Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/184AD3DAD40A11EBA7FE016FC4F9AE02.roa
File: 184AD3DAD40A11EBA7FE016FC4F9AE02.roa (raw, json)
Hash identifier: wDQCcCGiLAr+EP+e4kJZ65ysaMAXIjk8dPqMZmp1kHk=
Subject key identifier: 1E:6B:68:93:D2:48:41:D2:EF:6F:1C:AA:84:14:26:95:50:35:E0:B8
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 53A1
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/184AD3DAD40A11EBA7FE016FC4F9AE02.roa
Signing time: Mon 16 May 2022 04:26:11 +0000
ROA not before: Mon 16 May 2022 04:26:11 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 142465
IP address blocks: 103.168.162.0/24 maxlen: 24
2407:93c0::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21409 (0x53a1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 16 04:26:11 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6281d263-2b69
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:af:44:25:1b:a4:76:9b:18:da:ea:8f:10:a3:
a6:03:d7:97:ef:01:7f:7d:85:ae:da:52:23:4b:26:
de:70:78:87:fc:06:35:84:99:4d:a6:f9:12:ff:9f:
5e:1f:38:45:a5:48:09:d4:35:f7:82:47:9d:0a:fe:
a9:9a:da:c6:c6:4a:f4:52:50:7d:10:f5:23:30:3c:
8f:0e:de:74:3a:c2:2a:58:a7:8b:78:13:71:2e:ba:
34:a3:d9:5b:df:03:c0:f3:d4:82:3e:9b:18:2e:4d:
67:6f:3e:7c:2b:a7:67:1d:3c:fc:e9:cf:24:31:ad:
85:d6:cd:1a:32:cf:3a:f8:60:38:e8:b4:e9:38:ff:
3f:33:a6:4b:16:b4:a2:80:f4:95:b8:b5:28:b6:f1:
02:36:e9:b5:8d:93:63:7a:99:d9:73:8a:c4:df:dd:
e2:a6:08:7c:d6:c8:06:88:25:cc:ba:85:40:ba:e9:
c1:35:63:4b:54:11:1b:d9:e8:2a:a7:f1:3d:d6:ca:
60:ac:f3:b2:fd:74:55:22:40:57:55:76:1f:81:e8:
75:57:a0:69:28:af:c0:e4:de:ad:88:0a:27:9c:a0:
ba:07:b8:29:01:63:9b:ef:97:90:d8:74:56:54:df:
65:58:5d:89:af:83:26:3c:b5:d1:0f:b3:23:54:31:
4a:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:6B:68:93:D2:48:41:D2:EF:6F:1C:AA:84:14:26:95:50:35:E0:B8
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/184AD3DAD40A11EBA7FE016FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.168.162.0/24
IPv6:
2407:93c0::/48
Signature Algorithm: sha256WithRSAEncryption
10:af:e4:af:a1:38:70:df:97:a0:ec:72:e4:4a:87:b4:bf:20:
43:4b:6a:f5:85:d1:ee:a4:3b:05:76:c7:46:8c:c3:e9:fb:e8:
a1:43:30:e5:a7:21:8e:e2:ad:c4:03:01:d3:41:64:0a:50:79:
ad:fe:f6:32:38:06:e2:18:83:b3:d5:4d:37:b5:a1:aa:8a:a1:
dd:4d:55:76:c6:d2:ce:fb:07:3a:4c:11:85:c7:f6:5f:85:c4:
95:aa:3c:2d:b7:5f:14:9f:e8:2f:11:52:22:9c:c9:e8:2c:a6:
26:e7:31:ad:90:0d:07:c8:62:87:8f:ec:22:e9:57:d9:d9:60:
b8:8f:23:3d:60:aa:36:c5:11:6a:5c:f7:bb:cc:ee:db:12:8f:
1e:e4:a9:e4:df:80:44:fd:08:0c:d5:17:e8:8e:ee:d2:e9:1b:
f5:19:c6:f7:88:06:c5:25:90:9c:8b:54:27:1e:91:73:60:e1:
79:1a:7c:cf:80:ae:be:d3:4c:f9:83:96:b6:58:a4:80:b7:63:
ca:e9:a6:cb:9d:f9:af:2c:d2:4f:1a:80:70:15:6c:85:f3:a1:
11:33:b3:e7:4b:db:95:25:c6:99:d8:60:0c:74:09:7a:36:92:
3e:eb:ac:4b:92:49:79:6b:da:df:80:2f:f7:6f:28:15:b3:95:
3d:77:92:1b
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICU6EwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwNTE2MDQyNjExWhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjgxZDI2My0yYjY5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7a9EJRukdpsY2uqPEKOmA9eX7wF/fYWu2lIjSybecHiH/AY1hJlNpvkS/59e
HzhFpUgJ1DX3gkedCv6pmtrGxkr0UlB9EPUjMDyPDt50OsIqWKeLeBNxLro0o9lb
3wPA89SCPpsYLk1nbz58K6dnHTz86c8kMa2F1s0aMs86+GA46LTpOP8/M6ZLFrSi
gPSVuLUotvECNum1jZNjepnZc4rE393ipgh81sgGiCXMuoVAuunBNWNLVBEb2egq
p/E91spgrPOy/XRVIkBXVXYfgeh1V6BpKK/A5N6tiAonnKC6B7gpAWOb75eQ2HRW
VN9lWF2Jr4MmPLXRD7MjVDFKAwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFB5raJPS
SEHS728cqoQUJpVQNeC4MB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvMTg0QUQzREFE
NDBBMTFFQkE3RkUwMTZGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBABnqKIwDwQCAAIwCQMHACQHk8AAADANBgkqhkiG9w0BAQsF
AAOCAQEAEK/kr6E4cN+XoOxy5EqHtL8gQ0tq9YXR7qQ7BXbHRozD6fvooUMw5ach
juKtxAMB00FkClB5rf72MjgG4hiDs9VNN7Whqoqh3U1VdsbSzvsHOkwRhcf2X4XE
lao8LbdfFJ/oLxFSIpzJ6CymJucxrZANB8hih4/sIulX2dlguI8jPWCqNsURalz3
u8zu2xKPHuSp5N+ARP0IDNUX6I7u0ukb9RnG94gGxSWQnItUJx6Rc2DheRp8z4Cu
vtNM+YOWtlikgLdjyummy535ryzSTxqAcBVshfOhETOz50vblSXGmdhgDHQJejaS
PuusS5JJeWva34Av928oFbOVPXeSGw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:48 2023 by rpki-client on console-ams.rpki-client.org