Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91731EA/9AF3ED285EEC11E6886EC51BC4F9AE02/A21B69E4CD6811E99B70AE36C4F9AE02.roa
File: A21B69E4CD6811E99B70AE36C4F9AE02.roa (raw, json)
Hash identifier: p/N3eXgcaMZGeex+iXMNIGr2cBsJpcSzEdV33NKLf6g=
Subject key identifier: 16:3E:18:9B:58:12:4A:9E:40:D2:EB:A5:DF:75:3F:99:D1:76:85:C5
Certificate issuer: /CN=A91731EA/serialNumber=D56792D597E9CDD02BFC16D0B492DA3DAAE080FC
Certificate serial: 1DDD
Authority key identifier: D5:67:92:D5:97:E9:CD:D0:2B:FC:16:D0:B4:92:DA:3D:AA:E0:80:FC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1WeS1ZfpzdAr_BbQtJLaParggPw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91731EA/9AF3ED285EEC11E6886EC51BC4F9AE02/A21B69E4CD6811E99B70AE36C4F9AE02.roa
Signing time: Wed 04 Oct 2023 16:33:18 +0000
ROA not before: Wed 04 Oct 2023 16:33:18 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 45424
IP address blocks: 103.213.124.0/22 maxlen: 22
103.213.124.0/24 maxlen: 24
103.213.125.0/24 maxlen: 24
103.213.126.0/24 maxlen: 24
103.213.127.0/24 maxlen: 24
182.54.156.0/22 maxlen: 22
182.54.156.0/24 maxlen: 24
182.54.157.0/24 maxlen: 24
182.54.158.0/24 maxlen: 24
182.54.159.0/24 maxlen: 24
202.129.248.0/22 maxlen: 22
202.129.248.0/24 maxlen: 24
202.129.249.0/24 maxlen: 24
202.129.250.0/24 maxlen: 24
202.129.251.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7645 (0x1ddd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91731EA/serialNumber=D56792D597E9CDD02BFC16D0B492DA3DAAE080FC
Validity
Not Before: Oct 4 16:33:18 2023 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=651d93ce-0c95
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:2e:2b:ca:ee:ec:78:85:73:29:13:a9:3f:e7:
a5:38:0c:c4:65:0c:43:ae:7d:d8:df:8e:ba:4d:c5:
d2:83:80:f7:a4:45:1e:ef:6e:b2:0a:2d:df:44:12:
d2:c1:10:aa:c9:5a:27:b4:03:93:14:d7:db:5d:74:
8c:4a:2f:67:b2:f3:77:59:8d:b1:d4:03:1d:61:69:
6c:22:e7:f6:c6:87:1d:c4:c4:0f:78:5e:72:5e:7e:
55:e0:e8:d0:b5:a5:42:d1:c6:44:f5:09:2b:97:26:
7d:75:08:c5:58:a0:46:e6:c4:7f:f6:5b:d4:aa:d0:
9f:e5:89:e5:4d:7c:a3:4e:95:de:eb:da:bd:8d:bb:
0a:5a:28:3c:c7:d9:3d:d0:1e:60:71:64:7c:d9:21:
86:35:df:a6:57:6d:0c:54:2f:73:7c:af:27:7a:3d:
af:b6:d0:49:d6:56:94:d9:73:00:09:33:d1:55:e9:
47:e4:ca:bd:be:0b:15:0c:ad:dc:f7:c8:ca:15:f2:
8e:69:f0:8b:32:28:cb:02:2a:2e:ed:38:eb:fc:f1:
0e:9d:f7:0c:8b:58:30:50:2c:7a:67:f4:58:44:00:
98:96:13:ab:62:99:41:52:72:91:b9:8f:41:95:77:
e6:9c:d9:01:5e:c9:2a:76:cc:91:e6:f9:a1:f2:da:
48:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:3E:18:9B:58:12:4A:9E:40:D2:EB:A5:DF:75:3F:99:D1:76:85:C5
X509v3 Authority Key Identifier:
keyid:D5:67:92:D5:97:E9:CD:D0:2B:FC:16:D0:B4:92:DA:3D:AA:E0:80:FC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91731EA/9AF3ED285EEC11E6886EC51BC4F9AE02/1WeS1ZfpzdAr_BbQtJLaParggPw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1WeS1ZfpzdAr_BbQtJLaParggPw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91731EA/9AF3ED285EEC11E6886EC51BC4F9AE02/A21B69E4CD6811E99B70AE36C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.213.124.0/22
182.54.156.0/22
202.129.248.0/22
Signature Algorithm: sha256WithRSAEncryption
9b:cb:4e:f3:ba:b6:df:e2:f1:a2:60:cd:6c:aa:c4:b9:fc:24:
05:41:54:aa:a5:5d:91:11:a2:f8:a4:e0:a6:8a:b0:3c:fd:c2:
af:1a:7e:2d:09:4d:f2:89:a8:ea:f0:e0:f6:58:46:fa:5f:f2:
2e:ef:04:5c:48:13:37:24:c9:7b:70:39:fe:74:ab:06:ab:90:
e2:ab:42:ca:bf:e7:51:ec:17:86:20:3a:87:0a:6b:48:6c:a2:
c1:90:8a:b6:7b:fe:4e:f6:6c:f8:c5:33:31:0e:f3:ac:0b:27:
fb:8f:18:29:70:e1:87:6a:02:ed:4d:1a:a8:aa:7a:b9:f8:53:
b3:0a:22:c3:1a:09:5a:40:fa:7e:8e:6f:b7:74:ac:bf:ca:28:
76:2d:14:93:a9:2d:76:f9:56:ed:e3:de:3d:47:ea:13:34:2b:
56:7e:ef:b4:b1:41:0e:74:bd:ca:e7:4f:ff:d6:2d:52:ba:83:
d4:7c:21:56:2b:bf:b0:cd:3a:7a:8c:2a:b4:24:c8:b7:ef:eb:
75:b8:fa:32:69:66:b1:b3:9f:c0:39:15:30:61:e0:0b:0b:7c:
b2:7e:78:ab:33:81:e5:e1:84:f5:2e:70:00:eb:10:c6:04:4a:
07:70:59:39:3f:16:8e:8c:f1:82:13:63:b3:d7:57:42:d3:95:
9e:22:28:a6
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICHd0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzMxRUExMTAvBgNVBAUTKEQ1Njc5MkQ1OTdFOUNERDAyQkZDMTZEMEI0OTJEQTNE
QUFFMDgwRkMwHhcNMjMxMDA0MTYzMzE4WhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTFkOTNjZS0wYzk1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApi4ryu7seIVzKROpP+elOAzEZQxDrn3Y3466TcXSg4D3pEUe726yCi3fRBLS
wRCqyVontAOTFNfbXXSMSi9nsvN3WY2x1AMdYWlsIuf2xocdxMQPeF5yXn5V4OjQ
taVC0cZE9QkrlyZ9dQjFWKBG5sR/9lvUqtCf5YnlTXyjTpXe69q9jbsKWig8x9k9
0B5gcWR82SGGNd+mV20MVC9zfK8nej2vttBJ1laU2XMACTPRVelH5Mq9vgsVDK3c
98jKFfKOafCLMijLAiou7Tjr/PEOnfcMi1gwUCx6Z/RYRACYlhOrYplBUnKRuY9B
lXfmnNkBXskqdsyR5vmh8tpIRwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFBY+GJtY
EkqeQNLrpd91P5nRdoXFMB8GA1UdIwQYMBaAFNVnktWX6c3QK/wW0LSS2j2q4ID8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MzFFQS85QUYzRUQyODVF
RUMxMUU2ODg2RUM1MUJDNEY5QUUwMi8xV2VTMVpmcHpkQXJfQmJRdEpMYVBhcmdn
UHcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzFXZVMxWmZwemRBcl9CYlF0SkxhUGFyZ2dQdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzMxRUEvOUFGM0VEMjg1RUVDMTFFNjg4NkVDNTFCQzRGOUFFMDIvQTIxQjY5RTRD
RDY4MTFFOTlCNzBBRTM2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAJn1XwDBAK2NpwDBALKgfgwDQYJKoZIhvcNAQELBQADggEB
AJvLTvO6tt/i8aJgzWyqxLn8JAVBVKqlXZERovik4KaKsDz9wq8afi0JTfKJqOrw
4PZYRvpf8i7vBFxIEzckyXtwOf50qwarkOKrQsq/51HsF4YgOocKa0hsosGQirZ7
/k72bPjFMzEO86wLJ/uPGClw4YdqAu1NGqiqern4U7MKIsMaCVpA+n6Ob7d0rL/K
KHYtFJOpLXb5Vu3j3j1H6hM0K1Z+77SxQQ50vcrnT//WLVK6g9R8IVYrv7DNOnqM
KrQkyLfv63W4+jJpZrGzn8A5FTBh4AsLfLJ+eKszgeXhhPUucADrEMYESgdwWTk/
Fo6M8YITY7PXV0LTlZ4iKKY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:11 2024 by rpki-client on console-fra.rpki-client.org