Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/5E8A7A9433AB11EB8A31FB41C4F9AE02.roa
File: 5E8A7A9433AB11EB8A31FB41C4F9AE02.roa (raw, json)
Hash identifier: bGfWhFm84gUiH24XLvql/UG6kIL5H+IKLzFRngooE3k=
Subject key identifier: DE:2A:BD:B1:FB:18:4C:8F:B9:7A:FB:1E:3E:6C:75:04:45:19:7A:B1
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 6C03
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/5E8A7A9433AB11EB8A31FB41C4F9AE02.roa
Signing time: Wed 10 May 2023 16:22:29 +0000
ROA not before: Wed 10 May 2023 16:22:29 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 135778
IP address blocks: 103.82.100.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27651 (0x6c03)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 10 16:22:29 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=645bc4c4-5823
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:c8:fa:38:95:6d:09:71:5f:4a:c3:2d:d6:ab:
39:48:8c:ea:b1:d3:71:21:0c:7e:bd:76:64:1c:f1:
91:3f:87:ed:6f:70:09:ab:5c:a2:07:b0:19:aa:e1:
90:11:67:b2:80:50:81:78:51:ba:25:7a:80:dc:f2:
16:97:4f:88:2a:27:bf:e6:a5:0c:e5:07:ff:08:fd:
23:79:34:23:b9:c3:3d:bc:85:82:21:64:ec:83:5c:
fb:c6:23:18:78:39:60:07:b7:4c:60:53:56:e4:c3:
28:52:ea:02:c8:4c:dc:32:df:e0:c7:ef:5f:74:a8:
fc:fd:76:ed:42:16:e1:2d:db:18:91:e5:58:15:81:
ee:f3:05:de:a6:26:54:5d:2a:6f:1f:4c:1d:da:33:
b3:0a:57:9a:9b:1f:72:40:10:c6:e3:cc:b3:20:f0:
11:a1:21:6a:5c:b1:9c:1b:86:e6:8c:b0:53:21:1f:
06:14:88:21:46:78:05:71:36:e2:a4:d5:95:50:96:
04:a2:39:aa:00:1a:74:4c:19:ae:39:64:a5:10:d5:
37:5d:84:73:9f:4a:d5:8f:72:30:4c:5d:82:3c:7e:
3f:f9:a6:23:8b:0b:64:8d:b9:1f:0e:ca:1e:cd:1b:
58:d7:60:c4:58:9b:64:4b:cd:1e:bd:2b:25:51:c5:
77:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:2A:BD:B1:FB:18:4C:8F:B9:7A:FB:1E:3E:6C:75:04:45:19:7A:B1
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/5E8A7A9433AB11EB8A31FB41C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.82.100.0/22
Signature Algorithm: sha256WithRSAEncryption
1d:9c:50:fa:0d:fa:32:64:a7:25:c4:4a:8e:ab:db:4c:cb:85:
53:76:3d:58:1e:be:3c:06:bc:b2:5c:1c:26:1c:13:80:42:9b:
fc:b5:d0:2f:07:ed:94:33:dd:27:f5:e6:25:79:3e:1f:cd:9e:
5d:24:d3:e0:64:72:ba:7a:29:fe:81:be:cb:fb:bb:ba:26:52:
b0:b3:2a:16:c5:a1:28:cb:9a:3e:6c:69:c7:ff:e1:c4:95:e2:
37:18:58:af:0f:d4:58:2d:1d:c5:fd:15:c1:5a:63:03:a0:81:
26:be:8d:fc:74:e2:3f:cd:0c:29:db:03:3f:e8:52:e5:5f:32:
45:93:b9:49:95:5d:7a:e0:3e:5d:41:32:27:d7:1d:3d:b1:54:
75:b3:b4:7d:ed:ca:46:67:73:0b:ba:83:97:e3:a6:a2:9f:35:
2c:9f:48:76:b0:0d:4d:cf:42:8b:bd:8c:6d:20:65:bf:99:db:
18:78:7c:19:eb:61:f7:a1:f4:23:d8:38:f9:29:16:e4:c1:d3:
07:d7:b4:77:ba:66:db:82:50:65:f7:41:3b:70:73:92:87:2f:
30:41:e4:25:f6:cb:b0:d2:25:f0:96:df:ab:36:46:50:17:ec:
4a:7c:52:d4:2d:d3:00:cf:16:9a:c2:86:9f:e2:5c:62:b7:e4:
b0:04:b5:6f
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICbAMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwNTEwMTYyMjI5WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDViYzRjNC01ODIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8Mj6OJVtCXFfSsMt1qs5SIzqsdNxIQx+vXZkHPGRP4ftb3AJq1yiB7AZquGQ
EWeygFCBeFG6JXqA3PIWl0+IKie/5qUM5Qf/CP0jeTQjucM9vIWCIWTsg1z7xiMY
eDlgB7dMYFNW5MMoUuoCyEzcMt/gx+9fdKj8/XbtQhbhLdsYkeVYFYHu8wXepiZU
XSpvH0wd2jOzCleamx9yQBDG48yzIPARoSFqXLGcG4bmjLBTIR8GFIghRngFcTbi
pNWVUJYEojmqABp0TBmuOWSlENU3XYRzn0rVj3IwTF2CPH4/+aYjiwtkjbkfDsoe
zRtY12DEWJtkS80evSslUcV3UwIDAQABo4IClTCCApEwHQYDVR0OBBYEFN4qvbH7
GEyPuXr7Hj5sdQRFGXqxMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvNUU4QTdBOTQz
M0FCMTFFQjhBMzFGQjQxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnUmQwDQYJKoZIhvcNAQELBQADggEBAB2cUPoN+jJkpyXE
So6r20zLhVN2PVgevjwGvLJcHCYcE4BCm/y10C8H7ZQz3Sf15iV5Ph/Nnl0k0+Bk
crp6Kf6Bvsv7u7omUrCzKhbFoSjLmj5sacf/4cSV4jcYWK8P1FgtHcX9FcFaYwOg
gSa+jfx04j/NDCnbAz/oUuVfMkWTuUmVXXrgPl1BMifXHT2xVHWztH3tykZncwu6
g5fjpqKfNSyfSHawDU3PQou9jG0gZb+Z2xh4fBnrYfeh9CPYOPkpFuTB0wfXtHe6
ZtuCUGX3QTtwc5KHLzBB5CX2y7DSJfCW36s2RlAX7Ep8UtQt0wDPFprChp/iXGK3
5LAEtW8=
-----END CERTIFICATE-----
Generated at Fri Apr 4 21:55:51 2025 by rpki-client