Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911E2E0/B3E815DC9E4611E588D46016C4F9AE02/14AA8B96011511EEB15FDD2AC4F9AE02.roa
File: 14AA8B96011511EEB15FDD2AC4F9AE02.roa (raw, json)
Hash identifier: ZWypyxpQDFk1KTYKikai8SG06uEZP7rBuiqNuYE/hJs=
Subject key identifier: BC:6A:A2:CE:61:7B:1C:0E:4F:9D:61:FE:9D:EC:74:7D:14:EC:B5:8A
Certificate issuer: /CN=A911E2E0/serialNumber=ED68CA6A2D12A88CC7D296A2BC2BF1519A0B5FF3
Certificate serial: 2168
Authority key identifier: ED:68:CA:6A:2D:12:A8:8C:C7:D2:96:A2:BC:2B:F1:51:9A:0B:5F:F3
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7WjKai0SqIzH0paivCvxUZoLX_M.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911E2E0/B3E815DC9E4611E588D46016C4F9AE02/14AA8B96011511EEB15FDD2AC4F9AE02.roa
Signing time: Sat 08 Jul 2023 16:12:25 +0000
ROA not before: Sat 08 Jul 2023 16:12:25 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 136408
IP address blocks: 103.120.120.0/22 maxlen: 22
103.120.120.0/24 maxlen: 24
103.120.121.0/24 maxlen: 24
103.120.122.0/24 maxlen: 24
103.120.123.0/24 maxlen: 24
2403:1600::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8552 (0x2168)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911E2E0/serialNumber=ED68CA6A2D12A88CC7D296A2BC2BF1519A0B5FF3
Validity
Not Before: Jul 8 16:12:25 2023 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=64a98ae9-7b89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:18:53:73:57:87:d8:fe:b1:5d:86:4d:50:20:
19:25:95:24:5a:42:a4:d1:c7:6c:03:39:20:9e:12:
77:e4:f2:ed:b8:2d:e6:0f:d1:7e:cf:be:5e:d4:70:
53:ce:cb:71:d2:2a:f1:87:76:fc:29:03:a6:e4:ef:
0e:fb:a3:d5:ec:0e:41:29:1c:7f:1b:e7:93:ff:cb:
7b:6f:17:d2:92:a9:71:80:e6:3f:c2:60:3f:5f:ba:
2c:bd:6e:e7:ab:db:5d:c2:f6:74:93:a6:ea:4d:a5:
50:08:53:5e:16:df:24:cf:67:1e:2d:28:d5:36:cb:
5d:94:d7:4f:d0:bc:44:58:55:24:bf:36:0a:17:49:
95:21:e0:9a:17:68:39:38:95:96:70:8e:e6:2c:9f:
8a:23:e5:36:a9:30:3e:f5:85:07:cd:f4:2a:9d:46:
68:35:3c:25:3d:6c:c7:a9:05:1b:ad:dc:f2:50:2f:
97:5c:fd:4f:cb:81:fa:10:73:3a:db:c3:42:81:9b:
37:a8:c7:62:b7:c1:8a:d7:cf:ca:2f:b5:0c:d5:55:
cb:e3:41:21:35:d6:3d:22:75:48:65:fb:11:92:f2:
e4:19:9e:e3:99:d8:92:79:7e:19:a4:54:53:c3:bf:
dd:9f:21:60:f2:f3:92:90:26:ea:a0:14:ae:ad:6d:
0d:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:6A:A2:CE:61:7B:1C:0E:4F:9D:61:FE:9D:EC:74:7D:14:EC:B5:8A
X509v3 Authority Key Identifier:
keyid:ED:68:CA:6A:2D:12:A8:8C:C7:D2:96:A2:BC:2B:F1:51:9A:0B:5F:F3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911E2E0/B3E815DC9E4611E588D46016C4F9AE02/7WjKai0SqIzH0paivCvxUZoLX_M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7WjKai0SqIzH0paivCvxUZoLX_M.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911E2E0/B3E815DC9E4611E588D46016C4F9AE02/14AA8B96011511EEB15FDD2AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.120.120.0/22
IPv6:
2403:1600::/32
Signature Algorithm: sha256WithRSAEncryption
8d:0d:8c:00:93:d8:41:f7:4b:22:47:0c:96:fb:f7:d6:5b:9f:
dd:25:fe:d6:ba:49:ee:c5:b0:30:b7:9d:35:f3:f9:b2:4a:50:
01:8e:8f:08:71:bf:eb:80:ba:fe:b9:1e:41:24:81:1f:cd:d5:
2a:31:08:61:f5:3e:29:f5:74:a6:e7:9b:2c:e7:45:f6:ca:9c:
28:b1:a9:25:ae:a0:08:a4:bc:68:2e:74:f4:12:2e:fd:9a:80:
21:4b:39:ed:ca:bd:89:69:26:18:8c:0b:3c:47:b0:99:57:fc:
1a:0b:66:d8:35:ac:a3:51:c6:72:e4:18:b2:2c:87:a8:f9:3f:
07:b9:23:a3:74:ca:20:14:e9:d4:2b:3b:66:f4:6a:10:2d:63:
22:42:6d:da:be:d9:a9:e4:04:14:f0:c0:a0:74:8b:39:4e:f4:
e8:1c:70:4c:89:6d:7d:c2:1d:ab:e4:93:07:1d:52:9a:15:1f:
ed:06:85:77:b0:2f:a7:fd:7e:ee:9a:95:db:49:8b:c8:9b:d8:
a9:d5:c8:fa:b3:50:86:35:9d:c7:c7:f9:30:ad:84:ab:de:a2:
c6:cc:00:a5:57:6e:23:84:b0:50:da:53:7f:95:3b:bf:58:cd:
e3:11:2a:a8:04:38:5d:f4:b1:fd:87:4b:64:e4:ce:17:6c:69:
b1:16:c6:16
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICIWgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUUyRTAxMTAvBgNVBAUTKEVENjhDQTZBMkQxMkE4OENDN0QyOTZBMkJDMkJGMTUx
OUEwQjVGRjMwHhcNMjMwNzA4MTYxMjI1WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGE5OGFlOS03Yjg5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzRhTc1eH2P6xXYZNUCAZJZUkWkKk0cdsAzkgnhJ35PLtuC3mD9F+z75e1HBT
zstx0irxh3b8KQOm5O8O+6PV7A5BKRx/G+eT/8t7bxfSkqlxgOY/wmA/X7osvW7n
q9tdwvZ0k6bqTaVQCFNeFt8kz2ceLSjVNstdlNdP0LxEWFUkvzYKF0mVIeCaF2g5
OJWWcI7mLJ+KI+U2qTA+9YUHzfQqnUZoNTwlPWzHqQUbrdzyUC+XXP1Py4H6EHM6
28NCgZs3qMdit8GK18/KL7UM1VXL40EhNdY9InVIZfsRkvLkGZ7jmdiSeX4ZpFRT
w7/dnyFg8vOSkCbqoBSurW0N6QIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFLxqos5h
exwOT51h/p3sdH0U7LWKMB8GA1UdIwQYMBaAFO1oymotEqiMx9KWorwr8VGaC1/z
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRTJFMC9CM0U4MTVEQzlF
NDYxMUU1ODhENDYwMTZDNEY5QUUwMi83V2pLYWkwU3FJekgwcGFpdkN2eFVab0xY
X00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzdXakthaTBTcUl6SDBwYWl2Q3Z4VVpvTFhfTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUUyRTAvQjNFODE1REM5RTQ2MTFFNTg4RDQ2MDE2QzRGOUFFMDIvMTRBQThCOTYw
MTE1MTFFRUIxNUZERDJBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJneHgwDQQCAAIwBwMFACQDFgAwDQYJKoZIhvcNAQELBQAD
ggEBAI0NjACT2EH3SyJHDJb799Zbn90l/ta6Se7FsDC3nTXz+bJKUAGOjwhxv+uA
uv65HkEkgR/N1SoxCGH1Pin1dKbnmyznRfbKnCixqSWuoAikvGgudPQSLv2agCFL
Oe3KvYlpJhiMCzxHsJlX/BoLZtg1rKNRxnLkGLIsh6j5Pwe5I6N0yiAU6dQrO2b0
ahAtYyJCbdq+2ankBBTwwKB0izlO9OgccEyJbX3CHavkkwcdUpoVH+0GhXewL6f9
fu6aldtJi8ib2KnVyPqzUIY1ncfH+TCthKveosbMAKVXbiOEsFDaU3+VO79YzeMR
KqgEOF30sf2HS2TkzhdsabEWxhY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:56 2024 by rpki-client on console-fra.rpki-client.org