Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/32C6BB4ADAAE11E9A0D2D77BC4F9AE02.roa
File: 32C6BB4ADAAE11E9A0D2D77BC4F9AE02.roa (raw, json)
Hash identifier: yqJyYjKyzahSTCNGDZUMFjaaf/5GWl9bwHDS0Si/Tf8=
Subject key identifier: 9E:A4:EA:25:B0:AB:84:A9:71:3D:01:AF:5B:8B:B2:EA:11:E4:D3:FA
Certificate issuer: /CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Certificate serial: 164C
Authority key identifier: C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/32C6BB4ADAAE11E9A0D2D77BC4F9AE02.roa
Signing time: Thu 16 Feb 2023 05:05:13 +0000
ROA not before: Thu 16 Feb 2023 05:05:13 +0000
ROA not after: Wed 01 May 2024 00:00:00 +0000
asID: 4739
IP address blocks: 203.28.168.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5708 (0x164c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Validity
Not Before: Feb 16 05:05:13 2023 GMT
Not After : May 1 00:00:00 2024 GMT
Subject: CN=63edb989-25d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:f0:30:c2:2d:33:e1:31:ee:e0:b5:67:ba:fe:
b0:2f:04:90:04:e5:d0:02:e3:33:a1:b3:bb:63:f9:
be:05:fe:ce:d5:14:fa:f3:4c:56:7b:ef:79:62:18:
b5:73:bf:d3:4f:b0:2f:31:26:40:0c:8f:ac:29:42:
21:61:5f:87:07:b6:65:7a:a5:f5:9c:f4:bc:2c:da:
f4:b6:11:76:f8:64:4f:43:50:7e:78:90:fc:f8:83:
30:bc:76:36:a1:4d:13:11:cd:0d:f5:06:a5:a4:ca:
b6:13:0b:8e:96:8f:20:a7:63:2b:f7:85:ea:97:7a:
53:8a:80:85:ca:27:14:3d:ee:1f:23:23:ca:ce:96:
a2:e2:39:3f:b8:f0:88:25:5e:4c:60:f3:8e:89:08:
24:c5:11:5d:7c:d4:69:ca:d3:ae:6f:12:bf:a1:7c:
cf:66:0a:cd:6f:f4:f0:be:26:7c:26:d9:2f:4b:a1:
34:c1:aa:5a:31:5f:a9:35:e0:79:4b:d1:82:7e:c9:
21:50:00:b4:24:03:9c:3d:f8:77:4f:0f:43:e8:2a:
5b:8d:8e:ee:a2:72:b7:4d:c3:9a:b7:11:4e:99:c4:
61:c9:dc:d4:cc:15:c0:db:71:4f:60:97:fb:26:38:
c7:76:4d:6e:3a:e7:c3:b2:60:68:3a:dc:c6:c2:48:
bc:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:A4:EA:25:B0:AB:84:A9:71:3D:01:AF:5B:8B:B2:EA:11:E4:D3:FA
X509v3 Authority Key Identifier:
keyid:C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/32C6BB4ADAAE11E9A0D2D77BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
203.28.168.0/24
Signature Algorithm: sha256WithRSAEncryption
7e:d6:67:73:6f:66:fe:67:ef:13:0f:a8:28:f2:92:f3:0f:32:
08:11:f6:a0:c7:22:65:da:4b:0f:bc:b6:0d:11:f0:84:9c:cf:
5a:a0:78:56:76:5e:00:2d:d2:8e:25:cc:a1:49:10:20:9c:d2:
39:8b:36:fe:74:08:93:0d:b3:63:99:56:ea:6b:fd:96:d9:8c:
a1:c2:9d:3d:52:3f:0b:5a:3b:df:1d:ba:8a:0e:17:9e:e7:2f:
67:31:41:08:e3:16:19:7f:5b:f1:07:83:f3:92:05:79:b2:87:
bd:46:4f:5f:f7:bc:7b:b7:4a:dc:44:d9:6d:b2:b1:ec:a1:8d:
1f:cb:52:73:65:99:c7:24:6f:3a:bf:2e:1e:bf:11:f7:e8:7f:
38:f3:43:42:ad:ec:08:dd:87:1f:ea:18:7c:94:fe:71:17:76:
51:fd:c9:37:fb:72:65:a2:4e:3f:25:eb:db:8c:cd:1d:94:87:
a8:1e:46:8c:f3:a0:20:2c:82:ab:ca:d9:9e:3b:e3:e8:0f:f2:
59:f4:27:2c:23:87:b2:b9:3d:f2:0b:d9:db:f8:09:be:fd:f2:
c9:80:97:c3:8e:fb:62:7a:e9:6d:6e:7e:6d:5c:7a:f6:eb:ba:
84:37:f4:26:21:4f:d0:a7:6c:9b:a8:b4:fe:89:3a:cf:6d:77:
39:5e:51:d7
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICFkwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUFFM0QxMTAvBgNVBAUTKEM3MjY5QjEyNEM0MjBDNTVFMjlGQjUxRDNDMUIwRDlE
NDc2Q0JEMDAwHhcNMjMwMjE2MDUwNTEzWhcNMjQwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2VkYjk4OS0yNWQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr/Awwi0z4THu4LVnuv6wLwSQBOXQAuMzobO7Y/m+Bf7O1RT680xWe+95Yhi1
c7/TT7AvMSZADI+sKUIhYV+HB7ZleqX1nPS8LNr0thF2+GRPQ1B+eJD8+IMwvHY2
oU0TEc0N9QalpMq2EwuOlo8gp2Mr94Xql3pTioCFyicUPe4fIyPKzpai4jk/uPCI
JV5MYPOOiQgkxRFdfNRpytOubxK/oXzPZgrNb/TwviZ8JtkvS6E0wapaMV+pNeB5
S9GCfskhUAC0JAOcPfh3Tw9D6CpbjY7uonK3TcOatxFOmcRhydzUzBXA23FPYJf7
JjjHdk1uOufDsmBoOtzGwki8kQIDAQABo4IClTCCApEwHQYDVR0OBBYEFJ6k6iWw
q4SpcT0Br1uLsuoR5NP6MB8GA1UdIwQYMBaAFMcmmxJMQgxV4p+1HTwbDZ1HbL0A
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQUUzRC85N0I2RTBDRTc1
REUxMUU4QjcwNEEyNDZDNEY5QUUwMi94eWFiRWt4Q0RGWGluN1VkUEJzTm5VZHN2
UUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3h5YWJFa3hDREZYaW43VWRQQnNOblVkc3ZRQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUFFM0QvOTdCNkUwQ0U3NURFMTFFOEI3MDRBMjQ2QzRGOUFFMDIvMzJDNkJCNEFE
QUFFMTFFOUEwRDJENzdCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADLHKgwDQYJKoZIhvcNAQELBQADggEBAH7WZ3NvZv5n7xMP
qCjykvMPMggR9qDHImXaSw+8tg0R8IScz1qgeFZ2XgAt0o4lzKFJECCc0jmLNv50
CJMNs2OZVupr/ZbZjKHCnT1SPwtaO98duooOF57nL2cxQQjjFhl/W/EHg/OSBXmy
h71GT1/3vHu3StxE2W2yseyhjR/LUnNlmcckbzq/Lh6/EffofzjzQ0Kt7Ajdhx/q
GHyU/nEXdlH9yTf7cmWiTj8l69uMzR2Uh6geRozzoCAsgqvK2Z474+gP8ln0Jywj
h7K5PfIL2dv4Cb798smAl8OO+2J66W1ufm1cevbruoQ39CYhT9CnbJuotP6JOs9t
dzleUdc=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:35:54 2023 by rpki-client on console.sobornost.net