Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F1ADD/DFAD9A1CF13211EB8AB4D44AC4F9AE02/2D9C0C38F13611EB9706524FC4F9AE02.roa
File: 2D9C0C38F13611EB9706524FC4F9AE02.roa (raw, json)
Hash identifier: KSlND0VX6vGGtJtL6gCApgs41CVUHgm7/3gIc4NaqZ4=
Subject key identifier: E3:F5:B9:66:7D:63:6D:B2:52:41:2A:A9:9C:3C:28:EB:6B:6B:31:7E
Certificate issuer: /CN=A91F1ADD/serialNumber=95460D1585021D39EAD7DD5BB2B553BF474AC943
Certificate serial: 02
Authority key identifier: 95:46:0D:15:85:02:1D:39:EA:D7:DD:5B:B2:B5:53:BF:47:4A:C9:43
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lUYNFYUCHTnq191bsrVTv0dKyUM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F1ADD/DFAD9A1CF13211EB8AB4D44AC4F9AE02/2D9C0C38F13611EB9706524FC4F9AE02.roa
Signing time: Fri 30 Jul 2021 13:00:56 +0000
ROA not before: Fri 30 Jul 2021 13:00:56 +0000
ROA not after: Wed 02 Mar 2022 00:00:00 +0000
asID: 138497
IP address blocks: 103.127.44.0/22 maxlen: 24
2404:18c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F1ADD/serialNumber=95460D1585021D39EAD7DD5BB2B553BF474AC943
Validity
Not Before: Jul 30 13:00:56 2021 GMT
Not After : Mar 2 00:00:00 2022 GMT
Subject: CN=6103f808-51fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:ec:c9:40:df:59:f0:a0:1a:3e:b8:96:42:3f:
db:62:d6:4d:46:99:fc:f2:6b:0a:ce:7f:4a:f5:64:
e4:82:2c:ce:6d:89:51:8d:82:ae:e7:44:62:44:2c:
96:47:e5:07:0a:be:07:e3:7c:04:3f:1b:74:03:14:
93:f5:9b:1a:a8:ea:9e:27:cb:56:ad:86:52:f5:c6:
1b:25:6d:6c:a8:1f:0f:a2:df:da:34:a7:d9:66:4b:
2d:68:01:42:69:16:20:b9:34:d0:2d:4f:88:1b:16:
a8:7f:81:8b:f4:4e:0f:df:f7:1d:c5:06:50:5b:2a:
df:77:04:a0:b2:2f:a8:db:35:d2:ca:68:0d:28:ae:
7a:95:43:de:b6:2a:ff:bb:8a:6c:2f:c5:b5:6e:d4:
cf:aa:17:ea:ba:ca:36:49:3c:7d:db:a1:57:1e:3c:
90:25:e0:1e:bc:3e:ab:e9:c6:16:5d:f4:f6:52:c1:
40:51:99:03:7d:1d:02:cc:42:65:90:c2:7f:cc:8d:
49:82:85:86:af:8b:53:e7:2d:88:4a:1b:a8:b5:6b:
2d:88:03:d3:d0:ac:11:0e:0f:b7:85:27:9a:8a:51:
43:06:9e:40:ee:74:65:cf:69:87:e5:bb:45:75:5c:
6b:9f:92:05:19:30:bf:37:eb:0d:89:83:8f:03:e5:
f3:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:F5:B9:66:7D:63:6D:B2:52:41:2A:A9:9C:3C:28:EB:6B:6B:31:7E
X509v3 Authority Key Identifier:
keyid:95:46:0D:15:85:02:1D:39:EA:D7:DD:5B:B2:B5:53:BF:47:4A:C9:43
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F1ADD/DFAD9A1CF13211EB8AB4D44AC4F9AE02/lUYNFYUCHTnq191bsrVTv0dKyUM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lUYNFYUCHTnq191bsrVTv0dKyUM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F1ADD/DFAD9A1CF13211EB8AB4D44AC4F9AE02/2D9C0C38F13611EB9706524FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.127.44.0/22
IPv6:
2404:18c0::/32
Signature Algorithm: sha256WithRSAEncryption
78:96:ea:36:1c:aa:e5:6b:63:d2:8c:63:21:53:c9:fe:08:b1:
2b:59:d7:58:80:b4:97:87:24:8b:4b:d8:64:9a:a3:3b:c7:f6:
64:cf:9b:c8:ef:6b:c4:46:fd:33:dd:58:c4:33:27:29:96:66:
34:87:cf:68:a8:90:0a:57:1d:d7:88:89:0d:4c:ee:9e:a6:c8:
bc:c9:ba:5e:01:02:30:14:f2:68:0a:5a:dd:ae:c6:51:3c:1e:
72:d3:34:7c:56:87:67:a7:d5:95:2a:9f:04:ea:44:22:cb:e7:
60:a0:62:3e:50:2a:d4:0c:ad:e2:a4:b5:1d:3a:3c:80:7a:f2:
af:be:39:9b:39:eb:55:7f:0c:1b:af:ef:b5:99:14:62:2e:e4:
93:a2:68:f7:22:e5:88:b4:3b:57:3c:7c:2f:dd:a6:bc:0f:29:
18:0e:4c:e8:be:61:f7:d1:67:17:ac:2e:0b:30:81:73:bc:61:
a0:6e:9e:a9:8e:d0:a4:6f:7c:b2:3b:4f:35:bd:db:91:95:9a:
bc:95:da:49:2d:85:e9:64:23:25:f1:83:0d:ef:42:09:06:97:
f8:67:ce:9e:74:b1:a8:7e:7b:24:63:b4:b5:ac:b1:f1:a5:b1:
4c:4f:16:c6:86:b0:91:bd:a6:ef:9d:ef:bf:e7:e0:5e:53:b6:
74:11:c0:d3
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFG
MUFERDExMC8GA1UEBRMoOTU0NjBEMTU4NTAyMUQzOUVBRDdERDVCQjJCNTUzQkY0
NzRBQzk0MzAeFw0yMTA3MzAxMzAwNTZaFw0yMjAzMDIwMDAwMDBaMBgxFjAUBgNV
BAMTDTYxMDNmODA4LTUxZmIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCu7MlA31nwoBo+uJZCP9ti1k1GmfzyawrOf0r1ZOSCLM5tiVGNgq7nRGJELJZH
5QcKvgfjfAQ/G3QDFJP1mxqo6p4ny1athlL1xhslbWyoHw+i39o0p9lmSy1oAUJp
FiC5NNAtT4gbFqh/gYv0Tg/f9x3FBlBbKt93BKCyL6jbNdLKaA0ornqVQ962Kv+7
imwvxbVu1M+qF+q6yjZJPH3boVcePJAl4B68PqvpxhZd9PZSwUBRmQN9HQLMQmWQ
wn/MjUmChYavi1PnLYhKG6i1ay2IA9PQrBEOD7eFJ5qKUUMGnkDudGXPaYflu0V1
XGufkgUZML836w2Jg48D5fNvAgMBAAGjggKkMIICoDAdBgNVHQ4EFgQU4/W5Zn1j
bbJSQSqpnDwo62trMX4wHwYDVR0jBBgwFoAUlUYNFYUCHTnq191bsrVTv0dKyUMw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUYxQUREL0RGQUQ5QTFDRjEz
MjExRUI4QUI0RDQ0QUM0RjlBRTAyL2xVWU5GWVVDSFRucTE5MWJzclZUdjBkS3lV
TS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvbFVZTkZZVUNIVG5xMTkxYnNyVlR2MGRLeVVNLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFG
MUFERC9ERkFEOUExQ0YxMzIxMUVCOEFCNEQ0NEFDNEY5QUUwMi8yRDlDMEMzOEYx
MzYxMUVCOTcwNjUyNEZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAuBggrBgEFBQcBBwEB/wQf
MB0wDAQCAAEwBgMEAmd/LDANBAIAAjAHAwUAJAQYwDANBgkqhkiG9w0BAQsFAAOC
AQEAeJbqNhyq5Wtj0oxjIVPJ/gixK1nXWIC0l4cki0vYZJqjO8f2ZM+byO9rxEb9
M91YxDMnKZZmNIfPaKiQClcd14iJDUzunqbIvMm6XgECMBTyaApa3a7GUTwectM0
fFaHZ6fVlSqfBOpEIsvnYKBiPlAq1Ayt4qS1HTo8gHryr745mznrVX8MG6/vtZkU
Yi7kk6Jo9yLliLQ7Vzx8L92mvA8pGA5M6L5h99FnF6wuCzCBc7xhoG6eqY7QpG98
sjtPNb3bkZWavJXaSS2F6WQjJfGDDe9CCQaX+GfOnnSxqH57JGO0tayx8aWxTE8W
xoawkb2m753vv+fgXlO2dBHA0w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:47 2024 by rpki-client on console-fra.rpki-client.org