Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/99F2699C520311EE8B275456C4F9AE02.roa
File: 99F2699C520311EE8B275456C4F9AE02.roa (raw, json)
Hash identifier: 6fIbLCRrhGKPi43tYCEj/SVmAtdh4Wb4VRTbeKLMkEs=
Subject key identifier: 41:7C:F3:40:24:72:94:9A:88:44:64:CE:C0:E3:E2:F3:E4:DB:2E:B8
Certificate issuer: /CN=A91B59E5/serialNumber=E47BF70254532697D20D0D3110F625370D65FA83
Certificate serial: 1B
Authority key identifier: E4:7B:F7:02:54:53:26:97:D2:0D:0D:31:10:F6:25:37:0D:65:FA:83
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/99F2699C520311EE8B275456C4F9AE02.roa
Signing time: Wed 13 Sep 2023 09:12:24 +0000
ROA not before: Wed 13 Sep 2023 09:12:24 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 149013
IP address blocks: 103.237.113.0/24 maxlen: 24
103.237.114.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27 (0x1b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B59E5
Validity
Not Before: Sep 13 09:12:24 2023 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=65017cf7-f362
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:c7:8c:6b:38:8e:3b:98:b8:32:5f:65:2c:bb:
ae:1a:46:31:52:3b:ea:72:7a:e1:6b:52:af:61:81:
59:b5:fb:4d:20:33:af:67:98:59:25:a4:df:cf:a8:
0f:9e:10:f6:31:bb:1b:42:5e:7c:fd:a5:b6:0f:7e:
60:04:5f:bd:e4:0f:8c:92:b0:07:ee:a3:26:38:7d:
0e:8a:4c:bb:7e:62:30:72:be:d7:83:e9:24:18:6f:
63:f6:88:dc:32:6e:66:23:bd:a6:70:5d:df:95:f5:
98:54:40:22:37:9e:e0:e5:fd:f7:d1:ed:f1:e7:a8:
c2:cc:3c:4a:83:c7:71:9c:95:7f:d7:b5:d5:67:3a:
04:36:1c:e8:af:91:57:a5:d0:93:37:00:f4:ca:c9:
fa:60:b4:36:20:9d:75:2e:94:57:43:17:9d:d4:28:
16:38:d2:65:c5:28:63:99:18:8e:8e:a9:22:7d:20:
d3:fd:1f:47:1c:d7:28:b7:37:f9:b3:60:7c:a9:af:
bc:46:4e:c4:52:4e:e3:00:49:fe:1e:ae:fd:f0:6a:
69:30:72:0f:a5:79:41:8c:b7:2c:99:1e:0c:39:d7:
93:21:f8:c7:93:92:75:ed:55:a7:c3:b6:c3:be:96:
5b:b4:6c:27:00:89:e6:f0:c9:56:ae:07:cb:75:a9:
1c:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:7C:F3:40:24:72:94:9A:88:44:64:CE:C0:E3:E2:F3:E4:DB:2E:B8
X509v3 Authority Key Identifier:
keyid:E4:7B:F7:02:54:53:26:97:D2:0D:0D:31:10:F6:25:37:0D:65:FA:83
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/99F2699C520311EE8B275456C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.237.113.0-103.237.114.255
Signature Algorithm: sha256WithRSAEncryption
b9:9f:18:68:63:5c:e5:8b:c8:f8:aa:49:6d:5c:3f:3a:2c:c8:
7c:86:27:86:05:c9:1f:39:28:8d:6b:2d:13:1b:0a:52:4a:a2:
4b:6e:23:06:fe:31:61:55:7f:de:4e:fc:5f:3d:62:af:f5:2e:
14:36:b3:32:17:94:1e:72:16:14:f8:2e:89:45:73:90:21:30:
65:66:1f:06:c8:ea:a5:0d:e8:7d:40:bf:b2:13:9f:e4:ff:9f:
b2:76:ed:5d:2e:5b:cc:67:f0:87:7a:43:9a:35:60:17:be:9c:
ac:fc:ed:42:6a:a8:d6:f3:34:e5:68:b6:d3:a8:5d:d3:2c:11:
91:1d:2e:c0:ef:85:9c:01:6d:a0:15:35:59:09:0f:1d:04:a5:
17:ed:19:3c:af:de:3f:88:cf:9a:83:09:e1:da:a3:ac:7a:ad:
68:b4:15:a2:ec:4c:53:cf:3e:0e:09:cf:4b:32:99:69:ad:bc:
a1:1d:b9:4d:27:29:d4:33:a1:0a:46:d2:fd:5b:b9:de:15:8b:
26:ba:00:56:21:40:32:4a:3d:af:e5:fd:f0:e4:0e:32:a0:32:
73:40:a8:bb:fe:ed:94:5b:7d:6e:7b:96:3a:a4:a0:8d:b0:c2:
77:de:b2:7f:2f:20:b0:bf:ba:ad:78:88:75:59:55:ad:8e:73:
5a:78:13:6c
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgIBGzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
NTlFNTExMC8GA1UEBRMoRTQ3QkY3MDI1NDUzMjY5N0QyMEQwRDMxMTBGNjI1Mzcw
RDY1RkE4MzAeFw0yMzA5MTMwOTEyMjRaFw0yNDEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1MDE3Y2Y3LWYzNjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDFx4xrOI47mLgyX2Usu64aRjFSO+pyeuFrUq9hgVm1+00gM69nmFklpN/PqA+e
EPYxuxtCXnz9pbYPfmAEX73kD4ySsAfuoyY4fQ6KTLt+YjByvteD6SQYb2P2iNwy
bmYjvaZwXd+V9ZhUQCI3nuDl/ffR7fHnqMLMPEqDx3GclX/XtdVnOgQ2HOivkVel
0JM3APTKyfpgtDYgnXUulFdDF53UKBY40mXFKGOZGI6OqSJ9INP9H0cc1yi3N/mz
YHypr7xGTsRSTuMASf4erv3wamkwcg+leUGMtyyZHgw515Mh+MeTknXtVafDtsO+
llu0bCcAiebwyVauB8t1qRzFAgMBAAGjggKdMIICmTAdBgNVHQ4EFgQUQXzzQCRy
lJqIRGTOwOPi8+TbLrgwHwYDVR0jBBgwFoAU5Hv3AlRTJpfSDQ0xEPYlNw1l+oMw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUI1OUU1L0REOUYxRjdDM0Mw
MTExRUU5MUNCRTE1N0M0RjlBRTAyLzVIdjNBbFJUSnBmU0RRMHhFUFlsTncxbC1v
TS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvNUh2M0FsUlRKcGZTRFEweEVQWWxOdzFsLW9NLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
NTlFNS9ERDlGMUY3QzNDMDExMUVFOTFDQkUxNTdDNEY5QUUwMi85OUYyNjk5QzUy
MDMxMUVFOEIyNzU0NTZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAnBggrBgEFBQcBBwEB/wQY
MBYwFAQCAAEwDjAMAwQAZ+1xAwQAZ+1yMA0GCSqGSIb3DQEBCwUAA4IBAQC5nxho
Y1zli8j4qkltXD86LMh8hieGBckfOSiNay0TGwpSSqJLbiMG/jFhVX/eTvxfPWKv
9S4UNrMyF5QechYU+C6JRXOQITBlZh8GyOqlDeh9QL+yE5/k/5+ydu1dLlvMZ/CH
ekOaNWAXvpys/O1CaqjW8zTlaLbTqF3TLBGRHS7A74WcAW2gFTVZCQ8dBKUX7Rk8
r94/iM+agwnh2qOseq1otBWi7ExTzz4OCc9LMplprbyhHblNJynUM6EKRtL9W7ne
FYsmugBWIUAySj2v5f3w5A4yoDJzQKi7/u2UW31ue5Y6pKCNsMJ33rJ/LyCwv7qt
eIh1WVWtjnNaeBNs
-----END CERTIFICATE-----
Generated at Fri Apr 11 13:01:55 2025 by rpki-client