Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/97F6DCA685AC11EC8348CC48C4F9AE02.roa
File: 97F6DCA685AC11EC8348CC48C4F9AE02.roa (raw, json)
Hash identifier: Rs0I27zn8lf20X1XFKyyx0B/QReopcleupnR4iBdAdc=
Subject key identifier: DC:35:B6:A3:E9:CE:87:2B:B3:07:C0:41:F2:40:BA:4A:4C:12:99:23
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 6DB4
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/97F6DCA685AC11EC8348CC48C4F9AE02.roa
Signing time: Wed 10 May 2023 16:30:39 +0000
ROA not before: Wed 10 May 2023 16:30:39 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 138769
IP address blocks: 103.109.81.0/24 maxlen: 24
103.109.82.0/24 maxlen: 24
103.109.83.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28084 (0x6db4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 10 16:30:39 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=645bc6ae-1e61
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:9c:af:a0:a4:99:79:d2:3e:ae:25:59:3c:7e:
74:01:ce:e2:e2:12:57:30:cc:db:37:67:08:1f:9e:
ae:aa:fa:be:b8:cf:8d:1f:62:d3:de:a7:d9:cd:13:
ff:80:ba:f2:fd:a2:ee:8f:aa:8b:c5:db:1e:56:6b:
60:2d:53:af:65:4b:75:57:50:f5:61:16:17:3c:9f:
8c:27:2b:d1:31:0d:e7:3f:71:d8:fa:4d:ae:14:4c:
4a:ee:41:14:58:83:d2:16:14:f6:e5:b7:a3:3a:0c:
41:ea:96:46:32:ff:a4:bc:c2:8f:c9:5e:f7:69:79:
ff:93:04:32:7e:48:18:7a:e2:83:55:4e:ee:25:74:
89:c6:74:99:a6:36:38:bd:45:b1:2e:49:38:56:c0:
97:35:95:ec:9f:a9:cb:1f:a5:ad:33:6b:58:fe:6f:
8b:7f:3f:c1:ba:6c:2d:af:bf:e2:9a:cd:92:cd:c2:
00:77:ee:c9:5c:b6:42:ed:7b:e8:6a:8c:f7:a3:00:
bf:1c:cf:3b:69:7f:a7:b3:f3:b9:46:5a:e7:53:51:
c4:a9:ad:5f:f8:f0:0c:be:58:f0:66:da:9f:db:cc:
54:a1:1d:a7:ca:47:70:bd:63:69:24:a2:e3:2b:3c:
ee:4c:bc:44:48:0d:7d:a4:4d:39:ea:ee:f2:76:46:
5a:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:35:B6:A3:E9:CE:87:2B:B3:07:C0:41:F2:40:BA:4A:4C:12:99:23
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/97F6DCA685AC11EC8348CC48C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.109.81.0-103.109.83.255
Signature Algorithm: sha256WithRSAEncryption
7b:9b:bb:41:7b:b1:af:bf:09:01:e1:4e:ab:1f:74:59:49:5b:
a3:ba:04:57:7c:a2:dd:65:3b:34:5a:d8:2b:f5:9e:b4:e5:fb:
65:68:c5:1e:4b:13:df:6b:56:98:18:32:91:3e:7b:d9:93:7b:
23:49:60:21:15:9c:28:30:34:c9:07:ea:b9:88:c7:9b:46:09:
ca:4f:9f:64:33:5f:ad:32:65:44:bc:e1:23:03:18:a4:4c:a2:
e3:eb:ba:37:fb:85:61:56:a7:d0:56:f3:37:25:5c:6c:1e:b1:
26:7e:ee:f5:28:8c:7f:ff:3a:25:31:28:cd:f8:64:6d:98:d8:
bb:cf:b8:d2:89:83:17:52:5e:39:1a:d0:35:d8:fa:a3:d2:e6:
74:e8:1e:ea:dd:41:f4:c1:3b:63:52:e8:94:d8:d9:f3:6a:67:
60:11:2a:ad:23:e2:4a:2d:3e:d5:92:cf:8d:cf:5f:cb:86:a8:
32:17:dc:a2:36:d0:45:bd:5e:18:aa:13:cf:9e:7b:59:57:ca:
73:6c:74:61:76:de:03:54:12:67:5b:c2:b7:27:93:02:30:29:
26:ea:51:bc:4d:e7:46:d7:3e:99:20:34:c4:2d:5c:1c:3f:da:
ed:c6:92:ed:cf:a3:7a:31:56:54:98:c0:0b:f8:d3:40:16:37:
39:50:67:a3
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgICbbQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwNTEwMTYzMDM5WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDViYzZhZS0xZTYxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA65yvoKSZedI+riVZPH50Ac7i4hJXMMzbN2cIH56uqvq+uM+NH2LT3qfZzRP/
gLry/aLuj6qLxdseVmtgLVOvZUt1V1D1YRYXPJ+MJyvRMQ3nP3HY+k2uFExK7kEU
WIPSFhT25bejOgxB6pZGMv+kvMKPyV73aXn/kwQyfkgYeuKDVU7uJXSJxnSZpjY4
vUWxLkk4VsCXNZXsn6nLH6WtM2tY/m+Lfz/Bumwtr7/ims2SzcIAd+7JXLZC7Xvo
aoz3owC/HM87aX+ns/O5RlrnU1HEqa1f+PAMvljwZtqf28xUoR2nykdwvWNpJKLj
KzzuTLxESA19pE056u7ydkZagwIDAQABo4ICnTCCApkwHQYDVR0OBBYEFNw1tqPp
zocrswfAQfJAukpMEpkjMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvOTdGNkRDQTY4
NUFDMTFFQzgzNDhDQzQ4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQcBAf8E
GDAWMBQEAgABMA4wDAMEAGdtUQMEAmdtUDANBgkqhkiG9w0BAQsFAAOCAQEAe5u7
QXuxr78JAeFOqx90WUlbo7oEV3yi3WU7NFrYK/WetOX7ZWjFHksT32tWmBgykT57
2ZN7I0lgIRWcKDA0yQfquYjHm0YJyk+fZDNfrTJlRLzhIwMYpEyi4+u6N/uFYVan
0FbzNyVcbB6xJn7u9SiMf/86JTEozfhkbZjYu8+40omDF1JeORrQNdj6o9LmdOge
6t1B9ME7Y1LolNjZ82pnYBEqrSPiSi0+1ZLPjc9fy4aoMhfcojbQRb1eGKoTz557
WVfKc2x0YXbeA1QSZ1vCtyeTAjApJupRvE3nRtc+mSA0xC1cHD/a7caS7c+jejFW
VJjAC/jTQBY3OVBnow==
-----END CERTIFICATE-----
Generated at Fri Apr 11 13:58:01 2025 by rpki-client