Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B48296149D4511EEBD7DE775C4F9AE02.roa
File: B48296149D4511EEBD7DE775C4F9AE02.roa (raw, json)
Hash identifier: bckp0Om3StMKjZz3K/DLDVcrDtas9onyW9+eIydCHKw=
Subject key identifier: 9E:38:55:BC:B1:79:4D:66:DF:A7:36:DE:5A:6E:8C:D9:72:9D:A7:3A
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 88D7
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B48296149D4511EEBD7DE775C4F9AE02.roa
Signing time: Thu 30 May 2024 15:56:19 +0000
ROA not before: Thu 30 May 2024 15:56:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 133272
IP address blocks: 103.172.222.0/23 maxlen: 24
103.239.232.0/22 maxlen: 24
2404:3b40::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 35031 (0x88d7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 30 15:56:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6658a1a2-e031
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:92:a3:5e:b4:10:f7:59:bc:a7:21:16:02:d7:
a8:9b:6d:42:b1:87:d1:4a:be:8f:0a:19:87:7d:5b:
3f:56:ec:68:99:ca:9a:c6:81:36:4f:00:19:2e:e1:
7e:cc:d1:6d:cd:aa:b7:65:33:d0:a8:71:6c:9c:4c:
61:60:b6:79:40:c1:31:e8:d9:2e:37:c9:4c:3f:db:
26:64:bf:0a:b4:35:73:50:ba:c0:80:ef:4d:e5:96:
ba:e2:a4:68:a0:72:33:02:b8:b4:ce:5f:69:9d:c6:
74:90:3c:73:b9:ca:a6:09:c6:a1:a3:d4:f9:5f:21:
2a:df:45:d0:76:40:83:d2:1a:8c:a8:c0:d0:f3:7a:
05:db:f7:86:b7:5c:55:31:1e:b5:a8:36:56:4d:d5:
10:77:de:23:e1:1d:05:e2:08:cc:c1:0b:63:c1:9f:
fa:eb:74:2d:1d:0f:23:a5:bf:7f:9a:19:81:12:5b:
cd:ac:d6:27:c9:29:9b:1b:bf:63:70:f5:b4:99:c4:
ff:9e:f9:af:f9:f6:10:84:7c:df:2a:d8:7f:4e:5d:
17:4a:07:56:f0:cb:4d:b9:2a:f7:84:8e:19:1c:b4:
29:7d:f7:ac:ab:75:de:1e:0f:49:65:de:e9:c6:fa:
48:cd:1a:e4:bf:28:39:04:8d:75:3c:b4:01:95:9c:
f1:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:38:55:BC:B1:79:4D:66:DF:A7:36:DE:5A:6E:8C:D9:72:9D:A7:3A
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B48296149D4511EEBD7DE775C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.172.222.0/23
103.239.232.0/22
IPv6:
2404:3b40::/32
Signature Algorithm: sha256WithRSAEncryption
43:81:f3:8b:c8:94:28:8c:82:ac:fd:fa:3c:e5:8b:e5:f8:87:
1e:4d:e2:d7:77:bc:f7:b5:f0:7b:f7:25:79:2c:01:9e:be:b1:
c0:86:07:26:fe:0b:49:70:cd:7c:a3:d0:02:0d:dc:c3:2c:7f:
64:71:13:db:37:65:c4:16:dc:84:fe:81:0e:9e:22:5b:96:9d:
9c:aa:13:43:1a:04:a9:97:03:13:4a:c4:58:0c:5a:40:9e:29:
67:41:15:63:7f:c2:5d:0f:0a:76:96:85:b5:cc:68:88:f2:81:
bf:87:e4:61:5a:3a:12:c6:e9:ff:84:6d:58:20:07:34:05:52:
90:08:9a:38:12:60:65:56:ad:4f:f5:2b:d0:c3:26:db:af:85:
3b:92:0c:39:6a:a9:5a:4d:0c:be:3e:2c:c4:90:5c:c8:03:6a:
a7:1d:ec:28:4b:a6:d8:3d:6f:eb:74:61:10:5d:3f:2e:d8:dd:
70:ad:d9:64:1a:14:c5:90:40:7a:45:50:fd:cd:98:04:a8:9f:
7e:02:15:92:35:28:07:4a:a0:28:5e:c4:36:01:e9:07:b0:be:
f6:e6:9d:7d:a3:cd:3c:17:69:2b:92:3b:74:83:90:df:9f:91:
39:5f:c8:7e:0f:57:fa:ce:78:66:2d:ba:2b:53:fa:e3:8b:09:
d7:3d:88:c1
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgIDAIjXMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDUzMDE1NTYxOVoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjY1OGExYTItZTAzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANiSo160EPdZvKchFgLXqJttQrGH0Uq+jwoZh31bP1bsaJnKmsaBNk8AGS7h
fszRbc2qt2Uz0KhxbJxMYWC2eUDBMejZLjfJTD/bJmS/CrQ1c1C6wIDvTeWWuuKk
aKByMwK4tM5faZ3GdJA8c7nKpgnGoaPU+V8hKt9F0HZAg9IajKjA0PN6Bdv3hrdc
VTEetag2Vk3VEHfeI+EdBeIIzMELY8Gf+ut0LR0PI6W/f5oZgRJbzazWJ8kpmxu/
Y3D1tJnE/575r/n2EIR83yrYf05dF0oHVvDLTbkq94SOGRy0KX33rKt13h4PSWXe
6cb6SM0a5L8oOQSNdTy0AZWc8ZUCAwEAAaOCAqowggKmMB0GA1UdDgQWBBSeOFW8
sXlNZt+nNt5abozZcp2nOjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0I0ODI5NjE0
OUQ0NTExRUVCRDdERTc3NUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDQGCCsGAQUFBwEHAQH/
BCUwIzASBAIAATAMAwQBZ6zeAwQCZ+/oMA0EAgACMAcDBQAkBDtAMA0GCSqGSIb3
DQEBCwUAA4IBAQBDgfOLyJQojIKs/fo85Yvl+IceTeLXd7z3tfB79yV5LAGevrHA
hgcm/gtJcM18o9ACDdzDLH9kcRPbN2XEFtyE/oEOniJblp2cqhNDGgSplwMTSsRY
DFpAnilnQRVjf8JdDwp2loW1zGiI8oG/h+RhWjoSxun/hG1YIAc0BVKQCJo4EmBl
Vq1P9SvQwybbr4U7kgw5aqlaTQy+PizEkFzIA2qnHewoS6bYPW/rdGEQXT8u2N1w
rdlkGhTFkEB6RVD9zZgEqJ9+AhWSNSgHSqAoXsQ2AekHsL725p19o808F2krkjt0
g5Dfn5E5X8h+D1f6znhmLborU/rjiwnXPYjB
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:15:14 2025 by rpki-client