Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2A8420C6605511EF8FA22038C4F9AE02.roa
File: 2A8420C6605511EF8FA22038C4F9AE02.roa (raw, json)
Hash identifier: UwTgWqrB6BSlVr8osAybphkAOJuX7Zp+tBThztTlVWE=
Subject key identifier: AE:A2:AB:9B:9C:12:EC:07:2E:4A:39:84:9E:72:29:16:FA:B3:72:40
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 974E
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2A8420C6605511EF8FA22038C4F9AE02.roa
Signing time: Thu 22 Aug 2024 07:11:25 +0000
ROA not before: Thu 22 Aug 2024 07:11:24 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 133272
IP address blocks: 103.172.222.0/23 maxlen: 24
103.239.232.0/24 maxlen: 24
103.239.235.0/24 maxlen: 24
2404:3b40::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 38734 (0x974e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Aug 22 07:11:24 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=66c6e49c-3502
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:77:5a:f8:9e:39:bf:1a:b3:e6:42:09:66:c0:
54:3a:22:65:8b:bc:71:2a:94:8c:93:c4:82:bd:89:
e9:55:01:52:07:89:37:e5:0a:a9:99:0c:6a:fc:d7:
1c:ff:e1:55:90:dd:5f:b7:3d:16:3d:27:03:d9:1b:
65:72:d1:fe:4a:7b:0d:03:38:1f:6d:4e:a7:29:e8:
9c:b6:8f:7c:52:84:57:18:a2:95:ab:3d:da:01:7b:
1d:79:da:f6:aa:76:e4:00:4c:f4:bd:52:56:7a:21:
3e:0c:1c:73:97:44:0b:8e:db:b9:06:b6:b6:7e:85:
8b:14:44:4d:3d:81:a8:fc:bd:c8:44:e8:86:69:4f:
1e:76:29:ff:b7:b4:dd:f5:a8:55:9a:26:6a:87:3d:
98:01:e7:da:e4:e1:56:cc:37:80:19:59:81:84:d3:
d5:27:82:46:01:0f:54:6e:9d:ca:7e:fc:04:ad:06:
68:b7:bf:30:d8:86:bd:8a:cd:6c:2a:21:54:f0:00:
68:57:71:32:d9:b0:d1:27:dd:ca:88:b4:17:79:e6:
29:1f:27:5e:43:3d:d2:71:82:5c:a2:b0:67:f0:73:
cb:43:86:eb:87:7a:37:b0:ff:bc:2c:3c:33:25:6c:
c1:b0:e1:b5:f7:d7:36:9d:8c:47:ec:7b:9a:c7:96:
25:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:A2:AB:9B:9C:12:EC:07:2E:4A:39:84:9E:72:29:16:FA:B3:72:40
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2A8420C6605511EF8FA22038C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.172.222.0/23
103.239.232.0/24
103.239.235.0/24
IPv6:
2404:3b40::/32
Signature Algorithm: sha256WithRSAEncryption
4b:92:a9:33:15:97:8d:c0:b9:ec:e0:6b:c6:1a:be:ce:b5:6d:
46:0e:bf:fc:30:b7:03:8d:85:78:33:fe:c9:9d:8b:82:23:46:
ba:50:9a:5a:66:41:df:54:ec:2f:0e:fd:e3:a1:54:d2:be:3a:
85:c1:b7:70:c1:17:4f:87:84:f6:83:67:4e:4b:79:1f:4d:a5:
3d:a5:33:34:3f:4f:9a:3e:be:81:68:56:00:3f:6f:30:7e:5b:
85:b8:eb:57:4a:fa:72:57:f2:f8:b4:95:b8:dc:17:ca:07:5d:
e9:a2:6b:f8:87:3b:f5:1e:40:0d:20:fd:f6:52:45:62:a3:85:
be:e4:d1:da:df:4c:9d:0a:89:d4:29:82:30:5d:11:87:45:4d:
28:88:2d:b0:ed:6e:19:25:74:72:1c:b5:e0:ad:1a:b8:b9:23:
1e:0a:4a:36:6f:e3:d1:55:05:5a:b4:d4:f7:1f:46:81:01:ab:
4c:9e:8f:13:0b:54:c8:a0:24:78:8e:62:ba:22:a3:4a:58:b5:
dc:09:96:63:e1:7a:5b:ea:28:b7:e1:b4:02:70:86:fe:b9:15:
d6:ac:97:86:ca:51:5c:b1:b8:72:84:a5:ab:10:e1:e9:86:9f:
b2:48:09:43:b5:78:bb:b5:97:bf:bf:5f:b5:50:45:75:43:ea:
4b:8f:2f:c5
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgIDAJdOMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDgyMjA3MTEyNFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjZjNmU0OWMtMzUwMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL93WvieOb8as+ZCCWbAVDoiZYu8cSqUjJPEgr2J6VUBUgeJN+UKqZkMavzX
HP/hVZDdX7c9Fj0nA9kbZXLR/kp7DQM4H21OpynonLaPfFKEVxiilas92gF7HXna
9qp25ABM9L1SVnohPgwcc5dEC47buQa2tn6FixRETT2BqPy9yETohmlPHnYp/7e0
3fWoVZomaoc9mAHn2uThVsw3gBlZgYTT1SeCRgEPVG6dyn78BK0GaLe/MNiGvYrN
bCohVPAAaFdxMtmw0Sfdyoi0F3nmKR8nXkM90nGCXKKwZ/Bzy0OG64d6N7D/vCw8
MyVswbDhtffXNp2MR+x7mseWJY0CAwEAAaOCArAwggKsMB0GA1UdDgQWBBSuoqub
nBLsBy5KOYSecikW+rNyQDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzJBODQyMEM2
NjA1NTExRUY4RkEyMjAzOEM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDoGCCsGAQUFBwEHAQH/
BCswKTAYBAIAATASAwQBZ6zeAwQAZ+/oAwQAZ+/rMA0EAgACMAcDBQAkBDtAMA0G
CSqGSIb3DQEBCwUAA4IBAQBLkqkzFZeNwLns4GvGGr7OtW1GDr/8MLcDjYV4M/7J
nYuCI0a6UJpaZkHfVOwvDv3joVTSvjqFwbdwwRdPh4T2g2dOS3kfTaU9pTM0P0+a
Pr6BaFYAP28wfluFuOtXSvpyV/L4tJW43BfKB13pomv4hzv1HkANIP32UkVio4W+
5NHa30ydConUKYIwXRGHRU0oiC2w7W4ZJXRyHLXgrRq4uSMeCko2b+PRVQVatNT3
H0aBAatMno8TC1TIoCR4jmK6IqNKWLXcCZZj4Xpb6ii34bQCcIb+uRXWrJeGylFc
sbhyhKWrEOHphp+ySAlDtXi7tZe/v1+1UEV1Q+pLjy/F
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:13:38 2025 by rpki-client