Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/8E7883CE03EC11ECB522FB41C4F9AE02.roa
File: 8E7883CE03EC11ECB522FB41C4F9AE02.roa (raw, json)
Hash identifier: Aye4DOglmJ0jcglDPPpAhQ33DYPFXA401i39Y/0RhYw=
Subject key identifier: 62:36:C4:C5:9A:56:5F:5F:77:5E:29:1A:7C:C1:5F:36:90:8C:89:66
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 48D8
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/8E7883CE03EC11ECB522FB41C4F9AE02.roa
Signing time: Mon 21 Feb 2022 12:41:31 +0000
ROA not before: Mon 21 Feb 2022 12:41:31 +0000
ROA not after: Fri 01 Jul 2022 00:00:00 +0000
asID: 142419
IP address blocks: 103.169.89.0/24 maxlen: 24
103.170.21.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18648 (0x48d8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Feb 21 12:41:31 2022 GMT
Not After : Jul 1 00:00:00 2022 GMT
Subject: CN=6213887b-c753
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:fb:ea:41:b4:27:80:e3:ff:fe:ca:1c:47:b5:
1c:89:86:6e:ae:05:92:ef:b3:a7:bd:99:c1:99:23:
81:2d:2f:2b:6a:98:9c:b4:1b:a5:22:49:78:16:a7:
2a:20:d2:30:55:aa:44:10:4d:d2:f1:59:8b:c1:89:
7b:f0:76:0b:c2:99:82:af:3a:43:b1:39:4a:f5:a5:
7e:c8:c5:e3:3f:29:94:1f:81:ec:5b:86:ca:3b:8a:
b6:ed:27:da:47:a6:b0:34:05:c6:a6:56:0b:26:e0:
7d:aa:dc:3e:0c:0d:e3:f1:d9:59:14:6a:a4:8c:8b:
dc:a8:cd:34:d2:17:97:ae:71:9a:d2:c4:f4:95:5f:
ba:98:56:3b:93:e4:4f:8c:74:cf:e9:e5:38:d8:46:
85:82:2d:f4:d6:c0:2a:8a:82:28:3f:83:82:bc:6b:
7e:97:e8:83:84:f2:1d:de:05:76:39:e1:b8:81:a3:
b7:ac:69:0b:ee:1e:ba:27:24:38:9e:ae:2a:85:f5:
45:c9:af:60:cc:74:b6:12:c5:81:3e:8d:c7:44:eb:
4a:53:fa:5a:80:97:24:f2:f6:b3:b6:1d:c1:9b:74:
fd:42:c1:8c:fa:d7:5d:5a:1c:97:ea:e7:03:93:d8:
5f:01:d6:77:90:40:27:bf:16:8b:a6:43:e5:1b:e9:
e4:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:36:C4:C5:9A:56:5F:5F:77:5E:29:1A:7C:C1:5F:36:90:8C:89:66
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/8E7883CE03EC11ECB522FB41C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.169.89.0/24
103.170.21.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:b7:9b:b1:6e:70:98:c4:83:9b:3c:56:60:c0:30:19:8a:62:
52:14:7d:c6:35:ae:13:f3:ff:a7:6c:90:62:7d:f4:6b:dc:8c:
55:5c:aa:3f:62:1f:b9:80:73:35:1c:56:6d:ae:5f:8c:fe:d0:
a6:61:ab:bd:6c:b0:d9:bf:3c:82:90:4a:94:c3:ea:08:4e:83:
9b:f3:05:3c:d6:17:ac:69:11:1b:05:99:c5:d2:60:70:03:ff:
73:64:0b:2d:b3:d3:8c:80:b4:39:ad:d7:70:5f:be:61:84:22:
2e:11:d5:bc:02:bd:63:cd:6e:ba:16:66:0b:97:60:48:ca:ba:
99:75:56:30:8b:59:d9:b0:85:5e:00:5b:86:65:04:f8:32:c1:
35:cd:c4:4f:a5:a0:1d:99:89:6a:77:ae:c5:4c:b5:0f:b8:8e:
2f:58:99:57:e3:8a:52:4e:7c:cd:3c:7c:5f:08:59:76:3c:17:
1d:90:c8:6d:94:08:96:9a:53:2b:b8:df:f0:e3:05:14:83:79:
da:11:bf:af:ef:32:17:f8:95:c3:43:2e:f6:6a:73:e1:59:7d:
26:83:49:85:f2:41:2b:01:e7:2b:ca:15:1c:c1:75:2a:54:98:
63:2e:fd:bb:69:a2:32:50:e2:60:23:fc:fc:15:c4:9c:33:18:
de:2f:44:25
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICSNgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwMjIxMTI0MTMxWhcNMjIwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjEzODg3Yi1jNzUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsPvqQbQngOP//socR7UciYZurgWS77OnvZnBmSOBLS8rapictBulIkl4Fqcq
INIwVapEEE3S8VmLwYl78HYLwpmCrzpDsTlK9aV+yMXjPymUH4HsW4bKO4q27Sfa
R6awNAXGplYLJuB9qtw+DA3j8dlZFGqkjIvcqM000heXrnGa0sT0lV+6mFY7k+RP
jHTP6eU42EaFgi301sAqioIoP4OCvGt+l+iDhPId3gV2OeG4gaO3rGkL7h66JyQ4
nq4qhfVFya9gzHS2EsWBPo3HROtKU/pagJck8vazth3Bm3T9QsGM+tddWhyX6ucD
k9hfAdZ3kEAnvxaLpkPlG+nkzQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFGI2xMWa
Vl9fd14pGnzBXzaQjIlmMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvOEU3ODgzQ0Uw
M0VDMTFFQ0I1MjJGQjQxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnqVkDBABnqhUwDQYJKoZIhvcNAQELBQADggEBABy3m7Fu
cJjEg5s8VmDAMBmKYlIUfcY1rhPz/6dskGJ99GvcjFVcqj9iH7mAczUcVm2uX4z+
0KZhq71ssNm/PIKQSpTD6ghOg5vzBTzWF6xpERsFmcXSYHAD/3NkCy2z04yAtDmt
13BfvmGEIi4R1bwCvWPNbroWZguXYEjKupl1VjCLWdmwhV4AW4ZlBPgywTXNxE+l
oB2ZiWp3rsVMtQ+4ji9YmVfjilJOfM08fF8IWXY8Fx2QyG2UCJaaUyu43/DjBRSD
edoRv6/vMhf4lcNDLvZqc+FZfSaDSYXyQSsB5yvKFRzBdSpUmGMu/btpojJQ4mAj
/PwVxJwzGN4vRCU=
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:09:16 2025 by rpki-client