Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91BFD4B/AA47893AABD911EB833D4C6AC4F9AE02/859C2F58ABDB11EBADC7AB6CC4F9AE02.roa
File: 859C2F58ABDB11EBADC7AB6CC4F9AE02.roa (raw, json)
Hash identifier: On0RO+h6J67RAl2GNCObq0PDFyNLXwpKC4IhZrHibbU=
Subject key identifier: 79:D8:02:AD:CF:1A:B8:E7:F2:7C:8B:91:12:DA:74:F4:89:6F:B5:77
Certificate issuer: /CN=A91BFD4B/serialNumber=6B827607C17CE63E61214C2E642C5AA851EE384E
Certificate serial: 04F8
Authority key identifier: 6B:82:76:07:C1:7C:E6:3E:61:21:4C:2E:64:2C:5A:A8:51:EE:38:4E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/a4J2B8F85j5hIUwuZCxaqFHuOE4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91BFD4B/AA47893AABD911EB833D4C6AC4F9AE02/859C2F58ABDB11EBADC7AB6CC4F9AE02.roa
Signing time: Thu 11 Jan 2024 00:42:42 +0000
ROA not before: Thu 11 Jan 2024 00:42:42 +0000
ROA not after: Sun 02 Mar 2025 00:00:00 +0000
asID: 58682
IP address blocks: 103.124.224.0/22 maxlen: 22
103.124.224.0/23 maxlen: 23
103.124.224.0/24 maxlen: 24
103.124.225.0/24 maxlen: 24
103.124.226.0/23 maxlen: 23
103.124.226.0/24 maxlen: 24
103.124.227.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1272 (0x4f8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91BFD4B/serialNumber=6B827607C17CE63E61214C2E642C5AA851EE384E
Validity
Not Before: Jan 11 00:42:42 2024 GMT
Not After : Mar 2 00:00:00 2025 GMT
Subject: CN=659f3982-a984
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:3b:f3:d4:75:11:f6:e2:a0:dd:26:7c:c9:d3:
30:6c:14:2e:44:dd:31:8b:34:2c:0e:ee:4a:ee:cf:
1e:9f:93:ec:d2:b7:6f:59:aa:23:03:e0:ac:4a:e7:
4e:38:cc:7e:37:c9:3d:95:f0:10:c7:00:52:61:eb:
08:64:38:82:81:a6:04:a4:04:9a:31:c3:7a:88:3a:
f2:ff:a4:b0:88:b2:2d:b8:a7:ea:d5:c5:96:1a:0c:
2e:2e:4f:8f:7e:4a:0e:00:b6:c5:c5:22:04:77:af:
04:f0:4c:0b:06:54:74:92:47:34:e0:62:d1:8c:35:
d3:57:c6:1a:d3:8e:03:30:32:06:3d:88:d9:1b:56:
2b:c8:91:27:a8:58:cd:eb:11:6a:40:b5:db:f3:d1:
92:c7:75:cd:1e:ee:47:31:9e:c4:e4:82:37:b7:ba:
0e:01:fb:b4:9d:c5:c8:9e:27:e0:fe:f4:fc:64:39:
25:0e:ad:a1:b2:e6:d3:5e:bd:44:37:63:18:9d:31:
a1:1e:cf:96:87:0f:74:3f:0c:fc:69:b0:73:9a:5c:
99:6e:d2:58:62:93:0a:81:9b:6d:8c:53:3c:80:1a:
31:27:ea:a8:ce:ca:1b:19:1f:8e:d9:4e:bb:56:b5:
a2:8a:9b:f6:b0:2d:a1:0f:30:98:aa:87:0c:ec:d9:
13:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:D8:02:AD:CF:1A:B8:E7:F2:7C:8B:91:12:DA:74:F4:89:6F:B5:77
X509v3 Authority Key Identifier:
keyid:6B:82:76:07:C1:7C:E6:3E:61:21:4C:2E:64:2C:5A:A8:51:EE:38:4E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91BFD4B/AA47893AABD911EB833D4C6AC4F9AE02/a4J2B8F85j5hIUwuZCxaqFHuOE4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/a4J2B8F85j5hIUwuZCxaqFHuOE4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BFD4B/AA47893AABD911EB833D4C6AC4F9AE02/859C2F58ABDB11EBADC7AB6CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.124.224.0/22
Signature Algorithm: sha256WithRSAEncryption
65:35:8c:e0:36:79:42:95:d3:7b:00:02:0a:06:2c:25:0a:eb:
a8:45:05:44:1a:2a:96:40:b2:ee:ac:09:25:4a:49:3e:b5:1a:
2a:18:57:21:79:14:23:2f:4d:ea:55:9c:ce:72:1a:d7:f5:75:
6d:17:3f:79:5f:fe:19:e9:b9:d5:e3:b7:d1:77:bf:95:5b:49:
a4:c5:13:57:2e:74:96:3b:99:e9:f0:06:d5:a8:12:dc:ee:ba:
45:a5:ad:03:29:6a:4e:d4:b6:aa:01:f7:1a:11:86:46:3e:46:
87:34:7a:5f:4e:6a:b7:d3:8e:fa:33:28:94:a7:07:31:4b:11:
ed:d9:d9:5d:9b:eb:56:ce:ed:4f:c9:80:2b:fb:4c:3c:94:36:
53:3e:a1:75:4a:7d:f2:a2:30:33:79:ab:44:06:40:3d:a0:2b:
65:3e:ce:a9:48:45:dd:fc:89:cf:6a:d0:76:98:1b:b0:fa:7c:
ac:c4:9a:e2:7a:33:d0:41:6c:79:b9:fd:d0:7c:83:94:b3:40:
07:c9:b3:f4:68:c4:2e:e4:23:42:77:c3:fc:26:89:cd:40:20:
6f:ba:30:67:5d:4e:c9:1f:38:c5:34:e5:c8:55:2a:67:87:c7:
87:75:ce:bd:10:c9:63:05:4b:b7:6b:19:53:7b:1c:d6:31:9d:
2e:73:ac:47
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBPgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkZENEIxMTAvBgNVBAUTKDZCODI3NjA3QzE3Q0U2M0U2MTIxNEMyRTY0MkM1QUE4
NTFFRTM4NEUwHhcNMjQwMTExMDA0MjQyWhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTlmMzk4Mi1hOTg0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyTvz1HUR9uKg3SZ8ydMwbBQuRN0xizQsDu5K7s8en5Ps0rdvWaojA+CsSudO
OMx+N8k9lfAQxwBSYesIZDiCgaYEpASaMcN6iDry/6SwiLItuKfq1cWWGgwuLk+P
fkoOALbFxSIEd68E8EwLBlR0kkc04GLRjDXTV8Ya044DMDIGPYjZG1YryJEnqFjN
6xFqQLXb89GSx3XNHu5HMZ7E5II3t7oOAfu0ncXInifg/vT8ZDklDq2hsubTXr1E
N2MYnTGhHs+Whw90Pwz8abBzmlyZbtJYYpMKgZttjFM8gBoxJ+qozsobGR+O2U67
VrWiipv2sC2hDzCYqocM7NkT2wIDAQABo4IClTCCApEwHQYDVR0OBBYEFHnYAq3P
Grjn8nyLkRLadPSJb7V3MB8GA1UdIwQYMBaAFGuCdgfBfOY+YSFMLmQsWqhR7jhO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCRkQ0Qi9BQTQ3ODkzQUFC
RDkxMUVCODMzRDRDNkFDNEY5QUUwMi9hNEoyQjhGODVqNWhJVXd1WkN4YXFGSHVP
RTQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2E0SjJCOEY4NWo1aElVd3VaQ3hhcUZIdU9FNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkZENEIvQUE0Nzg5M0FBQkQ5MTFFQjgzM0Q0QzZBQzRGOUFFMDIvODU5QzJGNThB
QkRCMTFFQkFEQzdBQjZDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnfOAwDQYJKoZIhvcNAQELBQADggEBAGU1jOA2eUKV03sA
AgoGLCUK66hFBUQaKpZAsu6sCSVKST61GioYVyF5FCMvTepVnM5yGtf1dW0XP3lf
/hnpudXjt9F3v5VbSaTFE1cudJY7menwBtWoEtzuukWlrQMpak7UtqoB9xoRhkY+
Roc0el9OarfTjvozKJSnBzFLEe3Z2V2b61bO7U/JgCv7TDyUNlM+oXVKffKiMDN5
q0QGQD2gK2U+zqlIRd38ic9q0HaYG7D6fKzEmuJ6M9BBbHm5/dB8g5SzQAfJs/Ro
xC7kI0J3w/wmic1AIG+6MGddTskfOMU05chVKmeHx4d1zr0QyWMFS7drGVN7HNYx
nS5zrEc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:24 2024 by rpki-client on console-ams.rpki-client.org