Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F71E8/62B787A0EEE411E89E665D4DC4F9AE02/8E3564C8E17611ECBD70B57DC4F9AE02.roa
File: 8E3564C8E17611ECBD70B57DC4F9AE02.roa (raw, json)
Hash identifier: bbRwaP4Z1Q4KS37/GmwXloQDilFjHyGTPCSJtUHFlvQ=
Subject key identifier: 0E:25:A5:93:8F:56:80:DE:4C:59:7C:63:B7:85:E1:A1:5B:0F:58:BA
Certificate issuer: /CN=A91F71E8/serialNumber=B3D793790E114AC8F8DC82BAE33C1D92BDBDB5EB
Certificate serial: 0572
Authority key identifier: B3:D7:93:79:0E:11:4A:C8:F8:DC:82:BA:E3:3C:1D:92:BD:BD:B5:EB
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/s9eTeQ4RSsj43IK64zwdkr29tes.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F71E8/62B787A0EEE411E89E665D4DC4F9AE02/8E3564C8E17611ECBD70B57DC4F9AE02.roa
Signing time: Mon 20 Jun 2022 18:26:50 +0000
ROA not before: Mon 20 Jun 2022 18:26:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 134159
IP address blocks: 45.115.224.0/24 maxlen: 24
45.115.225.0/24 maxlen: 24
45.115.226.0/24 maxlen: 24
45.115.227.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1394 (0x572)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F71E8/serialNumber=B3D793790E114AC8F8DC82BAE33C1D92BDBDB5EB
Validity
Not Before: Jun 20 18:26:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=62b0bbea-1365
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:8b:05:85:d7:7f:19:51:ca:85:45:28:e6:13:
d4:22:8e:6b:3e:fa:22:98:8c:f0:e1:f5:45:90:6a:
f9:c0:80:c5:24:13:15:96:a3:2c:d0:c0:30:44:7a:
12:cf:cc:ab:94:4d:a3:ae:6f:63:fb:09:36:12:b0:
bd:a1:01:33:b4:96:91:94:68:a6:dd:aa:7b:58:35:
21:90:92:ce:62:4d:58:5d:61:a5:56:11:6c:d6:3a:
7f:11:6d:1c:1b:89:b0:62:56:c1:d8:16:d9:35:0d:
36:e6:f7:3d:10:56:dc:15:db:85:53:bd:56:2d:7e:
b2:af:f4:28:e5:c1:40:32:d4:2e:f7:80:f0:64:3e:
45:4f:e5:8b:d5:6b:d3:8e:fd:ef:aa:a3:8c:4e:c0:
80:cd:b0:f0:56:28:d9:13:0e:58:96:7a:85:fd:07:
68:57:6b:ec:29:38:44:d7:9d:ca:e0:05:b3:48:b0:
af:9a:46:f3:fe:f2:09:f9:74:df:f8:7e:38:10:9e:
8f:8e:ee:90:8b:51:eb:b2:43:56:67:2b:2e:3a:94:
24:81:98:12:af:af:70:18:54:4b:b7:53:a4:e2:1c:
43:13:14:68:71:ee:23:6b:2f:37:de:07:d7:f8:22:
01:2d:69:14:2c:da:bf:fd:d6:34:0a:a3:a5:29:94:
5e:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:25:A5:93:8F:56:80:DE:4C:59:7C:63:B7:85:E1:A1:5B:0F:58:BA
X509v3 Authority Key Identifier:
keyid:B3:D7:93:79:0E:11:4A:C8:F8:DC:82:BA:E3:3C:1D:92:BD:BD:B5:EB
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F71E8/62B787A0EEE411E89E665D4DC4F9AE02/s9eTeQ4RSsj43IK64zwdkr29tes.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/s9eTeQ4RSsj43IK64zwdkr29tes.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F71E8/62B787A0EEE411E89E665D4DC4F9AE02/8E3564C8E17611ECBD70B57DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.115.224.0/22
Signature Algorithm: sha256WithRSAEncryption
56:74:e8:10:82:e8:54:88:72:b4:5e:8c:40:d1:50:00:5a:df:
3d:f8:58:c3:96:16:ab:3b:1d:6d:49:8d:2b:40:5d:3d:bb:d9:
33:26:56:9d:f0:9b:88:20:3e:73:79:63:27:ab:80:72:c6:19:
03:58:eb:9f:10:f3:a3:57:72:61:27:b6:c9:55:d7:1e:46:91:
b9:61:4d:c1:8e:51:5e:b9:32:4c:af:01:44:7f:79:ae:af:cc:
d4:7f:36:03:f0:31:a1:6c:a8:dd:a6:07:96:65:c8:a8:7c:eb:
79:11:f7:18:56:ab:b9:ad:e4:05:02:dd:95:d4:52:44:3e:24:
f0:6a:a6:c5:9f:de:ec:f2:05:dc:50:85:40:c1:1f:bd:fa:8d:
d8:40:4c:55:ab:96:d4:33:8b:18:33:ad:75:78:4f:c8:dc:1a:
d4:e1:d5:c3:c1:e1:c2:4c:ac:eb:be:94:1e:4c:19:a7:11:f2:
95:7a:ec:63:98:93:f2:67:a9:ca:fc:69:49:a6:47:72:7c:b6:
3f:c9:2e:ef:a7:1d:0a:b2:1c:d7:48:60:e2:e4:57:86:0d:da:
4d:a4:83:e6:93:12:d8:88:2b:95:f8:4e:ca:04:91:00:58:56:
4f:cd:f0:7f:2b:10:b0:cb:7f:5a:3e:77:38:fb:dc:23:a7:43:
36:0a:a6:d9
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBXIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjcxRTgxMTAvBgNVBAUTKEIzRDc5Mzc5MEUxMTRBQzhGOERDODJCQUUzM0MxRDky
QkRCREI1RUIwHhcNMjIwNjIwMTgyNjUwWhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmIwYmJlYS0xMzY1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoYsFhdd/GVHKhUUo5hPUIo5rPvoimIzw4fVFkGr5wIDFJBMVlqMs0MAwRHoS
z8yrlE2jrm9j+wk2ErC9oQEztJaRlGim3ap7WDUhkJLOYk1YXWGlVhFs1jp/EW0c
G4mwYlbB2BbZNQ025vc9EFbcFduFU71WLX6yr/Qo5cFAMtQu94DwZD5FT+WL1WvT
jv3vqqOMTsCAzbDwVijZEw5YlnqF/QdoV2vsKThE153K4AWzSLCvmkbz/vIJ+XTf
+H44EJ6Pju6Qi1HrskNWZysuOpQkgZgSr69wGFRLt1Ok4hxDExRoce4jay833gfX
+CIBLWkULNq//dY0CqOlKZReEQIDAQABo4IClTCCApEwHQYDVR0OBBYEFA4lpZOP
VoDeTFl8Y7eF4aFbD1i6MB8GA1UdIwQYMBaAFLPXk3kOEUrI+NyCuuM8HZK9vbXr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNzFFOC82MkI3ODdBMEVF
RTQxMUU4OUU2NjVENERDNEY5QUUwMi9zOWVUZVE0UlNzajQzSUs2NHp3ZGtyMjl0
ZXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3M5ZVRlUTRSU3NqNDNJSzY0endka3IyOXRlcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjcxRTgvNjJCNzg3QTBFRUU0MTFFODlFNjY1RDREQzRGOUFFMDIvOEUzNTY0QzhF
MTc2MTFFQ0JENzBCNTdEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAItc+AwDQYJKoZIhvcNAQELBQADggEBAFZ06BCC6FSIcrRe
jEDRUABa3z34WMOWFqs7HW1JjStAXT272TMmVp3wm4ggPnN5YyergHLGGQNY658Q
86NXcmEntslV1x5GkblhTcGOUV65MkyvAUR/ea6vzNR/NgPwMaFsqN2mB5ZlyKh8
63kR9xhWq7mt5AUC3ZXUUkQ+JPBqpsWf3uzyBdxQhUDBH736jdhATFWrltQzixgz
rXV4T8jcGtTh1cPB4cJMrOu+lB5MGacR8pV67GOYk/Jnqcr8aUmmR3J8tj/JLu+n
HQqyHNdIYOLkV4YN2k2kg+aTEtiIK5X4TsoEkQBYVk/N8H8rELDLf1o+dzj73COn
QzYKptk=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:13 2023 by rpki-client on console-ams.rpki-client.org