Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/E2D681CEA40511EB85979F43C4F9AE02.roa
File: E2D681CEA40511EB85979F43C4F9AE02.roa (raw, json)
Hash identifier: 6/voxukK9J/mnJ/ZJabAgc3f6KPlqsJxxwBl0Sk1J6o=
Subject key identifier: 66:2E:51:0C:08:43:85:E8:37:73:AC:71:A5:BD:01:BF:06:7D:2F:6C
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 6C17
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/E2D681CEA40511EB85979F43C4F9AE02.roa
Signing time: Wed 10 May 2023 16:22:50 +0000
ROA not before: Wed 10 May 2023 16:22:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 135820
IP address blocks: 103.77.254.0/23 maxlen: 24
103.104.128.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27671 (0x6c17)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 10 16:22:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=645bc4da-0601
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:a4:d4:04:5e:92:b9:60:a2:be:05:f8:fe:bd:
d2:85:36:35:7b:01:ce:25:1e:ea:4f:3d:a2:3a:23:
83:24:bf:8c:cc:7e:b2:4c:a7:16:52:3f:ca:c8:85:
c5:48:e6:e6:7c:da:17:2d:89:20:ee:78:d7:c3:7b:
dc:9f:f1:97:e7:92:59:57:a3:31:6c:0e:8b:25:eb:
97:fa:c8:d0:49:f0:0c:61:e6:f0:29:49:5b:cd:91:
af:c1:3b:88:45:64:85:5d:f9:71:a5:be:51:07:68:
79:cf:66:cb:41:45:ec:4d:42:0f:b5:2e:e4:f3:70:
52:74:66:ee:68:15:ef:80:65:a7:b0:da:01:6c:89:
a6:36:3d:e6:bc:91:60:0c:14:61:d8:5e:66:0c:a2:
fe:ea:9e:1c:1c:38:3f:d8:45:0a:6c:2c:88:09:ac:
40:82:e0:b4:ab:6a:90:2e:90:2a:0e:bb:df:8f:50:
7c:74:80:07:11:5a:73:72:e8:d9:f6:b8:59:0a:4a:
85:6b:d8:36:43:42:c1:48:d0:18:74:9a:65:d4:42:
b6:20:b4:9a:80:ca:67:1f:6b:41:3a:a6:ec:66:f6:
9b:93:2e:b0:eb:a1:28:c2:a0:42:d5:c6:79:ce:e7:
78:3b:03:a2:e1:21:82:2f:00:24:04:5b:36:bc:ba:
56:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:2E:51:0C:08:43:85:E8:37:73:AC:71:A5:BD:01:BF:06:7D:2F:6C
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/E2D681CEA40511EB85979F43C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.77.254.0/23
103.104.128.0/24
Signature Algorithm: sha256WithRSAEncryption
87:99:1a:ea:fa:6f:bc:29:40:f2:b8:02:a5:ea:e5:33:0a:8d:
68:86:53:44:85:9d:dd:8e:16:41:a4:69:6f:bb:e1:d6:81:8f:
59:07:0d:4c:d6:ff:56:c6:9a:c2:37:51:1e:78:ef:b7:82:ca:
a8:57:62:2c:d8:da:b3:68:48:1f:54:6b:b3:ec:a9:5e:d2:00:
2a:ea:fd:cc:a7:c3:ea:c3:82:c0:76:7a:97:65:52:86:2a:67:
04:4d:2c:80:f6:2d:57:45:45:db:8a:f7:83:ad:04:33:97:73:
82:c8:41:2f:e4:9a:37:e4:cc:43:e2:3a:31:1f:dd:1b:f5:ad:
e9:39:ab:85:3f:f1:f5:25:b3:1c:b5:b2:1a:e4:8b:e6:75:a0:
c6:ba:90:07:80:df:35:ad:64:2e:3e:b0:fb:82:bd:03:56:bb:
86:ba:90:7d:58:02:7f:e4:45:e4:cb:45:7b:41:aa:1b:89:94:
cb:8f:a4:c3:32:2f:d6:61:ef:62:5d:77:93:d6:d4:73:a0:a7:
ab:55:3f:a8:91:1f:02:e4:87:26:fc:a1:aa:3f:1e:33:b7:69:
e3:ef:8b:c8:3d:e0:07:15:5c:eb:db:73:9e:cc:b9:17:2c:4f:
34:4b:51:5d:47:83:92:9a:c4:cd:0c:be:c7:e2:ff:a3:08:49:
9f:8d:34:7c
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICbBcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwNTEwMTYyMjUwWhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDViYzRkYS0wNjAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2KTUBF6SuWCivgX4/r3ShTY1ewHOJR7qTz2iOiODJL+MzH6yTKcWUj/KyIXF
SObmfNoXLYkg7njXw3vcn/GX55JZV6MxbA6LJeuX+sjQSfAMYebwKUlbzZGvwTuI
RWSFXflxpb5RB2h5z2bLQUXsTUIPtS7k83BSdGbuaBXvgGWnsNoBbImmNj3mvJFg
DBRh2F5mDKL+6p4cHDg/2EUKbCyICaxAguC0q2qQLpAqDrvfj1B8dIAHEVpzcujZ
9rhZCkqFa9g2Q0LBSNAYdJpl1EK2ILSagMpnH2tBOqbsZvabky6w66EowqBC1cZ5
zud4OwOi4SGCLwAkBFs2vLpW+QIDAQABo4ICmzCCApcwHQYDVR0OBBYEFGYuUQwI
Q4XoN3OscaW9Ab8GfS9sMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvRTJENjgxQ0VB
NDA1MTFFQjg1OTc5RjQzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAFnTf4DBABnaIAwDQYJKoZIhvcNAQELBQADggEBAIeZGur6
b7wpQPK4AqXq5TMKjWiGU0SFnd2OFkGkaW+74daBj1kHDUzW/1bGmsI3UR5477eC
yqhXYizY2rNoSB9Ua7PsqV7SACrq/cynw+rDgsB2epdlUoYqZwRNLID2LVdFRduK
94OtBDOXc4LIQS/kmjfkzEPiOjEf3Rv1rek5q4U/8fUlsxy1shrki+Z1oMa6kAeA
3zWtZC4+sPuCvQNWu4a6kH1YAn/kReTLRXtBqhuJlMuPpMMyL9Zh72Jdd5PW1HOg
p6tVP6iRHwLkhyb8oao/HjO3aePvi8g94AcVXOvbc57MuRcsTzRLUV1Hg5KaxM0M
vsfi/6MISZ+NNHw=
-----END CERTIFICATE-----
Generated at Fri Apr 4 21:21:42 2025 by rpki-client