Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A9467/915C07E691EA11E79D0D0A2BC4F9AE02/48A9ACAA229C11ECB237022AC4F9AE02.roa
File: 48A9ACAA229C11ECB237022AC4F9AE02.roa (raw, json)
Hash identifier: USet2GpFYsu0/zHFQD0UOnhYo5EaMUm7R8TbJaVBOzk=
Subject key identifier: B1:B8:4E:38:F7:92:BF:4B:48:A6:D1:FF:E8:F7:42:97:D7:3F:F4:34
Certificate issuer: /CN=A91A9467/serialNumber=2E164DB45B846BBAE68C277D43F882F64092281E
Certificate serial: 1446
Authority key identifier: 2E:16:4D:B4:5B:84:6B:BA:E6:8C:27:7D:43:F8:82:F6:40:92:28:1E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LhZNtFuEa7rmjCd9Q_iC9kCSKB4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A9467/915C07E691EA11E79D0D0A2BC4F9AE02/48A9ACAA229C11ECB237022AC4F9AE02.roa
Signing time: Wed 03 Nov 2021 06:03:47 +0000
ROA not before: Wed 03 Nov 2021 06:03:47 +0000
ROA not after: Thu 01 Dec 2022 00:00:00 +0000
asID: 136956
IP address blocks: 103.100.36.0/22 maxlen: 22
103.210.132.0/22 maxlen: 22
2401:b840::/32 maxlen: 32
2404:6e80::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5190 (0x1446)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A9467/serialNumber=2E164DB45B846BBAE68C277D43F882F64092281E
Validity
Not Before: Nov 3 06:03:47 2021 GMT
Not After : Dec 1 00:00:00 2022 GMT
Subject: CN=61822643-7595
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:02:f5:b3:de:e6:28:b6:8b:ad:c2:65:b4:7e:
26:71:c9:2d:9d:3e:0c:10:34:65:6d:39:c3:fa:44:
cf:31:23:87:43:9b:1b:74:65:61:28:c0:76:5e:8e:
5a:4a:e0:e6:b5:64:a5:a9:7d:10:c6:14:49:59:de:
2a:2d:f1:75:4b:a9:56:be:0f:f1:dc:f9:b2:72:15:
7e:6a:2c:cc:51:eb:1e:64:da:7f:01:f1:6c:4c:8c:
b1:1f:49:79:d3:15:40:d3:b0:d2:1a:f4:7f:d3:12:
8f:f4:24:37:e8:65:73:39:b2:09:bf:ea:1f:d8:74:
35:4f:70:ac:3e:4d:94:42:02:12:d5:7a:49:81:1f:
72:49:78:8d:24:5c:81:30:97:08:47:b9:ed:35:93:
aa:72:15:0d:ab:4a:ea:95:ce:2b:03:34:6b:74:97:
e9:31:aa:28:31:a3:1a:4e:04:4f:10:fe:01:26:1b:
c8:d2:7f:17:9e:d0:d3:dc:97:fe:85:e1:0e:5d:fc:
23:a1:b4:62:53:13:38:04:24:20:65:48:82:92:15:
b9:95:d6:0b:5a:0d:48:59:f2:ee:b4:25:1a:b9:54:
5e:0c:8e:09:d4:a5:a2:4a:d9:07:61:48:05:05:8d:
75:8b:41:0f:49:25:c2:7f:b0:c5:f1:f0:86:6a:98:
dd:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:B8:4E:38:F7:92:BF:4B:48:A6:D1:FF:E8:F7:42:97:D7:3F:F4:34
X509v3 Authority Key Identifier:
keyid:2E:16:4D:B4:5B:84:6B:BA:E6:8C:27:7D:43:F8:82:F6:40:92:28:1E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A9467/915C07E691EA11E79D0D0A2BC4F9AE02/LhZNtFuEa7rmjCd9Q_iC9kCSKB4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LhZNtFuEa7rmjCd9Q_iC9kCSKB4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A9467/915C07E691EA11E79D0D0A2BC4F9AE02/48A9ACAA229C11ECB237022AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.100.36.0/22
103.210.132.0/22
IPv6:
2401:b840::/32
2404:6e80::/32
Signature Algorithm: sha256WithRSAEncryption
65:dc:a5:13:b6:aa:d3:b5:7d:a4:0f:20:87:22:0e:28:e6:2d:
90:2e:63:65:11:38:08:2c:ed:f3:08:9a:29:a6:e6:9d:dd:4a:
52:9e:fd:05:e0:f5:81:59:47:65:95:fb:63:4d:21:25:7f:a8:
91:e7:07:a5:b4:04:1e:49:40:5b:ee:5f:13:ce:74:a5:48:03:
ed:bf:d8:e9:f5:86:f4:3e:60:79:40:42:a9:33:b4:83:d9:ab:
f5:de:f4:57:f6:eb:11:30:9f:a5:3f:b6:b8:6b:51:3a:23:66:
07:d0:41:8f:7a:24:a1:44:05:87:2f:64:b1:4e:02:0a:63:2e:
d5:a3:93:3c:e2:d6:05:e0:0d:86:8c:c7:01:d8:ea:50:76:60:
6f:b1:d3:79:08:98:83:3b:b1:b5:99:b6:16:8d:1e:dc:57:51:
f1:df:c2:1d:bc:70:bf:af:0f:a9:5e:60:ff:f0:3f:d8:4f:8c:
73:ef:86:a3:57:4a:b0:f7:16:ad:bc:ba:37:32:7e:90:4b:a3:
00:23:15:fb:2b:7b:fe:fb:59:55:c6:3c:86:99:27:3a:a0:91:
4a:02:82:73:59:5a:9f:d0:7a:b9:00:99:30:3a:d2:5a:f3:b6:
3b:28:b9:50:2a:e8:93:6f:72:89:a8:c9:f2:94:20:51:f6:6f:
a5:1b:d2:b7
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgICFEYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTk0NjcxMTAvBgNVBAUTKDJFMTY0REI0NUI4NDZCQkFFNjhDMjc3RDQzRjg4MkY2
NDA5MjI4MUUwHhcNMjExMTAzMDYwMzQ3WhcNMjIxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MTgyMjY0My03NTk1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxQL1s97mKLaLrcJltH4mccktnT4MEDRlbTnD+kTPMSOHQ5sbdGVhKMB2Xo5a
SuDmtWSlqX0QxhRJWd4qLfF1S6lWvg/x3PmychV+aizMUeseZNp/AfFsTIyxH0l5
0xVA07DSGvR/0xKP9CQ36GVzObIJv+of2HQ1T3CsPk2UQgIS1XpJgR9ySXiNJFyB
MJcIR7ntNZOqchUNq0rqlc4rAzRrdJfpMaooMaMaTgRPEP4BJhvI0n8XntDT3Jf+
heEOXfwjobRiUxM4BCQgZUiCkhW5ldYLWg1IWfLutCUauVReDI4J1KWiStkHYUgF
BY11i0EPSSXCf7DF8fCGapjd6QIDAQABo4ICsTCCAq0wHQYDVR0OBBYEFLG4Tjj3
kr9LSKbR/+j3QpfXP/Q0MB8GA1UdIwQYMBaAFC4WTbRbhGu65ownfUP4gvZAkige
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBOTQ2Ny85MTVDMDdFNjkx
RUExMUU3OUQwRDBBMkJDNEY5QUUwMi9MaFpOdEZ1RWE3cm1qQ2Q5UV9pQzlrQ1NL
QjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0xoWk50RnVFYTdybWpDZDlRX2lDOWtDU0tCNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTk0NjcvOTE1QzA3RTY5MUVBMTFFNzlEMEQwQTJCQzRGOUFFMDIvNDhBOUFDQUEy
MjlDMTFFQ0IyMzcwMjJBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOwYIKwYBBQUHAQcBAf8E
LDAqMBIEAgABMAwDBAJnZCQDBAJn0oQwFAQCAAIwDgMFACQBuEADBQAkBG6AMA0G
CSqGSIb3DQEBCwUAA4IBAQBl3KUTtqrTtX2kDyCHIg4o5i2QLmNlETgILO3zCJop
puad3UpSnv0F4PWBWUdllftjTSElf6iR5weltAQeSUBb7l8TznSlSAPtv9jp9Yb0
PmB5QEKpM7SD2av13vRX9usRMJ+lP7a4a1E6I2YH0EGPeiShRAWHL2SxTgIKYy7V
o5M84tYF4A2GjMcB2OpQdmBvsdN5CJiDO7G1mbYWjR7cV1Hx38IdvHC/rw+pXmD/
8D/YT4xz74ajV0qw9xatvLo3Mn6QS6MAIxX7K3v++1lVxjyGmSc6oJFKAoJzWVqf
0Hq5AJkwOtJa87Y7KLlQKuiTb3KJqMnylCBR9m+lG9K3
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:37 2024 by rpki-client on console-fra.rpki-client.org