Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/8631A88268FF11EF909F910BC4F9AE02.roa
File: 8631A88268FF11EF909F910BC4F9AE02.roa (raw, json)
Hash identifier: a2Vt5SWNrRFRXyENPV6jrRlMkYIK/WMYdzWJaO4GNqc=
Subject key identifier: 96:31:8C:4F:D7:A6:FF:AD:D3:10:9A:68:BF:31:DA:E6:4A:58:40:5B
Certificate issuer: /CN=A91B59E5/serialNumber=E47BF70254532697D20D0D3110F625370D65FA83
Certificate serial: 0119
Authority key identifier: E4:7B:F7:02:54:53:26:97:D2:0D:0D:31:10:F6:25:37:0D:65:FA:83
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/8631A88268FF11EF909F910BC4F9AE02.roa
Signing time: Tue 03 Sep 2024 06:18:58 +0000
ROA not before: Tue 03 Sep 2024 06:18:58 +0000
ROA not after: Mon 01 Dec 2025 00:00:00 +0000
asID: 134475
IP address blocks: 103.237.112.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 281 (0x119)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B59E5
Validity
Not Before: Sep 3 06:18:58 2024 GMT
Not After : Dec 1 00:00:00 2025 GMT
Subject: CN=66d6aa52-a2cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:aa:11:63:91:44:c9:02:2f:0c:f4:ea:47:77:
cd:e1:59:38:f1:d5:6c:0e:6f:9c:32:87:7e:16:24:
14:f0:1a:33:70:09:5d:c8:df:b5:30:05:15:0f:de:
42:df:07:82:8d:3e:56:29:46:1b:2a:be:c1:dd:74:
31:9a:ea:03:61:7b:9a:d7:80:0e:c8:a0:53:3f:7c:
f5:5c:7a:d9:4d:48:96:91:77:1a:fc:d5:7d:8d:22:
80:8c:be:17:a5:48:c3:c6:07:98:ff:94:43:1f:12:
c3:5b:88:bb:85:a1:9a:c4:b4:d9:d2:2d:2f:1d:86:
cd:1e:7d:d0:95:ca:53:e0:d3:cc:4a:07:74:ef:98:
ee:09:43:8d:18:24:bb:86:9b:64:69:b4:b4:f4:b6:
9f:af:54:07:07:b5:0d:5a:5a:30:ce:15:d5:08:ce:
45:33:ba:84:99:31:d4:d8:d6:b4:95:a0:48:70:39:
6d:05:4c:10:4c:80:2e:f3:d3:90:95:33:cc:8d:0f:
94:7b:93:c9:68:b8:3f:ce:3e:37:8f:67:43:e3:9e:
e8:c8:c2:57:80:fb:33:b5:15:1b:6b:6e:41:89:fd:
78:02:94:e0:82:f3:aa:d7:9b:68:fc:52:ab:65:32:
44:06:c1:3f:ac:19:d6:9f:c0:35:83:5f:ff:d4:d8:
81:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:31:8C:4F:D7:A6:FF:AD:D3:10:9A:68:BF:31:DA:E6:4A:58:40:5B
X509v3 Authority Key Identifier:
keyid:E4:7B:F7:02:54:53:26:97:D2:0D:0D:31:10:F6:25:37:0D:65:FA:83
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/8631A88268FF11EF909F910BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.237.112.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:20:68:c7:91:3b:22:40:59:f8:c7:4f:e3:61:33:38:cd:bf:
26:af:68:c0:46:42:49:25:59:8d:9e:9a:ac:6f:0b:dc:27:f0:
0d:d8:8c:76:64:3d:87:2c:c6:45:6c:20:34:25:b3:dd:69:25:
28:06:67:6c:56:97:9b:6c:f2:e4:ec:7d:bd:7d:02:db:f8:bd:
fd:99:17:6d:a6:b7:02:8d:9b:75:c3:d7:06:da:8f:ae:70:4f:
e7:fb:e0:01:67:19:b8:be:e9:01:cf:04:91:fc:53:63:93:15:
67:41:61:65:6c:1b:c3:15:13:60:49:2a:7c:77:30:bd:33:b3:
df:dd:d2:04:f9:13:ea:ab:0e:c6:40:77:4b:0f:3b:37:7f:42:
e2:2d:f2:21:e5:e8:91:29:ae:ad:36:c6:14:e0:f9:83:de:1b:
18:88:e3:3c:fc:d6:90:47:f8:1f:de:ae:7d:e1:5e:86:e0:b4:
21:68:c2:5c:9a:f3:a5:6c:63:1b:9d:83:e9:c0:82:db:0d:65:
4a:da:0c:8b:e3:18:96:9b:0a:92:74:7f:92:66:7b:ee:d7:5f:
28:87:4e:72:0e:bf:35:d4:8c:6e:41:59:d3:30:81:b6:10:10:
f4:7a:2b:59:d1:0b:2d:2e:58:49:19:40:21:4a:ee:7c:0f:7d:
b4:48:c9:dd
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICARkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjU5RTUxMTAvBgNVBAUTKEU0N0JGNzAyNTQ1MzI2OTdEMjBEMEQzMTEwRjYyNTM3
MEQ2NUZBODMwHhcNMjQwOTAzMDYxODU4WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmQ2YWE1Mi1hMmNmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7qoRY5FEyQIvDPTqR3fN4Vk48dVsDm+cMod+FiQU8BozcAldyN+1MAUVD95C
3weCjT5WKUYbKr7B3XQxmuoDYXua14AOyKBTP3z1XHrZTUiWkXca/NV9jSKAjL4X
pUjDxgeY/5RDHxLDW4i7haGaxLTZ0i0vHYbNHn3QlcpT4NPMSgd075juCUONGCS7
hptkabS09Lafr1QHB7UNWlowzhXVCM5FM7qEmTHU2Na0laBIcDltBUwQTIAu89OQ
lTPMjQ+Ue5PJaLg/zj43j2dD457oyMJXgPsztRUba25Bif14ApTggvOq15to/FKr
ZTJEBsE/rBnWn8A1g1//1NiBKQIDAQABo4IClTCCApEwHQYDVR0OBBYEFJYxjE/X
pv+t0xCaaL8x2uZKWEBbMB8GA1UdIwQYMBaAFOR79wJUUyaX0g0NMRD2JTcNZfqD
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNTlFNS9ERDlGMUY3QzND
MDExMUVFOTFDQkUxNTdDNEY5QUUwMi81SHYzQWxSVEpwZlNEUTB4RVBZbE53MWwt
b00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVIdjNBbFJUSnBmU0RRMHhFUFlsTncxbC1vTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjU5RTUvREQ5RjFGN0MzQzAxMTFFRTkxQ0JFMTU3QzRGOUFFMDIvODYzMUE4ODI2
OEZGMTFFRjkwOUY5MTBCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABn7XAwDQYJKoZIhvcNAQELBQADggEBAH8gaMeROyJAWfjH
T+NhMzjNvyavaMBGQkklWY2emqxvC9wn8A3YjHZkPYcsxkVsIDQls91pJSgGZ2xW
l5ts8uTsfb19Atv4vf2ZF22mtwKNm3XD1wbaj65wT+f74AFnGbi+6QHPBJH8U2OT
FWdBYWVsG8MVE2BJKnx3ML0zs9/d0gT5E+qrDsZAd0sPOzd/QuIt8iHl6JEprq02
xhTg+YPeGxiI4zz81pBH+B/ern3hXobgtCFowlya86VsYxudg+nAgtsNZUraDIvj
GJabCpJ0f5Jme+7XXyiHTnIOvzXUjG5BWdMwgbYQEPR6K1nRCy0uWEkZQCFK7nwP
fbRIyd0=
-----END CERTIFICATE-----
Generated at Sat Apr 5 19:25:28 2025 by rpki-client