Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B54FE/FEDDC0C0511311EBAF28CA0DC4F9AE02/629AD062760311EBAD797E12C4F9AE02.roa
File: 629AD062760311EBAD797E12C4F9AE02.roa (raw, json)
Hash identifier: 7SBwI++47MPCYp0RITCn+axpqCjHEeMV3oHkmn/AVuE=
Subject key identifier: CE:73:B3:EA:CA:18:17:F0:7C:ED:94:D4:4B:9A:C2:8B:94:EB:24:EF
Certificate issuer: /CN=A91B54FE/serialNumber=07CF81704AD870231E1ED837BC3B80675A027C69
Certificate serial: 0543
Authority key identifier: 07:CF:81:70:4A:D8:70:23:1E:1E:D8:37:BC:3B:80:67:5A:02:7C:69
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/B8-BcErYcCMeHtg3vDuAZ1oCfGk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B54FE/FEDDC0C0511311EBAF28CA0DC4F9AE02/629AD062760311EBAD797E12C4F9AE02.roa
Signing time: Mon 27 Feb 2023 00:50:55 +0000
ROA not before: Mon 27 Feb 2023 00:50:55 +0000
ROA not after: Wed 01 May 2024 00:00:00 +0000
asID: 134505
IP address blocks: 103.161.104.0/23 maxlen: 23
103.161.104.0/24 maxlen: 24
103.161.105.0/24 maxlen: 24
2001:df5:c080::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1347 (0x543)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B54FE/serialNumber=07CF81704AD870231E1ED837BC3B80675A027C69
Validity
Not Before: Feb 27 00:50:55 2023 GMT
Not After : May 1 00:00:00 2024 GMT
Subject: CN=63fbfe6f-f138
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:8d:7a:99:8f:0b:61:47:36:e0:10:d1:2e:d1:
bc:fd:24:2f:34:23:a3:50:20:f6:a0:2f:32:8f:4b:
9b:91:20:8a:12:f1:c4:e6:37:a7:57:cd:e8:65:a2:
0c:2e:5c:c2:53:e1:75:1d:5c:a8:11:c4:58:db:6b:
04:01:dc:f0:89:77:fa:80:2a:8c:fc:a0:73:ef:34:
17:4a:f4:c3:d2:65:a2:5d:e5:d7:2b:5b:a7:c9:4f:
99:01:72:a1:32:45:92:85:e3:d6:63:96:2d:51:69:
0a:b8:90:73:2f:5a:a5:f8:5e:88:49:d1:20:3c:c5:
62:e4:14:d6:58:53:e0:7f:26:b1:91:49:38:e8:6f:
63:55:47:e9:9e:47:9b:67:d3:2a:48:d1:56:37:ab:
60:19:51:35:27:a1:0a:ce:f8:a7:1a:8b:ad:a7:9a:
06:56:b8:41:fc:0b:71:e1:ec:b2:71:68:f8:d2:b9:
c7:7b:e4:c4:ef:e5:ec:d5:8e:02:9a:7c:22:2b:73:
16:e4:bf:74:58:b3:f7:e4:57:9c:02:ea:05:9d:c8:
dc:30:fc:f3:c1:8e:a4:cc:ee:0f:c3:20:b9:92:b2:
20:07:8e:db:45:07:b0:8e:8b:02:0c:c6:8a:c0:c5:
91:f8:e0:de:9a:55:08:1e:79:d1:1e:10:f7:30:dd:
a4:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:73:B3:EA:CA:18:17:F0:7C:ED:94:D4:4B:9A:C2:8B:94:EB:24:EF
X509v3 Authority Key Identifier:
keyid:07:CF:81:70:4A:D8:70:23:1E:1E:D8:37:BC:3B:80:67:5A:02:7C:69
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B54FE/FEDDC0C0511311EBAF28CA0DC4F9AE02/B8-BcErYcCMeHtg3vDuAZ1oCfGk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/B8-BcErYcCMeHtg3vDuAZ1oCfGk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B54FE/FEDDC0C0511311EBAF28CA0DC4F9AE02/629AD062760311EBAD797E12C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.161.104.0/23
IPv6:
2001:df5:c080::/48
Signature Algorithm: sha256WithRSAEncryption
62:5b:76:f3:44:03:7e:79:7a:9e:5a:39:6e:5b:da:9f:be:dd:
6d:05:c1:ed:4f:12:51:02:2f:f9:8c:92:6c:e5:43:60:ee:80:
e2:01:96:6f:b9:d3:1e:dc:51:93:24:a5:33:d9:e8:f0:c3:ad:
cf:d9:7d:8f:95:61:aa:c6:4b:7f:61:29:16:55:91:91:c5:41:
11:87:6c:f8:72:d4:16:77:e6:88:ff:f4:0d:f0:a9:e6:ce:d9:
a6:15:d1:67:79:40:11:38:2e:65:00:42:60:16:a3:34:ed:bb:
51:2f:a7:5a:98:66:6b:09:25:ab:dc:b4:37:86:c2:c2:8a:85:
d3:00:0b:16:d9:77:41:8e:2b:79:9b:02:fc:1c:51:7e:3a:24:
d3:eb:76:5f:cb:42:e6:c7:c4:39:c9:9b:0d:a0:e5:ed:8b:6c:
b7:69:32:f7:eb:92:77:9d:6f:7d:f1:01:66:3f:1e:a3:35:57:
b4:81:05:19:3e:f5:08:c7:a6:b0:b9:4b:d3:89:34:4b:68:11:
f7:98:e3:6c:4a:93:37:5d:d8:9a:67:d2:83:bf:ec:22:e2:8d:
66:04:f9:12:fd:8d:76:d5:6d:f4:cb:f7:65:43:06:9e:b8:0f:
a3:26:66:0c:2b:bc:6a:4c:bd:b5:25:1e:91:de:11:b6:26:af:
23:c3:3e:d8
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICBUMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjU0RkUxMTAvBgNVBAUTKDA3Q0Y4MTcwNEFEODcwMjMxRTFFRDgzN0JDM0I4MDY3
NUEwMjdDNjkwHhcNMjMwMjI3MDA1MDU1WhcNMjQwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2ZiZmU2Zi1mMTM4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArY16mY8LYUc24BDRLtG8/SQvNCOjUCD2oC8yj0ubkSCKEvHE5jenV83oZaIM
LlzCU+F1HVyoEcRY22sEAdzwiXf6gCqM/KBz7zQXSvTD0mWiXeXXK1unyU+ZAXKh
MkWShePWY5YtUWkKuJBzL1ql+F6ISdEgPMVi5BTWWFPgfyaxkUk46G9jVUfpnkeb
Z9MqSNFWN6tgGVE1J6EKzvinGoutp5oGVrhB/Atx4eyycWj40rnHe+TE7+Xs1Y4C
mnwiK3MW5L90WLP35FecAuoFncjcMPzzwY6kzO4PwyC5krIgB47bRQewjosCDMaK
wMWR+ODemlUIHnnRHhD3MN2k5QIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFM5zs+rK
GBfwfO2U1EuawouU6yTvMB8GA1UdIwQYMBaAFAfPgXBK2HAjHh7YN7w7gGdaAnxp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNTRGRS9GRUREQzBDMDUx
MTMxMUVCQUYyOENBMERDNEY5QUUwMi9COC1CY0VyWWNDTWVIdGczdkR1QVoxb0Nm
R2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0I4LUJjRXJZY0NNZUh0ZzN2RHVBWjFvQ2ZHay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjU0RkUvRkVEREMwQzA1MTEzMTFFQkFGMjhDQTBEQzRGOUFFMDIvNjI5QUQwNjI3
NjAzMTFFQkFENzk3RTEyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnoWgwDwQCAAIwCQMHACABDfXAgDANBgkqhkiG9w0BAQsF
AAOCAQEAYlt280QDfnl6nlo5blvan77dbQXB7U8SUQIv+YySbOVDYO6A4gGWb7nT
HtxRkySlM9no8MOtz9l9j5VhqsZLf2EpFlWRkcVBEYds+HLUFnfmiP/0DfCp5s7Z
phXRZ3lAETguZQBCYBajNO27US+nWphmawklq9y0N4bCwoqF0wALFtl3QY4reZsC
/BxRfjok0+t2X8tC5sfEOcmbDaDl7Ytst2ky9+uSd51vffEBZj8eozVXtIEFGT71
CMemsLlL04k0S2gR95jjbEqTN13YmmfSg7/sIuKNZgT5Ev2NdtVt9Mv3ZUMGnrgP
oyZmDCu8aky9tSUekd4RtiavI8M+2A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:56 2024 by rpki-client on console-ams.rpki-client.org