Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/A2F644669FA011ED8F8B1779C4F9AE02.roa
File: A2F644669FA011ED8F8B1779C4F9AE02.roa (raw, json)
Hash identifier: ewOrOQCgYkiV5Ii6peGAuMhRU/iDM2TCucUWNjAZJL8=
Subject key identifier: D2:37:DD:6C:D9:3C:56:5F:A2:4E:8C:41:45:C4:CC:65:E5:61:B6:BF
Certificate issuer: /CN=A918D808/serialNumber=0725F2491801505185C9069A4013635C38B56B72
Certificate serial: 0547
Authority key identifier: 07:25:F2:49:18:01:50:51:85:C9:06:9A:40:13:63:5C:38:B5:6B:72
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ByXySRgBUFGFyQaaQBNjXDi1a3I.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/A2F644669FA011ED8F8B1779C4F9AE02.roa
Signing time: Sat 18 Mar 2023 16:26:37 +0000
ROA not before: Sat 18 Mar 2023 16:26:37 +0000
ROA not after: Wed 31 Jan 2024 00:00:00 +0000
asID: 61317
IP address blocks: 103.104.140.0/24 maxlen: 24
103.104.142.0/23 maxlen: 23
103.104.143.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1351 (0x547)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918D808/serialNumber=0725F2491801505185C9069A4013635C38B56B72
Validity
Not Before: Mar 18 16:26:37 2023 GMT
Not After : Jan 31 00:00:00 2024 GMT
Subject: CN=6415e63d-20f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:d5:e0:2c:2f:89:39:ba:c4:32:18:c8:3b:3e:
48:ec:dc:81:67:7f:dd:ca:49:e4:70:be:1c:17:c6:
35:19:e6:91:45:e7:9d:51:f3:2c:02:71:f8:ab:75:
74:cf:15:49:fb:14:ba:86:74:f3:24:73:58:15:ca:
a0:2f:5c:f3:91:e1:23:8d:75:30:37:15:b6:b7:e6:
d2:0d:2e:37:85:e5:4a:89:7f:3e:ba:3f:97:60:8c:
39:63:8c:8d:11:0e:82:34:11:0a:69:f9:a3:d1:16:
da:2b:5a:58:70:6a:c1:72:e4:a9:d1:4f:c3:0e:44:
a3:28:92:4e:25:fe:99:ef:d1:de:e1:2b:e1:09:0f:
0e:a2:21:52:61:69:63:31:4d:19:8a:d6:18:c9:77:
e9:c2:bb:f3:e1:eb:0b:98:6e:4d:ac:38:86:23:04:
39:d8:d3:19:38:6e:17:aa:27:e8:61:56:44:4b:85:
56:c3:6f:a4:9d:c4:2f:4e:2c:ab:92:89:2f:55:c5:
ed:9f:48:77:2d:8a:92:d6:22:2f:96:41:83:3a:28:
06:ae:90:a2:46:e0:fb:04:3a:87:18:fd:5b:25:73:
e8:54:b6:83:1e:23:1a:c7:18:19:ca:65:35:0e:66:
0d:52:e6:f9:9c:92:e4:ab:2a:f5:bb:06:a3:15:e4:
f4:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:37:DD:6C:D9:3C:56:5F:A2:4E:8C:41:45:C4:CC:65:E5:61:B6:BF
X509v3 Authority Key Identifier:
keyid:07:25:F2:49:18:01:50:51:85:C9:06:9A:40:13:63:5C:38:B5:6B:72
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/ByXySRgBUFGFyQaaQBNjXDi1a3I.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ByXySRgBUFGFyQaaQBNjXDi1a3I.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/A2F644669FA011ED8F8B1779C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.104.140.0/24
103.104.142.0/23
Signature Algorithm: sha256WithRSAEncryption
88:2d:e2:0f:f0:d0:c6:ca:d9:1d:d2:2f:3c:7c:71:e6:0b:24:
95:26:aa:ca:24:31:c6:a4:4f:0e:70:7c:de:32:16:96:83:1f:
c7:fb:91:68:f4:37:d1:3d:90:9d:5f:b6:df:a3:80:67:3f:e7:
fc:20:dd:6c:b1:5b:9f:e1:b2:42:3c:18:80:a5:f8:3e:42:2a:
e4:2a:9d:c5:9a:35:1f:2f:d5:4f:91:d0:40:ad:d0:61:79:16:
c6:bf:b5:0e:f6:af:93:b3:58:87:9c:eb:ff:6a:71:62:a2:d2:
07:2d:79:22:e8:d9:4a:e6:16:46:7a:31:0c:fc:7f:92:8e:df:
5b:5d:1e:09:4e:2c:4e:00:c9:86:17:e9:94:5a:37:96:e6:04:
0c:1d:dc:d4:10:0b:d9:5e:fb:0b:d3:80:98:72:ff:e3:fa:60:
61:d8:60:7b:94:04:eb:70:4e:54:00:c6:d1:bf:c0:02:0c:b9:
27:ed:58:fc:3f:4b:f9:d5:42:d9:1c:f4:cf:51:d6:3b:fe:28:
f7:54:21:7c:ca:9c:66:cb:dd:90:32:2a:8a:d0:5c:9f:dd:cd:
58:1d:5f:ef:7d:dc:06:80:21:e0:a3:eb:af:e3:ca:a6:49:88:
c6:10:7e:7f:a9:fe:6b:cd:a6:0c:56:be:78:45:e8:f3:87:30:
2f:d8:93:a5
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBUcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEQ4MDgxMTAvBgNVBAUTKDA3MjVGMjQ5MTgwMTUwNTE4NUM5MDY5QTQwMTM2MzVD
MzhCNTZCNzIwHhcNMjMwMzE4MTYyNjM3WhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDE1ZTYzZC0yMGYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAp9XgLC+JObrEMhjIOz5I7NyBZ3/dyknkcL4cF8Y1GeaRReedUfMsAnH4q3V0
zxVJ+xS6hnTzJHNYFcqgL1zzkeEjjXUwNxW2t+bSDS43heVKiX8+uj+XYIw5Y4yN
EQ6CNBEKafmj0RbaK1pYcGrBcuSp0U/DDkSjKJJOJf6Z79He4SvhCQ8OoiFSYWlj
MU0ZitYYyXfpwrvz4esLmG5NrDiGIwQ52NMZOG4XqifoYVZES4VWw2+kncQvTiyr
kokvVcXtn0h3LYqS1iIvlkGDOigGrpCiRuD7BDqHGP1bJXPoVLaDHiMaxxgZymU1
DmYNUub5nJLkqyr1uwajFeT0NwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFNI33WzZ
PFZfok6MQUXEzGXlYba/MB8GA1UdIwQYMBaAFAcl8kkYAVBRhckGmkATY1w4tWty
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RDgwOC9FMjZCNDY0MkY0
QjIxMUU5QkYzQ0U1NjNDNEY5QUUwMi9CeVh5U1JnQlVGR0Z5UWFhUUJOalhEaTFh
M0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0J5WHlTUmdCVUZHRnlRYWFRQk5qWERpMWEzSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEQ4MDgvRTI2QjQ2NDJGNEIyMTFFOUJGM0NFNTYzQzRGOUFFMDIvQTJGNjQ0NjY5
RkEwMTFFRDhGOEIxNzc5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnaIwDBAFnaI4wDQYJKoZIhvcNAQELBQADggEBAIgt4g/w
0MbK2R3SLzx8ceYLJJUmqsokMcakTw5wfN4yFpaDH8f7kWj0N9E9kJ1ftt+jgGc/
5/wg3WyxW5/hskI8GICl+D5CKuQqncWaNR8v1U+R0ECt0GF5Fsa/tQ72r5OzWIec
6/9qcWKi0gcteSLo2UrmFkZ6MQz8f5KO31tdHglOLE4AyYYX6ZRaN5bmBAwd3NQQ
C9le+wvTgJhy/+P6YGHYYHuUBOtwTlQAxtG/wAIMuSftWPw/S/nVQtkc9M9R1jv+
KPdUIXzKnGbL3ZAyKorQXJ/dzVgdX+993AaAIeCj66/jyqZJiMYQfn+p/mvNpgxW
vnhF6POHMC/Yk6U=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:15 2024 by rpki-client on console-fra.rpki-client.org