Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9171D3B/B2499858313811E99DE3266FC4F9AE02/F1B6408853F711EC8F9B1236C4F9AE02.roa
File: F1B6408853F711EC8F9B1236C4F9AE02.roa (raw, json)
Hash identifier: qFYs/C+DsIwIalz3CBQ7jKTWnIGmqOBwqjGsVZ1HGjA=
Subject key identifier: 5F:B4:02:55:D5:59:F8:2A:8D:77:F7:69:52:94:74:9F:0A:E7:A7:7E
Certificate issuer: /CN=A9171D3B/serialNumber=C4A558BB7C23E7F728D6CE6899853414C8767F47
Certificate serial: 0308
Authority key identifier: C4:A5:58:BB:7C:23:E7:F7:28:D6:CE:68:99:85:34:14:C8:76:7F:47
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xKVYu3wj5_co1s5omYU0FMh2f0c.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9171D3B/B2499858313811E99DE3266FC4F9AE02/F1B6408853F711EC8F9B1236C4F9AE02.roa
Signing time: Sat 12 Aug 2023 17:55:15 +0000
ROA not before: Sat 12 Aug 2023 17:55:15 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 136765
IP address blocks: 103.95.124.0/22 maxlen: 22
103.95.124.0/23 maxlen: 23
103.95.124.0/24 maxlen: 24
103.95.125.0/24 maxlen: 24
103.95.126.0/23 maxlen: 23
103.95.126.0/24 maxlen: 24
103.95.127.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 776 (0x308)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9171D3B/serialNumber=C4A558BB7C23E7F728D6CE6899853414C8767F47
Validity
Not Before: Aug 12 17:55:15 2023 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=64d7c783-ac7d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:78:3c:dc:88:03:5d:e8:0e:72:94:76:e4:e3:
c2:01:1b:67:c1:2c:f5:06:74:cf:cf:3f:b8:63:af:
90:7d:4e:10:e1:73:ba:b7:b5:70:89:87:1e:62:c3:
18:d4:d6:8e:af:6e:ae:99:fa:b1:c7:ee:44:49:76:
8c:fa:de:63:6e:10:ef:56:2a:eb:c3:d5:e3:7b:f6:
7d:85:f2:45:fe:7a:88:63:d5:89:d8:d8:e0:51:c3:
b1:d6:15:cd:6c:99:7b:a9:81:0b:a0:00:e4:89:02:
9c:60:25:8a:25:43:f9:7d:54:6b:2d:12:cd:5c:9c:
d1:4d:d8:9a:5a:30:61:b2:ab:28:6e:63:ce:b1:0d:
9e:42:c1:f9:d2:08:ad:d7:e2:4e:ea:d4:be:91:0f:
06:0f:32:5b:1b:d2:1b:0c:d3:f4:80:13:8b:8f:3d:
cf:3a:9f:68:45:27:ab:c0:43:13:47:56:bc:a2:92:
28:d8:9f:d2:60:c2:9c:30:2f:15:a2:16:68:36:2c:
15:8f:65:d4:ca:13:c9:6f:22:de:00:25:53:08:fd:
db:89:4b:e5:e4:d8:ec:94:d7:91:a5:d7:36:38:4f:
1f:9f:03:ba:b4:15:20:27:87:0b:ef:34:cb:92:d9:
c6:54:85:ca:b0:ef:ee:e1:65:57:d3:fe:fe:95:0f:
23:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:B4:02:55:D5:59:F8:2A:8D:77:F7:69:52:94:74:9F:0A:E7:A7:7E
X509v3 Authority Key Identifier:
keyid:C4:A5:58:BB:7C:23:E7:F7:28:D6:CE:68:99:85:34:14:C8:76:7F:47
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9171D3B/B2499858313811E99DE3266FC4F9AE02/xKVYu3wj5_co1s5omYU0FMh2f0c.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xKVYu3wj5_co1s5omYU0FMh2f0c.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9171D3B/B2499858313811E99DE3266FC4F9AE02/F1B6408853F711EC8F9B1236C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.95.124.0/22
Signature Algorithm: sha256WithRSAEncryption
bb:b3:ca:1e:60:40:1e:a0:41:3d:38:6f:e8:1c:cc:91:ae:05:
3c:31:55:53:4d:68:0d:50:5d:ae:78:d3:72:12:f4:05:85:e5:
24:1d:a1:9f:98:80:54:a6:1d:a7:06:b0:c9:31:43:5a:76:6e:
9f:80:91:b3:3c:67:8e:27:39:6b:d8:51:83:37:39:78:03:6d:
92:95:b4:8a:b0:04:48:c5:1f:01:4a:b6:c0:ae:21:d5:3b:c2:
b6:00:ab:30:d7:4c:a7:28:dc:a3:b0:4f:4f:75:1a:cc:5b:e3:
07:4a:0f:4b:45:c9:23:ce:47:75:cc:2d:e6:89:09:42:24:57:
95:ca:4f:19:59:f4:1a:bc:d3:68:7d:ac:9c:17:74:69:35:96:
9d:e5:3b:3d:a0:68:bd:68:94:ec:55:a8:1c:2c:62:b4:07:43:
f7:88:0d:07:57:38:6c:df:69:97:47:9f:a5:81:f8:18:e6:ef:
9d:8d:9c:48:f9:77:4a:2a:60:d8:a9:9f:63:76:75:d4:48:8c:
5f:81:4b:ce:45:fb:e6:35:8f:48:a7:de:ba:10:55:b8:a9:a1:
f7:d5:b0:19:48:3e:dc:94:30:9a:a2:16:93:0a:73:29:9b:aa:
dc:01:3a:28:94:be:dc:44:eb:0e:ba:1d:79:e8:4f:d0:6e:6a:
d7:7f:c7:ae
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAwgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzFEM0IxMTAvBgNVBAUTKEM0QTU1OEJCN0MyM0U3RjcyOEQ2Q0U2ODk5ODUzNDE0
Qzg3NjdGNDcwHhcNMjMwODEyMTc1NTE1WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGQ3Yzc4My1hYzdkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1Hg83IgDXegOcpR25OPCARtnwSz1BnTPzz+4Y6+QfU4Q4XO6t7VwiYceYsMY
1NaOr26umfqxx+5ESXaM+t5jbhDvVirrw9Xje/Z9hfJF/nqIY9WJ2NjgUcOx1hXN
bJl7qYELoADkiQKcYCWKJUP5fVRrLRLNXJzRTdiaWjBhsqsobmPOsQ2eQsH50git
1+JO6tS+kQ8GDzJbG9IbDNP0gBOLjz3POp9oRSerwEMTR1a8opIo2J/SYMKcMC8V
ohZoNiwVj2XUyhPJbyLeACVTCP3biUvl5NjslNeRpdc2OE8fnwO6tBUgJ4cL7zTL
ktnGVIXKsO/u4WVX0/7+lQ8jCQIDAQABo4IClTCCApEwHQYDVR0OBBYEFF+0AlXV
WfgqjXf3aVKUdJ8K56d+MB8GA1UdIwQYMBaAFMSlWLt8I+f3KNbOaJmFNBTIdn9H
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MUQzQi9CMjQ5OTg1ODMx
MzgxMUU5OURFMzI2NkZDNEY5QUUwMi94S1ZZdTN3ajVfY28xczVvbVlVMEZNaDJm
MGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hLVll1M3dqNV9jbzFzNW9tWVUwRk1oMmYwYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzFEM0IvQjI0OTk4NTgzMTM4MTFFOTlERTMyNjZGQzRGOUFFMDIvRjFCNjQwODg1
M0Y3MTFFQzhGOUIxMjM2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnX3wwDQYJKoZIhvcNAQELBQADggEBALuzyh5gQB6gQT04
b+gczJGuBTwxVVNNaA1QXa5403IS9AWF5SQdoZ+YgFSmHacGsMkxQ1p2bp+AkbM8
Z44nOWvYUYM3OXgDbZKVtIqwBEjFHwFKtsCuIdU7wrYAqzDXTKco3KOwT091Gsxb
4wdKD0tFySPOR3XMLeaJCUIkV5XKTxlZ9Bq802h9rJwXdGk1lp3lOz2gaL1olOxV
qBwsYrQHQ/eIDQdXOGzfaZdHn6WB+Bjm752NnEj5d0oqYNipn2N2ddRIjF+BS85F
++Y1j0in3roQVbipoffVsBlIPtyUMJqiFpMKcymbqtwBOiiUvtxE6w66HXnoT9Bu
atd/x64=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:21 2024 by rpki-client on console-ams.rpki-client.org