Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A916EF5E/F38DCF8A106B11E8B8CA020BC4F9AE02/24D8CDB2770C11E9AAF73A28C4F9AE02.roa
File: 24D8CDB2770C11E9AAF73A28C4F9AE02.roa (raw, json)
Hash identifier: rwsUPtMTqajyoYdRG1HgBHRX5CmksPR5FGh4SFZH8+0=
Subject key identifier: 92:DC:C1:B2:E9:C1:74:64:77:C2:65:5B:26:E7:9D:9D:14:5C:AC:B0
Certificate issuer: /CN=A916EF5E/serialNumber=42182F5F71A58984CE8859AE60A4CACA73FE8361
Certificate serial: 0DD0
Authority key identifier: 42:18:2F:5F:71:A5:89:84:CE:88:59:AE:60:A4:CA:CA:73:FE:83:61
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QhgvX3GliYTOiFmuYKTKynP-g2E.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A916EF5E/F38DCF8A106B11E8B8CA020BC4F9AE02/24D8CDB2770C11E9AAF73A28C4F9AE02.roa
Signing time: Thu 10 Nov 2022 02:04:07 +0000
ROA not before: Thu 10 Nov 2022 02:04:07 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 54415
IP address blocks: 103.99.168.0/22 maxlen: 24
2401:b140::/48 maxlen: 48
2401:b140:1::/48 maxlen: 48
2401:b140:2::/48 maxlen: 48
2401:b140:3::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3536 (0xdd0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A916EF5E/serialNumber=42182F5F71A58984CE8859AE60A4CACA73FE8361
Validity
Not Before: Nov 10 02:04:07 2022 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=636c5c16-077d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:55:9e:ae:77:2d:84:cc:a5:de:95:4a:9a:12:
56:9a:6a:0c:a7:1f:69:12:cb:8f:fa:3d:61:f1:d3:
10:c9:8a:8d:b9:3a:57:6a:3b:3e:a9:f7:f6:ec:a3:
67:4b:c6:dd:8a:57:ae:83:25:70:4c:87:9b:f9:d3:
e8:f7:18:c2:33:a1:fa:b3:90:bc:3d:9c:95:7a:5f:
16:6e:33:ad:96:45:b5:39:da:c4:5a:9a:d9:de:33:
43:e8:c1:b5:da:fd:e1:f5:f3:16:3d:8d:cf:c5:c5:
3a:a5:01:b6:96:6a:20:ba:80:88:a5:00:1e:bd:e6:
78:9b:dc:ad:40:cb:49:6c:a5:e2:9e:df:fe:d1:4e:
99:40:55:0c:a6:2b:c2:61:e2:ac:94:a3:7c:b5:45:
d7:e3:ad:63:f3:8f:0f:0d:3f:c0:54:9b:f7:61:ff:
83:0d:47:d1:63:18:e7:89:5e:d9:fc:1c:44:c0:d6:
aa:59:9c:eb:88:07:1c:2b:e9:f9:b0:98:47:62:e6:
0c:d4:49:a4:67:1f:e9:e8:0f:f6:d6:21:dd:30:fc:
9d:ba:00:6a:8c:9e:9c:4b:de:28:b0:db:c7:1a:42:
b8:36:2a:93:08:5e:bb:b3:58:0d:9e:f1:51:49:65:
2b:e6:1a:b6:b4:8f:fc:f1:1b:a1:39:92:9e:f3:ec:
c5:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:DC:C1:B2:E9:C1:74:64:77:C2:65:5B:26:E7:9D:9D:14:5C:AC:B0
X509v3 Authority Key Identifier:
keyid:42:18:2F:5F:71:A5:89:84:CE:88:59:AE:60:A4:CA:CA:73:FE:83:61
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A916EF5E/F38DCF8A106B11E8B8CA020BC4F9AE02/QhgvX3GliYTOiFmuYKTKynP-g2E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QhgvX3GliYTOiFmuYKTKynP-g2E.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916EF5E/F38DCF8A106B11E8B8CA020BC4F9AE02/24D8CDB2770C11E9AAF73A28C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.99.168.0/22
IPv6:
2401:b140::/46
Signature Algorithm: sha256WithRSAEncryption
c1:b6:b1:d4:c0:53:00:e8:47:3c:45:16:59:43:a5:2c:12:96:
bc:4e:72:cd:66:f3:5f:41:d2:9b:8b:7f:86:0a:ce:f2:78:0a:
44:18:b5:b1:3f:14:94:a5:52:9c:03:f9:f9:ce:1d:5c:48:90:
e1:ce:82:f5:0b:0c:90:97:5f:f9:ef:96:a7:20:98:c7:8b:d6:
6b:c9:ed:41:9d:a4:5b:0b:7d:40:e0:30:33:01:de:3c:61:e2:
24:a3:b1:3f:9f:64:31:63:8a:84:c7:ab:c3:46:dc:36:88:d7:
52:28:a3:c4:65:51:59:ae:0a:d4:a4:32:59:76:fe:53:8e:33:
c3:1d:35:8e:0e:60:b4:7e:f5:d1:63:78:89:f8:2f:0f:f1:53:
b4:3a:19:5e:b3:8f:73:de:dc:23:67:67:09:fb:03:1d:47:a0:
6f:9c:28:ed:2b:c2:13:a9:17:0d:21:cf:65:9d:d7:b3:94:fc:
1e:40:53:b5:7d:1e:88:06:90:9b:22:1d:49:63:7a:c4:da:c0:
69:1f:c3:a2:53:ad:2d:f8:36:a2:97:e5:82:1d:c8:d5:6f:8d:
64:d4:c0:21:93:54:e8:e5:e1:74:31:a3:cc:8a:40:a2:21:d3:
c5:ab:dd:9f:ff:ce:df:6c:cc:a9:11:33:60:19:8f:21:08:71:
66:d1:af:67
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICDdAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkVGNUUxMTAvBgNVBAUTKDQyMTgyRjVGNzFBNTg5ODRDRTg4NTlBRTYwQTRDQUNB
NzNGRTgzNjEwHhcNMjIxMTEwMDIwNDA3WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzZjNWMxNi0wNzdkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3lWerncthMyl3pVKmhJWmmoMpx9pEsuP+j1h8dMQyYqNuTpXajs+qff27KNn
S8bdileugyVwTIeb+dPo9xjCM6H6s5C8PZyVel8WbjOtlkW1OdrEWprZ3jND6MG1
2v3h9fMWPY3PxcU6pQG2lmoguoCIpQAeveZ4m9ytQMtJbKXint/+0U6ZQFUMpivC
YeKslKN8tUXX461j848PDT/AVJv3Yf+DDUfRYxjniV7Z/BxEwNaqWZzriAccK+n5
sJhHYuYM1EmkZx/p6A/21iHdMPydugBqjJ6cS94osNvHGkK4NiqTCF67s1gNnvFR
SWUr5hq2tI/88RuhOZKe8+zFkQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFJLcwbLp
wXRkd8JlWybnnZ0UXKywMB8GA1UdIwQYMBaAFEIYL19xpYmEzohZrmCkyspz/oNh
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2RUY1RS9GMzhEQ0Y4QTEw
NkIxMUU4QjhDQTAyMEJDNEY5QUUwMi9RaGd2WDNHbGlZVE9pRm11WUtUS3luUC1n
MkUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FoZ3ZYM0dsaVlUT2lGbXVZS1RLeW5QLWcyRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkVGNUUvRjM4RENGOEExMDZCMTFFOEI4Q0EwMjBCQzRGOUFFMDIvMjREOENEQjI3
NzBDMTFFOUFBRjczQTI4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAJnY6gwDwQCAAIwCQMHAiQBsUAAADANBgkqhkiG9w0BAQsF
AAOCAQEAwbax1MBTAOhHPEUWWUOlLBKWvE5yzWbzX0HSm4t/hgrO8ngKRBi1sT8U
lKVSnAP5+c4dXEiQ4c6C9QsMkJdf+e+WpyCYx4vWa8ntQZ2kWwt9QOAwMwHePGHi
JKOxP59kMWOKhMerw0bcNojXUiijxGVRWa4K1KQyWXb+U44zwx01jg5gtH710WN4
ifgvD/FTtDoZXrOPc97cI2dnCfsDHUegb5wo7SvCE6kXDSHPZZ3Xs5T8HkBTtX0e
iAaQmyIdSWN6xNrAaR/DolOtLfg2opflgh3I1W+NZNTAIZNU6OXhdDGjzIpAoiHT
xavdn//O32zMqREzYBmPIQhxZtGvZw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:21 2024 by rpki-client on console-ams.rpki-client.org