Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/5222633A1B1511EEA5566A23C4F9AE02.roa
File: 5222633A1B1511EEA5566A23C4F9AE02.roa (raw, json)
Hash identifier: 69IpR65mv5iiy1toiwFYSIAF1UF2A11j6BfUUGe15dY=
Subject key identifier: 77:32:82:66:C8:2C:D6:72:1A:62:B5:AA:C8:2D:CE:A8:51:70:BD:BF
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 7516
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/5222633A1B1511EEA5566A23C4F9AE02.roa
Signing time: Wed 05 Jul 2023 09:21:28 +0000
ROA not before: Wed 05 Jul 2023 09:21:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 151133
IP address blocks: 103.221.236.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29974 (0x7516)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Jul 5 09:21:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=64a53618-3480
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:1e:4b:bf:81:b2:ac:cc:6b:e9:e5:41:a8:91:
e5:f5:17:89:79:81:1b:8b:e2:99:c9:89:77:6d:3d:
80:00:8d:cd:9f:2c:09:eb:a6:10:43:0f:e6:dc:5e:
af:5d:be:33:58:a8:a8:96:0a:0e:4c:ec:2f:fb:fb:
a6:17:86:32:61:c5:e4:76:88:88:13:97:34:0f:99:
0b:47:89:4b:dd:db:9a:7f:a5:92:6d:e7:be:e8:c4:
bc:78:c5:9d:99:8a:32:c1:78:0e:cb:df:37:85:eb:
16:27:b5:3a:e4:cc:f0:c7:30:03:65:3e:06:39:0f:
35:94:dc:ff:9a:e3:29:e6:ab:7f:e0:6e:40:d1:37:
57:1e:de:ca:73:fc:91:0e:75:e0:43:d0:83:b5:7a:
81:af:48:6f:07:d6:d1:11:22:90:80:15:71:4a:20:
13:c5:a7:d1:c5:8f:3d:99:13:1c:47:ee:0d:86:d6:
f8:f1:f9:41:01:24:38:9e:03:9f:e3:19:9a:c2:82:
8b:b9:3d:56:08:50:e0:31:bd:8d:da:0f:22:b8:45:
7a:8b:f2:8d:89:f8:e9:4c:37:a6:6c:77:94:7f:99:
cf:f0:e7:f7:6d:77:47:1a:be:e5:24:79:7a:6d:cf:
63:a2:ec:5f:cc:2a:2f:49:52:7a:6b:e1:5c:73:e0:
51:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:32:82:66:C8:2C:D6:72:1A:62:B5:AA:C8:2D:CE:A8:51:70:BD:BF
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/5222633A1B1511EEA5566A23C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.221.236.0/23
Signature Algorithm: sha256WithRSAEncryption
8b:77:4d:f7:b2:6a:49:9a:0e:78:92:5e:10:d2:7f:b1:a3:7f:
8b:00:6b:7f:38:2b:e8:5f:a1:bd:31:06:67:94:13:d5:da:22:
fa:e4:75:6d:84:2f:2f:a8:8a:47:56:ff:1e:27:a1:82:e3:61:
93:e3:9d:12:e8:f5:08:73:e6:39:da:60:58:37:4a:7e:e5:ea:
d4:e2:e2:0b:8b:36:03:1f:6b:57:72:8f:0a:85:2d:06:70:59:
fd:19:02:b3:37:97:44:fc:66:d4:b4:95:47:d9:e7:f1:34:33:
80:38:87:3e:41:15:c9:3e:4f:78:2f:7c:76:44:89:ff:d9:75:
41:ae:67:fc:e1:67:20:fb:8c:0e:05:20:1b:4f:a5:2e:c3:6e:
2d:f6:31:ec:bf:b0:eb:9c:42:a3:8e:2d:d0:92:08:a0:74:4b:
90:c6:c5:ff:34:ff:77:fa:18:84:27:16:ef:97:62:23:1d:92:
ec:2a:c2:0d:e1:73:9b:08:3b:0c:ef:92:3c:f6:99:35:85:fe:
90:3a:12:ae:e4:31:09:00:e6:6a:e4:39:0b:e1:5e:dc:1b:b7:
91:fe:f7:42:78:2d:0a:12:a1:f0:8e:ae:42:7b:e3:0c:07:f6:
09:7c:71:77:ff:62:9c:22:82:d8:66:08:d8:92:1e:38:03:34:
4f:0c:3f:8e
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICdRYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwNzA1MDkyMTI4WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGE1MzYxOC0zNDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoh5Lv4GyrMxr6eVBqJHl9ReJeYEbi+KZyYl3bT2AAI3NnywJ66YQQw/m3F6v
Xb4zWKiolgoOTOwv+/umF4YyYcXkdoiIE5c0D5kLR4lL3duaf6WSbee+6MS8eMWd
mYoywXgOy983hesWJ7U65MzwxzADZT4GOQ81lNz/muMp5qt/4G5A0TdXHt7Kc/yR
DnXgQ9CDtXqBr0hvB9bRESKQgBVxSiATxafRxY89mRMcR+4Nhtb48flBASQ4ngOf
4xmawoKLuT1WCFDgMb2N2g8iuEV6i/KNifjpTDembHeUf5nP8Of3bXdHGr7lJHl6
bc9jouxfzCovSVJ6a+Fcc+BRHQIDAQABo4IClTCCApEwHQYDVR0OBBYEFHcygmbI
LNZyGmK1qsgtzqhRcL2/MB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvNTIyMjYzM0Ex
QjE1MTFFRUE1NTY2QTIzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFn3ewwDQYJKoZIhvcNAQELBQADggEBAIt3TfeyakmaDniS
XhDSf7Gjf4sAa384K+hfob0xBmeUE9XaIvrkdW2ELy+oikdW/x4noYLjYZPjnRLo
9Qhz5jnaYFg3Sn7l6tTi4guLNgMfa1dyjwqFLQZwWf0ZArM3l0T8ZtS0lUfZ5/E0
M4A4hz5BFck+T3gvfHZEif/ZdUGuZ/zhZyD7jA4FIBtPpS7Dbi32Mey/sOucQqOO
LdCSCKB0S5DGxf80/3f6GIQnFu+XYiMdkuwqwg3hc5sIOwzvkjz2mTWF/pA6Eq7k
MQkA5mrkOQvhXtwbt5H+90J4LQoSofCOrkJ74wwH9gl8cXf/YpwigthmCNiSHjgD
NE8MP44=
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:17:44 2025 by rpki-client