Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9164BA0/DBA4F336C79E11E8A3621C4BC4F9AE02/69533790F6FE11E89F2D1A36C4F9AE02.roa
File: 69533790F6FE11E89F2D1A36C4F9AE02.roa (raw, json)
Hash identifier: fIK54GzzFJMGDPtLhvoWQY1aQ9TFTdyjTUzg3++1an4=
Subject key identifier: 46:6C:13:A8:15:57:31:5D:D6:F6:B5:45:04:2F:A8:E2:FF:E4:55:E3
Certificate issuer: /CN=A9164BA0/serialNumber=208D4614D0975D55E3A618CAE7176C5657CBBD57
Certificate serial: 1177
Authority key identifier: 20:8D:46:14:D0:97:5D:55:E3:A6:18:CA:E7:17:6C:56:57:CB:BD:57
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/II1GFNCXXVXjphjK5xdsVlfLvVc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9164BA0/DBA4F336C79E11E8A3621C4BC4F9AE02/69533790F6FE11E89F2D1A36C4F9AE02.roa
Signing time: Tue 31 Oct 2023 18:05:08 +0000
ROA not before: Tue 31 Oct 2023 18:05:08 +0000
ROA not after: Mon 30 Dec 2024 00:00:00 +0000
asID: 138329
IP address blocks: 103.123.220.0/22 maxlen: 24
2403:ab40::/32 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4471 (0x1177)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9164BA0/serialNumber=208D4614D0975D55E3A618CAE7176C5657CBBD57
Validity
Not Before: Oct 31 18:05:08 2023 GMT
Not After : Dec 30 00:00:00 2024 GMT
Subject: CN=654141d4-d7ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:85:72:9b:81:dc:3f:ca:19:1c:bb:2b:78:5b:
7d:c3:a2:3e:35:df:f9:4b:f6:d3:33:8a:91:f5:b9:
54:d3:e2:34:83:a1:ac:e1:3b:9e:40:b6:c2:01:09:
d8:46:f6:25:5e:8c:15:6d:d5:5d:5f:ff:dc:37:81:
0e:11:bf:fd:05:61:9d:54:0a:df:2a:83:7c:e4:66:
ef:40:e4:54:f1:85:52:61:3e:cd:4d:2c:6e:49:df:
8d:34:9d:7b:ac:25:92:3d:f4:20:f8:c4:6b:37:98:
da:f7:94:7c:a1:a1:16:9a:ce:96:59:54:26:31:17:
ac:b4:24:bd:fc:ee:61:09:8f:11:92:0e:da:23:7f:
74:31:05:d4:a1:81:99:c7:1c:8c:61:5e:a5:60:18:
76:37:57:c8:6f:44:5f:d7:1e:bd:82:83:49:ad:15:
de:cc:dd:80:0d:fc:3f:56:f9:4f:70:4b:5e:08:ad:
1b:a3:41:9d:e5:bb:4b:ba:49:5c:5b:98:aa:3e:e9:
0d:27:ed:0e:ef:72:e1:1e:c1:1e:60:49:73:4d:d4:
29:ad:a0:d6:de:df:23:ba:80:b1:48:23:89:bc:6a:
cc:b1:69:c5:e6:34:db:de:11:3c:54:18:44:40:01:
e6:09:3a:ff:8a:76:83:6f:2e:27:3a:73:74:26:df:
fa:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:6C:13:A8:15:57:31:5D:D6:F6:B5:45:04:2F:A8:E2:FF:E4:55:E3
X509v3 Authority Key Identifier:
keyid:20:8D:46:14:D0:97:5D:55:E3:A6:18:CA:E7:17:6C:56:57:CB:BD:57
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9164BA0/DBA4F336C79E11E8A3621C4BC4F9AE02/II1GFNCXXVXjphjK5xdsVlfLvVc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/II1GFNCXXVXjphjK5xdsVlfLvVc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9164BA0/DBA4F336C79E11E8A3621C4BC4F9AE02/69533790F6FE11E89F2D1A36C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.123.220.0/22
IPv6:
2403:ab40::/32
Signature Algorithm: sha256WithRSAEncryption
52:cc:30:f9:da:1d:ff:b7:7c:56:2f:fa:43:11:43:0b:46:09:
84:b2:bc:18:ea:e1:ab:2a:38:84:0f:91:64:63:08:b8:ba:ac:
95:b8:cf:dc:26:08:a7:f5:dc:30:ba:0b:d6:e0:dc:dc:ef:e2:
ab:8c:6c:41:7f:1c:21:e0:48:0d:6d:f5:77:8e:22:7b:50:53:
51:fe:9b:dc:31:32:e8:bc:70:25:73:c6:ab:e1:fd:9a:02:9f:
11:47:bc:33:b7:f8:f4:71:40:5b:e7:f4:34:d9:1f:07:ad:8d:
84:cb:2b:5a:54:06:52:97:3a:e8:0e:a1:69:90:d0:78:9d:b0:
42:07:4d:c8:12:5c:c7:4f:b9:88:a6:1b:3e:5f:b4:22:49:42:
55:2e:cf:13:9d:67:79:6f:5b:65:ad:47:3a:98:2b:e5:83:ae:
78:67:f7:af:28:18:92:e8:da:cf:e3:4a:2c:c8:fe:b7:f2:59:
24:81:cb:46:10:1e:00:4e:a2:18:6c:61:59:4c:dc:47:75:15:
68:13:d3:1c:77:8e:bc:76:3f:0b:8d:36:29:ef:32:04:37:12:
d0:d7:d0:db:4c:74:29:9b:44:40:a6:80:9b:d0:99:47:86:ee:
06:ef:f1:51:99:c9:44:e0:67:92:3c:31:2b:50:2d:c5:68:f1:
d2:58:ef:41
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICEXcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjRCQTAxMTAvBgNVBAUTKDIwOEQ0NjE0RDA5NzVENTVFM0E2MThDQUU3MTc2QzU2
NTdDQkJENTcwHhcNMjMxMDMxMTgwNTA4WhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTQxNDFkNC1kN2VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4YVym4HcP8oZHLsreFt9w6I+Nd/5S/bTM4qR9blU0+I0g6Gs4TueQLbCAQnY
RvYlXowVbdVdX//cN4EOEb/9BWGdVArfKoN85GbvQORU8YVSYT7NTSxuSd+NNJ17
rCWSPfQg+MRrN5ja95R8oaEWms6WWVQmMRestCS9/O5hCY8Rkg7aI390MQXUoYGZ
xxyMYV6lYBh2N1fIb0Rf1x69goNJrRXezN2ADfw/VvlPcEteCK0bo0Gd5btLuklc
W5iqPukNJ+0O73LhHsEeYElzTdQpraDW3t8juoCxSCOJvGrMsWnF5jTb3hE8VBhE
QAHmCTr/inaDby4nOnN0Jt/6/QIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFEZsE6gV
VzFd1va1RQQvqOL/5FXjMB8GA1UdIwQYMBaAFCCNRhTQl11V46YYyucXbFZXy71X
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2NEJBMC9EQkE0RjMzNkM3
OUUxMUU4QTM2MjFDNEJDNEY5QUUwMi9JSTFHRk5DWFhWWGpwaGpLNXhkc1ZsZkx2
VmMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0lJMUdGTkNYWFZYanBoaks1eGRzVmxmTHZWYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjRCQTAvREJBNEYzMzZDNzlFMTFFOEEzNjIxQzRCQzRGOUFFMDIvNjk1MzM3OTBG
NkZFMTFFODlGMkQxQTM2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJne9wwDQQCAAIwBwMFACQDq0AwDQYJKoZIhvcNAQELBQAD
ggEBAFLMMPnaHf+3fFYv+kMRQwtGCYSyvBjq4asqOIQPkWRjCLi6rJW4z9wmCKf1
3DC6C9bg3Nzv4quMbEF/HCHgSA1t9XeOIntQU1H+m9wxMui8cCVzxqvh/ZoCnxFH
vDO3+PRxQFvn9DTZHwetjYTLK1pUBlKXOugOoWmQ0HidsEIHTcgSXMdPuYimGz5f
tCJJQlUuzxOdZ3lvW2WtRzqYK+WDrnhn968oGJLo2s/jSizI/rfyWSSBy0YQHgBO
ohhsYVlM3Ed1FWgT0xx3jrx2PwuNNinvMgQ3EtDX0NtMdCmbRECmgJvQmUeG7gbv
8VGZyUTgZ5I8MStQLcVo8dJY70E=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:09 2024 by rpki-client on console-ams.rpki-client.org