Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/2FE9BC3084FF11ECBE4B9D72C4F9AE02.roa
File: 2FE9BC3084FF11ECBE4B9D72C4F9AE02.roa (raw, json)
Hash identifier: n6X2xQqG58MrQdOrAW9oV3nnUI6hY6yK2++3/kyF/dY=
Subject key identifier: 70:47:FF:F5:F8:2A:06:81:3E:A8:13:AA:EA:85:DD:0A:5E:83:D6:91
Certificate issuer: /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial: 365E
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/2FE9BC3084FF11ECBE4B9D72C4F9AE02.roa
Signing time: Fri 04 Feb 2022 06:00:10 +0000
ROA not before: Fri 04 Feb 2022 06:00:10 +0000
ROA not after: Fri 30 Sep 2022 00:00:00 +0000
asID: 3970
IP address blocks: 103.171.218.0/24 maxlen: 24
103.171.219.0/24 maxlen: 24
2001:df7:5380::/48 maxlen: 48
2001:df7:5381::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13918 (0x365e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Validity
Not Before: Feb 4 06:00:10 2022 GMT
Not After : Sep 30 00:00:00 2022 GMT
Subject: CN=61fcc0ea-87f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:10:21:a3:e2:43:0f:8c:b0:2d:f0:8f:93:0a:
69:1b:3f:0a:04:be:27:43:b1:7d:6b:98:62:8d:09:
36:26:bf:6b:a9:09:26:8e:a6:7c:0a:b9:ab:89:26:
70:dc:45:c3:33:4e:f9:51:fd:a9:a0:19:33:3c:2e:
d5:74:3c:6d:78:dc:a4:e3:83:3e:89:b3:6c:3a:c2:
8b:35:2d:08:cc:fe:d1:ba:2c:96:69:e1:81:70:ab:
94:92:b2:35:77:42:d4:21:a6:3c:3d:f2:c5:58:a7:
d8:4c:45:14:6e:8b:89:99:d2:04:8b:81:5e:f4:02:
62:53:08:b7:b2:9d:c7:91:67:db:a6:0c:87:ea:83:
87:d0:91:7e:2a:c7:b1:21:36:05:4a:64:d8:3f:1e:
bd:91:e0:d2:8b:26:e6:57:45:15:cc:5b:76:05:f6:
a7:14:8b:32:73:51:3f:93:23:c6:f8:d1:7f:62:e7:
b8:ae:b7:18:40:7f:04:31:15:50:e7:a4:3f:54:c9:
95:82:cb:b5:4e:f0:b3:9c:e5:92:55:ba:d4:dc:ba:
e2:42:9f:1a:09:7d:5a:cd:40:70:d2:05:57:66:6b:
49:54:46:6b:cd:52:b6:71:92:46:c4:de:4b:38:b9:
b7:a0:60:e1:ab:a9:38:9e:81:29:85:06:23:81:05:
57:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:47:FF:F5:F8:2A:06:81:3E:A8:13:AA:EA:85:DD:0A:5E:83:D6:91
X509v3 Authority Key Identifier:
keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/2FE9BC3084FF11ECBE4B9D72C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.171.218.0/23
IPv6:
2001:df7:5380::/47
Signature Algorithm: sha256WithRSAEncryption
5c:0b:0f:c0:da:bc:ab:f3:b2:40:11:25:9b:08:28:27:f9:fa:
40:77:47:6a:87:ec:83:b0:92:67:d1:b8:e6:a9:93:bc:d3:4a:
ea:5b:a1:6f:74:0b:6d:85:ab:53:3b:fb:84:cc:15:83:5b:37:
60:bf:96:c8:7c:23:41:f0:50:fd:b4:6c:20:2b:be:af:54:da:
b5:f0:22:a0:48:21:9d:39:64:23:52:42:16:a7:f9:1f:59:dd:
b3:1d:a0:5c:d8:b3:da:ea:a9:21:d7:01:83:9d:8c:7e:ce:85:
16:47:11:8f:ff:f6:de:d4:0a:21:7e:69:f6:02:23:09:30:5f:
30:96:4b:86:28:a1:3c:1a:6f:63:53:91:bf:66:24:e3:30:c2:
15:30:7e:c8:69:68:22:ed:41:79:b9:4b:b9:9c:fa:0e:0c:ff:
99:64:0b:bc:1d:e5:6d:1c:ee:a2:69:08:3d:c1:8b:62:8b:2c:
c4:61:21:f9:19:01:05:0e:f5:a3:57:e8:05:42:d5:59:69:bd:
9a:df:5e:d7:7b:7f:81:3e:61:cf:23:d4:10:39:a7:1e:93:b9:
f7:3c:b3:34:81:95:9f:87:5a:5d:bb:49:10:62:41:30:71:4b:
09:89:5a:08:13:a0:3d:2d:5d:0a:ee:3c:48:1e:37:7b:49:dc:
09:fe:46:21
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICNl4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwMjA0MDYwMDEwWhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MWZjYzBlYS04N2Y1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqxAho+JDD4ywLfCPkwppGz8KBL4nQ7F9a5hijQk2Jr9rqQkmjqZ8CrmriSZw
3EXDM075Uf2poBkzPC7VdDxteNyk44M+ibNsOsKLNS0IzP7RuiyWaeGBcKuUkrI1
d0LUIaY8PfLFWKfYTEUUbouJmdIEi4Fe9AJiUwi3sp3HkWfbpgyH6oOH0JF+Ksex
ITYFSmTYPx69keDSiybmV0UVzFt2BfanFIsyc1E/kyPG+NF/Yue4rrcYQH8EMRVQ
56Q/VMmVgsu1TvCznOWSVbrU3LriQp8aCX1azUBw0gVXZmtJVEZrzVK2cZJGxN5L
OLm3oGDhq6k4noEphQYjgQVXYQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFHBH//X4
KgaBPqgTquqF3Qpeg9aRMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvMkZFOUJDMzA4
NEZGMTFFQ0JFNEI5RDcyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAXAsPwNq8q/OyQBElmwgoJ/n6QHdHaofsg7CSZ9G45qmTvNNK6luhb3QL
bYWrUzv7hMwVg1s3YL+WyHwjQfBQ/bRsICu+r1TatfAioEghnTlkI1JCFqf5H1nd
sx2gXNiz2uqpIdcBg52Mfs6FFkcRj//23tQKIX5p9gIjCTBfMJZLhiihPBpvY1OR
v2Yk4zDCFTB+yGloIu1BeblLuZz6Dgz/mWQLvB3lbRzuomkIPcGLYossxGEh+RkB
BQ71o1foBULVWWm9mt9e13t/gT5hzyPUEDmnHpO59zyzNIGVn4daXbtJEGJBMHFL
CYlaCBOgPS1dCu48SB43e0ncCf5GIQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:50 2024 by rpki-client on console-ams.rpki-client.org