Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/30AE2206D3C511EFBD45A00DC4F9AE02.roa
File: 30AE2206D3C511EFBD45A00DC4F9AE02.roa (raw, json)
Hash identifier: UrNi3KN5SXoL5gg90QifID6ytFjzSaLap9W7EqFIQFw=
Subject key identifier: 74:81:F7:B9:ED:87:63:D1:D5:8D:91:9D:52:A7:FD:37:11:C1:54:06
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: A2FD
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/30AE2206D3C511EFBD45A00DC4F9AE02.roa
Signing time: Thu 16 Jan 2025 04:48:55 +0000
ROA not before: Thu 16 Jan 2025 04:48:55 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 138263
IP address blocks: 103.124.156.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 41725 (0xa2fd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Jan 16 04:48:55 2025 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=67888fb7-5da9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:b0:d7:81:f8:e4:38:82:b4:64:3e:cf:02:a4:
10:2b:e9:46:10:d4:7d:00:3a:3a:5e:e2:e5:ce:7e:
1e:ea:4a:80:84:1d:e0:60:fb:9e:59:b2:8b:a1:f6:
58:67:d2:59:fd:fe:c8:c2:9e:4f:fa:3d:ed:a7:cc:
e1:8a:63:ec:41:2a:96:a6:66:52:bf:fa:b3:25:84:
08:ea:73:64:4a:5e:98:0e:38:7f:a1:e3:93:c4:01:
f1:dc:a0:35:b8:ce:b9:01:a7:38:23:d9:85:29:d1:
e2:50:aa:50:ce:e7:71:03:0d:e5:4e:c4:d9:ed:11:
b2:32:bd:60:e6:88:56:b5:25:1f:92:bd:63:c9:bf:
1c:87:e2:31:fd:14:7e:bc:fa:ec:0c:d8:2d:58:ea:
ab:4d:56:bc:9d:fa:8f:2e:4a:86:a4:6e:be:45:65:
ea:92:87:d2:13:06:3f:6c:c9:0d:d2:4a:c3:28:26:
1b:af:6e:47:72:ce:8e:49:e0:26:fc:71:af:5b:80:
53:51:d2:10:28:56:22:ef:cc:e3:5c:18:b3:49:f7:
0d:bb:9c:7b:d4:bd:ad:bc:c5:8f:bf:f3:08:a6:99:
61:5a:09:85:7d:a6:04:8e:1c:ed:57:4e:0b:12:1c:
d4:01:4e:a6:c9:9b:5f:49:e8:ec:23:15:63:47:d5:
f2:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:81:F7:B9:ED:87:63:D1:D5:8D:91:9D:52:A7:FD:37:11:C1:54:06
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/30AE2206D3C511EFBD45A00DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.124.156.0/23
Signature Algorithm: sha256WithRSAEncryption
62:06:73:30:25:dd:11:40:69:1b:fa:3c:51:ed:59:c4:1a:27:
3f:e8:36:a5:e9:88:86:72:a6:3e:aa:19:55:bf:43:23:dc:1e:
9e:10:d3:ac:de:c4:1b:00:9b:91:80:7f:5c:e1:49:1a:11:6b:
98:ab:d8:39:46:78:5e:96:66:eb:37:71:50:e6:20:41:24:3b:
e1:2f:f2:45:2b:9e:f2:23:1b:88:b4:41:71:78:26:ba:0b:bc:
9e:62:86:32:a0:a5:5b:73:d3:de:fe:a8:fc:42:56:9a:f1:e1:
fa:5d:4b:16:de:d6:1f:ac:e5:20:84:a7:fc:6d:ba:c9:dc:0f:
df:6b:cd:8e:e5:83:26:06:d2:00:61:6e:cb:e7:61:e4:5e:38:
5e:b0:62:09:f6:03:f5:fc:93:11:91:3d:15:38:23:6a:ca:ef:
db:f7:d0:b6:ed:22:ba:cf:12:59:a6:20:d3:01:ef:be:85:ef:
18:e9:b2:75:52:35:6f:af:79:c1:ff:d1:47:e1:d6:0d:a4:44:
96:79:51:81:5a:3e:4e:9e:fe:83:89:14:38:80:d4:b9:45:05:
96:d1:6c:d4:72:8e:3d:a8:7c:17:08:51:f5:37:70:45:97:fb:
ee:7e:18:5b:bb:db:2e:ec:76:d0:50:23:d2:bc:6a:3b:22:5a:
ed:db:f6:98
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgIDAKL9MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDExNjA0NDg1NVoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjc4ODhmYjctNWRhOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKuw14H45DiCtGQ+zwKkECvpRhDUfQA6Ol7i5c5+HupKgIQd4GD7nlmyi6H2
WGfSWf3+yMKeT/o97afM4Ypj7EEqlqZmUr/6syWECOpzZEpemA44f6Hjk8QB8dyg
NbjOuQGnOCPZhSnR4lCqUM7ncQMN5U7E2e0RsjK9YOaIVrUlH5K9Y8m/HIfiMf0U
frz67AzYLVjqq01WvJ36jy5KhqRuvkVl6pKH0hMGP2zJDdJKwygmG69uR3LOjkng
Jvxxr1uAU1HSEChWIu/M41wYs0n3Dbuce9S9rbzFj7/zCKaZYVoJhX2mBI4c7VdO
CxIc1AFOpsmbX0no7CMVY0fV8gUCAwEAAaOCApUwggKRMB0GA1UdDgQWBBR0gfe5
7Ydj0dWNkZ1Sp/03EcFUBjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzMwQUUyMjA2
RDNDNTExRUZCRDQ1QTAwREM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQBZ3ycMA0GCSqGSIb3DQEBCwUAA4IBAQBiBnMwJd0RQGkb
+jxR7VnEGic/6Dal6YiGcqY+qhlVv0Mj3B6eENOs3sQbAJuRgH9c4UkaEWuYq9g5
RnhelmbrN3FQ5iBBJDvhL/JFK57yIxuItEFxeCa6C7yeYoYyoKVbc9Pe/qj8Qlaa
8eH6XUsW3tYfrOUghKf8bbrJ3A/fa82O5YMmBtIAYW7L52HkXjhesGIJ9gP1/JMR
kT0VOCNqyu/b99C27SK6zxJZpiDTAe++he8Y6bJ1UjVvr3nB/9FH4dYNpESWeVGB
Wj5Onv6DiRQ4gNS5RQWW0WzUco49qHwXCFH1N3BFl/vufhhbu9su7HbQUCPSvGo7
Ilrt2/aY
-----END CERTIFICATE-----
Generated at Fri Apr 4 21:25:32 2025 by rpki-client