Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A916EF5E/F38DCF8A106B11E8B8CA020BC4F9AE02/F2F7B372B8D311ED91BA965EC4F9AE02.roa
File: F2F7B372B8D311ED91BA965EC4F9AE02.roa (raw, json)
Hash identifier: 8mdMEp2tUC0HRxWa3Z9hEstKdej10Kk2WdYMl4fsJec=
Subject key identifier: C1:C6:DC:46:2E:47:D9:D4:95:18:FE:10:86:B5:CE:9D:2A:49:33:43
Certificate issuer: /CN=A916EF5E/serialNumber=42182F5F71A58984CE8859AE60A4CACA73FE8361
Certificate serial: 0E11
Authority key identifier: 42:18:2F:5F:71:A5:89:84:CE:88:59:AE:60:A4:CA:CA:73:FE:83:61
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QhgvX3GliYTOiFmuYKTKynP-g2E.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A916EF5E/F38DCF8A106B11E8B8CA020BC4F9AE02/F2F7B372B8D311ED91BA965EC4F9AE02.roa
Signing time: Fri 03 Mar 2023 05:44:34 +0000
ROA not before: Fri 03 Mar 2023 05:44:34 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 54415
IP address blocks: 103.99.168.0/24 maxlen: 24
103.99.169.0/24 maxlen: 24
103.99.170.0/24 maxlen: 24
103.99.171.0/24 maxlen: 24
2401:b140::/48 maxlen: 48
2401:b140:1::/48 maxlen: 48
2401:b140:2::/48 maxlen: 48
2401:b140:3::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3601 (0xe11)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A916EF5E/serialNumber=42182F5F71A58984CE8859AE60A4CACA73FE8361
Validity
Not Before: Mar 3 05:44:34 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=64018941-f249
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:da:33:37:f7:fa:a0:95:8e:21:6f:4d:34:a6:
12:42:c8:56:6e:1a:b2:b4:96:35:82:10:11:a8:a6:
aa:b3:d2:3c:d2:1a:c0:3b:54:1c:e2:e4:3c:e3:8a:
06:71:2b:e9:cc:37:0f:14:34:1e:0e:e1:bb:2e:12:
dd:e5:0a:7e:2b:74:95:67:23:86:97:76:dc:5b:23:
f9:3c:a5:a4:ea:73:af:af:3f:5e:4a:67:4d:3e:7d:
d7:5d:a6:8c:f1:13:7a:f4:76:0b:6c:d2:bb:28:8e:
4f:05:4b:31:cc:37:cb:78:7d:38:a7:fa:dd:6e:2b:
32:a0:39:ff:df:db:6c:de:78:a2:ff:fb:58:17:6e:
69:78:c6:49:12:a1:05:f4:77:c0:27:bd:32:8f:35:
b8:f5:48:b5:c5:29:b1:71:d9:0e:2f:6d:3a:6e:82:
09:0e:36:06:93:35:d0:8c:a4:cb:b9:ce:c5:1d:fd:
ad:14:5a:67:0c:62:33:2e:ec:da:10:10:97:f6:fd:
d3:77:0e:27:48:6a:50:23:0f:81:07:63:01:25:59:
80:71:63:66:01:57:5d:a3:85:f5:7d:47:a8:00:38:
5a:60:3e:b4:ff:d9:50:c1:d9:0b:0f:ab:5c:ea:a8:
0f:28:3b:da:54:7d:0a:10:39:2a:1c:29:ff:a2:bd:
8d:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:C6:DC:46:2E:47:D9:D4:95:18:FE:10:86:B5:CE:9D:2A:49:33:43
X509v3 Authority Key Identifier:
keyid:42:18:2F:5F:71:A5:89:84:CE:88:59:AE:60:A4:CA:CA:73:FE:83:61
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A916EF5E/F38DCF8A106B11E8B8CA020BC4F9AE02/QhgvX3GliYTOiFmuYKTKynP-g2E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QhgvX3GliYTOiFmuYKTKynP-g2E.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916EF5E/F38DCF8A106B11E8B8CA020BC4F9AE02/F2F7B372B8D311ED91BA965EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.99.168.0/22
IPv6:
2401:b140::/46
Signature Algorithm: sha256WithRSAEncryption
9e:fb:8c:51:49:c9:91:f8:2a:ec:8d:75:3e:52:10:31:22:cc:
f0:42:95:29:69:ba:0a:77:5e:ce:f3:60:d0:62:73:f3:bf:f9:
2a:36:de:28:2e:c6:bd:08:d8:fc:5d:9d:e0:e7:ed:74:7d:08:
63:20:42:4b:c0:b8:9e:28:9a:aa:e5:23:16:c3:1a:65:4c:07:
f5:97:df:3b:d7:07:ef:0c:04:9c:50:c0:46:fb:c3:2f:fd:20:
ba:7c:75:76:75:6a:3a:a7:cd:11:ad:e3:d5:c2:03:58:15:eb:
04:d2:5e:d7:94:f9:e0:ab:84:bd:10:f2:11:ae:b9:fc:1a:f6:
fd:bd:a7:74:a5:f5:77:8a:09:7d:32:d3:7c:42:bf:23:8e:a6:
ad:97:de:4b:bf:e3:13:62:a7:fd:82:25:9b:fa:71:93:b5:7b:
3b:34:9d:d1:4e:88:7a:9f:a7:56:24:23:0a:43:2c:04:4e:4e:
7f:bc:e6:d6:f8:71:9b:9c:ec:bf:3b:2d:bf:74:c9:27:75:77:
9c:4e:0b:d9:13:b7:67:b5:db:7a:96:6a:41:1c:41:08:0a:40:
b8:56:49:33:fa:57:04:9f:df:4d:c6:b4:e2:ee:e1:f3:a5:ab:
72:7b:65:3a:f3:48:83:df:f7:59:fe:49:ef:b3:cb:ca:86:18:
cc:77:e6:3a
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICDhEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkVGNUUxMTAvBgNVBAUTKDQyMTgyRjVGNzFBNTg5ODRDRTg4NTlBRTYwQTRDQUNB
NzNGRTgzNjEwHhcNMjMwMzAzMDU0NDM0WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDAxODk0MS1mMjQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr9ozN/f6oJWOIW9NNKYSQshWbhqytJY1ghARqKaqs9I80hrAO1Qc4uQ844oG
cSvpzDcPFDQeDuG7LhLd5Qp+K3SVZyOGl3bcWyP5PKWk6nOvrz9eSmdNPn3XXaaM
8RN69HYLbNK7KI5PBUsxzDfLeH04p/rdbisyoDn/39ts3nii//tYF25peMZJEqEF
9HfAJ70yjzW49Ui1xSmxcdkOL206boIJDjYGkzXQjKTLuc7FHf2tFFpnDGIzLuza
EBCX9v3Tdw4nSGpQIw+BB2MBJVmAcWNmAVddo4X1fUeoADhaYD60/9lQwdkLD6tc
6qgPKDvaVH0KEDkqHCn/or2NaQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFMHG3EYu
R9nUlRj+EIa1zp0qSTNDMB8GA1UdIwQYMBaAFEIYL19xpYmEzohZrmCkyspz/oNh
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2RUY1RS9GMzhEQ0Y4QTEw
NkIxMUU4QjhDQTAyMEJDNEY5QUUwMi9RaGd2WDNHbGlZVE9pRm11WUtUS3luUC1n
MkUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FoZ3ZYM0dsaVlUT2lGbXVZS1RLeW5QLWcyRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkVGNUUvRjM4RENGOEExMDZCMTFFOEI4Q0EwMjBCQzRGOUFFMDIvRjJGN0IzNzJC
OEQzMTFFRDkxQkE5NjVFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAJnY6gwDwQCAAIwCQMHAiQBsUAAADANBgkqhkiG9w0BAQsF
AAOCAQEAnvuMUUnJkfgq7I11PlIQMSLM8EKVKWm6CndezvNg0GJz87/5KjbeKC7G
vQjY/F2d4OftdH0IYyBCS8C4niiaquUjFsMaZUwH9ZffO9cH7wwEnFDARvvDL/0g
unx1dnVqOqfNEa3j1cIDWBXrBNJe15T54KuEvRDyEa65/Br2/b2ndKX1d4oJfTLT
fEK/I46mrZfeS7/jE2Kn/YIlm/pxk7V7OzSd0U6Iep+nViQjCkMsBE5Of7zm1vhx
m5zsvzstv3TJJ3V3nE4L2RO3Z7XbepZqQRxBCApAuFZJM/pXBJ/fTca04u7h86Wr
cntlOvNIg9/3Wf5J77PLyoYYzHfmOg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:11 2024 by rpki-client on console-fra.rpki-client.org