Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/D4F4340A75C711EB9781535EC4F9AE02.roa
File: D4F4340A75C711EB9781535EC4F9AE02.roa (raw, json)
Hash identifier: JQh4OYt0ifd+PPj244n49pMG9ZcTva3hrEudgsovxEU=
Subject key identifier: 45:F1:C2:37:31:7F:A0:E7:78:35:9B:D9:B1:20:D0:C4:7C:7B:D7:B5
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 6D4B
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/D4F4340A75C711EB9781535EC4F9AE02.roa
Signing time: Wed 10 May 2023 16:28:38 +0000
ROA not before: Wed 10 May 2023 16:28:38 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 137682
IP address blocks: 103.116.196.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27979 (0x6d4b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 10 16:28:38 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=645bc635-5e12
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:c7:37:72:6f:c6:f7:a7:ba:c3:bb:73:9c:81:
d0:47:d4:a0:75:da:15:e2:df:cb:66:df:cc:64:13:
50:87:2c:82:1d:ea:b1:11:74:d2:02:77:0a:e5:80:
8d:61:7a:77:76:b5:8c:41:ff:8e:60:14:fc:dd:fe:
38:0f:47:42:59:70:07:58:66:3d:60:a6:94:61:a8:
41:f6:1f:75:9f:76:4b:ed:32:04:4a:c0:c9:5c:e9:
2b:64:6a:5e:68:4a:ec:de:3b:44:90:e0:a6:c4:8a:
45:b1:28:7f:3a:2d:cf:db:47:18:ae:f6:35:13:b2:
ab:12:75:f5:b8:c1:09:b3:7e:fe:d6:75:ca:9f:f2:
16:4f:93:e6:79:28:87:a2:3c:87:c1:fa:d6:43:30:
d4:36:26:48:57:a2:31:2b:46:26:90:f3:b8:c5:da:
93:74:6d:db:a7:80:d6:54:8a:0a:ca:9f:0a:05:a2:
c9:fc:ce:be:57:85:58:cc:92:79:00:5c:53:7f:2e:
47:d8:0c:85:3a:9a:9c:59:51:99:bc:98:65:ce:18:
c3:9e:34:3b:20:26:91:61:84:38:a1:bd:0f:cd:e4:
b8:4e:37:a3:e3:67:dc:23:65:bc:f7:a5:53:4e:45:
c3:f6:a3:fa:06:47:ea:0b:59:7b:3d:bb:a5:70:a3:
bb:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:F1:C2:37:31:7F:A0:E7:78:35:9B:D9:B1:20:D0:C4:7C:7B:D7:B5
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/D4F4340A75C711EB9781535EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.116.196.0/22
Signature Algorithm: sha256WithRSAEncryption
0e:f4:2b:56:b9:9b:5d:81:80:77:5c:f0:95:3b:da:b0:1d:ca:
ff:15:73:50:18:df:36:36:8b:ef:9a:6b:f9:04:42:fe:b0:83:
4d:84:86:04:81:7f:20:c8:8f:ed:ab:4f:08:f4:b2:04:ac:a6:
8d:27:27:7d:48:19:4a:a8:27:f1:43:6c:8e:ce:bf:5d:1a:37:
51:a0:a5:49:e0:f4:d1:3c:7b:0a:61:1d:11:f7:07:c3:f8:2a:
5f:29:63:a0:f4:74:d5:8e:4a:56:34:b6:f8:f9:e6:48:13:8b:
c7:80:e4:b8:ff:56:a7:30:78:80:4a:a8:46:3b:35:19:b6:72:
db:e6:db:7b:30:08:c1:85:50:d2:e9:b2:8d:c4:5c:6a:c1:6b:
70:5f:5f:a8:98:7c:06:c7:26:32:83:18:3b:e8:c9:6e:2a:e1:
74:dc:05:3e:d9:f2:38:61:c7:b5:fc:93:d7:0b:8d:bb:90:23:
93:75:fc:cd:c0:12:d8:23:31:85:a8:36:d1:d8:bc:fd:21:1e:
2c:31:1f:b7:b7:31:7f:1e:68:28:da:ad:3b:ed:85:c5:28:6f:
a1:b3:c7:28:f9:2e:08:88:f7:da:ad:7b:fb:73:12:6f:86:7d:
1a:60:a6:cd:20:c9:08:55:51:1f:69:95:d3:49:9d:c2:99:09:
ce:70:65:16
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICbUswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwNTEwMTYyODM4WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDViYzYzNS01ZTEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA88c3cm/G96e6w7tznIHQR9SgddoV4t/LZt/MZBNQhyyCHeqxEXTSAncK5YCN
YXp3drWMQf+OYBT83f44D0dCWXAHWGY9YKaUYahB9h91n3ZL7TIESsDJXOkrZGpe
aErs3jtEkOCmxIpFsSh/Oi3P20cYrvY1E7KrEnX1uMEJs37+1nXKn/IWT5PmeSiH
ojyHwfrWQzDUNiZIV6IxK0YmkPO4xdqTdG3bp4DWVIoKyp8KBaLJ/M6+V4VYzJJ5
AFxTfy5H2AyFOpqcWVGZvJhlzhjDnjQ7ICaRYYQ4ob0PzeS4Tjej42fcI2W896VT
TkXD9qP6BkfqC1l7PbulcKO7twIDAQABo4IClTCCApEwHQYDVR0OBBYEFEXxwjcx
f6DneDWb2bEg0MR8e9e1MB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvRDRGNDM0MEE3
NUM3MTFFQjk3ODE1MzVFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJndMQwDQYJKoZIhvcNAQELBQADggEBAA70K1a5m12BgHdc
8JU72rAdyv8Vc1AY3zY2i++aa/kEQv6wg02EhgSBfyDIj+2rTwj0sgSspo0nJ31I
GUqoJ/FDbI7Ov10aN1GgpUng9NE8ewphHRH3B8P4Kl8pY6D0dNWOSlY0tvj55kgT
i8eA5Lj/VqcweIBKqEY7NRm2ctvm23swCMGFUNLpso3EXGrBa3BfX6iYfAbHJjKD
GDvoyW4q4XTcBT7Z8jhhx7X8k9cLjbuQI5N1/M3AEtgjMYWoNtHYvP0hHiwxH7e3
MX8eaCjarTvthcUob6Gzxyj5LgiI99qte/tzEm+GfRpgps0gyQhVUR9pldNJncKZ
Cc5wZRY=
-----END CERTIFICATE-----
Generated at Fri Apr 4 18:11:19 2025 by rpki-client