Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918A62F/1CF98726085211EA8DF67349C4F9AE02/DC929CA4CFE011ED91CFE134C4F9AE02.roa
File: DC929CA4CFE011ED91CFE134C4F9AE02.roa (raw, json)
Hash identifier: tFzBooCTFL54+8WGcGHqsIlxDFK9t1Lxogqzbya54wA=
Subject key identifier: 56:78:C4:0F:30:E8:0E:CB:F0:D4:BE:65:76:96:CF:0D:B1:55:AF:32
Certificate issuer: /CN=A918A62F/serialNumber=DFB6723672151EC2C46CD04E71C59F9169CAE6F8
Certificate serial: 0AAC
Authority key identifier: DF:B6:72:36:72:15:1E:C2:C4:6C:D0:4E:71:C5:9F:91:69:CA:E6:F8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/37ZyNnIVHsLEbNBOccWfkWnK5vg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918A62F/1CF98726085211EA8DF67349C4F9AE02/DC929CA4CFE011ED91CFE134C4F9AE02.roa
Signing time: Fri 31 Mar 2023 16:27:00 +0000
ROA not before: Fri 31 Mar 2023 16:27:00 +0000
ROA not after: Thu 31 Aug 2023 00:00:00 +0000
asID: 136563
IP address blocks: 103.92.234.0/24 maxlen: 24
103.96.89.0/24 maxlen: 24
103.96.90.0/23 maxlen: 24
123.253.212.0/24 maxlen: 24
123.253.213.0/24 maxlen: 24
123.253.214.0/24 maxlen: 24
123.253.215.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2732 (0xaac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918A62F/serialNumber=DFB6723672151EC2C46CD04E71C59F9169CAE6F8
Validity
Not Before: Mar 31 16:27:00 2023 GMT
Not After : Aug 31 00:00:00 2023 GMT
Subject: CN=642709d4-e7c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:04:e5:54:d9:4d:c5:4e:63:3d:55:90:ba:ca:
e3:c7:62:3e:ec:96:f2:10:21:18:d7:58:73:6a:f3:
a1:19:da:55:4e:d3:16:7d:b2:a4:d6:60:5c:5c:ce:
0f:e7:f7:e4:51:d9:10:c3:6c:8a:cf:d6:c8:9b:1d:
94:fd:51:4b:18:23:bc:24:3d:81:f8:3e:f0:12:0a:
9c:29:77:b9:f0:fd:a6:fb:25:60:4e:b6:a6:ff:91:
61:c2:27:08:b3:dd:92:72:a2:3b:b0:01:c6:79:64:
1a:74:d9:77:ed:76:11:eb:7f:62:05:ac:5c:f3:cd:
5e:f8:89:bb:25:a3:91:ee:e3:9b:b1:87:1a:71:36:
1d:d3:9d:55:dd:e2:90:7e:94:4a:dc:b8:ee:d8:e6:
1b:f7:3c:32:bc:ce:7f:1b:90:2e:62:d6:7b:62:ea:
c2:76:40:c3:2b:88:b5:38:4e:e6:a1:2a:5f:4f:3b:
25:c2:9b:6c:3b:8d:32:a4:af:cc:5c:7a:30:41:b6:
bf:a6:24:cd:89:3b:81:4a:30:88:16:3e:75:44:79:
67:6c:af:a9:80:b8:a4:b5:81:46:23:b4:9c:9f:4a:
63:b8:a0:f7:18:05:ab:51:cc:ce:9b:25:e5:4a:88:
fd:26:0d:2b:f5:62:5a:67:26:fe:ee:fe:50:48:75:
22:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:78:C4:0F:30:E8:0E:CB:F0:D4:BE:65:76:96:CF:0D:B1:55:AF:32
X509v3 Authority Key Identifier:
keyid:DF:B6:72:36:72:15:1E:C2:C4:6C:D0:4E:71:C5:9F:91:69:CA:E6:F8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918A62F/1CF98726085211EA8DF67349C4F9AE02/37ZyNnIVHsLEbNBOccWfkWnK5vg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/37ZyNnIVHsLEbNBOccWfkWnK5vg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918A62F/1CF98726085211EA8DF67349C4F9AE02/DC929CA4CFE011ED91CFE134C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.92.234.0/24
103.96.89.0-103.96.91.255
123.253.212.0/22
Signature Algorithm: sha256WithRSAEncryption
7e:07:f5:33:df:75:d9:55:4a:3f:79:ce:18:f4:37:2d:86:9d:
6a:15:e7:c3:3e:ed:66:f5:7f:8a:1c:2d:bd:05:94:ea:f1:ae:
39:fd:8f:9f:4c:fc:35:17:1d:1b:02:29:17:46:95:fb:65:27:
75:50:77:61:5d:12:3f:18:cc:fe:36:20:c6:c1:76:df:56:ab:
46:98:82:57:e3:e5:ba:c1:1e:ef:58:4a:3b:20:1a:a9:b7:fa:
e3:ca:96:aa:c0:ad:ee:e3:d9:7b:25:7f:fa:44:9a:54:3a:91:
bc:b7:c9:0b:dc:33:47:f3:be:3e:25:3b:9e:29:e9:ac:0c:37:
e3:7c:2a:77:8e:29:cf:b8:30:db:2e:d8:cf:c8:67:d5:d9:c7:
32:65:d3:58:c5:46:c1:93:95:40:f5:b1:e9:a3:24:46:9e:b6:
9b:57:a0:69:7c:1d:81:3d:de:af:f9:02:4d:6d:01:b3:28:6b:
45:dd:eb:19:ee:19:8d:16:43:a5:c6:31:8f:a6:48:0c:eb:fb:
34:1a:b8:f6:14:3d:c3:de:df:13:ae:b7:d0:07:a0:7c:d4:73:
ca:7e:70:fc:47:f7:e9:77:d7:2d:9e:64:75:98:3e:66:73:ab:
77:d6:1e:0d:8f:0a:08:21:47:37:f8:ac:6a:73:5a:77:70:b4:
79:5d:5b:39
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICCqwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEE2MkYxMTAvBgNVBAUTKERGQjY3MjM2NzIxNTFFQzJDNDZDRDA0RTcxQzU5Rjkx
NjlDQUU2RjgwHhcNMjMwMzMxMTYyNzAwWhcNMjMwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDI3MDlkNC1lN2MzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5gTlVNlNxU5jPVWQusrjx2I+7JbyECEY11hzavOhGdpVTtMWfbKk1mBcXM4P
5/fkUdkQw2yKz9bImx2U/VFLGCO8JD2B+D7wEgqcKXe58P2m+yVgTram/5FhwicI
s92ScqI7sAHGeWQadNl37XYR639iBaxc881e+Im7JaOR7uObsYcacTYd051V3eKQ
fpRK3Lju2OYb9zwyvM5/G5AuYtZ7YurCdkDDK4i1OE7moSpfTzslwptsO40ypK/M
XHowQba/piTNiTuBSjCIFj51RHlnbK+pgLiktYFGI7Scn0pjuKD3GAWrUczOmyXl
Soj9Jg0r9WJaZyb+7v5QSHUiBQIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFFZ4xA8w
6A7L8NS+ZXaWzw2xVa8yMB8GA1UdIwQYMBaAFN+2cjZyFR7CxGzQTnHFn5Fpyub4
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4QTYyRi8xQ0Y5ODcyNjA4
NTIxMUVBOERGNjczNDlDNEY5QUUwMi8zN1p5Tm5JVkhzTEViTkJPY2NXZmtXbks1
dmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzM3WnlObklWSHNMRWJOQk9jY1dma1duSzV2Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEE2MkYvMUNGOTg3MjYwODUyMTFFQThERjY3MzQ5QzRGOUFFMDIvREM5MjlDQTRD
RkUwMTFFRDkxQ0ZFMTM0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBoDBABnXOowDAMEAGdgWQMEAmdgWAMEAnv91DANBgkqhkiG9w0B
AQsFAAOCAQEAfgf1M9912VVKP3nOGPQ3LYadahXnwz7tZvV/ihwtvQWU6vGuOf2P
n0z8NRcdGwIpF0aV+2UndVB3YV0SPxjM/jYgxsF231arRpiCV+PlusEe71hKOyAa
qbf648qWqsCt7uPZeyV/+kSaVDqRvLfJC9wzR/O+PiU7ninprAw343wqd44pz7gw
2y7Yz8hn1dnHMmXTWMVGwZOVQPWx6aMkRp62m1egaXwdgT3er/kCTW0BsyhrRd3r
Ge4ZjRZDpcYxj6ZIDOv7NBq49hQ9w97fE6630AegfNRzyn5w/Ef36XfXLZ5kdZg+
ZnOrd9YeDY8KCCFHN/isanNad3C0eV1bOQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:46 2023 by rpki-client on console-ams.rpki-client.org