Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91522E0/C9B90FF8468811EAACF18A28C4F9AE02/4ED444D649A611EEA16E2533C4F9AE02.roa
File: 4ED444D649A611EEA16E2533C4F9AE02.roa (raw, json)
Hash identifier: KSVkdiVUnBiuDhIBeqsZ/IXwlViNTr5AZsuswLnuviQ=
Subject key identifier: 08:04:B3:71:21:11:54:DE:E8:35:67:C7:9B:98:C0:6F:52:E7:65:C3
Certificate issuer: /CN=A91522E0/serialNumber=4F32ECFF8CD46C3EC03FA75E1008F4AA9A0CF893
Certificate serial: 0AB1
Authority key identifier: 4F:32:EC:FF:8C:D4:6C:3E:C0:3F:A7:5E:10:08:F4:AA:9A:0C:F8:93
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TzLs_4zUbD7AP6deEAj0qpoM-JM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91522E0/C9B90FF8468811EAACF18A28C4F9AE02/4ED444D649A611EEA16E2533C4F9AE02.roa
Signing time: Sat 30 Nov 2024 19:38:28 +0000
ROA not before: Sat 30 Nov 2024 19:38:28 +0000
ROA not after: Sat 31 Jan 2026 00:00:00 +0000
asID: 131243
IP address blocks: 103.103.99.0/24 maxlen: 24
2001:df3:500::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2737 (0xab1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91522E0
Validity
Not Before: Nov 30 19:38:28 2024 GMT
Not After : Jan 31 00:00:00 2026 GMT
Subject: CN=674b69b4-3079
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:07:e5:67:5a:31:2a:13:29:64:11:09:ab:3e:
71:c0:e4:8a:a1:9c:1f:9d:94:72:30:bf:e3:9d:fa:
6f:8e:fb:34:cc:77:08:3c:f0:cb:65:77:84:dc:60:
1a:cf:17:46:cb:e1:a1:54:ee:0c:f7:45:23:e6:9b:
1f:ba:e8:bc:1d:55:fe:0f:1b:66:fa:99:6d:e5:da:
6c:45:ae:48:a5:71:a8:29:94:9a:ad:8e:02:da:ae:
a8:db:2b:45:39:cb:41:5b:4d:73:b5:5c:06:ff:e0:
11:41:8c:ab:37:b1:24:60:40:d9:91:33:89:29:ca:
e6:62:56:48:bb:95:df:af:0d:87:1e:7c:02:3e:6e:
75:f6:01:48:ca:95:63:23:44:62:84:d1:f7:58:ae:
b9:da:e6:ba:ca:0d:33:44:63:af:1c:c9:1a:3a:7f:
0b:64:74:30:c2:fe:14:6a:3c:13:37:e5:eb:f7:cb:
3d:ea:40:f4:5a:04:8b:63:fc:6e:21:4e:ba:3c:88:
33:62:c0:6a:96:f4:6c:9f:1b:71:5d:22:c2:72:77:
51:da:dc:8d:8b:74:34:bd:57:d7:eb:05:6a:0d:4a:
92:17:5b:bd:0a:69:e8:6a:6d:6e:27:d0:69:95:25:
a2:e9:05:73:12:c5:0c:50:f5:c0:16:8b:e0:2a:5e:
0d:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:04:B3:71:21:11:54:DE:E8:35:67:C7:9B:98:C0:6F:52:E7:65:C3
X509v3 Authority Key Identifier:
keyid:4F:32:EC:FF:8C:D4:6C:3E:C0:3F:A7:5E:10:08:F4:AA:9A:0C:F8:93
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91522E0/C9B90FF8468811EAACF18A28C4F9AE02/TzLs_4zUbD7AP6deEAj0qpoM-JM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TzLs_4zUbD7AP6deEAj0qpoM-JM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91522E0/C9B90FF8468811EAACF18A28C4F9AE02/4ED444D649A611EEA16E2533C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.103.99.0/24
IPv6:
2001:df3:500::/48
Signature Algorithm: sha256WithRSAEncryption
24:c7:23:3a:02:55:aa:4e:ba:09:58:3b:8a:ba:35:b0:68:ed:
af:db:30:f2:c5:86:1f:c0:8a:1f:54:6c:6c:02:ea:37:5e:97:
c1:a1:4d:c4:48:5b:fa:21:8f:8d:d0:97:32:b2:c0:2d:6b:87:
82:ae:5e:d3:18:d5:b2:a7:cb:fc:a9:81:ab:bc:ba:c9:f7:2c:
10:82:f6:4a:ce:18:96:25:84:2d:63:f2:a7:e3:64:d8:04:a6:
92:68:e9:ed:32:61:0d:cd:ca:63:e2:e4:2e:c7:1f:b4:aa:b0:
7c:b5:d1:4c:66:ea:6f:7d:92:ba:c0:66:93:20:ee:15:68:9b:
a4:e0:f2:24:7a:ec:f2:e8:37:ac:67:70:93:8a:c4:7a:7c:39:
e5:b1:cc:2a:b2:15:71:d5:ad:ef:29:69:b4:74:da:2d:5d:7f:
3e:7b:01:f9:de:d1:cb:78:d0:af:77:d1:f5:ab:df:39:f2:ee:
e4:10:ed:65:4b:e0:36:66:4b:bd:fd:15:37:4c:dc:12:15:3d:
23:ca:4c:52:37:cf:a5:aa:9b:38:ca:8a:7b:dc:4d:4f:0a:3a:
21:a1:91:03:5d:13:ef:94:b8:da:03:aa:09:0d:a3:b0:a3:41:
c4:e3:50:60:d1:c8:0f:66:05:e5:13:31:58:30:34:ab:ee:b3:
65:df:9f:5b
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICCrEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTIyRTAxMTAvBgNVBAUTKDRGMzJFQ0ZGOENENDZDM0VDMDNGQTc1RTEwMDhGNEFB
OUEwQ0Y4OTMwHhcNMjQxMTMwMTkzODI4WhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzRiNjliNC0zMDc5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0wflZ1oxKhMpZBEJqz5xwOSKoZwfnZRyML/jnfpvjvs0zHcIPPDLZXeE3GAa
zxdGy+GhVO4M90Uj5psfuui8HVX+Dxtm+plt5dpsRa5IpXGoKZSarY4C2q6o2ytF
OctBW01ztVwG/+ARQYyrN7EkYEDZkTOJKcrmYlZIu5Xfrw2HHnwCPm519gFIypVj
I0RihNH3WK652ua6yg0zRGOvHMkaOn8LZHQwwv4UajwTN+Xr98s96kD0WgSLY/xu
IU66PIgzYsBqlvRsnxtxXSLCcndR2tyNi3Q0vVfX6wVqDUqSF1u9Cmnoam1uJ9Bp
lSWi6QVzEsUMUPXAFovgKl4NrwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFAgEs3Eh
EVTe6DVnx5uYwG9S52XDMB8GA1UdIwQYMBaAFE8y7P+M1Gw+wD+nXhAI9KqaDPiT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MjJFMC9DOUI5MEZGODQ2
ODgxMUVBQUNGMThBMjhDNEY5QUUwMi9UekxzXzR6VWJEN0FQNmRlRUFqMHFwb00t
Sk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1R6THNfNHpVYkQ3QVA2ZGVFQWowcXBvTS1KTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTIyRTAvQzlCOTBGRjg0Njg4MTFFQUFDRjE4QTI4QzRGOUFFMDIvNEVENDQ0RDY0
OUE2MTFFRUExNkUyNTMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBABnZ2MwDwQCAAIwCQMHACABDfMFADANBgkqhkiG9w0BAQsF
AAOCAQEAJMcjOgJVqk66CVg7iro1sGjtr9sw8sWGH8CKH1RsbALqN16XwaFNxEhb
+iGPjdCXMrLALWuHgq5e0xjVsqfL/KmBq7y6yfcsEIL2Ss4YliWELWPyp+Nk2ASm
kmjp7TJhDc3KY+LkLscftKqwfLXRTGbqb32SusBmkyDuFWibpODyJHrs8ug3rGdw
k4rEenw55bHMKrIVcdWt7ylptHTaLV1/PnsB+d7Ry3jQr3fR9avfOfLu5BDtZUvg
NmZLvf0VN0zcEhU9I8pMUjfPpaqbOMqKe9xNTwo6IaGRA10T75S42gOqCQ2jsKNB
xONQYNHID2YF5RMxWDA0q+6zZd+fWw==
-----END CERTIFICATE-----
Generated at Sat Apr 5 22:16:19 2025 by rpki-client