Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C0C73/215E5D3A365A11EDAD10BA7AC4F9AE02/4E538114366211EDB134DC12C4F9AE02.roa
File: 4E538114366211EDB134DC12C4F9AE02.roa (raw, json)
Hash identifier: VwhUe6fZSNsehl5p1uQikabxeEDKFFxLh6wXU5bekgs=
Subject key identifier: A3:68:14:B4:C9:E7:27:20:A9:5A:80:C8:7E:66:C0:9E:F9:D3:DA:2A
Certificate issuer: /CN=A91C0C73/serialNumber=E39369BA9DD8809987B236B477AD78E15C75AB1C
Certificate serial: 02
Authority key identifier: E3:93:69:BA:9D:D8:80:99:87:B2:36:B4:77:AD:78:E1:5C:75:AB:1C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/45Npup3YgJmHsja0d6144Vx1qxw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C0C73/215E5D3A365A11EDAD10BA7AC4F9AE02/4E538114366211EDB134DC12C4F9AE02.roa
Signing time: Sat 17 Sep 2022 08:25:37 +0000
ROA not before: Sat 17 Sep 2022 08:25:37 +0000
ROA not after: Sun 30 Jul 2023 00:00:00 +0000
asID: 139041
IP address blocks: 103.138.226.0/24 maxlen: 24
103.138.227.0/24 maxlen: 24
2001:df0:5980::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C0C73/serialNumber=E39369BA9DD8809987B236B477AD78E15C75AB1C
Validity
Not Before: Sep 17 08:25:37 2022 GMT
Not After : Jul 30 00:00:00 2023 GMT
Subject: CN=63258481-4b11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:12:96:2f:97:03:ba:3b:ad:fb:dd:c9:a5:f4:
e0:13:d5:c9:de:0a:00:a8:e0:d1:7f:46:b6:55:84:
ed:e0:a0:f7:5a:88:73:d8:84:1d:a4:b8:54:93:d3:
1b:ad:39:59:b5:34:37:de:f4:cd:aa:66:60:d5:3e:
7b:52:7b:db:e1:87:88:e5:86:f0:c8:76:e8:95:2a:
a4:b0:8b:20:ae:4d:e4:10:4a:56:0e:19:f0:65:f7:
8e:59:a0:26:d8:14:4d:43:01:78:c5:19:e2:cd:e9:
d2:ac:07:90:1a:17:b7:80:3a:50:ff:6b:c8:fa:80:
b9:37:4f:1f:c6:88:24:69:26:fd:61:fe:66:69:9f:
8a:1e:d4:eb:00:e6:ff:c8:c5:89:9e:74:26:da:9d:
3d:a6:0c:0d:db:5d:af:09:25:40:9a:6b:3a:d1:48:
81:c5:fb:56:69:d7:cf:7a:ab:8f:4c:46:56:c9:c3:
b0:27:e8:84:2c:97:96:06:f5:74:82:9f:fe:a3:c8:
5d:00:5e:a1:f3:72:68:35:92:38:bb:10:3c:e2:ec:
79:40:a6:a5:04:a7:5f:5e:86:b1:92:69:e7:01:ea:
cd:16:ff:f1:aa:22:df:fe:0d:8f:34:16:f6:f1:10:
4d:b9:34:31:27:59:b3:48:40:7e:3c:5b:d6:f8:12:
24:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:68:14:B4:C9:E7:27:20:A9:5A:80:C8:7E:66:C0:9E:F9:D3:DA:2A
X509v3 Authority Key Identifier:
keyid:E3:93:69:BA:9D:D8:80:99:87:B2:36:B4:77:AD:78:E1:5C:75:AB:1C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C0C73/215E5D3A365A11EDAD10BA7AC4F9AE02/45Npup3YgJmHsja0d6144Vx1qxw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/45Npup3YgJmHsja0d6144Vx1qxw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C0C73/215E5D3A365A11EDAD10BA7AC4F9AE02/4E538114366211EDB134DC12C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.138.226.0/23
IPv6:
2001:df0:5980::/48
Signature Algorithm: sha256WithRSAEncryption
33:60:22:80:51:b5:82:58:9e:df:5f:b5:2e:f4:60:78:61:6a:
ac:9c:2b:e7:d0:c9:f9:68:52:67:2f:8d:a6:dd:1d:56:39:54:
01:28:1d:fa:ce:35:69:21:34:ba:f6:83:2f:b8:87:41:1e:bc:
db:1d:eb:d2:a6:66:c2:1c:93:9e:36:c2:0c:cd:e8:a7:cd:33:
d4:23:6f:9e:4d:f8:23:ac:8a:42:76:44:9d:f3:a9:ef:cc:1c:
1b:a8:d6:85:8b:e7:20:76:ce:62:88:7f:08:fd:22:c2:ce:6b:
e0:f5:8f:a8:b8:2f:c3:09:77:33:47:36:6a:74:dc:c1:ea:62:
4c:81:56:ab:30:25:43:3c:9e:f7:29:f2:2d:56:7c:f3:43:15:
54:1d:9b:39:35:86:9d:e2:ee:5a:73:20:fc:ee:47:62:48:23:
93:ba:7a:3e:9a:07:21:d9:50:ea:af:64:f9:47:ae:48:c0:f1:
0a:99:8b:2a:44:a1:14:0e:a2:34:56:04:b4:c0:26:9d:e6:ba:
a6:97:c0:9f:30:25:cc:b7:18:2c:cb:5d:3e:f6:d8:85:3c:36:
67:d0:e7:e5:80:a0:7e:db:2c:ac:9e:64:31:05:13:25:37:78:
d7:41:ed:91:de:5e:6d:4d:10:39:9f:5b:f2:f6:e4:7e:28:7a:
d1:28:9c:c5
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
MEM3MzExMC8GA1UEBRMoRTM5MzY5QkE5REQ4ODA5OTg3QjIzNkI0NzdBRDc4RTE1
Qzc1QUIxQzAeFw0yMjA5MTcwODI1MzdaFw0yMzA3MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTYzMjU4NDgxLTRiMTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDIEpYvlwO6O6373cml9OAT1cneCgCo4NF/RrZVhO3goPdaiHPYhB2kuFST0xut
OVm1NDfe9M2qZmDVPntSe9vhh4jlhvDIduiVKqSwiyCuTeQQSlYOGfBl945ZoCbY
FE1DAXjFGeLN6dKsB5AaF7eAOlD/a8j6gLk3Tx/GiCRpJv1h/mZpn4oe1OsA5v/I
xYmedCbanT2mDA3bXa8JJUCaazrRSIHF+1Zp1896q49MRlbJw7An6IQsl5YG9XSC
n/6jyF0AXqHzcmg1kji7EDzi7HlApqUEp19ehrGSaecB6s0W//GqIt/+DY80Fvbx
EE25NDEnWbNIQH48W9b4EiRfAgMBAAGjggKmMIICojAdBgNVHQ4EFgQUo2gUtMnn
JyCpWoDIfmbAnvnT2iowHwYDVR0jBBgwFoAU45Npup3YgJmHsja0d6144Vx1qxww
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUMwQzczLzIxNUU1RDNBMzY1
QTExRURBRDEwQkE3QUM0RjlBRTAyLzQ1TnB1cDNZZ0ptSHNqYTBkNjE0NFZ4MXF4
dy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvNDVOcHVwM1lnSm1Ic2phMGQ2MTQ0VngxcXh3LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
MEM3My8yMTVFNUQzQTM2NUExMUVEQUQxMEJBN0FDNEY5QUUwMi80RTUzODExNDM2
NjIxMUVEQjEzNERDMTJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAWeK4jAPBAIAAjAJAwcAIAEN8FmAMA0GCSqGSIb3DQEBCwUA
A4IBAQAzYCKAUbWCWJ7fX7Uu9GB4YWqsnCvn0Mn5aFJnL42m3R1WOVQBKB36zjVp
ITS69oMvuIdBHrzbHevSpmbCHJOeNsIMzeinzTPUI2+eTfgjrIpCdkSd86nvzBwb
qNaFi+cgds5iiH8I/SLCzmvg9Y+ouC/DCXczRzZqdNzB6mJMgVarMCVDPJ73KfIt
VnzzQxVUHZs5NYad4u5acyD87kdiSCOTuno+mgch2VDqr2T5R65IwPEKmYsqRKEU
DqI0VgS0wCad5rqml8CfMCXMtxgsy10+9tiFPDZn0OflgKB+2yysnmQxBRMlN3jX
Qe2R3l5tTRA5n1vy9uR+KHrRKJzF
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:24 2024 by rpki-client on console-ams.rpki-client.org