Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/25D74BBA04D311ECA1502259C4F9AE02.roa
File: 25D74BBA04D311ECA1502259C4F9AE02.roa (raw, json)
Hash identifier: OMorSRAVQH5fo8k3YaDRnCEJgYyWR/rTJKgU893ONBM=
Subject key identifier: 01:54:DA:F3:86:03:DF:08:A9:D4:FB:13:A3:73:3F:9A:C3:25:43:DB
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 4F90
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/25D74BBA04D311ECA1502259C4F9AE02.roa
Signing time: Mon 16 May 2022 04:06:43 +0000
ROA not before: Mon 16 May 2022 04:06:43 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 134028
IP address blocks: 45.118.9.0/24 maxlen: 24
103.58.40.0/22 maxlen: 23
103.58.41.0/24 maxlen: 24
103.58.42.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20368 (0x4f90)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 16 04:06:43 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6281cdd3-5d08
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:99:99:e3:7e:f8:4c:dc:42:b7:0e:9e:48:dd:
eb:65:f1:c5:2a:d5:7e:ab:7c:7a:da:f0:a2:cf:98:
a7:50:09:29:0e:65:2e:dc:6a:11:8d:43:48:42:47:
5c:b7:fe:b3:17:18:11:67:12:14:98:b0:04:16:02:
5b:c8:57:72:f2:6e:e0:b2:60:ee:7f:ac:d9:03:40:
11:40:30:93:c9:b8:c3:03:e0:08:52:3c:0d:11:bc:
66:1e:c2:7d:87:10:28:38:69:99:0d:b1:50:e1:54:
df:29:27:0e:43:c3:51:2c:af:cd:24:2f:44:97:71:
5e:4b:73:7d:13:ed:8a:61:5c:7b:9a:88:b9:e4:cc:
91:03:57:62:e2:9b:57:00:42:0a:65:a5:5e:9d:5b:
e3:cc:63:4b:bc:9a:18:37:3a:96:97:49:36:6e:e2:
fd:1e:05:a5:bb:f6:f1:06:35:50:a1:5e:b8:52:e3:
af:a0:92:b9:3d:e7:a8:5f:30:84:a5:69:6c:74:16:
ad:30:dd:0a:91:20:6d:32:89:44:17:29:9c:34:bb:
49:66:a6:31:df:3b:d8:6a:c2:43:32:3f:6b:14:8c:
d9:b0:12:8f:72:6d:f0:c9:c8:bc:fa:7d:dd:3c:cc:
68:bf:9d:47:b8:92:7f:b1:dd:17:2c:b1:64:dd:9e:
85:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:54:DA:F3:86:03:DF:08:A9:D4:FB:13:A3:73:3F:9A:C3:25:43:DB
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/25D74BBA04D311ECA1502259C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.118.9.0/24
103.58.40.0/22
Signature Algorithm: sha256WithRSAEncryption
b8:9b:d0:66:32:4e:e5:54:00:5a:cb:89:13:7c:6b:94:74:3a:
cb:a3:61:9f:0a:07:55:e4:59:66:fe:97:0f:45:3b:f5:c2:32:
af:04:d3:c0:83:da:59:01:7e:cf:19:f4:42:5c:33:92:0d:93:
86:be:06:b2:c0:28:8b:98:42:3e:af:8c:48:59:91:92:a2:3b:
8b:54:c0:7f:bc:68:fe:eb:ef:03:08:40:70:e2:48:28:84:34:
9c:38:e5:ab:6e:4a:4e:1d:78:b6:fa:84:e9:9f:ce:87:b9:90:
e7:d4:f1:b6:c5:f4:8f:68:d5:c1:8a:92:f3:7c:c7:17:8d:23:
2f:78:e4:0a:36:23:af:a9:5c:f7:5f:b3:28:cc:de:cc:c2:8f:
7f:d1:06:d0:86:e0:3e:65:fc:3f:85:3d:7d:a6:b4:e8:19:d5:
3d:08:d1:ba:d3:f3:81:05:a3:ed:0d:b2:f6:0a:de:de:25:e9:
c2:d2:43:10:8d:18:59:4b:74:be:58:ff:ba:70:d8:ef:53:6a:
c0:1b:15:c1:cd:92:eb:57:94:a8:96:19:0e:0d:92:f2:16:a7:
a6:b3:d7:a6:46:75:bd:f8:19:71:a7:7d:28:5a:38:f2:8e:ec:
e6:c1:92:56:22:f9:3d:ea:ce:4b:04:57:5e:9a:ad:48:b2:48:
fd:c0:d1:b7
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICT5AwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwNTE2MDQwNjQzWhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjgxY2RkMy01ZDA4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7ZmZ4374TNxCtw6eSN3rZfHFKtV+q3x62vCiz5inUAkpDmUu3GoRjUNIQkdc
t/6zFxgRZxIUmLAEFgJbyFdy8m7gsmDuf6zZA0ARQDCTybjDA+AIUjwNEbxmHsJ9
hxAoOGmZDbFQ4VTfKScOQ8NRLK/NJC9El3FeS3N9E+2KYVx7moi55MyRA1di4ptX
AEIKZaVenVvjzGNLvJoYNzqWl0k2buL9HgWlu/bxBjVQoV64UuOvoJK5PeeoXzCE
pWlsdBatMN0KkSBtMolEFymcNLtJZqYx3zvYasJDMj9rFIzZsBKPcm3wyci8+n3d
PMxov51HuJJ/sd0XLLFk3Z6FAwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFAFU2vOG
A98IqdT7E6NzP5rDJUPbMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvMjVENzRCQkEw
NEQzMTFFQ0ExNTAyMjU5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAAtdgkDBAJnOigwDQYJKoZIhvcNAQELBQADggEBALib0GYy
TuVUAFrLiRN8a5R0OsujYZ8KB1XkWWb+lw9FO/XCMq8E08CD2lkBfs8Z9EJcM5IN
k4a+BrLAKIuYQj6vjEhZkZKiO4tUwH+8aP7r7wMIQHDiSCiENJw45atuSk4deLb6
hOmfzoe5kOfU8bbF9I9o1cGKkvN8xxeNIy945Ao2I6+pXPdfsyjM3szCj3/RBtCG
4D5l/D+FPX2mtOgZ1T0I0brT84EFo+0NsvYK3t4l6cLSQxCNGFlLdL5Y/7pw2O9T
asAbFcHNkutXlKiWGQ4NkvIWp6az16ZGdb34GXGnfShaOPKO7ObBklYi+T3qzksE
V16arUiySP3A0bc=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:51 2023 by rpki-client on console-fra.rpki-client.org