Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91754CB/53BE4DBEFDD111ED98733067C4F9AE02/F75D45B4AE0D11EEB2C2EF61C4F9AE02.roa
File: F75D45B4AE0D11EEB2C2EF61C4F9AE02.roa (raw, json)
Hash identifier: +gNsTw1JbQS29tfRDgTESKMOiYsOPlklyHE9bNpSqXw=
Subject key identifier: BF:80:CA:82:12:6F:A9:10:D6:46:39:1A:F8:2E:2B:4F:E2:23:4B:4F
Certificate issuer: /CN=A91754CB/serialNumber=DD02A7E8D7C9757C657BDA6AD9D57F05881FFA57
Certificate serial: 7E
Authority key identifier: DD:02:A7:E8:D7:C9:75:7C:65:7B:DA:6A:D9:D5:7F:05:88:1F:FA:57
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3QKn6NfJdXxle9pq2dV_BYgf-lc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91754CB/53BE4DBEFDD111ED98733067C4F9AE02/F75D45B4AE0D11EEB2C2EF61C4F9AE02.roa
Signing time: Mon 08 Jan 2024 10:09:10 +0000
ROA not before: Mon 08 Jan 2024 10:09:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 142578
IP address blocks: 103.211.100.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 126 (0x7e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91754CB/serialNumber=DD02A7E8D7C9757C657BDA6AD9D57F05881FFA57
Validity
Not Before: Jan 8 10:09:10 2024 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=659bc9c6-d86c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:ea:2d:57:71:81:07:bd:02:e1:91:ea:ad:5a:
db:1a:61:d6:21:8a:d6:5a:9e:d7:77:38:9a:dc:95:
6d:0c:26:09:bf:fc:4d:13:83:24:21:03:b0:1d:a0:
16:cc:bc:31:5f:36:95:ec:8f:75:b1:bc:d1:a4:fe:
5d:5c:5f:67:43:a3:36:55:40:1e:52:f2:74:ee:ed:
fe:77:d0:50:e2:e5:b1:1b:69:b4:41:ee:5e:b5:a3:
74:a2:e2:9b:1b:ec:b4:84:2c:35:d7:cd:e9:d4:32:
35:d7:28:41:b0:18:48:1e:60:42:90:89:72:b0:84:
39:18:99:c0:0b:f9:0d:ef:b7:e1:22:89:89:c4:49:
55:c5:32:5d:65:ca:79:75:c2:51:9d:d4:bf:79:75:
60:92:bb:76:db:5a:b3:55:6e:11:a9:c3:40:c5:97:
0e:2e:38:0e:8c:ae:1d:51:bd:ae:5b:9d:e1:9f:47:
2c:92:be:f5:e3:d2:6e:a0:4f:94:9b:c2:c4:0e:83:
10:d2:e6:b3:56:ab:ce:15:3f:c8:40:0e:a5:44:21:
e7:b8:60:94:2c:ed:3e:64:97:8a:82:d4:e5:5a:25:
0e:5b:bc:56:a6:29:c9:69:63:72:8d:05:a9:f6:d5:
d2:4f:76:bc:dd:71:5c:e7:c3:13:82:26:e9:74:03:
60:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:80:CA:82:12:6F:A9:10:D6:46:39:1A:F8:2E:2B:4F:E2:23:4B:4F
X509v3 Authority Key Identifier:
keyid:DD:02:A7:E8:D7:C9:75:7C:65:7B:DA:6A:D9:D5:7F:05:88:1F:FA:57
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91754CB/53BE4DBEFDD111ED98733067C4F9AE02/3QKn6NfJdXxle9pq2dV_BYgf-lc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3QKn6NfJdXxle9pq2dV_BYgf-lc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91754CB/53BE4DBEFDD111ED98733067C4F9AE02/F75D45B4AE0D11EEB2C2EF61C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.211.100.0/24
Signature Algorithm: sha256WithRSAEncryption
24:6b:05:87:5b:74:92:d9:c8:c5:bb:73:52:1c:7f:c7:1e:c5:
21:a9:ca:46:c5:dc:95:69:f1:df:0f:fd:f9:1f:b4:d5:d9:98:
7f:a2:45:08:22:d0:f5:bd:2e:1b:0e:31:83:e3:70:93:b5:47:
67:c2:23:80:65:43:d8:a7:ed:c2:3a:65:3e:38:bd:aa:9b:dc:
89:c8:3e:b1:db:ba:29:a6:ac:c1:ff:b6:3b:79:56:b2:2f:5c:
8c:e2:0e:16:ff:5d:34:97:6a:e5:9c:01:5e:03:dc:1e:9c:b2:
03:82:47:80:bb:37:73:eb:06:1b:23:67:27:de:ab:fc:08:bb:
5b:07:87:6d:94:38:60:83:9d:74:28:c7:e8:c1:af:47:3c:52:
60:1b:4d:8b:78:1b:6a:55:d5:24:3c:ee:7a:16:09:b6:80:e4:
70:d8:5a:8b:26:16:b9:17:22:1d:2d:d3:81:d5:49:ee:50:19:
13:95:1b:7b:51:12:5e:1f:17:7b:0b:1e:7a:f1:c5:1c:0c:92:
92:91:d2:cf:45:10:6d:22:54:e6:16:bb:b5:87:74:4b:80:b3:
90:46:cf:88:4b:7b:1f:3b:8a:76:b4:c1:40:31:ff:26:b4:65:
0c:61:17:0f:ad:b7:ed:78:b1:fc:ec:aa:c7:b0:13:fd:ab:29:
9d:cb:ad:8e
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBfjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE3
NTRDQjExMC8GA1UEBRMoREQwMkE3RThEN0M5NzU3QzY1N0JEQTZBRDlENTdGMDU4
ODFGRkE1NzAeFw0yNDAxMDgxMDA5MTBaFw0yNDA3MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1OWJjOWM2LWQ4NmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDU6i1XcYEHvQLhkeqtWtsaYdYhitZantd3OJrclW0MJgm//E0TgyQhA7AdoBbM
vDFfNpXsj3WxvNGk/l1cX2dDozZVQB5S8nTu7f530FDi5bEbabRB7l61o3Si4psb
7LSELDXXzenUMjXXKEGwGEgeYEKQiXKwhDkYmcAL+Q3vt+EiiYnESVXFMl1lynl1
wlGd1L95dWCSu3bbWrNVbhGpw0DFlw4uOA6Mrh1Rva5bneGfRyySvvXj0m6gT5Sb
wsQOgxDS5rNWq84VP8hADqVEIee4YJQs7T5kl4qC1OVaJQ5bvFamKclpY3KNBan2
1dJPdrzdcVznwxOCJul0A2DbAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUv4DKghJv
qRDWRjka+C4rT+IjS08wHwYDVR0jBBgwFoAU3QKn6NfJdXxle9pq2dV/BYgf+lcw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTc1NENCLzUzQkU0REJFRkRE
MTExRUQ5ODczMzA2N0M0RjlBRTAyLzNRS242TmZKZFh4bGU5cHEyZFZfQllnZi1s
Yy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvM1FLbjZOZkpkWHhsZTlwcTJkVl9CWWdmLWxjLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3
NTRDQi81M0JFNERCRUZERDExMUVEOTg3MzMwNjdDNEY5QUUwMi9GNzVENDVCNEFF
MEQxMUVFQjJDMkVGNjFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAGfTZDANBgkqhkiG9w0BAQsFAAOCAQEAJGsFh1t0ktnIxbtz
Uhx/xx7FIanKRsXclWnx3w/9+R+01dmYf6JFCCLQ9b0uGw4xg+Nwk7VHZ8IjgGVD
2KftwjplPji9qpvcicg+sdu6Kaaswf+2O3lWsi9cjOIOFv9dNJdq5ZwBXgPcHpyy
A4JHgLs3c+sGGyNnJ96r/Ai7WweHbZQ4YIOddCjH6MGvRzxSYBtNi3gbalXVJDzu
ehYJtoDkcNhaiyYWuRciHS3TgdVJ7lAZE5Ube1ESXh8XewseevHFHAySkpHSz0UQ
bSJU5ha7tYd0S4CzkEbPiEt7HzuKdrTBQDH/JrRlDGEXD6237Xix/Oyqx7AT/asp
ncutjg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:21 2024 by rpki-client on console-ams.rpki-client.org