Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/EF0D5496593711EFB4E9492CC4F9AE02.roa
File: EF0D5496593711EFB4E9492CC4F9AE02.roa (raw, json)
Hash identifier: qNpNkLSqlN32Dgg2/7M4HqqwGl32/gE15M1kHUiVBf4=
Subject key identifier: 1F:26:08:05:39:36:AA:BD:59:6E:B8:A3:DC:8E:D7:02:2A:3C:3E:9C
Certificate issuer: /CN=A91B59E5/serialNumber=E47BF70254532697D20D0D3110F625370D65FA83
Certificate serial: 0107
Authority key identifier: E4:7B:F7:02:54:53:26:97:D2:0D:0D:31:10:F6:25:37:0D:65:FA:83
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/EF0D5496593711EFB4E9492CC4F9AE02.roa
Signing time: Wed 21 Aug 2024 11:56:04 +0000
ROA not before: Wed 21 Aug 2024 11:56:04 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 134475
IP address blocks: 103.58.41.0/24 maxlen: 24
103.237.112.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 263 (0x107)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B59E5
Validity
Not Before: Aug 21 11:56:04 2024 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=66c5d5d4-9a79
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:55:84:30:c7:a3:69:0b:97:51:25:d0:40:91:
22:29:3e:ee:4b:1e:72:5b:86:73:c1:ec:74:47:51:
d7:72:70:3d:00:ac:c4:f7:25:25:16:08:6b:23:15:
e3:8a:8b:a6:35:ad:12:23:cb:b4:3a:12:b3:82:c8:
08:46:6a:88:69:a0:fc:15:53:93:5e:22:1b:e6:46:
70:26:17:e7:08:b0:9b:67:1a:38:2a:14:a1:81:05:
e3:ce:dd:81:61:ec:08:4b:40:7a:a4:da:32:33:9d:
63:ec:10:08:5a:ec:cd:4c:4d:71:18:be:aa:dd:cf:
8b:b6:38:38:54:da:fb:b9:ba:05:7b:3c:9c:f1:f7:
93:d7:80:b7:a8:d2:82:29:a1:0f:7e:d3:23:42:6b:
61:94:ec:e9:7a:f9:1d:66:93:ac:46:c8:6a:0c:60:
29:3e:22:0d:be:66:93:c6:e9:a5:1b:08:46:59:91:
de:e2:00:65:98:d8:2d:64:93:8c:80:4a:d4:9f:9d:
b4:24:04:66:0c:77:79:9f:92:cb:dd:06:c3:c3:20:
30:95:26:78:3f:24:69:23:72:42:79:cd:e0:4c:d0:
d6:70:06:ee:a4:3d:15:ce:3a:8c:26:ea:fc:37:e7:
6e:fa:02:ff:04:62:9c:4f:4c:31:97:7c:da:40:4d:
5d:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:26:08:05:39:36:AA:BD:59:6E:B8:A3:DC:8E:D7:02:2A:3C:3E:9C
X509v3 Authority Key Identifier:
keyid:E4:7B:F7:02:54:53:26:97:D2:0D:0D:31:10:F6:25:37:0D:65:FA:83
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Hv3AlRTJpfSDQ0xEPYlNw1l-oM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B59E5/DD9F1F7C3C0111EE91CBE157C4F9AE02/EF0D5496593711EFB4E9492CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.58.41.0/24
103.237.112.0/24
Signature Algorithm: sha256WithRSAEncryption
9d:b3:ff:c7:63:e1:03:05:5a:57:46:d4:6f:25:72:c4:51:1b:
98:c4:c4:83:f6:9d:67:25:56:86:69:70:28:3a:ac:71:92:65:
54:fa:f2:f9:27:90:f8:e9:db:b9:5e:65:27:bd:af:3b:b9:41:
94:90:35:e0:96:a4:42:e2:65:64:da:46:a9:74:b7:6e:53:64:
97:98:12:3e:29:01:09:36:5b:9d:9a:ef:0e:ec:55:4b:67:1f:
f3:e5:b8:ca:d6:19:47:36:2c:40:de:81:8d:28:27:09:ae:13:
0c:17:a5:ff:2f:b1:1a:f3:42:3d:43:67:83:1e:df:fc:bd:1e:
44:a3:9d:63:00:bf:ec:e9:31:f8:c8:8b:12:39:31:6f:6d:ce:
f4:1b:aa:3b:f3:d4:5c:8b:cb:49:b8:04:62:ba:8b:7e:ce:bb:
4a:b8:f6:c1:9c:9d:3c:4d:28:2a:f2:06:1a:b0:db:d1:74:3d:
ec:df:a5:71:ee:11:62:a9:66:76:9f:b2:ec:d1:42:51:18:1c:
e4:94:e0:bf:ee:d9:45:eb:ec:e9:3e:52:e6:bd:e6:1e:5c:1a:
4f:5f:ae:38:a2:02:72:bb:f9:a5:8e:d2:a4:25:b7:4a:8e:17:
5e:31:8d:6d:27:db:af:bc:9f:42:d8:49:9c:3e:4d:2a:9a:b2:
9e:0b:d6:70
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICAQcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjU5RTUxMTAvBgNVBAUTKEU0N0JGNzAyNTQ1MzI2OTdEMjBEMEQzMTEwRjYyNTM3
MEQ2NUZBODMwHhcNMjQwODIxMTE1NjA0WhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmM1ZDVkNC05YTc5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtVWEMMejaQuXUSXQQJEiKT7uSx5yW4Zzwex0R1HXcnA9AKzE9yUlFghrIxXj
ioumNa0SI8u0OhKzgsgIRmqIaaD8FVOTXiIb5kZwJhfnCLCbZxo4KhShgQXjzt2B
YewIS0B6pNoyM51j7BAIWuzNTE1xGL6q3c+Ltjg4VNr7uboFezyc8feT14C3qNKC
KaEPftMjQmthlOzpevkdZpOsRshqDGApPiINvmaTxumlGwhGWZHe4gBlmNgtZJOM
gErUn520JARmDHd5n5LL3QbDwyAwlSZ4PyRpI3JCec3gTNDWcAbupD0VzjqMJur8
N+du+gL/BGKcT0wxl3zaQE1dJwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFB8mCAU5
Nqq9WW64o9yO1wIqPD6cMB8GA1UdIwQYMBaAFOR79wJUUyaX0g0NMRD2JTcNZfqD
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNTlFNS9ERDlGMUY3QzND
MDExMUVFOTFDQkUxNTdDNEY5QUUwMi81SHYzQWxSVEpwZlNEUTB4RVBZbE53MWwt
b00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVIdjNBbFJUSnBmU0RRMHhFUFlsTncxbC1vTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjU5RTUvREQ5RjFGN0MzQzAxMTFFRTkxQ0JFMTU3QzRGOUFFMDIvRUYwRDU0OTY1
OTM3MTFFRkI0RTk0OTJDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnOikDBABn7XAwDQYJKoZIhvcNAQELBQADggEBAJ2z/8dj
4QMFWldG1G8lcsRRG5jExIP2nWclVoZpcCg6rHGSZVT68vknkPjp27leZSe9rzu5
QZSQNeCWpELiZWTaRql0t25TZJeYEj4pAQk2W52a7w7sVUtnH/PluMrWGUc2LEDe
gY0oJwmuEwwXpf8vsRrzQj1DZ4Me3/y9HkSjnWMAv+zpMfjIixI5MW9tzvQbqjvz
1FyLy0m4BGK6i37Ou0q49sGcnTxNKCryBhqw29F0PezfpXHuEWKpZnafsuzRQlEY
HOSU4L/u2UXr7Ok+Uua95h5cGk9frjiiAnK7+aWO0qQlt0qOF14xjW0n26+8n0LY
SZw+TSqasp4L1nA=
-----END CERTIFICATE-----
Generated at Fri Apr 11 04:38:20 2025 by rpki-client