Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C1FCC/CDBC5986730911EAA8820030C4F9AE02/DF7C817C35DA11EE9BCFCD7FC4F9AE02.roa
File: DF7C817C35DA11EE9BCFCD7FC4F9AE02.roa (raw, json)
Hash identifier: G3hDqnsOXXoG2GOyR5xj6CnpaxW/N/BA7GyH8lYOrHA=
Subject key identifier: 38:80:18:B1:4D:97:E7:A3:3D:E2:C1:76:93:18:65:7F:6D:3B:B7:FF
Certificate issuer: /CN=A91C1FCC/serialNumber=08D256D426CA2171FCE817C64523F832A36917BD
Certificate serial: 0993
Authority key identifier: 08:D2:56:D4:26:CA:21:71:FC:E8:17:C6:45:23:F8:32:A3:69:17:BD
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CNJW1CbKIXH86BfGRSP4MqNpF70.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C1FCC/CDBC5986730911EAA8820030C4F9AE02/DF7C817C35DA11EE9BCFCD7FC4F9AE02.roa
Signing time: Tue 02 Jul 2024 20:47:50 +0000
ROA not before: Tue 02 Jul 2024 20:47:50 +0000
ROA not after: Wed 30 Jul 2025 00:00:00 +0000
asID: 58895
IP address blocks: 103.92.20.0/22 maxlen: 22
103.92.20.0/24 maxlen: 24
103.92.21.0/24 maxlen: 24
103.92.22.0/24 maxlen: 24
103.92.23.0/24 maxlen: 24
103.203.44.0/24 maxlen: 24
116.213.32.0/24 maxlen: 24
116.213.33.0/24 maxlen: 24
116.213.34.0/24 maxlen: 24
116.213.35.0/24 maxlen: 24
123.253.92.0/22 maxlen: 22
123.253.92.0/24 maxlen: 24
123.253.93.0/24 maxlen: 24
123.253.94.0/24 maxlen: 24
123.253.95.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2451 (0x993)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C1FCC
Validity
Not Before: Jul 2 20:47:50 2024 GMT
Not After : Jul 30 00:00:00 2025 GMT
Subject: CN=66846776-b8c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:d6:af:c7:26:52:a3:ce:75:86:58:66:e0:83:
65:0c:24:73:f2:d1:0c:fc:2b:02:99:72:89:cd:96:
d4:8c:c5:51:43:bd:e5:c9:e8:79:6c:16:42:23:4f:
4f:82:7a:7d:95:95:2f:c9:ac:66:3e:91:74:66:c4:
58:5e:b8:0b:1c:22:a5:1f:aa:27:13:53:13:0d:00:
35:db:73:9c:0c:9e:0e:ab:ce:8d:23:dd:75:ba:65:
fb:01:77:60:91:96:d2:06:53:04:11:fb:91:b0:2b:
a4:d2:b9:57:48:d0:73:1e:0e:74:9a:6d:79:db:75:
ab:67:25:3b:27:ed:fa:1d:58:42:80:40:d6:5b:a1:
a7:3f:16:5f:dd:13:9f:8e:c2:00:3b:5d:9b:e6:eb:
35:bc:3d:1a:10:01:2d:c4:6b:83:0e:73:11:31:26:
d8:07:86:6a:60:75:b6:cf:cf:46:f3:e9:bc:c6:09:
4b:4a:12:36:d1:df:c4:f0:5d:f0:7a:e3:88:3c:4c:
8c:d6:7f:56:47:24:6f:2d:4b:4e:c3:04:ca:85:3e:
2f:c2:d8:af:ce:33:8f:5a:0b:8b:db:26:fb:02:14:
e8:4f:8a:de:02:3e:51:1d:86:1b:21:45:2d:e8:fb:
fd:a9:77:03:3c:17:5d:48:0f:ad:f4:41:0c:86:9c:
e6:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:80:18:B1:4D:97:E7:A3:3D:E2:C1:76:93:18:65:7F:6D:3B:B7:FF
X509v3 Authority Key Identifier:
keyid:08:D2:56:D4:26:CA:21:71:FC:E8:17:C6:45:23:F8:32:A3:69:17:BD
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C1FCC/CDBC5986730911EAA8820030C4F9AE02/CNJW1CbKIXH86BfGRSP4MqNpF70.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CNJW1CbKIXH86BfGRSP4MqNpF70.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C1FCC/CDBC5986730911EAA8820030C4F9AE02/DF7C817C35DA11EE9BCFCD7FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.92.20.0/22
103.203.44.0/24
116.213.32.0/22
123.253.92.0/22
Signature Algorithm: sha256WithRSAEncryption
af:66:c7:b1:89:3c:fa:0b:d8:14:50:03:87:7b:97:ed:10:54:
b3:b4:b5:e1:f9:0c:ed:6b:54:ad:10:8d:af:b6:2e:c8:93:51:
aa:31:2c:29:c8:5b:ea:bb:ae:3e:6e:2a:c8:f9:78:e3:7a:0d:
cf:84:75:95:f9:37:2d:24:9e:83:5a:1f:f2:98:ea:c1:e8:0e:
64:d0:0a:9a:bf:e4:f9:8b:87:6d:3e:1e:2b:ec:6a:a2:bb:84:
47:ef:68:a4:d7:b9:05:d7:4d:f7:81:a5:d4:1c:2f:51:bc:e8:
ad:e4:5d:cc:8f:42:3a:d6:4a:46:86:f1:c6:b5:28:57:30:d1:
40:e0:0e:1b:26:31:6d:90:95:41:f1:b1:33:20:a8:1c:25:ab:
a6:75:0f:18:1e:f5:ea:2e:dc:2d:1f:f1:21:41:27:19:e2:08:
65:ff:e4:bd:a5:96:3e:9d:00:30:9e:cd:8b:f7:92:88:f6:fd:
ff:cb:e1:2a:31:0e:80:30:8c:4a:5e:12:60:bf:42:90:66:8d:
47:cf:f8:fd:80:4a:b3:97:cb:d3:b3:d5:a0:38:9b:c0:d4:98:
50:32:a0:9e:e4:e1:53:e3:df:0d:4c:3e:de:0f:c8:61:b8:ca:
2e:75:33:dd:3f:01:fb:48:5e:fa:f7:2b:1d:78:67:00:0e:8d:
42:c1:99:3a
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICCZMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzFGQ0MxMTAvBgNVBAUTKDA4RDI1NkQ0MjZDQTIxNzFGQ0U4MTdDNjQ1MjNGODMy
QTM2OTE3QkQwHhcNMjQwNzAyMjA0NzUwWhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Njg0Njc3Ni1iOGM0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAztavxyZSo851hlhm4INlDCRz8tEM/CsCmXKJzZbUjMVRQ73lyeh5bBZCI09P
gnp9lZUvyaxmPpF0ZsRYXrgLHCKlH6onE1MTDQA123OcDJ4Oq86NI911umX7AXdg
kZbSBlMEEfuRsCuk0rlXSNBzHg50mm1523WrZyU7J+36HVhCgEDWW6GnPxZf3ROf
jsIAO12b5us1vD0aEAEtxGuDDnMRMSbYB4ZqYHW2z89G8+m8xglLShI20d/E8F3w
euOIPEyM1n9WRyRvLUtOwwTKhT4vwtivzjOPWguL2yb7AhToT4reAj5RHYYbIUUt
6Pv9qXcDPBddSA+t9EEMhpzm1wIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFDiAGLFN
l+ejPeLBdpMYZX9tO7f/MB8GA1UdIwQYMBaAFAjSVtQmyiFx/OgXxkUj+DKjaRe9
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMUZDQy9DREJDNTk4Njcz
MDkxMUVBQTg4MjAwMzBDNEY5QUUwMi9DTkpXMUNiS0lYSDg2QmZHUlNQNE1xTnBG
NzAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0NOSlcxQ2JLSVhIODZCZkdSU1A0TXFOcEY3MC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzFGQ0MvQ0RCQzU5ODY3MzA5MTFFQUE4ODIwMDMwQzRGOUFFMDIvREY3QzgxN0Mz
NURBMTFFRTlCQ0ZDRDdGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBAJnXBQDBABnyywDBAJ01SADBAJ7/VwwDQYJKoZIhvcNAQEL
BQADggEBAK9mx7GJPPoL2BRQA4d7l+0QVLO0teH5DO1rVK0Qja+2LsiTUaoxLCnI
W+q7rj5uKsj5eON6Dc+EdZX5Ny0knoNaH/KY6sHoDmTQCpq/5PmLh20+HivsaqK7
hEfvaKTXuQXXTfeBpdQcL1G86K3kXcyPQjrWSkaG8ca1KFcw0UDgDhsmMW2QlUHx
sTMgqBwlq6Z1Dxge9eou3C0f8SFBJxniCGX/5L2llj6dADCezYv3koj2/f/L4Sox
DoAwjEpeEmC/QpBmjUfP+P2ASrOXy9Oz1aA4m8DUmFAyoJ7k4VPj3w1MPt4PyGG4
yi51M90/AftIXvr3Kx14ZwAOjULBmTo=
-----END CERTIFICATE-----
Generated at Fri Apr 11 13:55:16 2025 by rpki-client