Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91427AF/579A8BC0686011E8AAB1251FC4F9AE02/7DE59B3C9E0C11EBB172D741C4F9AE02.roa
File: 7DE59B3C9E0C11EBB172D741C4F9AE02.roa (raw, json)
Hash identifier: vvHpCkCD72nNuM6iJmJCoxuCbV5eA1307xWuhkd4toA=
Subject key identifier: 64:4B:5E:DF:46:5B:C9:36:D2:87:E6:59:C8:77:72:60:EE:BE:A0:61
Certificate issuer: /CN=A91427AF/serialNumber=D80FA9FA841255D5BDA72E52EC04FDFED7FE2D5B
Certificate serial: 0F0A
Authority key identifier: D8:0F:A9:FA:84:12:55:D5:BD:A7:2E:52:EC:04:FD:FE:D7:FE:2D:5B
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2A-p-oQSVdW9py5S7AT9_tf-LVs.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91427AF/579A8BC0686011E8AAB1251FC4F9AE02/7DE59B3C9E0C11EBB172D741C4F9AE02.roa
Signing time: Thu 01 Jul 2021 18:04:06 +0000
ROA not before: Thu 01 Jul 2021 18:04:06 +0000
ROA not after: Wed 31 Aug 2022 00:00:00 +0000
asID: 131477
IP address blocks: 103.116.72.0/24 maxlen: 24
103.116.74.0/23 maxlen: 24
182.255.33.0/24 maxlen: 24
2402:f740:1000::/36 maxlen: 36
2402:f740:1000::/44 maxlen: 44
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3850 (0xf0a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91427AF/serialNumber=D80FA9FA841255D5BDA72E52EC04FDFED7FE2D5B
Validity
Not Before: Jul 1 18:04:06 2021 GMT
Not After : Aug 31 00:00:00 2022 GMT
Subject: CN=60de0396-5b2e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:89:59:a3:25:ac:60:68:e0:ed:44:9c:86:78:
a2:9a:c1:bd:94:ac:84:d2:59:32:fa:f7:ed:30:cc:
05:f7:02:85:a8:b9:56:7e:d8:02:f2:7c:cd:70:96:
d2:c5:2d:c9:7f:fb:48:fd:ef:33:64:4f:fb:3a:21:
9c:75:a4:4d:e1:da:45:b9:b3:a7:c7:12:6a:48:2f:
c9:ad:47:85:9e:60:62:2c:33:93:e3:58:27:58:a9:
49:d4:44:34:cd:d9:42:d5:50:db:63:d2:53:73:06:
eb:db:5a:ff:18:3c:95:7d:97:40:b1:43:b3:31:ee:
f5:fd:85:85:31:71:03:bd:a7:ac:51:07:b6:f7:e3:
f6:67:36:f7:66:e0:04:fe:9e:15:11:c9:8c:1d:77:
ce:98:5d:61:13:88:99:33:f9:f1:4a:51:63:99:bd:
e3:9c:06:98:35:c7:58:5b:60:86:3a:2c:2b:f3:5c:
10:c8:d8:35:53:c8:dc:11:2f:ac:21:4e:da:1e:98:
54:1e:4f:be:2b:4b:c9:8f:cb:fa:cb:58:58:41:84:
b5:4e:f2:ab:46:fc:6b:ba:f4:9f:40:10:cc:11:3a:
d4:b8:a9:41:92:4f:60:12:e4:91:59:be:c9:6b:90:
8c:9a:33:f1:dd:96:be:69:b2:d0:6c:04:32:bf:34:
20:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:4B:5E:DF:46:5B:C9:36:D2:87:E6:59:C8:77:72:60:EE:BE:A0:61
X509v3 Authority Key Identifier:
keyid:D8:0F:A9:FA:84:12:55:D5:BD:A7:2E:52:EC:04:FD:FE:D7:FE:2D:5B
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91427AF/579A8BC0686011E8AAB1251FC4F9AE02/2A-p-oQSVdW9py5S7AT9_tf-LVs.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2A-p-oQSVdW9py5S7AT9_tf-LVs.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91427AF/579A8BC0686011E8AAB1251FC4F9AE02/7DE59B3C9E0C11EBB172D741C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.116.72.0/24
103.116.74.0/23
182.255.33.0/24
IPv6:
2402:f740:1000::/36
Signature Algorithm: sha256WithRSAEncryption
a8:c2:ae:d9:f2:42:29:0d:a3:27:96:7b:75:6a:42:c8:ba:09:
21:7f:c6:43:49:f8:61:1c:71:41:e0:3a:d9:1b:4c:5f:5d:89:
26:54:2a:17:c7:c9:60:27:31:e2:ba:ed:0a:a1:26:09:91:d2:
b2:e7:42:40:11:83:ab:22:ff:1f:d5:d5:ab:19:7d:00:19:e5:
77:1c:9c:09:b2:03:09:4b:b8:bb:c8:88:f4:1f:21:5e:41:e3:
16:aa:19:a8:b5:44:f7:d9:a8:e3:2b:08:95:bd:19:9c:9f:39:
e0:f5:1c:24:38:aa:4b:c8:d8:60:33:0e:5b:c6:a6:2e:29:1c:
89:98:04:34:63:77:65:0b:14:f5:c2:ad:0e:0a:3e:50:db:e9:
e1:7d:d6:b6:ef:05:cd:a1:63:45:a3:14:af:4f:75:f2:94:c8:
bb:6c:c9:12:a0:89:49:cc:63:9e:2c:5d:f7:84:c9:79:4c:5a:
95:a1:36:3d:8e:05:43:9a:4c:95:de:ab:0e:ff:61:2e:d0:18:
a5:b0:5a:45:5c:b0:46:14:f5:d7:0c:23:c0:10:c3:c8:b9:18:
28:b2:6a:91:11:40:01:0a:71:53:31:c8:cd:e8:ac:03:70:0c:
e8:0d:b2:04:8c:8c:91:08:5c:22:f4:19:30:64:d2:9e:8b:f7:
be:6e:d2:3b
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgICDwowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDI3QUYxMTAvBgNVBAUTKEQ4MEZBOUZBODQxMjU1RDVCREE3MkU1MkVDMDRGREZF
RDdGRTJENUIwHhcNMjEwNzAxMTgwNDA2WhcNMjIwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MGRlMDM5Ni01YjJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAz4lZoyWsYGjg7USchniimsG9lKyE0lky+vftMMwF9wKFqLlWftgC8nzNcJbS
xS3Jf/tI/e8zZE/7OiGcdaRN4dpFubOnxxJqSC/JrUeFnmBiLDOT41gnWKlJ1EQ0
zdlC1VDbY9JTcwbr21r/GDyVfZdAsUOzMe71/YWFMXEDvaesUQe29+P2Zzb3ZuAE
/p4VEcmMHXfOmF1hE4iZM/nxSlFjmb3jnAaYNcdYW2CGOiwr81wQyNg1U8jcES+s
IU7aHphUHk++K0vJj8v6y1hYQYS1TvKrRvxruvSfQBDMETrUuKlBkk9gEuSRWb7J
a5CMmjPx3Za+abLQbAQyvzQgMwIDAQABo4ICsTCCAq0wHQYDVR0OBBYEFGRLXt9G
W8k20ofmWch3cmDuvqBhMB8GA1UdIwQYMBaAFNgPqfqEElXVvacuUuwE/f7X/i1b
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MjdBRi81NzlBOEJDMDY4
NjAxMUU4QUFCMTI1MUZDNEY5QUUwMi8yQS1wLW9RU1ZkVzlweTVTN0FUOV90Zi1M
VnMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzJBLXAtb1FTVmRXOXB5NVM3QVQ5X3RmLUxWcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDI3QUYvNTc5QThCQzA2ODYwMTFFOEFBQjEyNTFGQzRGOUFFMDIvN0RFNTlCM0M5
RTBDMTFFQkIxNzJENzQxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOwYIKwYBBQUHAQcBAf8E
LDAqMBgEAgABMBIDBABndEgDBAFndEoDBAC2/yEwDgQCAAIwCAMGBCQC90AQMA0G
CSqGSIb3DQEBCwUAA4IBAQCowq7Z8kIpDaMnlnt1akLIugkhf8ZDSfhhHHFB4DrZ
G0xfXYkmVCoXx8lgJzHiuu0KoSYJkdKy50JAEYOrIv8f1dWrGX0AGeV3HJwJsgMJ
S7i7yIj0HyFeQeMWqhmotUT32ajjKwiVvRmcnzng9RwkOKpLyNhgMw5bxqYuKRyJ
mAQ0Y3dlCxT1wq0OCj5Q2+nhfda27wXNoWNFoxSvT3XylMi7bMkSoIlJzGOeLF33
hMl5TFqVoTY9jgVDmkyV3qsO/2Eu0BilsFpFXLBGFPXXDCPAEMPIuRgosmqREUAB
CnFTMcjN6KwDcAzoDbIEjIyRCFwi9BkwZNKei/e+btI7
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:04 2024 by rpki-client on console-fra.rpki-client.org