Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A916A31E/C1FA082CC8CB11E790A88138C4F9AE02/4811FBBCC9DB11E7BD21BD2BC4F9AE02.roa
File: 4811FBBCC9DB11E7BD21BD2BC4F9AE02.roa (raw, json)
Hash identifier: WvnIK23pqMJEbdZlyP2L3Zy0P++EPNODWcj0Qtt40pA=
Subject key identifier: DC:52:34:B5:48:D9:E3:5D:F8:51:B0:18:04:F9:CE:4A:B3:D4:2E:D4
Certificate issuer: /CN=A916A31E/serialNumber=E1BB1E625DBDEBB3220FF923CD6A11A2CE245196
Certificate serial: 1627
Authority key identifier: E1:BB:1E:62:5D:BD:EB:B3:22:0F:F9:23:CD:6A:11:A2:CE:24:51:96
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4bseYl2967MiD_kjzWoRos4kUZY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A916A31E/C1FA082CC8CB11E790A88138C4F9AE02/4811FBBCC9DB11E7BD21BD2BC4F9AE02.roa
Signing time: Thu 22 Dec 2022 17:34:16 +0000
ROA not before: Thu 22 Dec 2022 17:34:16 +0000
ROA not after: Fri 01 Mar 2024 00:00:00 +0000
asID: 133398
IP address blocks: 103.103.240.0/24 maxlen: 24
103.103.241.0/24 maxlen: 24
2401:f9c0:2600::/40 maxlen: 40
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5671 (0x1627)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A916A31E/serialNumber=E1BB1E625DBDEBB3220FF923CD6A11A2CE245196
Validity
Not Before: Dec 22 17:34:16 2022 GMT
Not After : Mar 1 00:00:00 2024 GMT
Subject: CN=63a49517-5bdc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:8d:ed:43:1f:be:8d:b5:91:f8:39:7f:72:7d:
bd:7b:31:c1:b1:85:f7:cc:70:87:34:90:b2:0f:c6:
cd:67:64:60:cd:18:ae:d9:d0:f0:4e:f2:1c:2c:98:
08:d7:f7:33:97:3d:b9:91:80:41:f3:68:bc:5d:0b:
4a:80:0f:d5:70:6c:6a:a5:db:25:1d:41:7d:4a:8b:
90:a6:e4:1b:f8:20:ff:00:60:c2:61:ff:2f:82:21:
fd:c8:5b:db:62:0f:0a:a0:be:76:59:51:86:92:d5:
b6:eb:36:fd:ae:f3:d6:4a:b3:58:6d:a8:91:01:05:
fb:02:e7:aa:2c:6d:c0:c9:e7:13:64:85:ca:fd:1c:
b8:4d:1e:2d:17:ff:5f:d8:31:87:c4:68:1c:ad:43:
ce:f7:29:9f:7e:73:5a:da:1e:6f:56:7d:ad:3c:7a:
9c:45:ec:6d:55:d1:3b:d2:a6:31:3d:f8:70:ce:1e:
30:af:7b:01:04:89:10:96:89:30:37:21:23:cd:a7:
fa:bc:45:a5:28:d9:be:d3:22:bf:09:a4:cd:1b:c2:
a7:c7:ff:19:20:e3:60:87:bf:fd:49:fe:4e:51:8b:
c7:ae:e0:77:54:f3:af:5d:52:bd:ed:29:85:20:a8:
ca:5a:85:66:34:ba:41:6a:6c:ab:94:83:fc:ec:62:
7b:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:52:34:B5:48:D9:E3:5D:F8:51:B0:18:04:F9:CE:4A:B3:D4:2E:D4
X509v3 Authority Key Identifier:
keyid:E1:BB:1E:62:5D:BD:EB:B3:22:0F:F9:23:CD:6A:11:A2:CE:24:51:96
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A916A31E/C1FA082CC8CB11E790A88138C4F9AE02/4bseYl2967MiD_kjzWoRos4kUZY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4bseYl2967MiD_kjzWoRos4kUZY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916A31E/C1FA082CC8CB11E790A88138C4F9AE02/4811FBBCC9DB11E7BD21BD2BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.103.240.0/23
IPv6:
2401:f9c0:2600::/40
Signature Algorithm: sha256WithRSAEncryption
c1:48:00:c5:a2:ed:bb:c5:24:96:6d:e3:ab:a2:85:21:08:ec:
d9:90:29:2b:b1:9b:b1:7b:90:77:19:09:bf:a3:6f:d4:af:9c:
42:39:ee:47:64:2e:43:69:05:20:70:c7:99:4a:98:ae:3a:95:
97:69:76:6a:8a:db:2f:3a:de:9e:a1:27:29:ac:64:0b:13:0f:
e8:be:f4:fc:72:06:b8:af:69:9a:2c:6c:b0:43:43:62:23:f2:
19:05:03:ea:43:49:4d:61:30:0c:02:81:fe:27:e1:14:ec:09:
f8:fe:6b:68:f4:bc:c4:af:9d:63:3b:84:97:29:d9:0e:eb:8f:
53:0f:5e:69:fa:80:1e:8a:c2:94:67:ce:50:10:4d:ad:3a:57:
0c:bb:1d:83:2b:c6:ec:3d:01:ed:4f:46:56:18:30:88:65:d2:
5f:8f:50:02:db:60:67:3a:0b:1e:d8:cf:b2:3f:e8:a5:28:3c:
4a:f5:50:2a:1e:ae:41:2d:5f:99:8d:97:96:c0:42:a5:12:0c:
26:f3:53:3e:74:54:cd:44:df:7f:5f:66:23:e7:36:38:fa:03:
60:6a:a1:cd:32:0d:c5:53:58:05:1f:30:31:66:d7:65:b4:f9:
00:32:0f:d7:fc:34:40:76:c9:8b:a9:c6:21:b2:d2:4f:0f:b4:
8d:8a:fe:c2
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgICFicwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkEzMUUxMTAvBgNVBAUTKEUxQkIxRTYyNURCREVCQjMyMjBGRjkyM0NENkExMUEy
Q0UyNDUxOTYwHhcNMjIxMjIyMTczNDE2WhcNMjQwMzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2E0OTUxNy01YmRjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAso3tQx++jbWR+Dl/cn29ezHBsYX3zHCHNJCyD8bNZ2RgzRiu2dDwTvIcLJgI
1/czlz25kYBB82i8XQtKgA/VcGxqpdslHUF9SouQpuQb+CD/AGDCYf8vgiH9yFvb
Yg8KoL52WVGGktW26zb9rvPWSrNYbaiRAQX7AueqLG3AyecTZIXK/Ry4TR4tF/9f
2DGHxGgcrUPO9ymffnNa2h5vVn2tPHqcRextVdE70qYxPfhwzh4wr3sBBIkQlokw
NyEjzaf6vEWlKNm+0yK/CaTNG8Knx/8ZIONgh7/9Sf5OUYvHruB3VPOvXVK97SmF
IKjKWoVmNLpBamyrlIP87GJ7BwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFNxSNLVI
2eNd+FGwGAT5zkqz1C7UMB8GA1UdIwQYMBaAFOG7HmJdveuzIg/5I81qEaLOJFGW
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QTMxRS9DMUZBMDgyQ0M4
Q0IxMUU3OTBBODgxMzhDNEY5QUUwMi80YnNlWWwyOTY3TWlEX2tqeldvUm9zNGtV
WlkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzRic2VZbDI5NjdNaURfa2p6V29Sb3M0a1VaWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkEzMUUvQzFGQTA4MkNDOENCMTFFNzkwQTg4MTM4QzRGOUFFMDIvNDgxMUZCQkND
OURCMTFFN0JEMjFCRDJCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLwYIKwYBBQUHAQcBAf8E
IDAeMAwEAgABMAYDBAFnZ/AwDgQCAAIwCAMGACQB+cAmMA0GCSqGSIb3DQEBCwUA
A4IBAQDBSADFou27xSSWbeOrooUhCOzZkCkrsZuxe5B3GQm/o2/Ur5xCOe5HZC5D
aQUgcMeZSpiuOpWXaXZqitsvOt6eoScprGQLEw/ovvT8cga4r2maLGywQ0NiI/IZ
BQPqQ0lNYTAMAoH+J+EU7An4/mto9LzEr51jO4SXKdkO649TD15p+oAeisKUZ85Q
EE2tOlcMux2DK8bsPQHtT0ZWGDCIZdJfj1AC22BnOgse2M+yP+ilKDxK9VAqHq5B
LV+ZjZeWwEKlEgwm81M+dFTNRN9/X2Yj5zY4+gNgaqHNMg3FU1gFHzAxZtdltPkA
Mg/X/DRAdsmLqcYhstJPD7SNiv7C
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:20 2024 by rpki-client on console-ams.rpki-client.org