Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/F1196C12BB4811EE97B0156EC4F9AE02.roa
File: F1196C12BB4811EE97B0156EC4F9AE02.roa (raw, json)
Hash identifier: UgV367Suu4WqtbjunVqlIeqVLblnGC3/JJvAAXjD4sw=
Subject key identifier: 08:5E:77:78:33:FB:97:CA:4B:F9:06:4B:B7:83:FE:38:32:AE:81:AA
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 81E6
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/F1196C12BB4811EE97B0156EC4F9AE02.roa
Signing time: Thu 25 Jan 2024 06:14:05 +0000
ROA not before: Thu 25 Jan 2024 06:14:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 134278
IP address blocks: 103.6.90.0/23 maxlen: 24
103.219.212.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 33254 (0x81e6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Jan 25 06:14:05 2024 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=65b1fc2d-749e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:88:65:f8:af:1c:63:f6:d4:2d:7d:e0:0a:a7:
03:4e:f0:d1:a8:02:1a:fa:92:b0:2c:58:e3:60:95:
42:2d:5c:0a:45:1f:00:07:6c:4a:dd:d5:26:46:1b:
45:3e:6d:81:9a:a9:15:14:d2:eb:2e:e7:b7:3e:68:
4c:3a:70:f1:2a:a0:3f:c2:f2:fd:66:81:94:9a:0d:
0e:18:fc:a6:0d:08:b2:5b:5b:a6:b7:ae:1a:03:ee:
99:3a:38:1b:69:89:d4:83:64:4c:a3:99:ff:10:09:
a3:0a:72:b8:3c:dc:04:af:77:ea:19:98:dc:d8:e8:
9c:e1:ff:94:d1:57:27:3d:7d:e9:9f:d7:76:69:41:
2b:a5:b0:35:b5:0c:22:f7:b6:c8:db:85:74:87:d8:
be:4f:50:92:db:89:47:ab:95:c1:52:02:10:23:d9:
94:91:5e:a7:0e:8a:6a:6a:57:0d:bc:9a:ba:13:88:
ab:9c:45:94:f9:e8:ce:9d:ad:9f:92:f8:94:11:9c:
57:0b:12:3b:4c:ec:d5:30:83:c1:9c:fc:1c:cf:97:
8f:9c:96:93:f5:92:f8:95:de:46:46:65:fd:18:b1:
4d:fb:34:ce:8d:b9:cc:39:98:06:ab:68:2a:b5:33:
ad:d5:be:bf:10:bf:4c:a4:84:c4:46:fd:87:f7:70:
d5:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:5E:77:78:33:FB:97:CA:4B:F9:06:4B:B7:83:FE:38:32:AE:81:AA
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/F1196C12BB4811EE97B0156EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.6.90.0/23
103.219.212.0/23
Signature Algorithm: sha256WithRSAEncryption
6c:3d:5b:c1:09:49:bd:ce:6a:90:38:6d:3c:14:04:00:90:c0:
d4:af:09:c4:0c:ca:5b:1e:be:ed:bb:b4:fd:24:0d:52:78:8c:
7f:69:3a:5b:64:5c:7f:f7:13:db:3c:a5:47:5e:3b:ed:5c:37:
74:14:7c:b4:77:e4:76:18:52:e7:7d:07:e2:66:27:5c:8c:61:
0b:b5:9a:3b:9a:d9:07:55:5b:b5:cf:64:b0:6f:06:ac:49:76:
43:44:9f:3e:a3:42:c3:40:2e:39:0c:de:5b:2f:31:6a:b2:6f:
d6:bf:5b:23:88:84:ac:d5:10:de:a0:88:c1:2a:33:07:9e:b3:
4d:68:8d:16:c0:5a:16:eb:c2:6c:ae:0c:e6:be:72:a3:b3:51:
c9:f5:0a:b6:f3:9b:cd:5a:6f:39:2a:7e:96:21:e4:ea:e8:55:
3b:55:d4:fb:c8:93:cd:2c:0e:05:66:c6:5e:59:c6:7a:c0:5d:
ee:90:73:3d:e5:2c:47:61:5e:e3:c5:87:9d:6e:77:0b:04:16:
b2:7d:c5:aa:9d:4b:e6:2b:8d:4f:cf:fb:30:bd:8a:a9:5d:bc:
c2:ab:bf:1a:29:98:c8:f4:81:43:b3:0d:39:8d:b8:27:45:66:
33:5c:d6:1b:4a:b9:b7:47:e7:0f:c3:e1:a5:f8:fb:02:4b:78:
29:61:0c:4a
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgIDAIHmMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDEyNTA2MTQwNVoXDTI0MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjViMWZjMmQtNzQ5ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMCIZfivHGP21C194AqnA07w0agCGvqSsCxY42CVQi1cCkUfAAdsSt3VJkYb
RT5tgZqpFRTS6y7ntz5oTDpw8SqgP8Ly/WaBlJoNDhj8pg0IsltbpreuGgPumTo4
G2mJ1INkTKOZ/xAJowpyuDzcBK936hmY3NjonOH/lNFXJz196Z/XdmlBK6WwNbUM
Ive2yNuFdIfYvk9QktuJR6uVwVICECPZlJFepw6KampXDbyauhOIq5xFlPnozp2t
n5L4lBGcVwsSO0zs1TCDwZz8HM+Xj5yWk/WS+JXeRkZl/RixTfs0zo25zDmYBqto
KrUzrdW+vxC/TKSExEb9h/dw1V8CAwEAAaOCApswggKXMB0GA1UdDgQWBBQIXnd4
M/uXykv5Bku3g/44Mq6BqjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0YxMTk2QzEy
QkI0ODExRUU5N0IwMTU2RUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMCUGCCsGAQUFBwEHAQH/
BBYwFDASBAIAATAMAwQBZwZaAwQBZ9vUMA0GCSqGSIb3DQEBCwUAA4IBAQBsPVvB
CUm9zmqQOG08FAQAkMDUrwnEDMpbHr7tu7T9JA1SeIx/aTpbZFx/9xPbPKVHXjvt
XDd0FHy0d+R2GFLnfQfiZidcjGELtZo7mtkHVVu1z2SwbwasSXZDRJ8+o0LDQC45
DN5bLzFqsm/Wv1sjiISs1RDeoIjBKjMHnrNNaI0WwFoW68JsrgzmvnKjs1HJ9Qq2
85vNWm85Kn6WIeTq6FU7VdT7yJPNLA4FZsZeWcZ6wF3ukHM95SxHYV7jxYedbncL
BBayfcWqnUvmK41Pz/swvYqpXbzCq78aKZjI9IFDsw05jbgnRWYzXNYbSrm3R+cP
w+Gl+PsCS3gpYQxK
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:06:53 2025 by rpki-client