Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917A220/00EE08D6412811EA8E5E4B83C4F9AE02/9FB0602E1E4F11EEAF576919C4F9AE02.roa
File: 9FB0602E1E4F11EEAF576919C4F9AE02.roa (raw, json)
Hash identifier: HW82+KSQOxHmSK8MRd//NgUmFNirxum1DJnLRDxA1ww=
Subject key identifier: 5E:73:11:F6:0E:DD:F1:BB:0E:00:E6:23:21:1A:0D:67:67:93:CC:83
Certificate issuer: /CN=A917A220/serialNumber=5F6AECA272D56C98494A10A5A5897E2C2CF95F01
Certificate serial: 62
Authority key identifier: 5F:6A:EC:A2:72:D5:6C:98:49:4A:10:A5:A5:89:7E:2C:2C:F9:5F:01
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/X2rsonLVbJhJShClpYl-LCz5XwE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917A220/00EE08D6412811EA8E5E4B83C4F9AE02/9FB0602E1E4F11EEAF576919C4F9AE02.roa
Signing time: Thu 04 Jan 2024 20:18:27 +0000
ROA not before: Thu 04 Jan 2024 20:18:27 +0000
ROA not after: Sun 02 Mar 2025 00:00:00 +0000
asID: 138465
IP address blocks: 103.126.48.0/22 maxlen: 22
103.126.48.0/23 maxlen: 23
103.126.48.0/24 maxlen: 24
103.126.49.0/24 maxlen: 24
103.126.50.0/23 maxlen: 23
103.126.50.0/24 maxlen: 24
103.126.51.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 98 (0x62)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917A220/serialNumber=5F6AECA272D56C98494A10A5A5897E2C2CF95F01
Validity
Not Before: Jan 4 20:18:27 2024 GMT
Not After : Mar 2 00:00:00 2025 GMT
Subject: CN=65971292-20b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:59:f5:cd:78:1f:25:1e:b0:e8:18:d1:2c:0f:
74:ab:26:4c:5d:57:6f:41:67:ed:d3:5a:b7:f5:31:
f4:0d:40:97:03:17:55:c2:27:16:75:c3:d2:74:58:
30:4e:04:d9:f4:21:cb:86:b9:42:36:c7:6f:82:32:
8a:95:0e:5a:07:88:da:17:28:91:64:90:a5:dd:3b:
11:7e:e9:16:2f:14:83:14:04:d3:6f:56:e8:79:56:
c6:75:38:a1:eb:28:1d:f7:5a:42:f0:04:6a:d4:83:
42:c1:bc:33:06:87:78:93:7d:13:14:55:19:13:c7:
b3:b8:fc:0c:84:29:7f:4e:51:24:a5:83:43:14:b3:
7b:08:f2:e2:da:af:92:45:26:24:de:20:73:43:7a:
96:ed:b3:4c:30:fa:54:82:8b:ba:0f:22:32:d3:0e:
ae:f2:21:5f:36:62:58:c5:6f:5d:2c:c2:f1:e5:07:
6d:34:0b:5c:71:af:9d:83:82:07:88:e2:9c:93:b1:
aa:82:19:1f:8f:aa:ba:f9:1e:10:45:70:c0:d6:df:
de:08:b7:19:94:87:de:40:a7:82:ee:80:0d:96:a7:
24:ab:6e:f4:04:8f:44:af:60:d5:d0:1e:0c:cf:d0:
e2:c9:16:20:52:ab:37:40:73:16:36:59:52:4d:a3:
37:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:73:11:F6:0E:DD:F1:BB:0E:00:E6:23:21:1A:0D:67:67:93:CC:83
X509v3 Authority Key Identifier:
keyid:5F:6A:EC:A2:72:D5:6C:98:49:4A:10:A5:A5:89:7E:2C:2C:F9:5F:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917A220/00EE08D6412811EA8E5E4B83C4F9AE02/X2rsonLVbJhJShClpYl-LCz5XwE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/X2rsonLVbJhJShClpYl-LCz5XwE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917A220/00EE08D6412811EA8E5E4B83C4F9AE02/9FB0602E1E4F11EEAF576919C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.126.48.0/22
Signature Algorithm: sha256WithRSAEncryption
c6:c4:9a:66:ed:a0:5d:df:95:6e:9e:98:b5:75:74:a9:d4:72:
b2:5b:72:27:13:cd:25:e9:f2:19:c0:26:da:a5:ed:eb:42:a5:
b6:ac:35:82:eb:a6:82:40:fc:66:af:0d:f5:fd:af:d3:da:20:
e8:27:a5:09:bb:e1:87:6b:c4:af:fb:14:a0:40:a2:ba:23:bd:
24:ee:78:61:8a:8a:de:06:60:c0:08:dd:bc:e1:ae:09:06:de:
77:d4:5d:4f:e8:00:6b:a9:f6:0e:4f:f7:60:fc:60:8f:7c:7e:
ae:24:1f:da:f9:dd:7b:b6:13:eb:68:f7:75:ed:48:7c:6a:bf:
cf:ea:73:15:d0:4f:a2:7b:89:38:76:7f:a4:3c:a5:06:84:83:
4e:f1:f9:17:72:6f:ff:59:5e:40:ac:28:0d:41:35:88:18:f8:
9b:c2:5d:51:8c:d7:28:05:a7:36:0c:6c:e8:9a:8e:d1:59:4c:
99:39:6f:a9:38:09:a9:1e:91:a1:45:d2:73:20:a6:fb:3d:9a:
e6:a9:03:f0:4d:09:e5:a4:0e:f0:d9:41:cf:b9:91:e0:7d:cd:
39:99:bc:9f:ef:74:01:94:ca:77:4a:bc:32:30:66:51:da:61:
22:17:2d:22:c8:7d:6e:e0:e0:13:d9:37:be:2b:ab:2c:e9:f0:
93:fb:f2:3f
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBYjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE3
QTIyMDExMC8GA1UEBRMoNUY2QUVDQTI3MkQ1NkM5ODQ5NEExMEE1QTU4OTdFMkMy
Q0Y5NUYwMTAeFw0yNDAxMDQyMDE4MjdaFw0yNTAzMDIwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1OTcxMjkyLTIwYjYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC+WfXNeB8lHrDoGNEsD3SrJkxdV29BZ+3TWrf1MfQNQJcDF1XCJxZ1w9J0WDBO
BNn0IcuGuUI2x2+CMoqVDloHiNoXKJFkkKXdOxF+6RYvFIMUBNNvVuh5VsZ1OKHr
KB33WkLwBGrUg0LBvDMGh3iTfRMUVRkTx7O4/AyEKX9OUSSlg0MUs3sI8uLar5JF
JiTeIHNDepbts0ww+lSCi7oPIjLTDq7yIV82YljFb10swvHlB200C1xxr52DggeI
4pyTsaqCGR+Pqrr5HhBFcMDW394ItxmUh95Ap4LugA2WpySrbvQEj0SvYNXQHgzP
0OLJFiBSqzdAcxY2WVJNozeHAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUXnMR9g7d
8bsOAOYjIRoNZ2eTzIMwHwYDVR0jBBgwFoAUX2rsonLVbJhJShClpYl+LCz5XwEw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTdBMjIwLzAwRUUwOEQ2NDEy
ODExRUE4RTVFNEI4M0M0RjlBRTAyL1gycnNvbkxWYkpoSlNoQ2xwWWwtTEN6NVh3
RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvWDJyc29uTFZiSmhKU2hDbHBZbC1MQ3o1WHdFLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3
QTIyMC8wMEVFMDhENjQxMjgxMUVBOEU1RTRCODNDNEY5QUUwMi85RkIwNjAyRTFF
NEYxMUVFQUY1NzY5MTlDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAmd+MDANBgkqhkiG9w0BAQsFAAOCAQEAxsSaZu2gXd+Vbp6Y
tXV0qdRysltyJxPNJenyGcAm2qXt60Kltqw1guumgkD8Zq8N9f2v09og6CelCbvh
h2vEr/sUoECiuiO9JO54YYqK3gZgwAjdvOGuCQbed9RdT+gAa6n2Dk/3YPxgj3x+
riQf2vnde7YT62j3de1IfGq/z+pzFdBPonuJOHZ/pDylBoSDTvH5F3Jv/1leQKwo
DUE1iBj4m8JdUYzXKAWnNgxs6JqO0VlMmTlvqTgJqR6RoUXScyCm+z2a5qkD8E0J
5aQO8NlBz7mR4H3NOZm8n+90AZTKd0q8MjBmUdphIhctIsh9buDgE9k3viurLOnw
k/vyPw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:12 2024 by rpki-client on console-fra.rpki-client.org