Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/69DE6BE6BDCF11EA8755D90DC4F9AE02.roa
File: 69DE6BE6BDCF11EA8755D90DC4F9AE02.roa (raw, json)
Hash identifier: KL4PXMMFQe3DHZwpNp5WkQSnOe8ZsDjXxDDD0FKVcp8=
Subject key identifier: 63:D9:2F:A1:C2:BE:A7:E5:7B:FA:1E:33:23:BC:63:C5:51:CF:5C:44
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 8C76
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/69DE6BE6BDCF11EA8755D90DC4F9AE02.roa
Signing time: Thu 30 May 2024 16:11:26 +0000
ROA not before: Thu 30 May 2024 16:11:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 139501
IP address blocks: 103.145.167.0/24 maxlen: 24
103.211.136.0/22 maxlen: 24
139.5.64.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 35958 (0x8c76)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 30 16:11:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6658a52e-eebb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:38:cd:eb:bf:b4:ba:c4:07:05:22:15:cf:1e:
ea:24:6a:40:43:5b:b7:3d:2b:c6:75:05:f1:fb:03:
1b:65:41:fb:90:f5:aa:ec:af:c9:2f:80:f9:a3:22:
5b:11:81:cf:cc:c3:c2:54:62:84:1e:88:88:01:ec:
26:08:25:66:ef:a4:ec:e8:19:64:c5:48:55:1f:82:
5e:66:76:7d:5f:69:51:1f:06:18:7c:84:53:da:7b:
ca:03:53:32:20:0a:5b:7c:fd:63:d5:6e:a3:18:95:
1b:f3:c7:13:ca:71:db:2d:0e:3c:df:d8:5d:04:dd:
d6:c6:68:b3:b7:71:95:93:e1:27:32:7c:d0:ca:c5:
6a:a5:ee:16:0d:b8:9c:4f:f0:d6:b0:16:d1:46:9f:
b1:9d:ca:ab:81:51:10:28:44:97:bb:3c:ac:b8:e0:
d7:86:c4:39:d6:15:65:05:9d:df:79:ae:c7:ab:45:
db:60:8c:70:0d:69:d6:cd:9b:57:52:41:bb:c3:7b:
94:0c:1e:be:32:80:b0:2b:73:f4:93:bc:6a:fa:bf:
1b:d9:80:f1:65:5f:86:85:19:7e:8f:f8:10:49:9b:
e5:c6:bc:f0:8a:6b:b2:69:45:43:3e:25:9a:4e:74:
a6:bd:db:b5:9e:51:61:48:82:50:a2:03:26:40:0f:
90:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:D9:2F:A1:C2:BE:A7:E5:7B:FA:1E:33:23:BC:63:C5:51:CF:5C:44
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/69DE6BE6BDCF11EA8755D90DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.145.167.0/24
103.211.136.0/22
139.5.64.0/22
Signature Algorithm: sha256WithRSAEncryption
9b:89:bd:9d:89:b6:2b:0c:03:72:33:5d:3a:64:0b:77:fd:0a:
d4:72:0d:23:af:66:a1:1c:cd:cf:e1:ef:95:76:92:ee:22:fc:
cf:86:64:c9:e8:e2:e2:1b:d0:13:e6:b6:00:2b:5d:ca:34:39:
49:d8:31:2a:81:75:1b:18:cb:d3:90:dc:36:89:66:0c:d9:bf:
2a:72:2e:b8:dc:2d:cb:09:8a:be:b3:e3:f2:3c:3d:16:e8:a8:
20:af:f1:c0:c9:a8:fd:55:9e:d2:47:a3:11:ae:17:74:2b:ae:
fc:5b:3b:22:9a:b6:48:3d:25:4f:11:14:09:d4:54:a2:2a:f1:
2b:41:17:9f:82:80:55:fd:b0:76:40:2f:40:62:7e:a5:c8:10:
d7:02:f9:2d:81:a0:8f:3b:a5:d4:91:3b:ad:80:45:3f:7b:5f:
a6:c0:f2:47:be:55:71:f0:e5:82:8a:93:a4:4d:2b:01:76:68:
ad:0a:78:70:2d:c1:da:52:b5:bc:65:22:41:19:44:d8:65:c8:
f5:8d:ca:d9:59:90:b5:08:59:8b:3c:7f:cb:91:da:87:54:d6:
91:b9:38:0c:10:bb:0a:1e:84:5a:a5:d8:81:f2:16:ec:4d:90:
67:fc:1f:62:af:ef:01:f5:91:e2:27:0a:df:1e:36:ca:82:68:
5a:ee:c7:84
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgIDAIx2MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDUzMDE2MTEyNloXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjY1OGE1MmUtZWViYjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANw4zeu/tLrEBwUiFc8e6iRqQENbtz0rxnUF8fsDG2VB+5D1quyvyS+A+aMi
WxGBz8zDwlRihB6IiAHsJgglZu+k7OgZZMVIVR+CXmZ2fV9pUR8GGHyEU9p7ygNT
MiAKW3z9Y9VuoxiVG/PHE8px2y0OPN/YXQTd1sZos7dxlZPhJzJ80MrFaqXuFg24
nE/w1rAW0UafsZ3Kq4FREChEl7s8rLjg14bEOdYVZQWd33mux6tF22CMcA1p1s2b
V1JBu8N7lAwevjKAsCtz9JO8avq/G9mA8WVfhoUZfo/4EEmb5ca88IprsmlFQz4l
mk50pr3btZ5RYUiCUKIDJkAPkG0CAwEAAaOCAqEwggKdMB0GA1UdDgQWBBRj2S+h
wr6n5Xv6HjMjvGPFUc9cRDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzY5REU2QkU2
QkRDRjExRUE4NzU1RDkwREM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMCsGCCsGAQUFBwEHAQH/
BBwwGjAYBAIAATASAwQAZ5GnAwQCZ9OIAwQCiwVAMA0GCSqGSIb3DQEBCwUAA4IB
AQCbib2dibYrDANyM106ZAt3/QrUcg0jr2ahHM3P4e+VdpLuIvzPhmTJ6OLiG9AT
5rYAK13KNDlJ2DEqgXUbGMvTkNw2iWYM2b8qci643C3LCYq+s+PyPD0W6Kggr/HA
yaj9VZ7SR6MRrhd0K678WzsimrZIPSVPERQJ1FSiKvErQRefgoBV/bB2QC9AYn6l
yBDXAvktgaCPO6XUkTutgEU/e1+mwPJHvlVx8OWCipOkTSsBdmitCnhwLcHaUrW8
ZSJBGUTYZcj1jcrZWZC1CFmLPH/LkdqHVNaRuTgMELsKHoRapdiB8hbsTZBn/B9i
r+8B9ZHiJwrfHjbKgmha7seE
-----END CERTIFICATE-----
Generated at Sun Feb 16 20:22:49 2025 by rpki-client