Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/F65819E8BDCD11EA8E393E09C4F9AE02.roa
File: F65819E8BDCD11EA8E393E09C4F9AE02.roa (raw, json)
Hash identifier: x6gC2PFd6LoP8Yj0uaNW/2csntarr36INfiSPkT6NXM=
Subject key identifier: 29:21:B6:A6:2F:1C:7D:88:11:9A:19:0F:77:E2:D4:B2:B4:24:45:21
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 4E36
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/F65819E8BDCD11EA8E393E09C4F9AE02.roa
Signing time: Wed 11 May 2022 04:41:39 +0000
ROA not before: Wed 11 May 2022 04:41:39 +0000
ROA not after: Fri 01 Jul 2022 00:00:00 +0000
asID: 138263
IP address blocks: 103.124.156.0/24 maxlen: 24
103.124.157.0/24 maxlen: 24
103.132.203.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20022 (0x4e36)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 11 04:41:39 2022 GMT
Not After : Jul 1 00:00:00 2022 GMT
Subject: CN=627b3e82-db57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:c3:65:37:81:15:d3:a1:7d:3f:87:83:68:bb:
a5:85:99:11:d6:ab:7e:07:81:98:74:4a:39:a6:c4:
fb:a5:46:14:8c:9c:11:d5:f3:85:cc:e0:22:a7:88:
a8:6c:32:b6:4d:53:c2:79:0d:71:a4:be:ee:8f:d9:
b1:58:46:d6:2a:8f:83:43:eb:04:03:9c:6e:5e:26:
07:a7:83:43:1f:a7:1d:be:88:45:79:56:85:cf:3a:
b4:32:b7:d8:06:3c:2a:97:08:7b:4f:12:92:75:56:
0e:15:c5:ba:52:85:1a:bf:4c:d6:4f:74:e9:d7:95:
51:3f:35:c9:fa:40:e9:c7:99:b0:09:7b:31:91:c7:
e3:7c:47:4f:64:ef:01:39:7a:d6:89:85:0d:0f:b7:
ce:44:47:15:87:74:95:ab:07:11:71:db:2d:db:49:
b0:a7:c6:f7:43:bf:3f:cc:ac:4a:dd:8a:b2:79:2d:
ff:8f:36:f8:a7:23:4b:1c:c0:cd:43:bc:10:00:34:
e8:78:33:d9:fe:b1:31:57:48:46:94:6a:1a:86:ed:
a1:b4:4b:58:5d:ee:7d:89:07:d6:6c:f7:d6:0a:89:
58:14:1b:c3:37:ce:73:8e:f2:98:c2:df:0e:b3:b2:
bd:cf:3d:0f:fd:0b:30:6a:3a:db:2d:3c:d5:55:d9:
d1:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:21:B6:A6:2F:1C:7D:88:11:9A:19:0F:77:E2:D4:B2:B4:24:45:21
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/F65819E8BDCD11EA8E393E09C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.124.156.0/23
103.132.203.0/24
Signature Algorithm: sha256WithRSAEncryption
a0:50:5c:52:e6:e9:92:18:89:16:d0:0e:47:e3:61:81:00:20:
1d:bf:4c:c4:40:20:4d:0f:3e:27:39:ba:32:2d:51:8e:f9:95:
25:a0:5e:1b:e9:12:09:43:4e:fe:2b:19:b8:4b:e0:8b:7a:97:
63:e6:d4:87:ea:b1:01:6b:a0:ac:0d:65:07:02:b0:f7:78:ca:
5a:15:05:e7:eb:39:74:b2:43:b3:7c:c1:1e:63:77:b3:08:b4:
3f:92:80:66:63:e2:b3:02:30:23:50:13:d6:c1:d5:95:d2:e4:
20:fd:78:f1:46:3a:4b:84:d4:9c:1b:c2:cf:e8:45:b9:89:17:
f4:ad:bb:1f:61:42:9b:aa:38:50:cb:47:e4:b8:5b:ff:90:02:
14:de:fa:8a:c4:26:4e:60:9b:00:5a:9c:6a:a0:70:db:b3:48:
e3:5d:ad:e5:0c:dd:cd:dd:44:96:c6:8e:d7:3c:3b:12:d0:be:
81:1e:18:3b:19:2e:2d:02:e5:c8:de:48:8d:d1:87:9c:ab:2e:
2a:24:ea:20:04:17:71:8c:67:6a:5b:5c:d4:88:0b:90:f9:61:
7d:c5:75:39:24:34:f2:42:33:f7:85:f6:97:65:a2:43:0f:fc:
fd:ee:2a:f7:1d:bf:51:f5:de:94:64:9f:ef:c0:8a:dc:47:43:
ac:69:74:48
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICTjYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwNTExMDQ0MTM5WhcNMjIwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjdiM2U4Mi1kYjU3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAucNlN4EV06F9P4eDaLulhZkR1qt+B4GYdEo5psT7pUYUjJwR1fOFzOAip4io
bDK2TVPCeQ1xpL7uj9mxWEbWKo+DQ+sEA5xuXiYHp4NDH6cdvohFeVaFzzq0MrfY
Bjwqlwh7TxKSdVYOFcW6UoUav0zWT3Tp15VRPzXJ+kDpx5mwCXsxkcfjfEdPZO8B
OXrWiYUND7fOREcVh3SVqwcRcdst20mwp8b3Q78/zKxK3YqyeS3/jzb4pyNLHMDN
Q7wQADToeDPZ/rExV0hGlGoahu2htEtYXe59iQfWbPfWColYFBvDN85zjvKYwt8O
s7K9zz0P/QswajrbLTzVVdnRYQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFCkhtqYv
HH2IEZoZD3fi1LK0JEUhMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvRjY1ODE5RThC
RENEMTFFQThFMzkzRTA5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAFnfJwDBABnhMswDQYJKoZIhvcNAQELBQADggEBAKBQXFLm
6ZIYiRbQDkfjYYEAIB2/TMRAIE0PPic5ujItUY75lSWgXhvpEglDTv4rGbhL4It6
l2Pm1IfqsQFroKwNZQcCsPd4yloVBefrOXSyQ7N8wR5jd7MItD+SgGZj4rMCMCNQ
E9bB1ZXS5CD9ePFGOkuE1Jwbws/oRbmJF/Stux9hQpuqOFDLR+S4W/+QAhTe+orE
Jk5gmwBanGqgcNuzSONdreUM3c3dRJbGjtc8OxLQvoEeGDsZLi0C5cjeSI3Rh5yr
Liok6iAEF3GMZ2pbXNSIC5D5YX3FdTkkNPJCM/eF9pdlokMP/P3uKvcdv1H13pRk
n+/AitxHQ6xpdEg=
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:30:03 2025 by rpki-client