Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9130626/310572EAAF0911E9AF7C4444C4F9AE02/7CD0BE6AAB3711EB89567A6FC4F9AE02.roa
File: 7CD0BE6AAB3711EB89567A6FC4F9AE02.roa (raw, json)
Hash identifier: Ip9G8gB//IcAueBEQ9oukrssQ76v9jQOBl7DvrpdcqI=
Subject key identifier: 7F:75:FD:81:F1:B2:37:15:E4:91:40:57:10:C6:FB:0C:71:59:8E:74
Certificate issuer: /CN=A9130626/serialNumber=54CD681089E7F49552BAEC56A076B1ECF25EFE06
Certificate serial: 0582
Authority key identifier: 54:CD:68:10:89:E7:F4:95:52:BA:EC:56:A0:76:B1:EC:F2:5E:FE:06
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VM1oEInn9JVSuuxWoHax7PJe_gY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9130626/310572EAAF0911E9AF7C4444C4F9AE02/7CD0BE6AAB3711EB89567A6FC4F9AE02.roa
Signing time: Wed 02 Feb 2022 19:45:34 +0000
ROA not before: Wed 02 Feb 2022 19:45:34 +0000
ROA not after: Mon 01 May 2023 00:00:00 +0000
asID: 137425
IP address blocks: 103.85.32.0/24 maxlen: 24
103.85.33.0/24 maxlen: 24
103.85.34.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1410 (0x582)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9130626/serialNumber=54CD681089E7F49552BAEC56A076B1ECF25EFE06
Validity
Not Before: Feb 2 19:45:34 2022 GMT
Not After : May 1 00:00:00 2023 GMT
Subject: CN=61fadf5d-8009
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:66:5d:0c:d8:ad:8e:4d:0e:08:b0:51:13:21:
2c:1e:3b:76:1d:bf:88:32:2e:09:9f:5f:cb:2f:e1:
1b:14:29:5b:e4:b8:60:cf:80:de:1a:7d:de:2b:33:
8b:fd:86:16:d9:62:c9:2c:ab:a6:63:8a:6f:0a:14:
6f:b5:d8:df:0a:bd:25:37:d3:35:46:9d:a6:d3:2e:
df:53:dd:9c:0d:3c:5b:8f:48:91:ad:75:b7:a2:8c:
77:86:02:4f:dc:16:06:c1:be:27:95:b1:8c:de:f1:
1d:31:86:62:34:e5:96:2c:0f:67:01:b3:ad:ae:95:
a8:97:d5:ef:cb:c9:c9:be:f7:16:02:ea:9c:58:00:
ed:06:5a:03:0e:44:35:c4:d6:a3:b1:7c:90:ed:4e:
f7:f5:2a:32:61:38:40:76:47:5c:45:2a:fe:b0:8d:
ea:07:ac:01:68:8e:0f:06:bb:7e:46:6b:ab:15:df:
68:da:ad:ae:1b:01:be:c9:dc:d9:36:cf:88:b9:b8:
bb:81:c0:83:c7:47:f8:d3:48:80:3b:36:5f:bc:32:
52:a2:a2:09:19:c7:99:e2:3d:db:ec:56:22:b5:5c:
cc:18:b0:00:71:db:10:49:4b:df:7c:2b:09:3a:23:
98:f1:94:8f:1d:92:60:b9:fa:92:33:02:35:75:fd:
36:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:75:FD:81:F1:B2:37:15:E4:91:40:57:10:C6:FB:0C:71:59:8E:74
X509v3 Authority Key Identifier:
keyid:54:CD:68:10:89:E7:F4:95:52:BA:EC:56:A0:76:B1:EC:F2:5E:FE:06
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9130626/310572EAAF0911E9AF7C4444C4F9AE02/VM1oEInn9JVSuuxWoHax7PJe_gY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VM1oEInn9JVSuuxWoHax7PJe_gY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9130626/310572EAAF0911E9AF7C4444C4F9AE02/7CD0BE6AAB3711EB89567A6FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.85.32.0-103.85.34.255
Signature Algorithm: sha256WithRSAEncryption
a5:cf:4f:29:fe:05:4e:e1:f7:0b:97:d5:a3:f3:d6:01:72:13:
35:83:2c:56:dd:a2:7d:82:73:32:f0:22:b9:ee:9c:8f:46:9a:
c4:d9:6f:76:19:1a:2d:0e:fb:19:7a:78:5a:e5:95:a7:55:36:
04:e1:17:f5:c3:43:1d:b6:3f:17:d5:08:e3:78:6f:56:e5:da:
d8:f7:10:a8:30:29:d7:c8:9a:76:f9:09:24:5c:85:72:3a:69:
03:b0:d7:fe:3f:0a:eb:c6:f1:57:d1:f3:c6:38:02:8a:39:12:
c6:b4:fa:40:32:c5:e0:44:ee:bd:8e:88:a5:31:bc:1e:4e:ba:
64:06:45:52:f1:2f:8f:a7:5a:2a:58:8f:8c:58:d2:b5:34:f4:
a7:2d:40:cd:82:04:c7:33:45:a0:bc:ad:02:e7:e0:63:f2:a8:
90:f0:48:83:c9:5f:bf:98:0f:ae:19:16:14:fc:de:44:fe:b7:
0a:d9:40:d1:92:aa:06:46:1c:a2:e2:d9:4c:67:94:4d:87:13:
b4:66:ab:17:c1:57:c0:61:0c:1b:90:70:d1:29:0c:31:5f:48:
a5:ec:6c:0c:04:fd:5a:6c:56:b6:6b:36:d5:ba:06:53:d9:2c:
d4:e2:11:f7:5e:bb:96:82:70:6f:55:87:54:e5:93:8d:4a:ac:
2f:d3:4e:14
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgICBYIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzA2MjYxMTAvBgNVBAUTKDU0Q0Q2ODEwODlFN0Y0OTU1MkJBRUM1NkEwNzZCMUVD
RjI1RUZFMDYwHhcNMjIwMjAyMTk0NTM0WhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MWZhZGY1ZC04MDA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAp2ZdDNitjk0OCLBREyEsHjt2Hb+IMi4Jn1/LL+EbFClb5Lhgz4DeGn3eKzOL
/YYW2WLJLKumY4pvChRvtdjfCr0lN9M1Rp2m0y7fU92cDTxbj0iRrXW3oox3hgJP
3BYGwb4nlbGM3vEdMYZiNOWWLA9nAbOtrpWol9Xvy8nJvvcWAuqcWADtBloDDkQ1
xNajsXyQ7U739SoyYThAdkdcRSr+sI3qB6wBaI4PBrt+RmurFd9o2q2uGwG+ydzZ
Ns+Iubi7gcCDx0f400iAOzZfvDJSoqIJGceZ4j3b7FYitVzMGLAAcdsQSUvffCsJ
OiOY8ZSPHZJgufqSMwI1df02yQIDAQABo4ICnTCCApkwHQYDVR0OBBYEFH91/YHx
sjcV5JFAVxDG+wxxWY50MB8GA1UdIwQYMBaAFFTNaBCJ5/SVUrrsVqB2sezyXv4G
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzMDYyNi8zMTA1NzJFQUFG
MDkxMUU5QUY3QzQ0NDRDNEY5QUUwMi9WTTFvRUlubjlKVlN1dXhXb0hheDdQSmVf
Z1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1ZNMW9FSW5uOUpWU3V1eFdvSGF4N1BKZV9nWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzA2MjYvMzEwNTcyRUFBRjA5MTFFOUFGN0M0NDQ0QzRGOUFFMDIvN0NEMEJFNkFB
QjM3MTFFQjg5NTY3QTZGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQcBAf8E
GDAWMBQEAgABMA4wDAMEBWdVIAMEAGdVIjANBgkqhkiG9w0BAQsFAAOCAQEApc9P
Kf4FTuH3C5fVo/PWAXITNYMsVt2ifYJzMvAiue6cj0aaxNlvdhkaLQ77GXp4WuWV
p1U2BOEX9cNDHbY/F9UI43hvVuXa2PcQqDAp18iadvkJJFyFcjppA7DX/j8K68bx
V9HzxjgCijkSxrT6QDLF4ETuvY6IpTG8Hk66ZAZFUvEvj6daKliPjFjStTT0py1A
zYIExzNFoLytAufgY/KokPBIg8lfv5gPrhkWFPzeRP63CtlA0ZKqBkYcouLZTGeU
TYcTtGarF8FXwGEMG5Bw0SkMMV9IpexsDAT9WmxWtms21boGU9ks1OIR9167loJw
b1WHVOWTjUqsL9NOFA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:38 2023 by rpki-client on console-fra.rpki-client.org