Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9111DD6/3AD2F7F2D99111EB8A17D81BC4F9AE02/E4259BA8D99511EBBBFB5D50C4F9AE02.roa
File: E4259BA8D99511EBBBFB5D50C4F9AE02.roa (raw, json)
Hash identifier: UBcLSJ4EjHLfnRnn7RwSF74+hL7J+j+8/ttierkm4AI=
Subject key identifier: 45:86:9C:2B:28:09:D9:2E:B9:5C:EA:88:47:59:5A:A4:15:3A:E1:12
Certificate issuer: /CN=A9111DD6/serialNumber=78F340F1871B70627E0EC93E97D7D0D80C0AD021
Certificate serial: 010B
Authority key identifier: 78:F3:40:F1:87:1B:70:62:7E:0E:C9:3E:97:D7:D0:D8:0C:0A:D0:21
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ePNA8YcbcGJ-Dsk-l9fQ2AwK0CE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9111DD6/3AD2F7F2D99111EB8A17D81BC4F9AE02/E4259BA8D99511EBBBFB5D50C4F9AE02.roa
Signing time: Thu 11 Nov 2021 15:31:34 +0000
ROA not before: Thu 11 Nov 2021 15:31:34 +0000
ROA not after: Fri 30 Dec 2022 00:00:00 +0000
asID: 131111
IP address blocks: 103.76.20.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 267 (0x10b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9111DD6/serialNumber=78F340F1871B70627E0EC93E97D7D0D80C0AD021
Validity
Not Before: Nov 11 15:31:34 2021 GMT
Not After : Dec 30 00:00:00 2022 GMT
Subject: CN=618d3755-905a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:37:99:55:61:c7:7d:cb:8b:a4:0f:7e:e4:19:
a9:55:04:8d:de:bf:88:37:e1:25:c8:ff:99:03:a8:
16:72:62:ba:c4:b3:f6:7d:e2:55:0b:f3:f2:c1:27:
f7:8e:e1:6c:02:a7:13:d7:5a:70:d3:15:95:86:62:
da:33:35:a3:6d:da:f8:56:7f:a2:84:1b:50:69:17:
77:23:ea:9c:04:7b:6f:72:c9:e1:71:1e:e9:17:b9:
87:61:5b:7d:0d:9f:7f:53:63:05:15:a6:91:0f:64:
f0:04:61:70:d9:0d:d1:b8:1d:90:44:4f:48:c9:c4:
3a:3e:7c:25:0f:22:62:b6:58:c1:9d:2d:d7:3e:51:
e0:30:b4:48:5b:4f:52:ad:8c:70:58:82:fd:e6:32:
5e:19:dd:fc:60:e7:62:22:7a:14:2f:7a:5f:89:0b:
ed:fb:9e:40:8b:61:7f:1a:39:ca:6e:39:54:c9:f6:
ae:d0:d8:2b:d1:5c:87:8f:73:56:e9:5d:ef:db:0a:
4e:b1:26:23:5b:fe:c1:73:6c:3a:92:90:d5:1a:eb:
1a:7b:47:de:3e:06:e9:d5:58:3a:77:64:ab:87:91:
b6:e8:c2:69:58:fa:47:90:7e:fa:5b:90:35:e6:84:
8b:86:5d:50:e0:a8:3a:c9:1b:1a:4d:cf:1b:33:69:
47:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:86:9C:2B:28:09:D9:2E:B9:5C:EA:88:47:59:5A:A4:15:3A:E1:12
X509v3 Authority Key Identifier:
keyid:78:F3:40:F1:87:1B:70:62:7E:0E:C9:3E:97:D7:D0:D8:0C:0A:D0:21
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9111DD6/3AD2F7F2D99111EB8A17D81BC4F9AE02/ePNA8YcbcGJ-Dsk-l9fQ2AwK0CE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ePNA8YcbcGJ-Dsk-l9fQ2AwK0CE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9111DD6/3AD2F7F2D99111EB8A17D81BC4F9AE02/E4259BA8D99511EBBBFB5D50C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.76.20.0/22
Signature Algorithm: sha256WithRSAEncryption
5d:03:5c:fb:65:9e:14:2e:03:67:ec:0c:48:b8:06:a8:1c:07:
6e:dd:5e:86:39:ce:42:07:f5:a4:59:40:b0:d0:fb:bb:a1:54:
95:19:44:26:9b:6f:d8:19:f2:37:96:ba:02:42:1d:6d:57:c1:
09:18:db:40:b0:b1:74:89:7f:58:f0:91:cf:2f:b3:f7:aa:f8:
b9:12:22:f3:8d:1d:a9:42:02:80:86:42:8f:81:52:1c:52:d9:
06:a2:cf:4f:a3:d7:43:68:ac:7f:78:18:46:98:05:56:02:94:
17:13:4b:2e:5f:e9:fa:f1:ec:bb:e0:83:52:47:2b:29:07:6b:
d5:66:e7:38:3e:0e:54:a0:63:4c:95:d9:34:4f:68:9e:56:35:
e6:ef:52:4e:9c:0f:0e:99:5c:54:ac:2f:0d:86:56:e7:58:93:
11:07:23:83:64:c6:de:6f:96:09:49:a8:c6:f6:85:c5:57:47:
3c:64:7b:c2:47:c9:e0:01:ee:5a:13:e0:3a:e3:0f:70:eb:ba:
4d:7b:70:12:df:b7:39:45:b9:2c:d2:9b:75:31:87:86:fa:d7:
cf:e3:14:d6:fe:1c:42:8a:7e:e6:b2:1f:39:3e:ca:10:da:c8:
c6:43:32:4a:64:8d:bf:b0:c1:b4:f3:66:e2:2a:52:47:c4:44:
b9:ef:a8:2c
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAQswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTFERDYxMTAvBgNVBAUTKDc4RjM0MEYxODcxQjcwNjI3RTBFQzkzRTk3RDdEMEQ4
MEMwQUQwMjEwHhcNMjExMTExMTUzMTM0WhcNMjIxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MThkMzc1NS05MDVhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnzeZVWHHfcuLpA9+5BmpVQSN3r+IN+ElyP+ZA6gWcmK6xLP2feJVC/PywSf3
juFsAqcT11pw0xWVhmLaMzWjbdr4Vn+ihBtQaRd3I+qcBHtvcsnhcR7pF7mHYVt9
DZ9/U2MFFaaRD2TwBGFw2Q3RuB2QRE9IycQ6PnwlDyJitljBnS3XPlHgMLRIW09S
rYxwWIL95jJeGd38YOdiInoUL3pfiQvt+55Ai2F/GjnKbjlUyfau0Ngr0VyHj3NW
6V3v2wpOsSYjW/7Bc2w6kpDVGusae0fePgbp1Vg6d2Srh5G26MJpWPpHkH76W5A1
5oSLhl1Q4Kg6yRsaTc8bM2lHjQIDAQABo4IClTCCApEwHQYDVR0OBBYEFEWGnCso
CdkuuVzqiEdZWqQVOuESMB8GA1UdIwQYMBaAFHjzQPGHG3Bifg7JPpfX0NgMCtAh
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExMURENi8zQUQyRjdGMkQ5
OTExMUVCOEExN0Q4MUJDNEY5QUUwMi9lUE5BOFljYmNHSi1Ec2stbDlmUTJBd0sw
Q0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2VQTkE4WWNiY0dKLURzay1sOWZRMkF3SzBDRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTFERDYvM0FEMkY3RjJEOTkxMTFFQjhBMTdEODFCQzRGOUFFMDIvRTQyNTlCQThE
OTk1MTFFQkJCRkI1RDUwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnTBQwDQYJKoZIhvcNAQELBQADggEBAF0DXPtlnhQuA2fs
DEi4BqgcB27dXoY5zkIH9aRZQLDQ+7uhVJUZRCabb9gZ8jeWugJCHW1XwQkY20Cw
sXSJf1jwkc8vs/eq+LkSIvONHalCAoCGQo+BUhxS2Qaiz0+j10NorH94GEaYBVYC
lBcTSy5f6frx7Lvgg1JHKykHa9Vm5zg+DlSgY0yV2TRPaJ5WNebvUk6cDw6ZXFSs
Lw2GVudYkxEHI4Nkxt5vlglJqMb2hcVXRzxke8JHyeAB7loT4DrjD3Druk17cBLf
tzlFuSzSm3Uxh4b618/jFNb+HEKKfuayHzk+yhDayMZDMkpkjb+wwbTzZuIqUkfE
RLnvqCw=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:33 2023 by rpki-client on console-ams.rpki-client.org