Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4725F6A0131311EDA3DC516EC4F9AE02.roa
File: 4725F6A0131311EDA3DC516EC4F9AE02.roa (raw, json)
Hash identifier: 6KCJ6EMGBM5wyJNmwOo8ZQL8HyRcWXHoy6DPSsBjemI=
Subject key identifier: 68:EB:35:3D:8C:FB:DF:C3:CA:F6:1F:A4:87:81:77:ED:6F:10:AF:BA
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 71DF
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4725F6A0131311EDA3DC516EC4F9AE02.roa
Signing time: Wed 10 May 2023 16:50:21 +0000
ROA not before: Wed 10 May 2023 16:50:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8987
IP address blocks: 103.71.98.0/24 maxlen: 24
103.233.120.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29151 (0x71df)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 10 16:50:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=645bcb4c-994c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:83:fb:86:4b:64:7d:62:d7:65:5c:15:f9:fe:
54:3e:b5:33:c4:94:73:88:a0:c3:f8:b3:0e:c9:6e:
b8:08:96:d8:e0:d3:12:d3:60:c6:fc:f8:97:b8:7d:
8c:1e:05:04:eb:87:7c:16:0e:24:f7:40:96:56:3d:
b8:eb:6b:4a:4d:83:42:1e:2c:75:3b:57:4f:4b:7a:
d2:39:2c:39:3f:72:10:a0:e9:43:1c:e5:ec:4d:1f:
90:84:c3:a8:68:f3:21:1c:85:1b:9f:ea:15:a2:84:
14:25:15:51:c0:70:b3:89:d3:25:3f:51:e5:79:ad:
fa:70:4f:b9:21:28:eb:fe:5b:61:85:23:80:78:92:
40:c8:fc:86:2f:f9:9a:22:10:28:07:c9:c0:92:bc:
a7:df:b4:ec:03:d2:3e:76:77:54:c8:1c:21:04:55:
5d:89:74:9a:de:17:55:d7:fa:a5:73:a6:25:24:4f:
48:51:12:5c:6f:15:34:c5:38:ca:97:63:39:4b:2d:
c6:cc:19:02:3f:70:50:19:8f:a7:a1:07:75:98:79:
5f:f5:82:1e:ba:68:f0:63:7f:93:b6:ee:3f:98:30:
c1:e1:b6:43:d3:34:f5:ae:ed:5d:fd:11:9b:99:52:
95:f6:80:5a:08:53:28:7e:a5:9b:f1:a5:90:2d:15:
6c:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:EB:35:3D:8C:FB:DF:C3:CA:F6:1F:A4:87:81:77:ED:6F:10:AF:BA
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4725F6A0131311EDA3DC516EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.71.98.0/24
103.233.120.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:d9:75:f5:df:eb:82:a5:7b:45:7a:4d:21:0f:d5:81:c1:63:
a4:86:e7:22:5a:eb:5a:84:b0:35:62:89:d2:da:97:37:8d:98:
da:57:f2:f2:0c:e3:5e:ff:de:0a:6b:62:af:99:3f:d2:83:33:
a5:7b:80:4d:a3:31:4b:c5:b2:4a:0b:4a:90:26:9d:d9:f0:25:
fc:d1:74:d5:d8:cc:f3:26:f7:02:92:32:21:1c:27:e1:42:f9:
c4:93:3f:a9:f4:72:3a:89:e2:a0:e3:25:d3:9e:ec:62:cb:af:
fc:2d:c2:87:b3:7d:1f:ea:de:16:f8:53:f7:42:82:8b:32:d7:
63:cf:02:a2:34:a3:2e:3f:70:f4:8e:b3:d2:70:64:83:3a:6c:
43:5b:1d:5d:74:90:8f:33:f9:40:b4:b5:fa:2b:4a:c7:f4:36:
78:35:9d:4a:13:7e:cc:5a:93:e3:34:01:29:5b:10:9a:f4:5b:
0a:02:a6:dc:49:0c:90:69:69:12:75:86:a4:42:ff:d0:c9:a7:
57:00:c8:86:1a:31:e7:37:71:e6:e4:c4:18:aa:46:87:89:82:
0c:27:97:59:ff:a6:d7:66:48:e8:f5:3e:d0:8f:d5:a8:9a:2c:
ef:64:f7:cb:45:2f:69:a3:15:fb:eb:7d:b0:93:54:dc:70:b2:
20:6d:40:bb
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICcd8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwNTEwMTY1MDIxWhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDViY2I0Yy05OTRjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7IP7hktkfWLXZVwV+f5UPrUzxJRziKDD+LMOyW64CJbY4NMS02DG/PiXuH2M
HgUE64d8Fg4k90CWVj2462tKTYNCHix1O1dPS3rSOSw5P3IQoOlDHOXsTR+QhMOo
aPMhHIUbn+oVooQUJRVRwHCzidMlP1Hlea36cE+5ISjr/lthhSOAeJJAyPyGL/ma
IhAoB8nAkryn37TsA9I+dndUyBwhBFVdiXSa3hdV1/qlc6YlJE9IURJcbxU0xTjK
l2M5Sy3GzBkCP3BQGY+noQd1mHlf9YIeumjwY3+Ttu4/mDDB4bZD0zT1ru1d/RGb
mVKV9oBaCFMofqWb8aWQLRVs9wIDAQABo4ICmzCCApcwHQYDVR0OBBYEFGjrNT2M
+9/DyvYfpIeBd+1vEK+6MB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvNDcyNUY2QTAx
MzEzMTFFREEzREM1MTZFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnR2IDBABn6XgwDQYJKoZIhvcNAQELBQADggEBABzZdfXf
64Kle0V6TSEP1YHBY6SG5yJa61qEsDViidLalzeNmNpX8vIM417/3gprYq+ZP9KD
M6V7gE2jMUvFskoLSpAmndnwJfzRdNXYzPMm9wKSMiEcJ+FC+cSTP6n0cjqJ4qDj
JdOe7GLLr/wtwoezfR/q3hb4U/dCgosy12PPAqI0oy4/cPSOs9JwZIM6bENbHV10
kI8z+UC0tforSsf0Nng1nUoTfsxak+M0ASlbEJr0WwoCptxJDJBpaRJ1hqRC/9DJ
p1cAyIYaMec3cebkxBiqRoeJggwnl1n/ptdmSOj1PtCP1aiaLO9k98tFL2mjFfvr
fbCTVNxwsiBtQLs=
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:09:32 2025 by rpki-client