Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A913A69E/FB9FB93A2AE611EAABD56B14C4F9AE02/6CA5D7C61F5211EB8671560EC4F9AE02.roa
File: 6CA5D7C61F5211EB8671560EC4F9AE02.roa (raw, json)
Hash identifier: KzFiqcr1cxG6f/dOijJRhBPQ6Fu36y5voGbCWJciSh8=
Subject key identifier: 73:0D:B5:18:44:75:20:F1:A4:2D:79:EC:5B:13:F8:48:22:84:A5:2E
Certificate issuer: /CN=A913A69E/serialNumber=77EA6FE016651CFB1693416745E9A5BEA4745346
Certificate serial: 0956
Authority key identifier: 77:EA:6F:E0:16:65:1C:FB:16:93:41:67:45:E9:A5:BE:A4:74:53:46
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d-pv4BZlHPsWk0FnRemlvqR0U0Y.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A913A69E/FB9FB93A2AE611EAABD56B14C4F9AE02/6CA5D7C61F5211EB8671560EC4F9AE02.roa
Signing time: Fri 02 Sep 2022 20:56:58 +0000
ROA not before: Fri 02 Sep 2022 20:56:58 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 132222
IP address blocks: 103.71.59.0/24 maxlen: 24
103.112.177.0/24 maxlen: 24
103.112.178.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2390 (0x956)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A913A69E/serialNumber=77EA6FE016651CFB1693416745E9A5BEA4745346
Validity
Not Before: Sep 2 20:56:58 2022 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=63126e1a-735c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:81:57:ae:66:00:69:ff:bf:4a:cb:ca:82:4f:
08:70:e2:08:39:f4:14:ce:25:f9:84:d8:04:2a:0f:
1c:70:f6:5e:db:43:b5:d4:b9:c9:ab:39:9e:da:85:
52:32:42:f9:e6:89:2c:4d:0d:0f:b2:7b:32:de:99:
fc:d8:54:f8:c0:2a:1d:03:ad:6e:b9:38:1e:0c:87:
b3:8a:85:02:7a:b1:8d:dd:4e:9d:49:50:26:b2:ea:
98:3d:13:4d:46:23:aa:65:00:68:d4:63:60:71:6a:
2d:64:54:b0:f6:e1:8f:69:98:1e:2c:5f:62:b8:aa:
da:a8:61:70:0a:56:bf:66:e3:38:18:eb:6f:92:d5:
93:c5:77:68:48:84:e3:6e:e8:10:8e:c7:bd:b5:03:
b0:7e:54:f6:7a:f6:d7:a4:b6:e6:d9:0c:3f:99:e5:
77:85:15:62:0c:1b:13:47:4b:b2:58:89:db:4b:72:
39:37:dd:f7:dc:22:d5:59:5e:c8:d4:6f:30:27:0a:
1e:a1:8f:71:63:81:4a:12:11:ff:d1:5b:73:b7:7b:
89:0d:d3:d0:2f:84:d2:6e:d7:42:b4:2c:0d:42:43:
4f:d7:f7:d5:53:f5:c5:24:e2:c0:05:dd:18:74:03:
80:0d:73:16:7b:57:9e:3e:6d:a3:6c:d9:5a:db:6b:
76:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:0D:B5:18:44:75:20:F1:A4:2D:79:EC:5B:13:F8:48:22:84:A5:2E
X509v3 Authority Key Identifier:
keyid:77:EA:6F:E0:16:65:1C:FB:16:93:41:67:45:E9:A5:BE:A4:74:53:46
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A913A69E/FB9FB93A2AE611EAABD56B14C4F9AE02/d-pv4BZlHPsWk0FnRemlvqR0U0Y.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d-pv4BZlHPsWk0FnRemlvqR0U0Y.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913A69E/FB9FB93A2AE611EAABD56B14C4F9AE02/6CA5D7C61F5211EB8671560EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.71.59.0/24
103.112.177.0-103.112.179.255
Signature Algorithm: sha256WithRSAEncryption
c0:a0:e5:fc:e7:8b:18:5f:47:e3:2f:26:b8:fe:81:38:b7:38:
c0:89:65:cb:3a:24:6b:55:86:e3:3e:99:73:02:2f:98:62:23:
ba:d7:53:ca:6a:25:ab:cd:6e:fa:de:4d:c4:45:dd:6b:dd:13:
9c:e5:59:82:5f:41:d5:5d:22:fa:78:50:6a:e9:d8:af:ed:f7:
00:ac:67:6b:ab:45:14:67:f1:7a:95:b2:d5:ec:d1:58:48:60:
fa:6c:fd:c2:a9:1d:ff:00:db:72:08:59:3e:ea:2e:8c:90:3e:
49:ee:47:07:78:c0:b2:69:0a:7d:4a:75:8a:2d:16:ed:f0:58:
6d:11:e1:59:42:8c:25:3a:8e:86:5b:55:0e:e1:e0:34:7b:74:
90:85:95:41:70:69:fe:79:53:7e:d5:bb:81:81:b6:a5:12:7f:
68:e1:a3:75:e2:a2:90:05:64:1f:b0:c9:8b:77:bf:79:60:4a:
61:9e:e3:77:16:e9:2b:d4:f4:54:b5:ad:1f:8a:18:09:4c:e1:
e5:ff:dc:70:b9:0a:41:91:47:18:28:b8:f9:a2:18:5b:6f:25:
72:b0:3f:a4:bf:c9:c5:94:d9:36:80:79:ca:5b:31:f2:2a:46:
98:76:98:29:d6:fa:88:69:d4:64:99:98:4f:b2:9e:95:8a:8a:
47:c5:b2:a0
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICCVYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0E2OUUxMTAvBgNVBAUTKDc3RUE2RkUwMTY2NTFDRkIxNjkzNDE2NzQ1RTlBNUJF
QTQ3NDUzNDYwHhcNMjIwOTAyMjA1NjU4WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzEyNmUxYS03MzVjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAmYFXrmYAaf+/SsvKgk8IcOIIOfQUziX5hNgEKg8ccPZe20O11LnJqzme2oVS
MkL55oksTQ0Psnsy3pn82FT4wCodA61uuTgeDIezioUCerGN3U6dSVAmsuqYPRNN
RiOqZQBo1GNgcWotZFSw9uGPaZgeLF9iuKraqGFwCla/ZuM4GOtvktWTxXdoSITj
bugQjse9tQOwflT2evbXpLbm2Qw/meV3hRViDBsTR0uyWInbS3I5N9333CLVWV7I
1G8wJwoeoY9xY4FKEhH/0Vtzt3uJDdPQL4TSbtdCtCwNQkNP1/fVU/XFJOLABd0Y
dAOADXMWe1eePm2jbNla22t2FQIDAQABo4ICozCCAp8wHQYDVR0OBBYEFHMNtRhE
dSDxpC157FsT+EgihKUuMB8GA1UdIwQYMBaAFHfqb+AWZRz7FpNBZ0Xppb6kdFNG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzQTY5RS9GQjlGQjkzQTJB
RTYxMUVBQUJENTZCMTRDNEY5QUUwMi9kLXB2NEJabEhQc1drMEZuUmVtbHZxUjBV
MFkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2QtcHY0QlpsSFBzV2swRm5SZW1sdnFSMFUwWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0E2OUUvRkI5RkI5M0EyQUU2MTFFQUFCRDU2QjE0QzRGOUFFMDIvNkNBNUQ3QzYx
RjUyMTFFQjg2NzE1NjBFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQDBABnRzswDAMEAGdwsQMEAmdwsDANBgkqhkiG9w0BAQsFAAOC
AQEAwKDl/OeLGF9H4y8muP6BOLc4wIllyzoka1WG4z6ZcwIvmGIjutdTymolq81u
+t5NxEXda90TnOVZgl9B1V0i+nhQaunYr+33AKxna6tFFGfxepWy1ezRWEhg+mz9
wqkd/wDbcghZPuoujJA+Se5HB3jAsmkKfUp1ii0W7fBYbRHhWUKMJTqOhltVDuHg
NHt0kIWVQXBp/nlTftW7gYG2pRJ/aOGjdeKikAVkH7DJi3e/eWBKYZ7jdxbpK9T0
VLWtH4oYCUzh5f/ccLkKQZFHGCi4+aIYW28lcrA/pL/JxZTZNoB5ylsx8ipGmHaY
Kdb6iGnUZJmYT7KelYqKR8WyoA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:39 2023 by rpki-client on console-fra.rpki-client.org