Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9161DF8/26E53114550611ED9506C045C4F9AE02/CFD7B976A5D411EDAFFC8B1AC4F9AE02.roa
File: CFD7B976A5D411EDAFFC8B1AC4F9AE02.roa (raw, json)
Hash identifier: wtmWihibSmrOmc0RRxVfcHfOxwIXkMA0ueK5MiwGK5M=
Subject key identifier: DB:75:9C:13:77:0F:6C:BD:1F:D3:65:3B:E5:EA:88:FD:25:14:AF:4D
Certificate issuer: /CN=A9161DF8/serialNumber=3FBC3AF43102CEDA4FA0F7FA9BD91B2D65346D6E
Certificate serial: 55
Authority key identifier: 3F:BC:3A:F4:31:02:CE:DA:4F:A0:F7:FA:9B:D9:1B:2D:65:34:6D:6E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/P7w69DECztpPoPf6m9kbLWU0bW4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9161DF8/26E53114550611ED9506C045C4F9AE02/CFD7B976A5D411EDAFFC8B1AC4F9AE02.roa
Signing time: Mon 06 Feb 2023 04:14:56 +0000
ROA not before: Mon 06 Feb 2023 04:14:56 +0000
ROA not after: Sat 30 Dec 2023 00:00:00 +0000
asID: 150311
IP address blocks: 103.250.28.0/24 maxlen: 24
103.250.29.0/24 maxlen: 24
2001:df1:4540::/48 maxlen: 48
2400:caa0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 85 (0x55)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9161DF8/serialNumber=3FBC3AF43102CEDA4FA0F7FA9BD91B2D65346D6E
Validity
Not Before: Feb 6 04:14:56 2023 GMT
Not After : Dec 30 00:00:00 2023 GMT
Subject: CN=63e07ec0-ff3a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:e2:58:5c:17:e6:c7:3e:74:f8:27:bd:6b:c9:
f9:d7:80:92:56:b5:68:1a:a4:3e:63:c5:20:c5:e7:
32:0c:e6:47:7f:a9:7f:60:1b:f3:d7:08:ed:fc:7d:
5e:d4:f9:0c:4d:59:1c:3b:85:ce:a5:90:de:ce:f7:
88:b8:95:58:63:20:3c:41:4c:14:c8:78:ba:3a:83:
ae:16:f9:59:b9:e7:7e:dd:87:76:52:87:d0:ec:a6:
1f:14:bf:84:e0:86:86:c1:d4:5e:8e:0b:50:aa:49:
c7:31:dd:0c:be:89:bb:a9:a2:86:42:fe:71:2c:c8:
81:6b:c2:12:a0:f6:14:9c:86:3c:9a:44:a0:f5:04:
ed:03:2b:8f:5a:a8:fc:fa:86:0d:83:d0:be:93:2a:
2f:c2:b1:dc:e2:fc:e8:54:b3:f8:10:01:73:40:44:
b6:ba:1b:fc:d4:ac:9c:67:05:7f:63:af:26:e8:b0:
f8:b8:67:31:38:c1:85:ee:3e:eb:ba:5e:3f:00:28:
cb:da:33:63:0e:c7:a0:44:29:b0:ce:6a:8d:61:bf:
a8:66:8a:24:e8:55:64:ca:42:4a:a6:97:c4:b7:68:
60:cb:cf:e2:f9:f3:a3:5a:ab:cc:11:82:ae:6c:2a:
2d:ce:3a:b7:d6:9e:18:e4:23:4d:29:d7:6d:43:ec:
77:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:75:9C:13:77:0F:6C:BD:1F:D3:65:3B:E5:EA:88:FD:25:14:AF:4D
X509v3 Authority Key Identifier:
keyid:3F:BC:3A:F4:31:02:CE:DA:4F:A0:F7:FA:9B:D9:1B:2D:65:34:6D:6E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9161DF8/26E53114550611ED9506C045C4F9AE02/P7w69DECztpPoPf6m9kbLWU0bW4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/P7w69DECztpPoPf6m9kbLWU0bW4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9161DF8/26E53114550611ED9506C045C4F9AE02/CFD7B976A5D411EDAFFC8B1AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.250.28.0/23
IPv6:
2001:df1:4540::/48
2400:caa0::/32
Signature Algorithm: sha256WithRSAEncryption
47:c9:b2:f3:fe:f9:d9:95:69:b7:ab:29:4e:5a:cf:e0:06:c4:
bb:b3:57:7c:08:1a:0b:7c:e1:aa:0c:9a:46:0d:42:87:ef:23:
8a:36:d2:52:d3:39:86:32:bf:5b:09:f5:e6:88:3c:87:96:68:
9a:52:e8:f1:48:14:13:89:63:26:47:a5:8c:4e:b7:23:8d:8f:
26:ed:14:9e:53:44:ab:16:a8:cc:60:6a:3d:0d:e5:a3:e4:be:
bc:66:eb:b3:00:15:6d:9c:0e:70:44:b6:99:94:ba:3e:90:45:
d1:6a:6f:90:65:41:4f:f7:a6:7d:89:58:bf:9f:c6:a2:83:fe:
96:6b:04:dc:2c:48:e5:bf:00:bf:a6:6e:a8:c1:93:27:30:f2:
69:9e:1a:8b:dd:8d:32:52:d5:35:29:95:d0:7c:68:58:56:bd:
eb:81:58:ad:20:69:bb:06:2e:15:45:85:c0:32:23:5a:56:62:
b1:aa:1f:0b:d8:70:91:46:3d:6a:ef:e4:9f:81:00:c7:f8:c7:
05:74:3e:91:30:ff:20:8d:1e:ef:c6:5e:0b:ed:7e:f5:80:0c:
2a:1a:05:45:91:0c:df:9b:73:16:b2:a8:d1:f5:3c:ef:f4:b7:
53:21:9f:f1:f4:25:e7:f3:4d:47:89:3d:ad:c5:bf:5e:a3:13:
95:0c:93:f5
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgIBVTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE2
MURGODExMC8GA1UEBRMoM0ZCQzNBRjQzMTAyQ0VEQTRGQTBGN0ZBOUJEOTFCMkQ2
NTM0NkQ2RTAeFw0yMzAyMDYwNDE0NTZaFw0yMzEyMzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTYzZTA3ZWMwLWZmM2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDQ4lhcF+bHPnT4J71ryfnXgJJWtWgapD5jxSDF5zIM5kd/qX9gG/PXCO38fV7U
+QxNWRw7hc6lkN7O94i4lVhjIDxBTBTIeLo6g64W+Vm5537dh3ZSh9Dsph8Uv4Tg
hobB1F6OC1CqSccx3Qy+ibupooZC/nEsyIFrwhKg9hSchjyaRKD1BO0DK49aqPz6
hg2D0L6TKi/Csdzi/OhUs/gQAXNARLa6G/zUrJxnBX9jrybosPi4ZzE4wYXuPuu6
Xj8AKMvaM2MOx6BEKbDOao1hv6hmiiToVWTKQkqml8S3aGDLz+L586Naq8wRgq5s
Ki3OOrfWnhjkI00p121D7HdbAgMBAAGjggKtMIICqTAdBgNVHQ4EFgQU23WcE3cP
bL0f02U75eqI/SUUr00wHwYDVR0jBBgwFoAUP7w69DECztpPoPf6m9kbLWU0bW4w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTYxREY4LzI2RTUzMTE0NTUw
NjExRUQ5NTA2QzA0NUM0RjlBRTAyL1A3dzY5REVDenRwUG9QZjZtOWtiTFdVMGJX
NC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvUDd3NjlERUN6dHBQb1BmNm05a2JMV1UwYlc0LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2
MURGOC8yNkU1MzExNDU1MDYxMUVEOTUwNkMwNDVDNEY5QUUwMi9DRkQ3Qjk3NkE1
RDQxMUVEQUZGQzhCMUFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA3BggrBgEFBQcBBwEB/wQo
MCYwDAQCAAEwBgMEAWf6HDAWBAIAAjAQAwcAIAEN8UVAAwUAJADKoDANBgkqhkiG
9w0BAQsFAAOCAQEAR8my8/752ZVpt6spTlrP4AbEu7NXfAgaC3zhqgyaRg1Ch+8j
ijbSUtM5hjK/Wwn15og8h5ZomlLo8UgUE4ljJkeljE63I42PJu0UnlNEqxaozGBq
PQ3lo+S+vGbrswAVbZwOcES2mZS6PpBF0WpvkGVBT/emfYlYv5/GooP+lmsE3CxI
5b8Av6ZuqMGTJzDyaZ4ai92NMlLVNSmV0HxoWFa964FYrSBpuwYuFUWFwDIjWlZi
saofC9hwkUY9au/kn4EAx/jHBXQ+kTD/II0e78ZeC+1+9YAMKhoFRZEM35tzFrKo
0fU87/S3UyGf8fQl5/NNR4k9rcW/XqMTlQyT9Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:09 2024 by rpki-client on console-fra.rpki-client.org