Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9129FD1/F85C25E2651F11EABB632C6DC4F9AE02/99DD3300109C11ED9A334268C4F9AE02.roa
File: 99DD3300109C11ED9A334268C4F9AE02.roa (raw, json)
Hash identifier: HsYu+swn6xjovd9LqLX8n/rLOWDtDzcpmwFwa0wyVPc=
Subject key identifier: 11:ED:C3:8C:F5:83:88:65:5E:08:C3:D0:79:1C:CF:F6:BD:68:01:8C
Certificate issuer: /CN=A9129FD1/serialNumber=6C6989AF18EEAFDE0CAF2EEBB514883C75ED4456
Certificate serial: 08ED
Authority key identifier: 6C:69:89:AF:18:EE:AF:DE:0C:AF:2E:EB:B5:14:88:3C:75:ED:44:56
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bGmJrxjur94Mry7rtRSIPHXtRFY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9129FD1/F85C25E2651F11EABB632C6DC4F9AE02/99DD3300109C11ED9A334268C4F9AE02.roa
Signing time: Fri 26 May 2023 22:03:17 +0000
ROA not before: Fri 26 May 2023 22:03:17 +0000
ROA not after: Tue 30 Jul 2024 00:00:00 +0000
asID: 136516
IP address blocks: 103.91.146.0/24 maxlen: 24
103.91.147.0/24 maxlen: 24
2403:6640::/32 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2285 (0x8ed)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9129FD1/serialNumber=6C6989AF18EEAFDE0CAF2EEBB514883C75ED4456
Validity
Not Before: May 26 22:03:17 2023 GMT
Not After : Jul 30 00:00:00 2024 GMT
Subject: CN=64712ca4-3886
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:15:2f:f7:46:81:b7:82:28:51:50:94:8c:fd:
1e:85:21:ef:ba:a3:de:f6:f4:2b:c4:56:ad:cb:d9:
8b:ab:45:d8:ae:76:da:d3:19:95:82:2d:8c:0a:e0:
05:1e:42:44:95:b5:aa:78:b3:e9:32:de:0c:ce:d2:
4e:9e:ad:e6:f9:e4:1b:ec:03:10:8d:46:bd:9f:bc:
64:67:c6:82:10:49:25:98:bd:cf:cd:26:1b:af:4e:
16:58:5e:5d:e9:ab:fa:0c:b0:94:34:06:a7:41:bf:
55:44:06:44:a5:f3:c0:98:8d:77:0e:36:a0:f1:7f:
9c:f4:a0:5e:98:77:a0:89:8b:d8:b1:83:64:23:40:
e4:68:01:a8:df:89:ac:8f:58:54:22:9b:d4:26:1b:
79:fc:6f:0c:e0:c3:bb:17:c7:b2:59:f4:93:f0:8e:
75:97:00:12:af:b2:03:c5:45:31:9e:73:33:eb:5d:
03:10:bc:7c:bf:c5:8d:b7:cd:bc:ff:ab:90:36:f8:
6c:7b:67:62:ea:28:0a:be:bc:62:58:86:d2:78:99:
2a:66:95:71:85:3f:05:b6:02:12:d7:4e:fb:f7:a4:
df:ef:e2:ba:3f:9b:89:08:80:11:a8:94:45:89:f5:
87:2c:ba:cf:63:c8:3b:c4:63:2d:1e:73:12:a3:f0:
24:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:ED:C3:8C:F5:83:88:65:5E:08:C3:D0:79:1C:CF:F6:BD:68:01:8C
X509v3 Authority Key Identifier:
keyid:6C:69:89:AF:18:EE:AF:DE:0C:AF:2E:EB:B5:14:88:3C:75:ED:44:56
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9129FD1/F85C25E2651F11EABB632C6DC4F9AE02/bGmJrxjur94Mry7rtRSIPHXtRFY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bGmJrxjur94Mry7rtRSIPHXtRFY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9129FD1/F85C25E2651F11EABB632C6DC4F9AE02/99DD3300109C11ED9A334268C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.91.146.0/23
IPv6:
2403:6640::/32
Signature Algorithm: sha256WithRSAEncryption
29:65:54:9b:bb:ab:8f:a3:e1:94:aa:b2:83:6c:54:3a:8e:59:
12:b4:67:29:19:af:d6:1d:ae:2c:19:fa:c4:40:70:9f:e4:98:
a1:05:7a:8e:a0:e0:f0:2c:7c:62:6b:80:db:49:c0:c2:70:80:
bd:c3:f2:e8:22:4c:fc:6f:cf:8a:16:49:49:69:ee:c2:4d:af:
e4:07:71:9e:39:66:a6:8f:55:ba:2b:b4:92:ca:4f:6d:59:8a:
7a:47:38:c1:6f:9a:ec:77:62:c9:79:da:91:b7:15:e3:0a:cc:
8c:3d:53:b2:4b:aa:a6:9d:c0:0a:3a:b2:1c:32:05:35:dc:43:
03:d4:71:15:b0:0f:67:28:b2:33:a4:b2:e1:61:bf:f5:41:98:
7c:e8:04:3c:ea:38:75:c0:b6:93:58:73:8b:8e:6f:92:e3:f4:
b8:41:c1:fe:f3:ff:e8:6f:df:04:8d:0f:de:ab:fb:ea:d1:c7:
83:ba:34:c2:42:41:b0:56:51:14:48:49:41:29:bc:22:1b:20:
db:52:65:72:d5:d9:9f:d3:63:6a:29:54:89:44:e6:25:67:49:
b0:95:cf:77:5e:74:6f:79:a7:b8:ec:f2:4f:26:33:9b:31:1d:
14:9f:63:70:71:6d:d5:56:da:25:cc:0c:0a:05:c1:6d:07:4e:
e5:aa:2b:3a
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICCO0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjlGRDExMTAvBgNVBAUTKDZDNjk4OUFGMThFRUFGREUwQ0FGMkVFQkI1MTQ4ODND
NzVFRDQ0NTYwHhcNMjMwNTI2MjIwMzE3WhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDcxMmNhNC0zODg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3RUv90aBt4IoUVCUjP0ehSHvuqPe9vQrxFaty9mLq0XYrnba0xmVgi2MCuAF
HkJElbWqeLPpMt4MztJOnq3m+eQb7AMQjUa9n7xkZ8aCEEklmL3PzSYbr04WWF5d
6av6DLCUNAanQb9VRAZEpfPAmI13Djag8X+c9KBemHegiYvYsYNkI0DkaAGo34ms
j1hUIpvUJht5/G8M4MO7F8eyWfST8I51lwASr7IDxUUxnnMz610DELx8v8WNt828
/6uQNvhse2di6igKvrxiWIbSeJkqZpVxhT8FtgIS107796Tf7+K6P5uJCIARqJRF
ifWHLLrPY8g7xGMtHnMSo/AkhwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFBHtw4z1
g4hlXgjD0Hkcz/a9aAGMMB8GA1UdIwQYMBaAFGxpia8Y7q/eDK8u67UUiDx17URW
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyOUZEMS9GODVDMjVFMjY1
MUYxMUVBQkI2MzJDNkRDNEY5QUUwMi9iR21KcnhqdXI5NE1yeTdydFJTSVBIWHRS
RlkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2JHbUpyeGp1cjk0TXJ5N3J0UlNJUEhYdFJGWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjlGRDEvRjg1QzI1RTI2NTFGMTFFQUJCNjMyQzZEQzRGOUFFMDIvOTlERDMzMDAx
MDlDMTFFRDlBMzM0MjY4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAFnW5IwDQQCAAIwBwMFACQDZkAwDQYJKoZIhvcNAQELBQAD
ggEBACllVJu7q4+j4ZSqsoNsVDqOWRK0ZykZr9YdriwZ+sRAcJ/kmKEFeo6g4PAs
fGJrgNtJwMJwgL3D8ugiTPxvz4oWSUlp7sJNr+QHcZ45ZqaPVbortJLKT21ZinpH
OMFvmux3Ysl52pG3FeMKzIw9U7JLqqadwAo6shwyBTXcQwPUcRWwD2cosjOksuFh
v/VBmHzoBDzqOHXAtpNYc4uOb5Lj9LhBwf7z/+hv3wSND96r++rRx4O6NMJCQbBW
URRISUEpvCIbINtSZXLV2Z/TY2opVIlE5iVnSbCVz3dedG95p7js8k8mM5sxHRSf
Y3BxbdVW2iXMDAoFwW0HTuWqKzo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:49 2024 by rpki-client on console-ams.rpki-client.org