Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/2ED2E9F4557B11EE8611DC5EC4F9AE02.roa
File: 2ED2E9F4557B11EE8611DC5EC4F9AE02.roa (raw, json)
Hash identifier: DTsn+h5MLpScmjz8Gneh7cnfrbFsjIB/c7MLaC9OQJc=
Subject key identifier: F2:E6:C4:C1:1F:D2:48:89:77:19:81:99:0B:9B:9D:0E:36:2F:D5:FE
Certificate issuer: /CN=A918D808/serialNumber=0725F2491801505185C9069A4013635C38B56B72
Certificate serial: 05CD
Authority key identifier: 07:25:F2:49:18:01:50:51:85:C9:06:9A:40:13:63:5C:38:B5:6B:72
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ByXySRgBUFGFyQaaQBNjXDi1a3I.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/2ED2E9F4557B11EE8611DC5EC4F9AE02.roa
Signing time: Sun 17 Sep 2023 16:57:45 +0000
ROA not before: Sun 17 Sep 2023 16:57:45 +0000
ROA not after: Wed 31 Jan 2024 00:00:00 +0000
asID: 61317
IP address blocks: 103.104.140.0/24 maxlen: 24
103.104.142.0/24 maxlen: 24
103.104.143.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1485 (0x5cd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918D808/serialNumber=0725F2491801505185C9069A4013635C38B56B72
Validity
Not Before: Sep 17 16:57:45 2023 GMT
Not After : Jan 31 00:00:00 2024 GMT
Subject: CN=65073009-6e68
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:64:f6:8e:49:b6:ac:76:53:01:15:8b:0a:2d:
cf:71:e0:cd:d9:0d:e9:72:e2:cf:4a:e3:1c:51:e3:
79:ca:da:2d:08:7e:0b:ba:80:3e:ec:6e:1c:d7:e0:
39:f5:f8:8d:54:68:fb:ab:da:7b:26:3d:3e:8e:cc:
bd:84:68:22:1e:f0:3e:38:f8:d9:c0:82:30:6c:21:
64:c2:5e:48:f9:97:7e:14:80:ae:a0:d3:81:22:81:
81:77:f0:a9:33:70:0e:09:71:7e:bc:b4:f5:b8:61:
24:57:f1:9c:73:49:1a:74:b4:b2:5a:f1:ac:90:cf:
54:6f:88:57:26:a8:bb:7c:9a:f4:a5:a8:58:2d:98:
fb:ab:7c:f2:9d:86:98:8a:12:15:d5:0e:35:27:3a:
c8:78:97:a7:f2:ce:75:c9:72:9a:69:7f:ba:6d:79:
fd:ce:08:7c:81:1e:a1:a0:a6:d8:1a:e1:36:4f:d2:
14:6f:79:1e:51:a8:3c:68:41:a3:3d:d8:98:99:9a:
39:d7:48:02:3b:9f:50:df:c7:79:8c:cb:12:ec:9f:
91:83:12:8d:a7:00:29:29:98:cc:4b:4c:1b:30:a1:
55:22:b4:8d:04:27:c1:8b:01:9e:2e:61:de:ef:02:
37:c8:cb:fe:81:35:02:8e:5b:ea:b5:c2:50:eb:68:
59:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:E6:C4:C1:1F:D2:48:89:77:19:81:99:0B:9B:9D:0E:36:2F:D5:FE
X509v3 Authority Key Identifier:
keyid:07:25:F2:49:18:01:50:51:85:C9:06:9A:40:13:63:5C:38:B5:6B:72
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/ByXySRgBUFGFyQaaQBNjXDi1a3I.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ByXySRgBUFGFyQaaQBNjXDi1a3I.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/2ED2E9F4557B11EE8611DC5EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.104.140.0/24
103.104.142.0/23
Signature Algorithm: sha256WithRSAEncryption
5d:8c:c1:39:c8:6b:a1:8f:48:d5:7a:b2:8b:c7:8e:ef:64:1e:
58:4c:13:3a:f4:28:71:16:e2:a3:f6:c4:0d:14:3d:2a:3f:83:
48:78:60:84:6a:af:f7:5b:63:3f:a9:91:27:ee:da:b5:8f:cf:
fd:33:94:45:45:0b:ea:c6:2e:c2:df:10:3b:40:f3:5b:a2:b8:
d5:8c:09:01:31:bc:c0:3c:62:22:1a:7c:7a:98:36:0b:5f:fb:
b7:b9:0c:b2:29:e7:13:45:fd:78:45:d5:c0:82:d5:bc:df:ba:
9e:93:52:4c:d3:e4:0c:2d:b2:92:c2:31:d2:2d:f2:35:4a:d0:
cf:33:d7:6d:8a:e2:5c:3a:43:45:4c:bf:1e:f7:e7:f2:1a:f6:
3e:9f:0f:5a:ca:5b:26:77:dc:14:70:ed:2f:9a:82:35:cd:56:
da:2c:37:86:90:b3:95:ef:a9:fb:fc:40:ca:34:43:61:ea:8d:
bf:08:0f:91:26:23:21:44:c4:0b:2a:45:f6:e1:2a:2c:83:30:
5c:5d:25:1f:ba:12:97:01:e7:35:51:b9:2c:4e:98:64:1a:10:
93:84:a0:62:96:5a:45:e4:de:1b:50:39:32:45:38:34:02:84:
12:03:03:f7:a3:6c:20:5e:97:13:68:6a:f7:ca:71:91:dc:de:
05:83:ae:56
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBc0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEQ4MDgxMTAvBgNVBAUTKDA3MjVGMjQ5MTgwMTUwNTE4NUM5MDY5QTQwMTM2MzVD
MzhCNTZCNzIwHhcNMjMwOTE3MTY1NzQ1WhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTA3MzAwOS02ZTY4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4GT2jkm2rHZTARWLCi3PceDN2Q3pcuLPSuMcUeN5ytotCH4LuoA+7G4c1+A5
9fiNVGj7q9p7Jj0+jsy9hGgiHvA+OPjZwIIwbCFkwl5I+Zd+FICuoNOBIoGBd/Cp
M3AOCXF+vLT1uGEkV/Gcc0kadLSyWvGskM9Ub4hXJqi7fJr0pahYLZj7q3zynYaY
ihIV1Q41JzrIeJen8s51yXKaaX+6bXn9zgh8gR6hoKbYGuE2T9IUb3keUag8aEGj
PdiYmZo510gCO59Q38d5jMsS7J+RgxKNpwApKZjMS0wbMKFVIrSNBCfBiwGeLmHe
7wI3yMv+gTUCjlvqtcJQ62hZwQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFPLmxMEf
0kiJdxmBmQubnQ42L9X+MB8GA1UdIwQYMBaAFAcl8kkYAVBRhckGmkATY1w4tWty
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RDgwOC9FMjZCNDY0MkY0
QjIxMUU5QkYzQ0U1NjNDNEY5QUUwMi9CeVh5U1JnQlVGR0Z5UWFhUUJOalhEaTFh
M0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0J5WHlTUmdCVUZHRnlRYWFRQk5qWERpMWEzSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEQ4MDgvRTI2QjQ2NDJGNEIyMTFFOUJGM0NFNTYzQzRGOUFFMDIvMkVEMkU5RjQ1
NTdCMTFFRTg2MTFEQzVFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnaIwDBAFnaI4wDQYJKoZIhvcNAQELBQADggEBAF2MwTnI
a6GPSNV6sovHju9kHlhMEzr0KHEW4qP2xA0UPSo/g0h4YIRqr/dbYz+pkSfu2rWP
z/0zlEVFC+rGLsLfEDtA81uiuNWMCQExvMA8YiIafHqYNgtf+7e5DLIp5xNF/XhF
1cCC1bzfup6TUkzT5AwtspLCMdIt8jVK0M8z122K4lw6Q0VMvx735/Ia9j6fD1rK
WyZ33BRw7S+agjXNVtosN4aQs5Xvqfv8QMo0Q2Hqjb8ID5EmIyFExAsqRfbhKiyD
MFxdJR+6EpcB5zVRuSxOmGQaEJOEoGKWWkXk3htQOTJFODQChBIDA/ejbCBelxNo
avfKcZHc3gWDrlY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:26 2024 by rpki-client on console-ams.rpki-client.org