Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/2CB571DAEFBB11ED84817A67C4F9AE02.roa
File: 2CB571DAEFBB11ED84817A67C4F9AE02.roa (raw, json)
Hash identifier: C01VopHVTbOYa9Wqdu32CpGwWcgYH4x/ztlb0UpyDe0=
Subject key identifier: FA:10:3E:D1:46:B9:5C:20:D2:E6:D2:0C:2D:08:C5:D8:18:5A:64:98
Certificate issuer: /CN=A91C6504/serialNumber=0E44D19B7C9589B2342D051EB094493748DEEB4F
Certificate serial: 03
Authority key identifier: 0E:44:D1:9B:7C:95:89:B2:34:2D:05:1E:B0:94:49:37:48:DE:EB:4F
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DkTRm3yVibI0LQUesJRJN0je608.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/2CB571DAEFBB11ED84817A67C4F9AE02.roa
Signing time: Thu 11 May 2023 05:17:51 +0000
ROA not before: Thu 11 May 2023 05:17:51 +0000
ROA not after: Tue 31 Oct 2023 00:00:00 +0000
asID: 136993
IP address blocks: 103.69.152.0/22 maxlen: 24
180.149.236.0/22 maxlen: 24
2405:f380::/32 maxlen: 40
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C6504/serialNumber=0E44D19B7C9589B2342D051EB094493748DEEB4F
Validity
Not Before: May 11 05:17:51 2023 GMT
Not After : Oct 31 00:00:00 2023 GMT
Subject: CN=645c7a7e-5d6a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:0a:42:78:38:af:9b:4e:86:73:34:3e:75:29:
e0:3f:03:e7:17:b4:36:16:09:94:51:17:c5:7d:09:
42:b3:17:1c:d5:24:bb:ff:19:57:99:40:e3:6d:f3:
60:33:0f:60:b5:d0:93:1e:fe:13:d6:fe:6a:f8:2c:
18:7c:73:54:ad:55:92:43:10:1e:da:de:c0:0e:4d:
f1:30:88:44:7c:ed:1c:47:21:f8:b8:29:a2:9a:d5:
99:a7:4f:3d:61:b2:83:8c:af:fc:4a:bb:0b:1d:58:
38:9c:bd:b8:75:b1:f3:65:7a:35:90:89:d8:b7:6f:
52:ca:2c:e6:0f:5e:fb:e4:d0:fe:13:2f:0e:e6:15:
56:db:7a:c4:b0:91:e7:0a:7b:86:ef:c3:cc:d0:c2:
b4:7b:86:5b:95:52:f2:83:7c:8f:f3:56:3d:d7:42:
06:f3:7e:85:20:d1:83:bf:82:69:6f:ed:fe:6a:2c:
05:7e:b3:ef:4c:e7:5b:6a:f0:8e:52:6c:93:23:e6:
f4:dd:cb:f0:9f:83:7a:3e:8c:b0:8e:2c:a7:15:a7:
eb:a9:2c:ff:bc:9b:27:02:00:41:69:ae:3a:5e:50:
d5:7c:c8:cb:de:cb:0c:08:d6:6e:55:63:37:28:26:
3a:fb:67:78:a9:67:65:be:2d:c0:33:b1:0a:95:b8:
f9:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:10:3E:D1:46:B9:5C:20:D2:E6:D2:0C:2D:08:C5:D8:18:5A:64:98
X509v3 Authority Key Identifier:
keyid:0E:44:D1:9B:7C:95:89:B2:34:2D:05:1E:B0:94:49:37:48:DE:EB:4F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/DkTRm3yVibI0LQUesJRJN0je608.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DkTRm3yVibI0LQUesJRJN0je608.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/2CB571DAEFBB11ED84817A67C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.69.152.0/22
180.149.236.0/22
IPv6:
2405:f380::/32
Signature Algorithm: sha256WithRSAEncryption
b4:73:b0:57:e6:aa:9e:bb:06:ee:36:a1:50:d3:f4:15:6d:8f:
92:d5:f7:8f:77:bb:5f:26:8f:91:dd:f7:e6:bd:6c:91:9c:55:
e8:2d:ad:d2:0e:c0:ad:d7:a5:e5:c2:49:ab:17:0e:c3:2a:b5:
6d:54:c4:0d:3c:13:13:5e:ee:87:cc:3d:f7:2d:17:b3:35:c4:
f6:b6:29:19:78:f3:1a:7d:69:f5:76:de:8b:95:41:4a:82:54:
bf:a2:eb:48:7c:0d:3a:9f:54:91:5c:e9:e8:bf:6a:46:3a:2b:
cf:9f:5b:a2:ad:17:cc:5c:3d:73:a1:96:4d:ab:06:93:90:34:
9e:05:15:69:f9:90:79:a8:f4:00:27:be:a7:2e:5c:42:42:14:
00:bf:df:59:55:cc:79:62:e8:1a:de:e6:b1:bf:de:a2:3d:cb:
ad:ce:f4:53:eb:10:81:0c:51:39:cf:b4:c9:0a:76:9b:92:95:
68:60:85:f6:9c:d0:d8:a6:96:83:d4:bf:3a:36:e3:fd:0d:61:
5c:32:0a:1b:0f:07:0c:02:51:49:95:dc:85:dd:ad:57:ca:d4:
35:8f:68:a5:97:f1:6e:67:ee:f9:82:29:33:94:20:bb:5e:e2:
46:44:2f:e9:08:28:7b:e7:0b:8e:dd:bf:9a:c3:4e:cc:97:6e:
7c:92:59:6f
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
NjUwNDExMC8GA1UEBRMoMEU0NEQxOUI3Qzk1ODlCMjM0MkQwNTFFQjA5NDQ5Mzc0
OERFRUI0RjAeFw0yMzA1MTEwNTE3NTFaFw0yMzEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0NWM3YTdlLTVkNmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDLCkJ4OK+bToZzND51KeA/A+cXtDYWCZRRF8V9CUKzFxzVJLv/GVeZQONt82Az
D2C10JMe/hPW/mr4LBh8c1StVZJDEB7a3sAOTfEwiER87RxHIfi4KaKa1ZmnTz1h
soOMr/xKuwsdWDicvbh1sfNlejWQidi3b1LKLOYPXvvk0P4TLw7mFVbbesSwkecK
e4bvw8zQwrR7hluVUvKDfI/zVj3XQgbzfoUg0YO/gmlv7f5qLAV+s+9M51tq8I5S
bJMj5vTdy/Cfg3o+jLCOLKcVp+upLP+8mycCAEFprjpeUNV8yMveywwI1m5VYzco
Jjr7Z3ipZ2W+LcAzsQqVuPmrAgMBAAGjggKqMIICpjAdBgNVHQ4EFgQU+hA+0Ua5
XCDS5tIMLQjF2BhaZJgwHwYDVR0jBBgwFoAUDkTRm3yVibI0LQUesJRJN0je608w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUM2NTA0LzkxRTA2RTg0RUZB
NzExRUQ5QjI3MzU2RUM0RjlBRTAyL0RrVFJtM3lWaWJJMExRVWVzSlJKTjBqZTYw
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvRGtUUm0zeVZpYkkwTFFVZXNKUkpOMGplNjA4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
NjUwNC85MUUwNkU4NEVGQTcxMUVEOUIyNzM1NkVDNEY5QUUwMi8yQ0I1NzFEQUVG
QkIxMUVEODQ4MTdBNjdDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA0BggrBgEFBQcBBwEB/wQl
MCMwEgQCAAEwDAMEAmdFmAMEArSV7DANBAIAAjAHAwUAJAXzgDANBgkqhkiG9w0B
AQsFAAOCAQEAtHOwV+aqnrsG7jahUNP0FW2PktX3j3e7XyaPkd335r1skZxV6C2t
0g7Ardel5cJJqxcOwyq1bVTEDTwTE17uh8w99y0XszXE9rYpGXjzGn1p9Xbei5VB
SoJUv6LrSHwNOp9UkVzp6L9qRjorz59boq0XzFw9c6GWTasGk5A0ngUVafmQeaj0
ACe+py5cQkIUAL/fWVXMeWLoGt7msb/eoj3Lrc70U+sQgQxROc+0yQp2m5KVaGCF
9pzQ2KaWg9S/Ojbj/Q1hXDIKGw8HDAJRSZXchd2tV8rUNY9opZfxbmfu+YIpM5Qg
u17iRkQv6Qgoe+cLjt2/msNOzJdufJJZbw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:40 2024 by rpki-client on console-fra.rpki-client.org