Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/32E19AB6748C11EDB1EC923DC4F9AE02.roa
File: 32E19AB6748C11EDB1EC923DC4F9AE02.roa (raw, json)
Hash identifier: zFQP8gcKtGjvLqP0RpYu8OLQe78/DMYqGvL+qQtR698=
Subject key identifier: 53:4C:40:BA:55:FA:95:58:98:DF:90:E1:82:64:1F:26:46:AD:17:88
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 8F8E
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/32E19AB6748C11EDB1EC923DC4F9AE02.roa
Signing time: Thu 30 May 2024 16:24:20 +0000
ROA not before: Thu 30 May 2024 16:24:20 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 150068
IP address blocks: 103.76.245.0/24 maxlen: 24
2001:df1:6640::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 36750 (0x8f8e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 30 16:24:20 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6658a834-8673
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:02:fa:64:24:32:b0:eb:6f:55:b2:ca:71:04:
80:f2:c2:d3:21:77:7f:0e:63:d7:e7:d5:f5:e1:b0:
33:44:b0:c9:f5:30:06:24:7f:10:03:25:7e:c9:91:
d1:68:1f:1a:a5:c5:12:95:90:6f:2d:b6:3a:8b:ae:
23:90:d6:8a:ea:98:2c:16:c9:b1:a0:4d:60:12:2b:
c6:8c:fe:2a:2f:25:e7:bd:b0:7a:6b:fc:d4:c1:15:
05:e9:5c:1d:1f:68:dd:fd:92:7d:a7:d7:d9:02:d1:
3d:48:52:24:d4:13:5f:6c:4a:80:af:9a:18:53:d3:
50:bb:8c:8a:1a:a6:07:e3:eb:22:49:49:2d:ca:bd:
01:2c:f9:8c:cc:39:9d:2c:67:22:d0:a6:6f:b2:df:
6b:57:9b:e8:9b:70:f3:4a:d3:56:49:fd:78:f0:29:
8b:99:05:96:94:35:cf:21:7d:a5:49:08:9b:59:24:
52:52:ce:48:a7:fd:e1:43:a0:08:3f:7d:af:cc:14:
76:3a:6e:ba:12:53:ba:b1:51:cf:af:e4:3b:eb:5c:
98:a3:af:c2:5f:17:0e:c4:37:48:cf:97:cf:f0:f2:
07:57:3c:4a:09:f4:e5:b0:e5:01:aa:a4:6b:d6:3f:
2b:05:2c:fe:79:01:a7:d3:3b:88:1b:ad:d1:65:29:
51:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:4C:40:BA:55:FA:95:58:98:DF:90:E1:82:64:1F:26:46:AD:17:88
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/32E19AB6748C11EDB1EC923DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.76.245.0/24
IPv6:
2001:df1:6640::/48
Signature Algorithm: sha256WithRSAEncryption
6f:bd:7d:64:e8:2b:e2:ea:8b:f0:c0:ba:c0:b3:87:9c:9c:fc:
bb:54:5b:d4:1d:ce:08:73:6c:2d:59:7d:1c:bd:3f:de:fa:c1:
e5:e8:8e:e6:52:9e:a0:af:4f:62:4f:14:c7:09:03:e3:cd:78:
65:ed:3c:d5:ab:70:1d:cc:86:98:0d:78:33:0f:1e:72:5e:d0:
c1:07:04:ae:a7:3f:54:78:12:9e:4f:fa:40:b9:87:ed:0d:26:
9c:4c:f0:ef:d3:9f:dc:6e:c9:2d:72:a5:b2:db:40:ac:98:04:
d7:72:f8:a6:73:3c:62:5b:40:dd:a6:06:26:b3:63:f2:c6:bc:
97:4c:8b:bb:d3:cf:58:59:f9:62:8a:6c:16:68:97:ca:e8:03:
e7:51:84:1d:e7:4b:aa:a0:3a:82:57:f4:9c:58:35:00:e8:5d:
a0:2d:32:cd:2c:87:b7:af:59:de:00:20:c4:4c:cd:d9:ae:93:
c9:15:d1:1c:08:4a:94:34:d1:5e:71:97:a7:91:e1:c6:c0:74:
a6:8d:04:07:38:e3:c8:31:af:43:96:06:a0:52:05:bb:ee:d8:
21:fc:d6:fb:df:e0:89:b2:a2:dc:7a:6f:0f:d6:94:29:d6:1c:
5c:f6:eb:84:cc:c1:96:9f:5c:c0:0a:6d:ff:6f:f0:8d:18:3d:
d4:ab:0c:ce
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgIDAI+OMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDUzMDE2MjQyMFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjY1OGE4MzQtODY3MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM0C+mQkMrDrb1WyynEEgPLC0yF3fw5j1+fV9eGwM0SwyfUwBiR/EAMlfsmR
0WgfGqXFEpWQby22OouuI5DWiuqYLBbJsaBNYBIrxoz+Ki8l572wemv81MEVBelc
HR9o3f2SfafX2QLRPUhSJNQTX2xKgK+aGFPTULuMihqmB+PrIklJLcq9ASz5jMw5
nSxnItCmb7Lfa1eb6Jtw80rTVkn9ePApi5kFlpQ1zyF9pUkIm1kkUlLOSKf94UOg
CD99r8wUdjpuuhJTurFRz6/kO+tcmKOvwl8XDsQ3SM+Xz/DyB1c8Sgn05bDlAaqk
a9Y/KwUs/nkBp9M7iBut0WUpUT0CAwEAAaOCAqYwggKiMB0GA1UdDgQWBBRTTEC6
VfqVWJjfkOGCZB8mRq0XiDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzMyRTE5QUI2
NzQ4QzExRURCMUVDOTIzREM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDAGCCsGAQUFBwEHAQH/
BCEwHzAMBAIAATAGAwQAZ0z1MA8EAgACMAkDBwAgAQ3xZkAwDQYJKoZIhvcNAQEL
BQADggEBAG+9fWToK+Lqi/DAusCzh5yc/LtUW9QdzghzbC1ZfRy9P976weXojuZS
nqCvT2JPFMcJA+PNeGXtPNWrcB3MhpgNeDMPHnJe0MEHBK6nP1R4Ep5P+kC5h+0N
JpxM8O/Tn9xuyS1ypbLbQKyYBNdy+KZzPGJbQN2mBiazY/LGvJdMi7vTz1hZ+WKK
bBZol8roA+dRhB3nS6qgOoJX9JxYNQDoXaAtMs0sh7evWd4AIMRMzdmuk8kV0RwI
SpQ00V5xl6eR4cbAdKaNBAc448gxr0OWBqBSBbvu2CH81vvf4Imyotx6bw/WlCnW
HFz264TMwZafXMAKbf9v8I0YPdSrDM4=
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:04:29 2025 by rpki-client