Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E4845/400153B6D2EB11E5B4D15A4EC4F9AE02/D07510F0B8BC11E7B9988F33C4F9AE02.roa
File: D07510F0B8BC11E7B9988F33C4F9AE02.roa (raw, json)
Hash identifier: AurOE+5xxXECulknFc4FIYAqEzq6uMUVeBPRox1QnIY=
Subject key identifier: C2:02:FB:E8:CF:A9:87:D7:CF:EC:B4:22:7A:6F:91:28:B3:5F:75:41
Certificate issuer: /CN=A91E4845/serialNumber=01A412EF416C884F6F637F1BDA800EB6EF67B6D6
Certificate serial: 1FE5
Authority key identifier: 01:A4:12:EF:41:6C:88:4F:6F:63:7F:1B:DA:80:0E:B6:EF:67:B6:D6
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/AaQS70FsiE9vY38b2oAOtu9nttY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E4845/400153B6D2EB11E5B4D15A4EC4F9AE02/D07510F0B8BC11E7B9988F33C4F9AE02.roa
Signing time: Sat 12 Nov 2022 16:42:40 +0000
ROA not before: Sat 12 Nov 2022 16:42:40 +0000
ROA not after: Wed 31 Jan 2024 00:00:00 +0000
asID: 134712
IP address blocks: 103.197.152.0/22 maxlen: 22
103.197.152.0/24 maxlen: 24
103.197.153.0/24 maxlen: 24
103.197.154.0/24 maxlen: 24
103.197.155.0/24 maxlen: 24
220.158.204.0/22 maxlen: 22
220.158.204.0/24 maxlen: 24
220.158.205.0/24 maxlen: 24
220.158.206.0/24 maxlen: 24
220.158.207.0/24 maxlen: 24
2405:d340::/32 maxlen: 32
2405:d340::/48 maxlen: 48
2405:d340:1::/48 maxlen: 48
2405:d340:2::/48 maxlen: 48
2405:d340:3::/48 maxlen: 48
2405:d340:4::/48 maxlen: 48
2405:d340:5::/48 maxlen: 48
2405:d340:6::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8165 (0x1fe5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E4845/serialNumber=01A412EF416C884F6F637F1BDA800EB6EF67B6D6
Validity
Not Before: Nov 12 16:42:40 2022 GMT
Not After : Jan 31 00:00:00 2024 GMT
Subject: CN=636fcd00-321f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:24:83:36:2e:6a:71:d0:48:8a:32:50:3e:24:
09:bf:92:b1:31:67:76:71:57:19:dc:34:e5:5f:55:
ff:59:92:ec:c8:a4:48:d8:6c:69:09:f7:a5:4f:19:
b7:a6:5b:06:b0:06:91:65:31:8f:a7:a9:4b:50:07:
03:1f:63:68:50:a9:1c:f9:30:7e:07:86:15:47:d6:
5e:9f:6d:f2:6f:26:7c:25:42:d4:0b:18:f7:a3:23:
f9:de:2a:98:7b:99:3c:4c:5e:0b:c2:11:cf:db:89:
6a:59:40:e7:26:a3:5c:31:82:ee:42:f5:cc:28:e8:
e1:75:8b:85:23:bd:c2:23:84:f0:9c:b4:cf:f5:d1:
e8:a1:32:bd:fb:d5:b0:4c:25:31:57:18:1f:6e:66:
66:ec:76:ba:5d:bb:29:46:ed:59:78:94:00:58:b4:
01:97:e4:41:26:80:2a:34:3c:f0:e8:13:34:35:d6:
c0:d5:f7:bf:43:96:11:cb:5c:c3:0c:3f:8d:4f:66:
e7:70:f7:1b:47:55:d9:3f:7b:72:a5:ba:0a:1b:0f:
54:4a:5f:d7:7d:e2:74:25:43:1e:d4:f3:e8:b5:aa:
92:c4:b5:96:4a:c0:56:49:a7:f1:1b:b4:92:72:3f:
6b:69:bd:eb:4a:cd:c6:16:0d:a3:43:96:83:20:19:
94:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:02:FB:E8:CF:A9:87:D7:CF:EC:B4:22:7A:6F:91:28:B3:5F:75:41
X509v3 Authority Key Identifier:
keyid:01:A4:12:EF:41:6C:88:4F:6F:63:7F:1B:DA:80:0E:B6:EF:67:B6:D6
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E4845/400153B6D2EB11E5B4D15A4EC4F9AE02/AaQS70FsiE9vY38b2oAOtu9nttY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/AaQS70FsiE9vY38b2oAOtu9nttY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E4845/400153B6D2EB11E5B4D15A4EC4F9AE02/D07510F0B8BC11E7B9988F33C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.197.152.0/22
220.158.204.0/22
IPv6:
2405:d340::/32
Signature Algorithm: sha256WithRSAEncryption
56:28:18:d6:5a:d8:10:a6:9e:eb:db:34:1e:b2:2f:ef:fa:f4:
13:76:5a:0b:9b:e0:81:2c:dc:d3:92:a8:bb:04:f0:cf:67:fd:
68:d2:70:9e:7d:13:98:9a:55:35:ab:ee:eb:f8:e5:e1:09:08:
8f:19:ca:e2:fc:3a:c5:72:83:fe:dd:f0:24:28:72:4c:69:50:
3d:47:03:ca:52:b0:6b:97:2f:04:41:d7:9f:7b:b5:78:87:6e:
92:eb:a0:28:28:c7:a9:24:60:8a:09:b0:c1:95:b4:f7:d7:b7:
97:89:5c:6c:79:c2:7e:49:b7:dc:76:6f:bc:3b:c3:4e:93:d5:
d8:c5:f0:8a:d9:3e:b0:70:97:d0:e9:f5:d7:b2:f9:af:46:53:
f6:b0:e9:d0:94:37:53:f6:b0:de:ab:00:aa:c1:c4:ab:f2:24:
96:f0:ee:1e:c3:28:a0:23:48:f5:7f:46:22:8e:99:cb:1a:d0:
19:0a:e4:31:ec:a2:3d:19:58:78:aa:5a:0c:47:2b:05:76:df:
52:71:cd:84:af:ca:58:de:3b:dd:74:1e:13:b8:59:96:d5:6e:
fe:d5:35:de:61:b7:16:c8:9c:a9:cc:58:90:63:bb:28:03:a5:
bb:a7:25:00:33:f0:e5:08:fa:0b:c3:5a:88:76:20:27:f2:ff:
9b:6c:6f:05
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICH+UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTQ4NDUxMTAvBgNVBAUTKDAxQTQxMkVGNDE2Qzg4NEY2RjYzN0YxQkRBODAwRUI2
RUY2N0I2RDYwHhcNMjIxMTEyMTY0MjQwWhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzZmY2QwMC0zMjFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwCSDNi5qcdBIijJQPiQJv5KxMWd2cVcZ3DTlX1X/WZLsyKRI2GxpCfelTxm3
plsGsAaRZTGPp6lLUAcDH2NoUKkc+TB+B4YVR9Zen23ybyZ8JULUCxj3oyP53iqY
e5k8TF4LwhHP24lqWUDnJqNcMYLuQvXMKOjhdYuFI73CI4TwnLTP9dHooTK9+9Ww
TCUxVxgfbmZm7Ha6XbspRu1ZeJQAWLQBl+RBJoAqNDzw6BM0NdbA1fe/Q5YRy1zD
DD+NT2bncPcbR1XZP3typboKGw9USl/XfeJ0JUMe1PPotaqSxLWWSsBWSafxG7SS
cj9rab3rSs3GFg2jQ5aDIBmUqwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFMIC++jP
qYfXz+y0InpvkSizX3VBMB8GA1UdIwQYMBaAFAGkEu9BbIhPb2N/G9qADrbvZ7bW
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNDg0NS80MDAxNTNCNkQy
RUIxMUU1QjREMTVBNEVDNEY5QUUwMi9BYVFTNzBGc2lFOXZZMzhiMm9BT3R1OW50
dFkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0FhUVM3MEZzaUU5dlkzOGIyb0FPdHU5bnR0WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTQ4NDUvNDAwMTUzQjZEMkVCMTFFNUI0RDE1QTRFQzRGOUFFMDIvRDA3NTEwRjBC
OEJDMTFFN0I5OTg4RjMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJnxZgDBALcnswwDQQCAAIwBwMFACQF00AwDQYJKoZIhvcN
AQELBQADggEBAFYoGNZa2BCmnuvbNB6yL+/69BN2Wgub4IEs3NOSqLsE8M9n/WjS
cJ59E5iaVTWr7uv45eEJCI8ZyuL8OsVyg/7d8CQockxpUD1HA8pSsGuXLwRB1597
tXiHbpLroCgox6kkYIoJsMGVtPfXt5eJXGx5wn5Jt9x2b7w7w06T1djF8IrZPrBw
l9Dp9dey+a9GU/aw6dCUN1P2sN6rAKrBxKvyJJbw7h7DKKAjSPV/RiKOmcsa0BkK
5DHsoj0ZWHiqWgxHKwV231JxzYSvyljeO910HhO4WZbVbv7VNd5htxbInKnMWJBj
uygDpbunJQAz8OUI+gvDWoh2ICfy/5tsbwU=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:35:37 2023 by rpki-client on console.sobornost.net