Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/04CB304EADA911EF984B7F0CC4F9AE02.roa
File: 04CB304EADA911EF984B7F0CC4F9AE02.roa (raw, json)
Hash identifier: Ij1ohZUsgS2oTWB8j4moIU126IQXGra8Cyqe8P+Vvdc=
Subject key identifier: 57:5A:57:97:A1:44:2B:96:31:68:3A:8B:7A:18:D8:71:E4:1D:B0:3F
Certificate issuer: /CN=A91AB6EB/serialNumber=FC9BD463D02E9FD2DFC3C39AE4CD5AB322658C2A
Certificate serial: 0A66
Authority key identifier: FC:9B:D4:63:D0:2E:9F:D2:DF:C3:C3:9A:E4:CD:5A:B3:22:65:8C:2A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_JvUY9Aun9Lfw8Oa5M1asyJljCo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/04CB304EADA911EF984B7F0CC4F9AE02.roa
Signing time: Thu 28 Nov 2024 16:51:31 +0000
ROA not before: Thu 28 Nov 2024 16:51:31 +0000
ROA not after: Thu 01 May 2025 00:00:00 +0000
asID: 24105
IP address blocks: 103.17.202.0/24 maxlen: 24
110.34.36.0/24 maxlen: 24
192.135.90.0/24 maxlen: 24
192.135.91.0/24 maxlen: 24
192.144.78.0/24 maxlen: 24
192.144.79.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2662 (0xa66)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91AB6EB, serialNumber=FC9BD463D02E9FD2DFC3C39AE4CD5AB322658C2A
Validity
Not Before: Nov 28 16:51:31 2024 GMT
Not After : May 1 00:00:00 2025 GMT
Subject: CN=67489f93-e8a5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:d9:80:de:bd:3c:b0:6f:13:34:94:ed:af:6a:
8d:5b:e0:2f:de:07:8e:33:5b:77:0c:48:45:9b:11:
88:00:d6:c4:2d:86:16:6a:b8:aa:8f:3d:cb:7f:55:
6d:0e:95:1b:8d:be:6e:b8:57:8b:0e:16:dc:13:d3:
ae:2d:4e:1d:20:44:09:7b:f0:91:5c:8d:5c:80:58:
a7:3f:25:9a:e5:27:92:1d:ab:1a:57:c3:30:e2:90:
8c:d9:d8:1f:c6:2a:f3:9b:7b:f7:5f:75:e3:60:c0:
74:ee:bb:a1:af:c0:c2:3b:92:7f:0f:50:8a:6c:4f:
3e:2a:85:77:e2:82:b1:ec:a5:af:52:9d:52:77:7b:
0a:37:96:4f:d0:da:fe:19:35:f8:1b:0a:2a:28:a7:
bc:23:34:f1:98:e2:30:77:3d:03:79:07:87:28:3e:
8c:aa:d9:0a:06:bf:b0:5b:5e:63:9b:e8:d4:30:9c:
cf:3a:cb:69:bb:a1:74:41:44:cb:65:2a:fc:61:67:
9e:34:18:44:2f:91:6c:e6:d0:e5:ec:3c:ff:d7:8d:
d9:70:56:8e:6a:a4:24:88:23:0c:2f:bf:2f:7a:44:
31:7b:4c:8b:41:a2:15:e8:8f:29:92:b7:66:86:ab:
4c:d2:8d:e4:f7:04:cd:a7:7b:75:87:29:5d:e9:d1:
ac:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:5A:57:97:A1:44:2B:96:31:68:3A:8B:7A:18:D8:71:E4:1D:B0:3F
X509v3 Authority Key Identifier:
keyid:FC:9B:D4:63:D0:2E:9F:D2:DF:C3:C3:9A:E4:CD:5A:B3:22:65:8C:2A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/_JvUY9Aun9Lfw8Oa5M1asyJljCo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_JvUY9Aun9Lfw8Oa5M1asyJljCo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/04CB304EADA911EF984B7F0CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.17.202.0/24
110.34.36.0/24
192.135.90.0/23
192.144.78.0/23
Signature Algorithm: sha256WithRSAEncryption
3f:cb:dd:99:a7:2f:c0:4c:e6:33:ec:15:a8:2b:d1:49:c0:ce:
08:43:70:1a:13:59:81:8a:d5:52:d0:57:d5:d8:88:38:8b:05:
a1:13:6b:49:04:ca:77:76:d5:cc:bb:4c:18:13:a3:f2:56:54:
29:8f:ef:f4:aa:e5:5a:bf:99:47:71:69:fa:b3:cf:ae:84:af:
c6:0d:bf:fe:fa:46:af:01:77:04:2a:b2:af:94:fc:9d:70:17:
f4:89:e4:90:9c:74:9b:f3:14:49:10:39:21:cd:53:ee:3c:80:
02:c8:1b:f5:77:89:7a:75:c3:84:d3:b8:ed:3f:8c:62:77:45:
f1:76:f0:09:c8:04:cb:7e:4c:b8:a5:61:4f:2e:d8:c1:42:1f:
6c:d1:b5:59:66:34:e6:77:cd:3b:47:55:fb:4c:cf:9f:5c:72:
61:f1:a3:32:93:4a:18:b6:b5:f1:15:86:ae:34:4e:58:9e:62:
91:70:d7:be:ee:97:51:55:70:ec:8b:cf:7d:f1:61:90:14:94:
f3:5b:3c:23:2f:3a:0a:cc:e2:ad:55:fd:58:b9:5b:bf:6a:1f:
09:c7:3a:01:34:03:ad:08:8a:09:69:33:1e:d8:dd:e5:5a:e4:
0f:0c:f4:8a:af:66:77:c7:19:e9:c3:24:fb:e9:7a:bd:c7:67:
e0:3d:71:5b
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICCmYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUI2RUIxMTAvBgNVBAUTKEZDOUJENDYzRDAyRTlGRDJERkMzQzM5QUU0Q0Q1QUIz
MjI2NThDMkEwHhcNMjQxMTI4MTY1MTMxWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzQ4OWY5My1lOGE1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAz9mA3r08sG8TNJTtr2qNW+Av3geOM1t3DEhFmxGIANbELYYWariqjz3Lf1Vt
DpUbjb5uuFeLDhbcE9OuLU4dIEQJe/CRXI1cgFinPyWa5SeSHasaV8Mw4pCM2dgf
xirzm3v3X3XjYMB07ruhr8DCO5J/D1CKbE8+KoV34oKx7KWvUp1Sd3sKN5ZP0Nr+
GTX4GwoqKKe8IzTxmOIwdz0DeQeHKD6MqtkKBr+wW15jm+jUMJzPOstpu6F0QUTL
ZSr8YWeeNBhEL5Fs5tDl7Dz/143ZcFaOaqQkiCMML78vekQxe0yLQaIV6I8pkrdm
hqtM0o3k9wTNp3t1hyld6dGsFQIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFFdaV5eh
RCuWMWg6i3oY2HHkHbA/MB8GA1UdIwQYMBaAFPyb1GPQLp/S38PDmuTNWrMiZYwq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQjZFQi8wMTM5MUIwMDhF
MkIxMUVBQkY4NkRBNENDNEY5QUUwMi9fSnZVWTlBdW45TGZ3OE9hNU0xYXN5Smxq
Q28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19KdlVZOUF1bjlMZnc4T2E1TTFhc3lKbGpDby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUI2RUIvMDEzOTFCMDA4RTJCMTFFQUJGODZEQTRDQzRGOUFFMDIvMDRDQjMwNEVB
REE5MTFFRjk4NEI3RjBDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBABnEcoDBABuIiQDBAHAh1oDBAHAkE4wDQYJKoZIhvcNAQEL
BQADggEBAD/L3ZmnL8BM5jPsFagr0UnAzghDcBoTWYGK1VLQV9XYiDiLBaETa0kE
ynd21cy7TBgTo/JWVCmP7/Sq5Vq/mUdxafqzz66Er8YNv/76Rq8BdwQqsq+U/J1w
F/SJ5JCcdJvzFEkQOSHNU+48gALIG/V3iXp1w4TTuO0/jGJ3RfF28AnIBMt+TLil
YU8u2MFCH2zRtVlmNOZ3zTtHVftMz59ccmHxozKTShi2tfEVhq40TlieYpFw177u
l1FVcOyLz33xYZAUlPNbPCMvOgrM4q1V/Vi5W79qHwnHOgE0A60IiglpMx7Y3eVa
5A8M9IqvZnfHGenDJPvper3HZ+A9cVs=
-----END CERTIFICATE-----
Generated at Sun Apr 13 03:21:04 2025 by rpki-client