Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/03ED4022ADA911EF984B7F0CC4F9AE02.roa
File: 03ED4022ADA911EF984B7F0CC4F9AE02.roa (raw, json)
Hash identifier: FRIs7CLYiX/E7UQU29YJQadyDg99Ru7IW/eVzlC8+a8=
Subject key identifier: B2:3F:13:AA:89:76:E6:F3:3C:87:CA:A4:C0:A0:AB:4A:03:06:F6:39
Certificate issuer: /CN=A91AB6EB/serialNumber=FC9BD463D02E9FD2DFC3C39AE4CD5AB322658C2A
Certificate serial: 0A65
Authority key identifier: FC:9B:D4:63:D0:2E:9F:D2:DF:C3:C3:9A:E4:CD:5A:B3:22:65:8C:2A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_JvUY9Aun9Lfw8Oa5M1asyJljCo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/03ED4022ADA911EF984B7F0CC4F9AE02.roa
Signing time: Thu 28 Nov 2024 16:51:30 +0000
ROA not before: Thu 28 Nov 2024 16:51:30 +0000
ROA not after: Thu 01 May 2025 00:00:00 +0000
asID: 23607
IP address blocks: 103.17.200.0/24 maxlen: 24
103.17.201.0/24 maxlen: 24
103.17.202.0/24 maxlen: 24
103.17.203.0/24 maxlen: 24
110.34.32.0/24 maxlen: 24
110.34.33.0/24 maxlen: 24
110.34.34.0/24 maxlen: 24
110.34.35.0/24 maxlen: 24
110.34.36.0/24 maxlen: 24
110.34.37.0/24 maxlen: 24
110.34.38.0/24 maxlen: 24
110.34.39.0/24 maxlen: 24
192.135.90.0/24 maxlen: 24
192.135.91.0/24 maxlen: 24
192.144.78.0/24 maxlen: 24
192.144.79.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2661 (0xa65)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91AB6EB, serialNumber=FC9BD463D02E9FD2DFC3C39AE4CD5AB322658C2A
Validity
Not Before: Nov 28 16:51:30 2024 GMT
Not After : May 1 00:00:00 2025 GMT
Subject: CN=67489f92-1c57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:f0:23:af:77:ab:1d:d9:f1:54:e7:79:2c:89:
86:f9:17:e4:52:88:25:0d:4f:29:19:5b:93:2f:ae:
8d:77:a1:d6:70:5b:f7:ac:e4:c5:d7:64:5a:ee:c3:
30:2c:e5:69:fe:ff:e7:97:4a:dd:ca:06:d2:e4:ed:
2c:36:fd:d4:72:9c:6e:f1:c4:19:86:9d:73:ec:bb:
00:9e:4a:dd:81:35:2e:35:cf:5e:97:60:92:1a:c3:
bd:4a:4e:20:e8:9b:71:0d:69:ad:30:5d:1e:5b:53:
99:d9:b5:b4:26:8b:0d:2d:95:94:82:7f:6e:68:11:
44:79:b7:8a:a3:c4:f8:e5:94:cd:fe:16:47:1a:a5:
f2:66:6b:7f:82:27:3c:85:a4:ff:d3:7f:c7:e8:49:
0a:28:83:59:d2:8e:2a:69:87:95:6a:c1:c7:8a:1c:
13:1b:8a:27:52:0d:cf:fa:65:b2:39:2e:8a:6e:51:
1b:e6:3f:ce:c6:a3:9e:2d:35:b6:e9:24:cb:27:17:
4a:db:6d:78:7f:18:21:95:f8:4a:82:a3:ee:91:6d:
7e:42:e9:c5:fe:14:fe:1e:4e:60:ed:43:fe:e6:29:
9c:ac:84:6b:2a:02:3d:5b:a5:2c:47:25:cf:0c:79:
dd:ff:ae:15:4b:0b:a6:d3:4b:4a:e5:8d:82:6d:67:
f0:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:3F:13:AA:89:76:E6:F3:3C:87:CA:A4:C0:A0:AB:4A:03:06:F6:39
X509v3 Authority Key Identifier:
keyid:FC:9B:D4:63:D0:2E:9F:D2:DF:C3:C3:9A:E4:CD:5A:B3:22:65:8C:2A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/_JvUY9Aun9Lfw8Oa5M1asyJljCo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_JvUY9Aun9Lfw8Oa5M1asyJljCo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/03ED4022ADA911EF984B7F0CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.17.200.0/22
110.34.32.0/21
192.135.90.0/23
192.144.78.0/23
Signature Algorithm: sha256WithRSAEncryption
1c:e9:f9:72:ce:35:b9:51:5c:bb:90:56:74:e4:70:d2:ff:cf:
c1:8f:e4:67:77:f2:a2:c5:b7:0d:28:19:31:e5:c8:c8:f6:72:
bd:41:ec:a0:a6:1c:7b:0e:c8:dd:a7:9a:d5:b7:d4:f7:99:88:
0f:fe:f2:3b:6a:fa:18:2c:e5:7f:d5:4b:10:4c:d9:5c:3f:e0:
80:22:8e:d1:8f:ca:7c:6e:df:f7:bc:d1:b6:3e:93:cc:19:c7:
c3:cb:ce:d5:85:53:fe:fd:47:09:e8:cb:fc:15:46:ad:f9:fa:
b7:d9:6b:11:46:6c:84:09:f4:bb:18:09:cd:16:d9:cc:44:d0:
b6:b9:7a:6a:1c:8a:6a:9e:73:c1:0a:21:82:69:bb:cd:29:51:
6d:90:86:53:cc:8b:84:24:65:eb:fd:00:1f:19:fc:36:d4:18:
37:a1:2b:8f:de:d9:15:c9:a7:51:99:22:08:a9:e9:4c:1e:49:
2d:4f:8e:18:e0:2a:97:e4:cb:69:ee:46:f6:f8:54:a7:24:9e:
9b:6c:38:19:7f:ec:57:60:b2:0e:1f:cf:ce:fa:e1:c6:2e:1b:
bc:f1:ec:a1:15:51:88:7d:73:b6:27:1f:63:92:c6:34:47:3e:
72:76:4b:d0:33:57:d1:80:06:72:fe:40:2a:0d:ec:31:54:17:
8a:40:3a:6f
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICCmUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUI2RUIxMTAvBgNVBAUTKEZDOUJENDYzRDAyRTlGRDJERkMzQzM5QUU0Q0Q1QUIz
MjI2NThDMkEwHhcNMjQxMTI4MTY1MTMwWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzQ4OWY5Mi0xYzU3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzfAjr3erHdnxVOd5LImG+RfkUoglDU8pGVuTL66Nd6HWcFv3rOTF12Ra7sMw
LOVp/v/nl0rdygbS5O0sNv3Ucpxu8cQZhp1z7LsAnkrdgTUuNc9el2CSGsO9Sk4g
6JtxDWmtMF0eW1OZ2bW0JosNLZWUgn9uaBFEebeKo8T45ZTN/hZHGqXyZmt/gic8
haT/03/H6EkKKINZ0o4qaYeVasHHihwTG4onUg3P+mWyOS6KblEb5j/OxqOeLTW2
6STLJxdK2214fxghlfhKgqPukW1+QunF/hT+Hk5g7UP+5imcrIRrKgI9W6UsRyXP
DHnd/64VSwum00tK5Y2CbWfwhwIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFLI/E6qJ
dubzPIfKpMCgq0oDBvY5MB8GA1UdIwQYMBaAFPyb1GPQLp/S38PDmuTNWrMiZYwq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQjZFQi8wMTM5MUIwMDhF
MkIxMUVBQkY4NkRBNENDNEY5QUUwMi9fSnZVWTlBdW45TGZ3OE9hNU0xYXN5Smxq
Q28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19KdlVZOUF1bjlMZnc4T2E1TTFhc3lKbGpDby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUI2RUIvMDEzOTFCMDA4RTJCMTFFQUJGODZEQTRDQzRGOUFFMDIvMDNFRDQwMjJB
REE5MTFFRjk4NEI3RjBDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBAJnEcgDBANuIiADBAHAh1oDBAHAkE4wDQYJKoZIhvcNAQEL
BQADggEBABzp+XLONblRXLuQVnTkcNL/z8GP5Gd38qLFtw0oGTHlyMj2cr1B7KCm
HHsOyN2nmtW31PeZiA/+8jtq+hgs5X/VSxBM2Vw/4IAijtGPynxu3/e80bY+k8wZ
x8PLztWFU/79Rwnoy/wVRq35+rfZaxFGbIQJ9LsYCc0W2cxE0La5emocimqec8EK
IYJpu80pUW2QhlPMi4QkZev9AB8Z/DbUGDehK4/e2RXJp1GZIgip6UweSS1Pjhjg
Kpfky2nuRvb4VKcknptsOBl/7Fdgsg4fz8764cYuG7zx7KEVUYh9c7YnH2OSxjRH
PnJ2S9AzV9GABnL+QCoN7DFUF4pAOm8=
-----END CERTIFICATE-----
Generated at Sun Apr 13 03:16:17 2025 by rpki-client