Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/83C1E6F6C1AD11EEB5008E47C4F9AE02.roa
File: 83C1E6F6C1AD11EEB5008E47C4F9AE02.roa (raw, json)
Hash identifier: s8LgyxgX5d6kPPZSf5KZlB75Vitr121AHb/eH++b16s=
Subject key identifier: B4:92:65:FA:69:C0:3E:C9:96:81:F5:38:FF:1C:EA:15:92:23:66:DA
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 8968
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/83C1E6F6C1AD11EEB5008E47C4F9AE02.roa
Signing time: Thu 30 May 2024 15:58:43 +0000
ROA not before: Thu 30 May 2024 15:58:43 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 134042
IP address blocks: 103.61.196.0/24 maxlen: 24
103.61.197.0/24 maxlen: 24
103.61.198.0/24 maxlen: 24
103.61.199.0/24 maxlen: 24
103.138.78.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 35176 (0x8968)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 30 15:58:43 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6658a232-4610
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:48:e0:70:a7:a1:d9:f9:97:07:39:89:dc:ea:
8c:1b:ed:f0:e5:3a:23:c0:d7:31:87:56:9d:95:26:
42:95:2f:03:80:71:67:2a:85:5e:9d:8b:76:d9:8d:
ac:e5:cf:c5:93:36:71:3f:41:d6:34:d9:45:79:68:
bb:2b:24:e5:4e:72:7e:21:52:5c:ac:83:dc:45:4a:
78:9b:56:30:0c:b6:9e:ac:a3:7b:e6:54:02:76:78:
49:9a:6b:1e:7b:e2:0d:a2:32:37:21:26:76:6e:7b:
bf:18:57:20:42:59:48:55:05:5d:13:e8:ac:48:f4:
cd:27:fe:21:16:a4:23:4b:94:dd:12:18:82:7d:a2:
a1:cd:fe:a9:c6:e4:a4:4f:de:5e:b9:78:ee:00:28:
21:38:dc:ad:11:4a:07:d6:68:e3:b1:fa:0e:bc:ec:
c3:9d:dc:c9:c4:3c:69:63:2e:8d:aa:b1:fd:28:a1:
c2:41:94:f1:46:4e:5b:c3:eb:f3:cd:fc:b4:98:96:
9d:b6:ee:e2:1c:c8:96:12:4a:76:a5:bb:11:31:8f:
83:97:32:26:a0:dc:97:1e:53:e4:08:e9:14:28:74:
6e:26:33:da:ae:38:91:5e:be:25:cc:db:6b:30:8b:
79:6b:ce:cf:f7:92:31:5f:ce:37:e9:c3:73:d3:71:
e9:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:92:65:FA:69:C0:3E:C9:96:81:F5:38:FF:1C:EA:15:92:23:66:DA
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/83C1E6F6C1AD11EEB5008E47C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.61.196.0/22
103.138.78.0/23
Signature Algorithm: sha256WithRSAEncryption
af:a5:da:27:b2:b6:fa:3b:41:22:38:af:1f:a9:f1:1d:91:7e:
4a:fc:57:77:0e:e9:b0:92:f0:40:ae:d5:84:f5:0d:c3:ce:27:
73:c7:d6:b5:58:0d:33:bc:48:a1:b7:45:53:24:c3:cc:87:63:
ad:ec:6f:7e:e2:4e:69:b7:6b:63:0d:9c:46:46:0b:76:92:79:
74:8c:43:0d:9e:e8:07:ea:14:54:d6:e5:19:d8:d3:d3:71:7f:
b4:a0:03:5a:b3:4f:9b:64:8b:64:00:e0:47:4f:94:81:15:39:
42:b2:24:8c:71:8a:f4:a1:d2:6a:15:d6:04:91:b0:f2:b4:67:
48:da:93:fd:e3:e0:c1:a7:21:3a:ea:c4:ab:fa:0c:16:c2:22:
ac:17:37:6c:98:b9:45:92:51:a1:a1:77:ad:81:4c:42:c0:44:
34:a3:04:9b:90:c2:95:17:11:c3:c6:6e:7d:33:f8:ba:7e:33:
55:fc:85:82:e7:c3:df:f5:b2:68:15:f2:2a:ea:fc:cf:e8:59:
b7:18:74:c0:ff:59:7f:51:60:7e:47:d8:17:0e:b1:4e:45:ab:
10:76:57:8d:82:10:9d:9a:15:86:65:e3:f0:00:2f:a4:46:7c:
ae:4c:70:e7:7a:7a:c8:77:28:9e:3a:be:77:22:f4:d4:c8:8f:
df:ed:ba:c0
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgIDAIloMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDUzMDE1NTg0M1oXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjY1OGEyMzItNDYxMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPJI4HCnodn5lwc5idzqjBvt8OU6I8DXMYdWnZUmQpUvA4BxZyqFXp2LdtmN
rOXPxZM2cT9B1jTZRXlouysk5U5yfiFSXKyD3EVKeJtWMAy2nqyje+ZUAnZ4SZpr
HnviDaIyNyEmdm57vxhXIEJZSFUFXRPorEj0zSf+IRakI0uU3RIYgn2ioc3+qcbk
pE/eXrl47gAoITjcrRFKB9Zo47H6Drzsw53cycQ8aWMujaqx/SihwkGU8UZOW8Pr
8838tJiWnbbu4hzIlhJKdqW7ETGPg5cyJqDclx5T5AjpFCh0biYz2q44kV6+Jczb
azCLeWvOz/eSMV/ON+nDc9Nx6WcCAwEAAaOCApswggKXMB0GA1UdDgQWBBS0kmX6
acA+yZaB9Tj/HOoVkiNm2jAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzgzQzFFNkY2
QzFBRDExRUVCNTAwOEU0N0M0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMCUGCCsGAQUFBwEHAQH/
BBYwFDASBAIAATAMAwQCZz3EAwQBZ4pOMA0GCSqGSIb3DQEBCwUAA4IBAQCvpdon
srb6O0EiOK8fqfEdkX5K/Fd3DumwkvBArtWE9Q3Dzidzx9a1WA0zvEiht0VTJMPM
h2Ot7G9+4k5pt2tjDZxGRgt2knl0jEMNnugH6hRU1uUZ2NPTcX+0oANas0+bZItk
AOBHT5SBFTlCsiSMcYr0odJqFdYEkbDytGdI2pP94+DBpyE66sSr+gwWwiKsFzds
mLlFklGhoXetgUxCwEQ0owSbkMKVFxHDxm59M/i6fjNV/IWC58Pf9bJoFfIq6vzP
6Fm3GHTA/1l/UWB+R9gXDrFORasQdleNghCdmhWGZePwAC+kRnyuTHDnenrIdyie
Or53IvTUyI/f7brA
-----END CERTIFICATE-----
Generated at Fri Apr 4 18:35:59 2025 by rpki-client