D4DC4F9AE02/4F32C5E07CE511EC83489E2DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.115.225.0-45.115.227.255
Signature Algorithm: sha256WithRSAEncryption
8a:c3:ba:71:0d:1e:af:c2:80:65:5d:ca:70:0f:67:f7:aa:4c:
53:0c:9e:ba:ca:97:7a:dc:91:4e:fd:fa:e7:af:42:21:5e:13:
7d:2e:66:83:10:0a:35:c4:96:53:19:f0:da:d8:2a:66:b3:ee:
5e:b8:43:a9:80:be:72:be:46:25:ca:9d:81:b2:43:09:fa:a9:
b8:c4:51:5b:90:34:d1:79:6c:87:d7:66:27:58:cb:8a:22:82:
da:de:8b:c2:95:93:02:61:49:72:22:1f:7d:24:77:45:e0:e9:
fd:2e:d7:42:a4:85:53:82:d4:00:1c:8e:92:7e:14:88:6b:9e:
07:46:b1:c9:2b:d2:35:88:86:27:19:27:be:ee:f6:26:b9:86:
ea:b3:95:9b:b4:8d:aa:87:82:5a:0b:e0:b5:52:d3:e5:e9:8a:
f5:9d:30:40:87:10:2d:12:7e:24:be:3a:7d:ff:fe:d4:46:57:
34:c2:92:39:93:ed:29:db:48:75:7d:c0:d3:77:7f:98:44:ed:
7e:29:da:17:a1:18:83:9b:69:88:04:5a:a0:c0:61:b7:f4:67:
9f:44:a9:ee:39:24:13:38:8f:38:20:82:30:8f:41:5a:c3:e9:
db:40:c8:b2:19:fa:19:c9:9d:fb:a3:fe:b7:e9:d4:d9:ad:38:
3a:03:24:b2
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgICBDQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjcxRTgxMTAvBgNVBAUTKEIzRDc5Mzc5MEUxMTRBQzhGOERDODJCQUUzM0MxRDky
QkRCREI1RUIwHhcNMjIwMTI0MDcxNDQ2WhcNMjIwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MWVlNTFlNi1jNTNiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzUbDJqB2R3wPNlPh0OaJNLg9bLe/kzJpBKUidVTUKEu+0yxHqTCaJ8BnI9bk
rJFgvYXjG26RDi8SPI+oe+HKgq/Pwqi5PzKKGONF+vacyz1kE8y22iBjECkr3s7n
IDO1tqBJRDYx4EOXxhKP98ObvuKi6J0SVB8NenHsug3wlB0WXxxrUq94ioX1Zsqe
7ktKOq2hLd9aaBTHn/hnJbZjPwzmmAatn8CaPWGLIu0M/u0Wt7XPiqlYFWS98bTq
Agbktx3LVMXLZQZMCZynRsg/5XzGyt1bsslLBLRUtMXxznvJuBWHiXwaFzfFGsE5
FDYS389z3bfH4wKLD/Y7zOIKIQIDAQABo4ICnTCCApkwHQYDVR0OBBYEFEnbX3F1
SJ0C8/YfSR4bYLEjrg+pMB8GA1UdIwQYMBaAFLPXk3kOEUrI+NyCuuM8HZK9vbXr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNzFFOC82MkI3ODdBMEVF
RTQxMUU4OUU2NjVENERDNEY5QUUwMi9zOWVUZVE0UlNzajQzSUs2NHp3ZGtyMjl0
ZXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3M5ZVRlUTRSU3NqNDNJSzY0endka3IyOXRlcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjcxRTgvNjJCNzg3QTBFRUU0MTFFODlFNjY1RDREQzRGOUFFMDIvNEYzMkM1RTA3
Q0U1MTFFQzgzNDg5RTJEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQcBAf8E
GDAWMBQEAgABMA4wDAMEAC1z4QMEAi1z4DANBgkqhkiG9w0BAQsFAAOCAQEAisO6
cQ0er8KAZV3KcA9n96pMUwyeusqXetyRTv36569CIV4TfS5mgxAKNcSWUxnw2tgq
ZrPuXrhDqYC+cr5GJcqdgbJDCfqpuMRRW5A00Xlsh9dmJ1jLiiKC2t6LwpWTAmFJ
ciIffSR3ReDp/S7XQqSFU4LUAByOkn4UiGueB0axySvSNYiGJxknvu72JrmG6rOV
m7SNqoeCWgvgtVLT5emK9Z0wQIcQLRJ+JL46ff/+1EZXNMKSOZPtKdtIdX3A03d/
mETtfinaF6EYg5tpiARaoMBht/Rnn0Sp7jkkEziPOCCCMI9BWsPp20DIshn6Gcmd
+6P+t+nU2a04OgMksg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:51 2024 by rpki-client on console-fra.rpki-client.org