Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91ED73E/01B8210A898911E8B98BEC3AC4F9AE02/A88C51EA898911E8A55BAC3BC4F9AE02.roa
File: A88C51EA898911E8A55BAC3BC4F9AE02.roa (raw, json)
Hash identifier: roGfWL/LHWn0beeUJlXUzFNbPPdNHXnFNjQDDg1PjR0=
Subject key identifier: E2:3D:8E:23:F1:4A:B5:BE:7C:F1:DD:05:25:36:45:75:09:C9:A9:D2
Certificate issuer: /CN=A91ED73E/serialNumber=5CAF41F64B375268798E2A5DAA0C140000CD7473
Certificate serial: 1148
Authority key identifier: 5C:AF:41:F6:4B:37:52:68:79:8E:2A:5D:AA:0C:14:00:00:CD:74:73
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XK9B9ks3Umh5jipdqgwUAADNdHM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91ED73E/01B8210A898911E8B98BEC3AC4F9AE02/A88C51EA898911E8A55BAC3BC4F9AE02.roa
Signing time: Mon 18 Jul 2022 18:04:31 +0000
ROA not before: Mon 18 Jul 2022 18:04:31 +0000
ROA not after: Tue 31 Oct 2023 00:00:00 +0000
asID: 137972
IP address blocks: 103.118.172.0/24 maxlen: 24
103.146.24.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4424 (0x1148)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91ED73E/serialNumber=5CAF41F64B375268798E2A5DAA0C140000CD7473
Validity
Not Before: Jul 18 18:04:31 2022 GMT
Not After : Oct 31 00:00:00 2023 GMT
Subject: CN=62d5a0ae-ef04
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:a8:90:00:7b:80:74:26:2b:3a:1e:d6:8c:f4:
9b:9a:f6:e5:ea:4b:72:b8:7e:da:5a:c1:58:b2:3e:
c5:80:d5:3c:70:0c:aa:ad:cc:fc:d7:bb:b2:0c:47:
bf:21:02:9a:2f:51:cd:8c:9f:17:c3:53:06:59:89:
af:63:9e:9e:7f:7f:f1:08:f5:5f:04:d8:bf:c3:ca:
46:51:5f:bc:36:b2:1d:3a:f9:a4:a2:8b:d3:61:18:
af:84:9e:e8:f0:dc:ed:03:2c:5a:a4:e8:86:9c:f7:
9d:f6:0d:fe:6c:b8:62:33:ba:30:f4:0d:82:de:7e:
0a:07:77:aa:85:ea:ca:55:c4:11:46:e8:4e:31:f4:
e7:1a:a3:ee:e3:b7:da:65:60:3b:0d:e1:97:4c:02:
ba:e4:0f:ef:06:00:00:33:d8:d2:5c:33:f0:f7:72:
b8:ea:f3:9b:38:bb:f6:85:fe:dc:41:04:78:43:8a:
fe:7b:c8:fd:5e:03:c8:80:31:38:80:88:b7:b1:b4:
49:7e:99:34:23:cb:55:a9:7b:32:ab:6c:29:fa:48:
af:38:e3:39:0a:23:e7:80:a8:17:c2:44:33:91:d3:
c4:c7:76:91:c9:95:a6:9b:a7:db:b2:0c:da:d0:09:
23:04:d7:c5:40:30:02:c3:88:7e:b5:59:14:f0:98:
c7:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:3D:8E:23:F1:4A:B5:BE:7C:F1:DD:05:25:36:45:75:09:C9:A9:D2
X509v3 Authority Key Identifier:
keyid:5C:AF:41:F6:4B:37:52:68:79:8E:2A:5D:AA:0C:14:00:00:CD:74:73
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91ED73E/01B8210A898911E8B98BEC3AC4F9AE02/XK9B9ks3Umh5jipdqgwUAADNdHM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XK9B9ks3Umh5jipdqgwUAADNdHM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91ED73E/01B8210A898911E8B98BEC3AC4F9AE02/A88C51EA898911E8A55BAC3BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.118.172.0/24
103.146.24.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:97:d8:91:71:e4:db:f7:00:64:3c:3b:92:3a:66:dc:b8:db:
04:72:7a:5a:fe:ad:42:4c:df:69:ef:a1:55:37:8f:cc:9a:50:
01:78:d7:5e:b6:44:e2:a9:46:53:9c:da:1d:3a:32:a3:dc:9f:
75:13:09:fe:af:37:fe:e4:6e:f7:67:85:b0:81:08:ae:4b:ef:
74:32:5c:9b:ab:1e:5f:48:cc:04:d9:b0:31:b6:23:b6:64:b4:
31:3d:9b:9f:53:1e:7a:4f:25:49:5e:f3:17:2b:a5:dc:30:89:
f5:bf:01:94:8b:71:2f:c2:52:75:9c:34:5e:a0:f4:c9:c7:b1:
7a:87:82:6d:5c:db:73:89:eb:6d:3c:5d:1c:53:46:fc:3c:19:
5f:49:5e:eb:09:6e:f8:01:cd:bb:57:c8:64:dc:a8:94:70:67:
0f:e4:34:1c:29:ae:92:bd:e7:81:67:fb:94:59:1b:46:10:81:
66:5a:13:85:da:49:bf:e5:61:75:c8:b1:11:ac:08:c2:a9:53:
30:51:f2:78:5d:e0:d9:c1:c7:e1:38:bb:5d:d0:4b:84:f2:28:
db:bf:18:c2:b0:bf:75:a3:49:2d:54:49:50:7a:fb:7a:c0:cd:
3b:dd:cb:21:f2:ef:a6:36:db:06:1d:2d:d5:f3:0e:a8:77:e7:
f6:ca:52:80
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICEUgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUQ3M0UxMTAvBgNVBAUTKDVDQUY0MUY2NEIzNzUyNjg3OThFMkE1REFBMEMxNDAw
MDBDRDc0NzMwHhcNMjIwNzE4MTgwNDMxWhcNMjMxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmQ1YTBhZS1lZjA0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuKiQAHuAdCYrOh7WjPSbmvbl6ktyuH7aWsFYsj7FgNU8cAyqrcz817uyDEe/
IQKaL1HNjJ8Xw1MGWYmvY56ef3/xCPVfBNi/w8pGUV+8NrIdOvmkoovTYRivhJ7o
8NztAyxapOiGnPed9g3+bLhiM7ow9A2C3n4KB3eqherKVcQRRuhOMfTnGqPu47fa
ZWA7DeGXTAK65A/vBgAAM9jSXDPw93K46vObOLv2hf7cQQR4Q4r+e8j9XgPIgDE4
gIi3sbRJfpk0I8tVqXsyq2wp+kivOOM5CiPngKgXwkQzkdPEx3aRyZWmm6fbsgza
0AkjBNfFQDACw4h+tVkU8JjHnQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFOI9jiPx
SrW+fPHdBSU2RXUJyanSMB8GA1UdIwQYMBaAFFyvQfZLN1JoeY4qXaoMFAAAzXRz
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFRDczRS8wMUI4MjEwQTg5
ODkxMUU4Qjk4QkVDM0FDNEY5QUUwMi9YSzlCOWtzM1VtaDVqaXBkcWd3VUFBRE5k
SE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hLOUI5a3MzVW1oNWppcGRxZ3dVQUFETmRITS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUQ3M0UvMDFCODIxMEE4OTg5MTFFOEI5OEJFQzNBQzRGOUFFMDIvQTg4QzUxRUE4
OTg5MTFFOEE1NUJBQzNCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABndqwDBABnkhgwDQYJKoZIhvcNAQELBQADggEBAE6X2JFx
5Nv3AGQ8O5I6Zty42wRyelr+rUJM32nvoVU3j8yaUAF41162ROKpRlOc2h06MqPc
n3UTCf6vN/7kbvdnhbCBCK5L73QyXJurHl9IzATZsDG2I7ZktDE9m59THnpPJUle
8xcrpdwwifW/AZSLcS/CUnWcNF6g9MnHsXqHgm1c23OJ6208XRxTRvw8GV9JXusJ
bvgBzbtXyGTcqJRwZw/kNBwprpK954Fn+5RZG0YQgWZaE4XaSb/lYXXIsRGsCMKp
UzBR8nhd4NnBx+E4u13QS4TyKNu/GMKwv3WjSS1USVB6+3rAzTvdyyHy76Y22wYd
LdXzDqh35/bKUoA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:37 2024 by rpki-client on console-ams.rpki-client.org