Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A912A2F7/CB4BDD74F4D411E9B8D9A145C4F9AE02/129CB12AF4D611E9965EE249C4F9AE02.roa
File: 129CB12AF4D611E9965EE249C4F9AE02.roa (raw, json)
Hash identifier: fN6RWnLpS62BDWRmdw/F1SMFgLM4bE8hO2WkywXt2Lg=
Subject key identifier: 4A:F3:2E:14:CE:0C:33:AE:CA:43:5C:6C:8A:6A:F5:FF:A6:F0:2A:C6
Certificate issuer: /CN=A912A2F7/serialNumber=205610732CBDB0D834847F2B93A0A0CAB0FD5DF4
Certificate serial: 0AB8
Authority key identifier: 20:56:10:73:2C:BD:B0:D8:34:84:7F:2B:93:A0:A0:CA:B0:FD:5D:F4
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IFYQcyy9sNg0hH8rk6CgyrD9XfQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A912A2F7/CB4BDD74F4D411E9B8D9A145C4F9AE02/129CB12AF4D611E9965EE249C4F9AE02.roa
Signing time: Tue 08 Nov 2022 19:46:28 +0000
ROA not before: Tue 08 Nov 2022 19:46:28 +0000
ROA not after: Wed 31 Jan 2024 00:00:00 +0000
asID: 58717
IP address blocks: 103.199.84.0/22 maxlen: 22
103.199.84.0/23 maxlen: 23
103.199.84.0/24 maxlen: 24
103.199.85.0/24 maxlen: 24
103.199.86.0/23 maxlen: 23
103.199.86.0/24 maxlen: 24
103.199.87.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2744 (0xab8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A912A2F7/serialNumber=205610732CBDB0D834847F2B93A0A0CAB0FD5DF4
Validity
Not Before: Nov 8 19:46:28 2022 GMT
Not After : Jan 31 00:00:00 2024 GMT
Subject: CN=636ab214-acd3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:75:fa:b2:69:3b:af:bf:7a:24:c4:c9:86:37:
d7:c6:c9:c9:72:dd:16:46:c7:48:37:37:03:d1:46:
2a:4d:fc:55:2f:25:3f:14:a2:03:9c:eb:19:d0:c1:
22:d5:1d:49:d4:83:ac:cd:fa:66:bf:25:bb:4e:b7:
80:3b:44:08:7c:60:73:c2:2a:02:c3:34:10:31:f1:
37:ad:98:28:46:4d:46:b6:04:06:b2:61:32:82:7b:
81:d2:da:7e:b1:35:e2:08:4a:fb:91:49:c7:78:24:
86:77:29:1d:18:51:b2:0e:d5:1b:7a:f0:60:20:e9:
30:28:2f:6d:c4:f0:dd:6b:8d:01:cd:f9:af:6d:af:
a0:8c:f1:6e:0f:92:c3:e1:ec:43:36:e6:02:6c:a6:
5f:37:01:69:57:81:64:46:32:27:38:3a:75:07:0d:
e9:01:3c:8c:dc:b2:be:1e:a2:bf:33:9c:ba:d9:67:
4c:46:f8:55:35:f5:52:b4:cb:33:d8:ec:c3:ef:a4:
d6:6e:f5:c9:e1:2b:ef:dc:bc:6f:f9:0c:c1:b0:10:
e0:f1:a8:9e:20:19:79:b6:83:81:3a:ec:d3:34:e0:
ce:e6:cc:65:82:9d:cb:86:99:78:13:ed:48:a6:b4:
d3:ed:5d:ff:07:24:bc:6d:e3:cc:28:8e:ea:f2:e1:
d6:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:F3:2E:14:CE:0C:33:AE:CA:43:5C:6C:8A:6A:F5:FF:A6:F0:2A:C6
X509v3 Authority Key Identifier:
keyid:20:56:10:73:2C:BD:B0:D8:34:84:7F:2B:93:A0:A0:CA:B0:FD:5D:F4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A912A2F7/CB4BDD74F4D411E9B8D9A145C4F9AE02/IFYQcyy9sNg0hH8rk6CgyrD9XfQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IFYQcyy9sNg0hH8rk6CgyrD9XfQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912A2F7/CB4BDD74F4D411E9B8D9A145C4F9AE02/129CB12AF4D611E9965EE249C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.199.84.0/22
Signature Algorithm: sha256WithRSAEncryption
03:b4:f0:be:09:c0:55:27:2a:ba:e1:e8:50:f4:36:09:64:c4:
01:3b:97:ee:e5:6b:56:4d:6a:f1:3e:e1:20:ad:63:89:cd:03:
af:e4:6d:e1:6d:84:2b:d1:8d:1f:f3:b2:e2:c1:e2:a8:30:d7:
64:4e:ce:08:aa:85:3a:94:15:da:61:e8:28:30:74:e4:84:24:
e1:19:bf:2d:3b:83:e8:62:a8:db:70:a6:0c:00:e3:a8:f9:ca:
50:ac:8d:18:2f:d9:52:be:bc:60:2c:04:11:34:e5:6c:28:95:
c9:d9:2b:a1:c5:ef:65:9e:a4:2a:74:e7:ec:d9:28:90:ac:6d:
65:d4:24:c1:09:75:82:57:25:99:5d:e3:36:22:9a:7b:a7:44:
d7:e3:32:1f:12:f1:03:88:aa:a6:22:89:01:49:5f:2a:10:e7:
1d:9c:56:88:12:a6:d4:e7:11:7d:d7:8e:8a:93:0e:20:21:13:
ef:c7:62:7c:1d:dd:8c:09:e6:7d:16:2d:42:1f:c0:bd:49:e8:
88:21:b8:ae:e6:6b:4d:b3:5e:bd:15:00:ad:12:43:25:16:45:
2d:0b:b5:2b:14:52:89:4a:f6:39:f2:33:70:66:7a:0c:91:01:
23:fa:78:3e:5d:be:cb:d7:d3:d9:ef:58:4b:4c:13:1d:d4:d4:
fc:48:aa:e9
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCrgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkEyRjcxMTAvBgNVBAUTKDIwNTYxMDczMkNCREIwRDgzNDg0N0YyQjkzQTBBMENB
QjBGRDVERjQwHhcNMjIxMTA4MTk0NjI4WhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzZhYjIxNC1hY2QzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAv3X6smk7r796JMTJhjfXxsnJct0WRsdINzcD0UYqTfxVLyU/FKIDnOsZ0MEi
1R1J1IOszfpmvyW7TreAO0QIfGBzwioCwzQQMfE3rZgoRk1GtgQGsmEygnuB0tp+
sTXiCEr7kUnHeCSGdykdGFGyDtUbevBgIOkwKC9txPDda40Bzfmvba+gjPFuD5LD
4exDNuYCbKZfNwFpV4FkRjInODp1Bw3pATyM3LK+HqK/M5y62WdMRvhVNfVStMsz
2OzD76TWbvXJ4Svv3Lxv+QzBsBDg8aieIBl5toOBOuzTNODO5sxlgp3Lhpl4E+1I
prTT7V3/ByS8bePMKI7q8uHWcwIDAQABo4IClTCCApEwHQYDVR0OBBYEFErzLhTO
DDOuykNcbIpq9f+m8CrGMB8GA1UdIwQYMBaAFCBWEHMsvbDYNIR/K5OgoMqw/V30
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyQTJGNy9DQjRCREQ3NEY0
RDQxMUU5QjhEOUExNDVDNEY5QUUwMi9JRllRY3l5OXNOZzBoSDhyazZDZ3lyRDlY
ZlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0lGWVFjeXk5c05nMGhIOHJrNkNneXJEOVhmUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkEyRjcvQ0I0QkRENzRGNEQ0MTFFOUI4RDlBMTQ1QzRGOUFFMDIvMTI5Q0IxMkFG
NEQ2MTFFOTk2NUVFMjQ5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnx1QwDQYJKoZIhvcNAQELBQADggEBAAO08L4JwFUnKrrh
6FD0NglkxAE7l+7la1ZNavE+4SCtY4nNA6/kbeFthCvRjR/zsuLB4qgw12ROzgiq
hTqUFdph6CgwdOSEJOEZvy07g+hiqNtwpgwA46j5ylCsjRgv2VK+vGAsBBE05Wwo
lcnZK6HF72WepCp05+zZKJCsbWXUJMEJdYJXJZld4zYimnunRNfjMh8S8QOIqqYi
iQFJXyoQ5x2cVogSptTnEX3XjoqTDiAhE+/HYnwd3YwJ5n0WLUIfwL1J6IghuK7m
a02zXr0VAK0SQyUWRS0LtSsUUolK9jnyM3BmegyRASP6eD5dvsvX09nvWEtMEx3U
1PxIquk=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:35 2023 by rpki-client on console-ams.rpki-client.org