Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9167F0C/0A58A19A70AB11E98317A57BC4F9AE02/0DFCB3707E1711EA87BC7650C4F9AE02.roa
File: 0DFCB3707E1711EA87BC7650C4F9AE02.roa (raw, json)
Hash identifier: 14fMgzBnPAal3jeeDt7ARDLeXS1yxOKLp2xDxEQHHXM=
Subject key identifier: C6:BC:92:99:2A:5E:26:1F:D4:E1:DB:AD:65:DA:24:C6:08:6A:0C:53
Certificate issuer: /CN=A9167F0C/serialNumber=4E6142BD61B3EB5897CE01E8D45711DA50DCF565
Certificate serial: 08FB
Authority key identifier: 4E:61:42:BD:61:B3:EB:58:97:CE:01:E8:D4:57:11:DA:50:DC:F5:65
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TmFCvWGz61iXzgHo1FcR2lDc9WU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9167F0C/0A58A19A70AB11E98317A57BC4F9AE02/0DFCB3707E1711EA87BC7650C4F9AE02.roa
Signing time: Fri 02 Feb 2024 18:36:42 +0000
ROA not before: Fri 02 Feb 2024 18:36:42 +0000
ROA not after: Fri 31 Jan 2025 00:00:00 +0000
asID: 134995
IP address blocks: 103.204.220.0/22 maxlen: 24
2402:6640::/32 maxlen: 32
2402:6640:5::/48 maxlen: 48
2402:6640:10::/48 maxlen: 48
2402:6640:11::/48 maxlen: 48
2402:6640:17::/48 maxlen: 48
2402:6640:18::/48 maxlen: 48
2402:6640:19::/48 maxlen: 48
2402:6640:20::/48 maxlen: 48
2402:6640:21::/48 maxlen: 48
2402:6640:22::/48 maxlen: 48
2402:6640:23::/48 maxlen: 48
2402:6640:24::/48 maxlen: 48
2402:6640:25::/48 maxlen: 48
2402:6640:26::/48 maxlen: 48
2402:6640:30::/48 maxlen: 48
2402:6640:fce::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2299 (0x8fb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9167F0C/serialNumber=4E6142BD61B3EB5897CE01E8D45711DA50DCF565
Validity
Not Before: Feb 2 18:36:42 2024 GMT
Not After : Jan 31 00:00:00 2025 GMT
Subject: CN=65bd363a-2055
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:d9:83:a9:ba:4f:98:b9:87:5b:94:33:be:dd:
c4:66:6e:60:e1:40:28:a8:f1:f0:e0:13:75:3f:c6:
3e:9d:9f:5c:9b:b4:4a:05:66:ba:42:d4:9a:c8:04:
fc:d7:66:e3:bf:94:b8:86:1b:0e:df:e9:f7:02:99:
3c:96:7a:e7:9b:97:28:a1:cb:72:8b:31:75:b7:05:
2d:e3:05:55:4d:92:f9:89:09:ef:c1:de:57:3d:00:
be:63:e9:05:5a:fc:41:ea:10:aa:7b:8e:da:39:c2:
53:38:1a:a3:18:0c:db:bc:8d:04:d9:95:fe:ff:8c:
4e:51:7a:d9:57:97:84:b5:f3:2d:b2:f8:33:5b:22:
8c:01:10:31:7b:2a:b7:49:c6:43:16:af:b2:77:83:
bb:6a:27:0a:72:00:1e:12:a2:2f:c4:f8:44:40:85:
6e:c5:3a:4e:75:38:25:56:66:74:bf:21:d2:1e:ef:
08:d1:ae:14:54:e9:a4:ac:01:75:e5:a7:d0:27:44:
6a:02:1c:ad:0e:20:a6:e9:a3:d2:1b:76:bd:8c:1a:
10:02:6b:69:10:38:3d:17:c3:bb:29:90:34:e4:da:
9a:79:07:39:71:28:55:bb:48:d4:b4:95:c2:ca:9b:
71:e8:3b:00:97:ff:3d:4d:f0:94:5a:9c:db:7d:87:
f0:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:BC:92:99:2A:5E:26:1F:D4:E1:DB:AD:65:DA:24:C6:08:6A:0C:53
X509v3 Authority Key Identifier:
keyid:4E:61:42:BD:61:B3:EB:58:97:CE:01:E8:D4:57:11:DA:50:DC:F5:65
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9167F0C/0A58A19A70AB11E98317A57BC4F9AE02/TmFCvWGz61iXzgHo1FcR2lDc9WU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TmFCvWGz61iXzgHo1FcR2lDc9WU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9167F0C/0A58A19A70AB11E98317A57BC4F9AE02/0DFCB3707E1711EA87BC7650C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.204.220.0/22
IPv6:
2402:6640::/32
Signature Algorithm: sha256WithRSAEncryption
0d:02:84:d4:ce:8b:d3:83:20:f7:28:1b:c2:a1:02:e2:19:2d:
0f:b7:3c:19:59:c1:d4:a4:ae:cc:1d:3b:fd:46:43:f5:5a:9e:
d7:89:24:a0:f3:bb:a1:b3:1c:10:41:0d:ce:8b:5c:81:ea:2e:
5c:d7:54:8d:28:4b:e9:87:00:ba:81:93:bb:a3:e8:45:4e:dc:
8a:43:0e:04:9e:3b:c1:42:24:b4:1a:21:da:29:96:5a:57:eb:
f9:c4:ae:94:2e:9c:b2:94:2a:da:47:99:e4:d5:9c:0b:54:c9:
bc:a9:3c:09:28:31:c4:2a:13:31:fd:18:79:0c:8a:d0:95:93:
86:5f:8c:b9:95:ce:56:89:b0:37:79:81:28:de:99:eb:21:28:
27:1f:50:91:78:95:e5:de:36:c2:99:ee:33:15:c6:e0:1b:41:
a2:d3:82:44:b2:71:b9:57:ce:df:11:9e:88:ae:0d:bc:75:48:
c0:7c:0d:37:0a:53:8f:bd:b7:1f:c4:a0:9f:c0:94:b5:a3:a0:
0f:75:16:d7:9c:e2:1d:8d:f1:af:5e:fc:6f:6b:ae:83:17:54:
03:37:1a:11:69:57:16:86:ec:62:69:32:68:c6:ee:b3:0f:4e:
6d:59:38:84:48:de:a6:13:c7:d7:d6:80:33:4f:ea:6e:d5:6e:
94:cc:b9:6b
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICCPswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjdGMEMxMTAvBgNVBAUTKDRFNjE0MkJENjFCM0VCNTg5N0NFMDFFOEQ0NTcxMURB
NTBEQ0Y1NjUwHhcNMjQwMjAyMTgzNjQyWhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWJkMzYzYS0yMDU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4tmDqbpPmLmHW5Qzvt3EZm5g4UAoqPHw4BN1P8Y+nZ9cm7RKBWa6QtSayAT8
12bjv5S4hhsO3+n3Apk8lnrnm5cooctyizF1twUt4wVVTZL5iQnvwd5XPQC+Y+kF
WvxB6hCqe47aOcJTOBqjGAzbvI0E2ZX+/4xOUXrZV5eEtfMtsvgzWyKMARAxeyq3
ScZDFq+yd4O7aicKcgAeEqIvxPhEQIVuxTpOdTglVmZ0vyHSHu8I0a4UVOmkrAF1
5afQJ0RqAhytDiCm6aPSG3a9jBoQAmtpEDg9F8O7KZA05NqaeQc5cShVu0jUtJXC
yptx6DsAl/89TfCUWpzbfYfwEwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFMa8kpkq
XiYf1OHbrWXaJMYIagxTMB8GA1UdIwQYMBaAFE5hQr1hs+tYl84B6NRXEdpQ3PVl
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2N0YwQy8wQTU4QTE5QTcw
QUIxMUU5ODMxN0E1N0JDNEY5QUUwMi9UbUZDdldHejYxaVh6Z0hvMUZjUjJsRGM5
V1UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1RtRkN2V0d6NjFpWHpnSG8xRmNSMmxEYzlXVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjdGMEMvMEE1OEExOUE3MEFCMTFFOTgzMTdBNTdCQzRGOUFFMDIvMERGQ0IzNzA3
RTE3MTFFQTg3QkM3NjUwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJnzNwwDQQCAAIwBwMFACQCZkAwDQYJKoZIhvcNAQELBQAD
ggEBAA0ChNTOi9ODIPcoG8KhAuIZLQ+3PBlZwdSkrswdO/1GQ/VanteJJKDzu6Gz
HBBBDc6LXIHqLlzXVI0oS+mHALqBk7uj6EVO3IpDDgSeO8FCJLQaIdopllpX6/nE
rpQunLKUKtpHmeTVnAtUybypPAkoMcQqEzH9GHkMitCVk4ZfjLmVzlaJsDd5gSje
meshKCcfUJF4leXeNsKZ7jMVxuAbQaLTgkSycblXzt8RnoiuDbx1SMB8DTcKU4+9
tx/EoJ/AlLWjoA91Ftec4h2N8a9e/G9rroMXVAM3GhFpVxaG7GJpMmjG7rMPTm1Z
OIRI3qYTx9fWgDNP6m7VbpTMuWs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:19 2024 by rpki-client on console-ams.rpki-client.org