Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91330D0/98799C6CE20711EAB8A0CB60C4F9AE02/5EB50658E20A11EA92701267C4F9AE02.roa
File: 5EB50658E20A11EA92701267C4F9AE02.roa (raw, json)
Hash identifier: 9+QbnBgbRo8eZoKRW39Si6bh/aHuXGKnWbvy5OwbED0=
Subject key identifier: B2:AC:E1:53:35:3C:3A:5C:1F:85:9B:D3:67:FB:15:9D:FD:38:47:E2
Certificate issuer: /CN=A91330D0/serialNumber=ADD7E9FB956BBEE8F012EDDE954248D9B5D658C6
Certificate serial: 06CC
Authority key identifier: AD:D7:E9:FB:95:6B:BE:E8:F0:12:ED:DE:95:42:48:D9:B5:D6:58:C6
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rdfp-5VrvujwEu3elUJI2bXWWMY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91330D0/98799C6CE20711EAB8A0CB60C4F9AE02/5EB50658E20A11EA92701267C4F9AE02.roa
Signing time: Thu 28 Sep 2023 21:59:06 +0000
ROA not before: Thu 28 Sep 2023 21:59:06 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 140993
IP address blocks: 103.154.156.0/23 maxlen: 23
103.154.156.0/24 maxlen: 24
103.154.157.0/24 maxlen: 24
2407:4dc0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1740 (0x6cc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91330D0/serialNumber=ADD7E9FB956BBEE8F012EDDE954248D9B5D658C6
Validity
Not Before: Sep 28 21:59:06 2023 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=6515f72a-d52f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:c7:60:9a:0f:ac:03:7a:0b:6c:0e:ac:25:3d:
84:b6:8f:af:5b:80:9b:3b:fe:30:d6:b2:69:36:72:
89:3f:60:28:d8:07:61:5b:94:c7:2d:a9:43:b9:c5:
b9:46:e9:34:87:3c:81:c6:f7:a9:29:78:10:74:1b:
78:d9:7e:9d:40:7c:dd:42:34:8e:14:2d:91:aa:73:
19:69:d9:35:66:3d:bc:b5:d6:88:35:a0:ca:5a:50:
01:f9:80:72:83:2a:45:13:59:3b:53:68:92:91:a9:
db:b4:47:6c:85:09:78:66:89:c7:ad:24:04:8d:90:
cd:2f:a6:fa:fd:ff:62:fe:62:84:45:c4:00:88:ac:
aa:1c:96:df:d9:d1:04:84:e0:b9:39:d8:be:9f:f8:
63:cf:6c:bf:85:33:0f:e2:27:e7:f9:5a:4e:13:23:
8d:58:5a:af:b7:70:2e:a5:0e:3c:a7:3c:98:71:40:
d1:f5:a0:6e:9f:08:83:34:db:7a:9b:a3:54:0e:40:
d5:b4:1e:e6:b1:e8:19:c6:ab:21:7f:24:48:61:05:
25:87:7c:e5:72:7f:91:03:ee:f5:c9:c2:4f:ba:39:
94:70:e5:26:ae:a7:58:0d:67:15:09:36:ed:58:87:
c6:02:3d:e1:57:b1:76:7f:d9:f7:0a:82:56:2d:7c:
57:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:AC:E1:53:35:3C:3A:5C:1F:85:9B:D3:67:FB:15:9D:FD:38:47:E2
X509v3 Authority Key Identifier:
keyid:AD:D7:E9:FB:95:6B:BE:E8:F0:12:ED:DE:95:42:48:D9:B5:D6:58:C6
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91330D0/98799C6CE20711EAB8A0CB60C4F9AE02/rdfp-5VrvujwEu3elUJI2bXWWMY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rdfp-5VrvujwEu3elUJI2bXWWMY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91330D0/98799C6CE20711EAB8A0CB60C4F9AE02/5EB50658E20A11EA92701267C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.154.156.0/23
IPv6:
2407:4dc0::/32
Signature Algorithm: sha256WithRSAEncryption
2e:36:d5:66:11:8e:97:43:0b:70:4d:0f:40:94:55:32:0c:00:
ba:ec:e8:c6:ec:cb:6f:b8:92:4c:ee:8d:37:15:06:9d:ab:47:
ac:32:6a:a2:3b:6f:bd:eb:d6:fb:13:cd:46:48:56:23:8d:2d:
f8:38:a3:3a:83:62:29:32:cd:11:58:34:37:fa:c1:02:b3:3c:
1a:7b:c2:de:0c:2d:df:a7:eb:4c:22:5a:91:97:8d:96:cc:18:
ae:21:b4:97:44:57:49:35:7d:f2:e4:63:6d:8c:7a:e0:f5:a0:
b4:20:e0:6c:dd:ce:d4:ab:94:3a:97:10:09:28:08:e3:ee:d2:
d3:d1:45:2b:0d:85:fd:8c:17:03:71:76:85:08:90:05:ed:04:
a7:c1:c3:d0:32:5d:2b:6c:da:b4:10:47:68:e6:bf:ab:8d:94:
6a:97:6e:17:ff:cc:07:16:b5:e5:b7:ba:1b:f7:27:1f:7e:a4:
1e:52:83:76:b8:e6:63:e6:a8:93:8d:be:21:9b:b5:30:33:64:
86:1f:e0:d1:96:64:38:88:e8:90:2d:da:f2:77:50:1c:ae:0b:
dd:42:72:77:4c:cd:fe:fb:3d:ba:c9:c1:4d:ac:15:5c:ca:40:
6f:65:4b:af:ea:86:4d:49:bf:ee:a1:04:39:e8:37:9e:f1:10:
86:4e:8f:ca
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICBswwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzMwRDAxMTAvBgNVBAUTKEFERDdFOUZCOTU2QkJFRThGMDEyRURERTk1NDI0OEQ5
QjVENjU4QzYwHhcNMjMwOTI4MjE1OTA2WhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTE1ZjcyYS1kNTJmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqMdgmg+sA3oLbA6sJT2Eto+vW4CbO/4w1rJpNnKJP2Ao2AdhW5THLalDucW5
Ruk0hzyBxvepKXgQdBt42X6dQHzdQjSOFC2RqnMZadk1Zj28tdaINaDKWlAB+YBy
gypFE1k7U2iSkanbtEdshQl4ZonHrSQEjZDNL6b6/f9i/mKERcQAiKyqHJbf2dEE
hOC5Odi+n/hjz2y/hTMP4ifn+VpOEyONWFqvt3AupQ48pzyYcUDR9aBunwiDNNt6
m6NUDkDVtB7msegZxqshfyRIYQUlh3zlcn+RA+71ycJPujmUcOUmrqdYDWcVCTbt
WIfGAj3hV7F2f9n3CoJWLXxXKQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFLKs4VM1
PDpcH4Wb02f7FZ39OEfiMB8GA1UdIwQYMBaAFK3X6fuVa77o8BLt3pVCSNm11ljG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzMzBEMC85ODc5OUM2Q0Uy
MDcxMUVBQjhBMENCNjBDNEY5QUUwMi9yZGZwLTVWcnZ1andFdTNlbFVKSTJiWFdX
TVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JkZnAtNVZydnVqd0V1M2VsVUpJMmJYV1dNWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzMwRDAvOTg3OTlDNkNFMjA3MTFFQUI4QTBDQjYwQzRGOUFFMDIvNUVCNTA2NThF
MjBBMTFFQTkyNzAxMjY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAFnmpwwDQQCAAIwBwMFACQHTcAwDQYJKoZIhvcNAQELBQAD
ggEBAC421WYRjpdDC3BND0CUVTIMALrs6Mbsy2+4kkzujTcVBp2rR6wyaqI7b73r
1vsTzUZIViONLfg4ozqDYikyzRFYNDf6wQKzPBp7wt4MLd+n60wiWpGXjZbMGK4h
tJdEV0k1ffLkY22MeuD1oLQg4GzdztSrlDqXEAkoCOPu0tPRRSsNhf2MFwNxdoUI
kAXtBKfBw9AyXSts2rQQR2jmv6uNlGqXbhf/zAcWteW3uhv3Jx9+pB5Sg3a45mPm
qJONviGbtTAzZIYf4NGWZDiI6JAt2vJ3UByuC91CcndMzf77PbrJwU2sFVzKQG9l
S6/qhk1Jv+6hBDnoN57xEIZOj8o=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:58 2024 by rpki-client on console-fra.rpki-client.org