Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/374A7500A37311EBBCDF6555C4F9AE02.roa
File: 374A7500A37311EBBCDF6555C4F9AE02.roa (raw, json)
Hash identifier: Wmmlue14wOaKuc+mTrVBZ98x96uRnrJNPMXjRai+zfQ=
Subject key identifier: C0:B8:EB:B6:77:7C:5E:B8:5E:FC:C6:BA:A7:4B:45:DC:67:52:BC:FE
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 8D8D
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/374A7500A37311EBBCDF6555C4F9AE02.roa
Signing time: Thu 30 May 2024 16:16:04 +0000
ROA not before: Thu 30 May 2024 16:16:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 141559
IP address blocks: 103.163.196.0/23 maxlen: 24
192.140.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 36237 (0x8d8d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 30 16:16:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6658a644-4bad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:eb:2e:dd:76:ab:bf:1b:14:15:d4:a6:f0:d8:
e3:c6:81:15:fb:fb:78:0a:fc:8e:03:57:3e:5f:ae:
85:df:1c:8f:ef:4d:06:06:ad:01:fb:e8:eb:63:35:
cc:ec:e7:32:5a:60:cf:76:3d:b0:bb:f9:94:e9:af:
d7:d8:63:7c:a9:a5:ef:8c:cf:99:1b:ef:05:fe:07:
bc:d0:cc:3b:ae:0a:96:7e:28:87:0f:61:9a:99:23:
48:70:78:5a:df:7c:51:92:9c:49:e0:7a:8c:07:c1:
af:db:3d:ae:c5:b2:10:28:65:14:ef:78:22:85:42:
cb:10:f7:00:4b:cd:b1:40:9e:fe:2b:10:a1:ca:99:
74:0e:03:fb:7c:0f:4f:d3:9c:35:99:5c:4b:61:c0:
40:04:46:34:cc:43:ee:6e:60:4c:50:e3:a6:72:e4:
43:1e:28:9b:76:14:2e:3a:4b:7a:3f:37:fe:68:c1:
52:9b:82:8a:48:cc:7d:2d:e3:d2:05:4c:2c:4a:8f:
d4:25:d8:d8:78:33:2a:cd:7c:b9:d3:21:1b:4a:86:
a9:b7:e3:60:c7:de:02:c6:da:aa:d3:35:a0:01:31:
e7:60:bb:dd:a2:19:6a:cd:ab:f1:97:52:8b:89:fd:
a0:f5:39:4e:76:56:57:ad:bb:cf:d5:b1:50:0b:c0:
54:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:B8:EB:B6:77:7C:5E:B8:5E:FC:C6:BA:A7:4B:45:DC:67:52:BC:FE
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/374A7500A37311EBBCDF6555C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.163.196.0/23
192.140.221.0/24
Signature Algorithm: sha256WithRSAEncryption
83:9a:a2:bd:33:f9:17:7d:6c:9f:e0:fc:e4:ec:db:0b:55:6f:
39:e4:40:af:f7:a0:91:8c:9c:c3:76:17:1d:37:fd:72:9a:5a:
80:dd:af:6e:1c:38:d8:1f:78:dd:5b:a0:ca:89:fe:02:29:af:
1a:f0:b5:68:d2:a9:ac:90:0a:41:f1:78:93:d3:88:35:30:99:
e9:64:f6:0a:91:84:91:98:32:04:47:c9:df:c9:c3:71:a3:56:
aa:2a:91:c0:05:1d:f3:c6:d1:e2:04:f0:46:62:96:28:21:e4:
23:07:88:79:09:a3:fe:8a:9d:e7:43:12:54:b0:a5:b5:67:5a:
02:64:64:9f:82:1e:85:68:ae:6b:34:61:8f:fb:4e:67:97:3d:
f6:0b:d5:51:df:99:7d:16:e5:d5:26:ce:3e:42:78:d2:4f:a8:
89:37:0a:ad:38:3b:7b:c1:85:b1:cf:c3:53:49:7b:6d:2a:2c:
a1:9a:53:39:6b:7a:13:06:31:4b:41:39:1d:97:65:91:c2:0a:
5b:8e:69:c1:ff:b6:cf:d1:a8:d3:2b:3d:9c:8f:66:86:24:7d:
2b:fa:24:e8:4e:9a:e0:28:88:e1:96:a2:0e:ea:7e:3c:a4:08:
82:66:74:5e:8c:d9:54:07:67:13:11:47:13:b6:e1:78:9a:8b:
bb:e7:7d:f0
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgIDAI2NMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDUzMDE2MTYwNFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjY1OGE2NDQtNGJhZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPDrLt12q78bFBXUpvDY48aBFfv7eAr8jgNXPl+uhd8cj+9NBgatAfvo62M1
zOznMlpgz3Y9sLv5lOmv19hjfKml74zPmRvvBf4HvNDMO64Kln4ohw9hmpkjSHB4
Wt98UZKcSeB6jAfBr9s9rsWyEChlFO94IoVCyxD3AEvNsUCe/isQocqZdA4D+3wP
T9OcNZlcS2HAQARGNMxD7m5gTFDjpnLkQx4om3YULjpLej83/mjBUpuCikjMfS3j
0gVMLEqP1CXY2HgzKs18udMhG0qGqbfjYMfeAsbaqtM1oAEx52C73aIZas2r8ZdS
i4n9oPU5TnZWV627z9WxUAvAVBUCAwEAAaOCApswggKXMB0GA1UdDgQWBBTAuOu2
d3xeuF78xrqnS0XcZ1K8/jAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzM3NEE3NTAw
QTM3MzExRUJCQ0RGNjU1NUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMCUGCCsGAQUFBwEHAQH/
BBYwFDASBAIAATAMAwQBZ6PEAwQAwIzdMA0GCSqGSIb3DQEBCwUAA4IBAQCDmqK9
M/kXfWyf4Pzk7NsLVW855ECv96CRjJzDdhcdN/1ymlqA3a9uHDjYH3jdW6DKif4C
Ka8a8LVo0qmskApB8XiT04g1MJnpZPYKkYSRmDIER8nfycNxo1aqKpHABR3zxtHi
BPBGYpYoIeQjB4h5CaP+ip3nQxJUsKW1Z1oCZGSfgh6FaK5rNGGP+05nlz32C9VR
35l9FuXVJs4+QnjST6iJNwqtODt7wYWxz8NTSXttKiyhmlM5a3oTBjFLQTkdl2WR
wgpbjmnB/7bP0ajTKz2cj2aGJH0r+iToTprgKIjhlqIO6n48pAiCZnRejNlUB2cT
EUcTtuF4mou7533w
-----END CERTIFICATE-----
Generated at Fri Apr 4 21:58:08 2025 by rpki-client