Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917A220/00EE08D6412811EA8E5E4B83C4F9AE02/798D71EEAC9711EE967F901EC4F9AE02.roa
File: 798D71EEAC9711EE967F901EC4F9AE02.roa (raw, json)
Hash identifier: DelbbkPX3A+GiecKxnqia65zVQydU5w2QzFD0GQYvrw=
Subject key identifier: 0F:9C:90:AC:02:54:85:FA:35:08:65:34:01:E9:FB:B3:5A:78:BD:80
Certificate issuer: /CN=A917A220/serialNumber=5F6AECA272D56C98494A10A5A5897E2C2CF95F01
Certificate serial: 68
Authority key identifier: 5F:6A:EC:A2:72:D5:6C:98:49:4A:10:A5:A5:89:7E:2C:2C:F9:5F:01
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/X2rsonLVbJhJShClpYl-LCz5XwE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917A220/00EE08D6412811EA8E5E4B83C4F9AE02/798D71EEAC9711EE967F901EC4F9AE02.roa
Signing time: Sat 06 Jan 2024 13:28:27 +0000
ROA not before: Sat 06 Jan 2024 13:28:27 +0000
ROA not after: Sun 02 Mar 2025 00:00:00 +0000
asID: 138465
IP address blocks: 103.126.48.0/22 maxlen: 22
103.126.48.0/23 maxlen: 23
103.126.48.0/24 maxlen: 24
103.126.49.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 104 (0x68)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917A220/serialNumber=5F6AECA272D56C98494A10A5A5897E2C2CF95F01
Validity
Not Before: Jan 6 13:28:27 2024 GMT
Not After : Mar 2 00:00:00 2025 GMT
Subject: CN=6599557b-f2c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:f5:e5:36:4d:03:06:8b:37:b9:ec:44:19:6a:
c1:d1:e3:a5:26:b7:96:86:5b:09:5b:ed:27:b0:26:
65:80:5d:5f:fa:dc:ce:ff:e2:f7:24:27:a9:74:47:
d1:02:cf:33:47:8f:69:46:dc:e2:17:51:42:bb:ba:
3a:fd:ae:a0:11:b3:4b:06:ec:ba:f5:c7:a3:13:f2:
9c:c4:23:46:48:dd:b3:bc:d3:f0:bd:13:2b:22:c0:
9c:6a:83:8d:5b:34:64:ea:37:56:61:c5:3c:a7:bf:
33:d5:ae:be:38:eb:d2:57:e0:20:0c:12:ad:af:6b:
6d:1c:b6:a6:cc:97:67:c3:3c:6c:7b:ce:a6:20:9b:
05:09:63:0b:39:77:7f:ef:bc:14:f8:4f:16:d4:99:
7b:76:3d:ec:62:33:2c:cf:ee:6f:53:bf:fa:df:f0:
12:a8:da:19:05:6b:2f:43:f3:7d:65:7b:83:6b:9f:
99:14:0b:03:f6:96:d4:04:52:4f:9e:ee:f9:7b:5c:
2c:15:13:c2:6e:70:1c:d1:f4:e0:e3:2f:1a:89:f8:
8f:12:d9:cd:1b:dc:d9:42:41:03:f4:06:68:ed:d6:
20:98:d4:b8:9b:f6:88:86:8b:4a:21:7a:c0:ce:0f:
9c:88:9e:b1:f8:bf:d9:5b:4a:71:d3:45:97:72:1f:
71:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:9C:90:AC:02:54:85:FA:35:08:65:34:01:E9:FB:B3:5A:78:BD:80
X509v3 Authority Key Identifier:
keyid:5F:6A:EC:A2:72:D5:6C:98:49:4A:10:A5:A5:89:7E:2C:2C:F9:5F:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917A220/00EE08D6412811EA8E5E4B83C4F9AE02/X2rsonLVbJhJShClpYl-LCz5XwE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/X2rsonLVbJhJShClpYl-LCz5XwE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917A220/00EE08D6412811EA8E5E4B83C4F9AE02/798D71EEAC9711EE967F901EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.126.48.0/22
Signature Algorithm: sha256WithRSAEncryption
91:8a:ab:a3:1b:14:7a:eb:f5:c4:90:b0:af:76:22:5f:16:2f:
38:53:03:df:11:5c:03:23:da:8a:eb:3b:45:84:c8:c9:0b:9c:
52:61:da:69:50:9c:0c:ae:d4:62:a0:5f:9c:b4:c6:0f:af:51:
fc:ca:99:3d:e0:27:a7:fe:a0:d5:87:e2:0e:74:e7:ff:68:6e:
df:40:b3:65:59:53:d8:ca:9f:49:d6:8f:2f:ba:e1:63:fd:d6:
e2:00:86:e1:ca:5a:6a:4b:df:c8:4b:a1:29:71:6b:38:11:75:
5f:26:35:ed:2f:ea:f2:95:a5:6b:87:cf:d8:28:d0:84:9d:69:
b0:a3:08:83:6b:da:a4:ed:7c:27:68:69:f5:f1:f4:8f:64:5b:
a9:48:bf:53:de:73:a7:8b:e1:3e:ce:93:43:1b:eb:b8:24:90:
86:39:12:0b:9e:be:de:ca:31:0e:ae:3b:5f:49:70:98:0c:c2:
88:2f:5b:aa:6b:c2:9a:0d:6e:8d:f8:a4:c1:bf:09:74:e5:0e:
e8:67:c2:4f:59:0a:2b:3b:64:d4:f7:83:2f:8b:27:c9:e6:98:
aa:f3:98:ec:02:ab:9e:73:05:fe:35:7a:e9:af:f5:e5:76:d9:
c2:f1:54:61:1b:1f:dd:9e:a1:4e:96:8a:92:5f:0d:2e:f6:4f:
3e:9c:55:1b
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBaDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE3
QTIyMDExMC8GA1UEBRMoNUY2QUVDQTI3MkQ1NkM5ODQ5NEExMEE1QTU4OTdFMkMy
Q0Y5NUYwMTAeFw0yNDAxMDYxMzI4MjdaFw0yNTAzMDIwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1OTk1NTdiLWYyYzkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC+9eU2TQMGize57EQZasHR46Umt5aGWwlb7SewJmWAXV/63M7/4vckJ6l0R9EC
zzNHj2lG3OIXUUK7ujr9rqARs0sG7Lr1x6MT8pzEI0ZI3bO80/C9EysiwJxqg41b
NGTqN1ZhxTynvzPVrr4469JX4CAMEq2va20ctqbMl2fDPGx7zqYgmwUJYws5d3/v
vBT4TxbUmXt2PexiMyzP7m9Tv/rf8BKo2hkFay9D831le4Nrn5kUCwP2ltQEUk+e
7vl7XCwVE8JucBzR9ODjLxqJ+I8S2c0b3NlCQQP0Bmjt1iCY1Lib9oiGi0ohesDO
D5yInrH4v9lbSnHTRZdyH3H5AgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUD5yQrAJU
hfo1CGU0Aen7s1p4vYAwHwYDVR0jBBgwFoAUX2rsonLVbJhJShClpYl+LCz5XwEw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTdBMjIwLzAwRUUwOEQ2NDEy
ODExRUE4RTVFNEI4M0M0RjlBRTAyL1gycnNvbkxWYkpoSlNoQ2xwWWwtTEN6NVh3
RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvWDJyc29uTFZiSmhKU2hDbHBZbC1MQ3o1WHdFLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3
QTIyMC8wMEVFMDhENjQxMjgxMUVBOEU1RTRCODNDNEY5QUUwMi83OThENzFFRUFD
OTcxMUVFOTY3RjkwMUVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAmd+MDANBgkqhkiG9w0BAQsFAAOCAQEAkYqroxsUeuv1xJCw
r3YiXxYvOFMD3xFcAyPaius7RYTIyQucUmHaaVCcDK7UYqBfnLTGD69R/MqZPeAn
p/6g1YfiDnTn/2hu30CzZVlT2MqfSdaPL7rhY/3W4gCG4cpaakvfyEuhKXFrOBF1
XyY17S/q8pWla4fP2CjQhJ1psKMIg2vapO18J2hp9fH0j2RbqUi/U95zp4vhPs6T
QxvruCSQhjkSC56+3soxDq47X0lwmAzCiC9bqmvCmg1ujfikwb8JdOUO6GfCT1kK
Kztk1PeDL4snyeaYqvOY7AKrnnMF/jV66a/15XbZwvFUYRsf3Z6hTpaKkl8NLvZP
PpxVGw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:22 2024 by rpki-client on console-ams.rpki-client.org