Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2F8EA49ABE6411EDA960E00BC4F9AE02.roa
File: 2F8EA49ABE6411EDA960E00BC4F9AE02.roa (raw, json)
Hash identifier: YRDG8MtUnV+hsbuuvaP1F6Uh2Dr5NTdhLw9zCSgoq/M=
Subject key identifier: 7B:7A:83:6D:82:5A:4B:DC:19:D3:49:7E:20:D3:11:F4:4D:83:72:8A
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 665C
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2F8EA49ABE6411EDA960E00BC4F9AE02.roa
Signing time: Thu 09 Mar 2023 10:21:42 +0000
ROA not before: Thu 09 Mar 2023 10:21:42 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 149226
IP address blocks: 103.184.110.0/23 maxlen: 23
103.184.132.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26204 (0x665c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Mar 9 10:21:42 2023 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6409b336-bda2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:30:cd:8d:a8:d1:39:d6:41:d1:d8:35:17:2e:
48:5a:f6:ce:ef:07:24:e3:2d:28:97:d0:06:70:5a:
58:71:e8:23:f9:b1:9c:38:8d:53:31:ba:cc:68:27:
fc:5c:70:da:66:f7:7c:18:9d:2d:4d:e2:59:09:25:
57:2f:80:d6:0b:1b:c1:d7:6f:9e:0c:4f:0d:d8:56:
5e:96:8f:c8:0b:86:d0:98:48:36:34:b2:70:a8:56:
d0:e1:1a:d3:28:d5:0a:a0:4d:e8:76:6d:36:fe:ef:
1f:db:f6:87:fd:c7:71:91:ea:70:ab:3d:30:79:75:
5a:ca:82:70:91:c0:c0:93:f9:3d:a9:45:b6:8d:d4:
9a:74:f0:37:d1:8a:10:1f:81:97:5e:a9:de:a0:51:
83:d2:42:bf:0a:44:08:2b:2b:11:8f:77:97:22:ee:
4e:a2:09:af:bf:86:c1:1c:0d:89:ce:ab:5d:2a:d7:
98:6c:5e:35:79:cd:29:40:51:79:b7:10:a4:f2:32:
92:03:6a:1d:1a:99:1e:9b:ae:a4:1b:ac:d7:96:25:
07:16:4b:05:e4:4c:c6:99:97:24:67:09:29:0a:d1:
99:d0:6e:99:56:eb:ab:24:b7:16:ed:c0:98:fb:55:
ad:55:07:a0:99:29:59:cb:87:7f:7a:01:ab:bf:22:
0f:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:7A:83:6D:82:5A:4B:DC:19:D3:49:7E:20:D3:11:F4:4D:83:72:8A
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2F8EA49ABE6411EDA960E00BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.184.110.0/23
103.184.132.0/23
Signature Algorithm: sha256WithRSAEncryption
85:ab:75:64:bd:9d:de:a7:a0:39:d3:10:17:5a:97:fd:71:d9:
ee:9b:56:98:8c:2d:a9:80:fc:51:11:a9:1d:f9:57:87:25:70:
7a:71:12:e4:1e:79:82:92:46:b5:c2:db:dc:65:e0:ec:f3:c4:
5f:af:ce:52:01:51:83:8c:29:ba:3b:5d:6c:d4:0a:ee:70:bc:
6d:6b:28:a6:49:ec:ce:a0:b7:46:cc:52:f4:c1:b5:15:49:eb:
ae:6f:fa:00:1f:f8:47:f2:11:84:f4:c8:55:47:a9:74:c4:f1:
be:08:e3:d8:ac:03:db:59:f1:db:61:74:25:23:c8:54:67:e3:
f7:64:3f:e6:e8:b5:1c:08:43:9c:b8:76:6e:06:9c:4a:67:2b:
0a:88:6e:be:5e:67:e0:1c:8e:53:e2:b4:67:65:10:d1:81:92:
19:5f:b5:ee:49:9e:34:f2:a2:88:db:b3:7d:32:6c:aa:1c:fc:
80:6a:b7:74:ae:fd:9d:a2:8d:26:c2:41:67:69:25:27:2f:97:
ef:f2:10:55:aa:4f:84:7f:b5:f4:31:42:d9:a6:6b:c6:66:7b:
e4:c0:4f:96:5a:6d:ac:42:23:00:24:d3:f0:79:68:9a:5a:c0:
90:72:29:d9:2b:ad:18:a1:4e:93:b4:bb:61:36:ee:3e:fe:d5:
3c:5d:91:cc
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICZlwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwMzA5MTAyMTQyWhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDA5YjMzNi1iZGEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnjDNjajROdZB0dg1Fy5IWvbO7wck4y0ol9AGcFpYcegj+bGcOI1TMbrMaCf8
XHDaZvd8GJ0tTeJZCSVXL4DWCxvB12+eDE8N2FZelo/IC4bQmEg2NLJwqFbQ4RrT
KNUKoE3odm02/u8f2/aH/cdxkepwqz0weXVayoJwkcDAk/k9qUW2jdSadPA30YoQ
H4GXXqneoFGD0kK/CkQIKysRj3eXIu5Oogmvv4bBHA2JzqtdKteYbF41ec0pQFF5
txCk8jKSA2odGpkem66kG6zXliUHFksF5EzGmZckZwkpCtGZ0G6ZVuurJLcW7cCY
+1WtVQegmSlZy4d/egGrvyIPjwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFHt6g22C
WkvcGdNJfiDTEfRNg3KKMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvMkY4RUE0OUFC
RTY0MTFFREE5NjBFMDBCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAFnuG4DBAFnuIQwDQYJKoZIhvcNAQELBQADggEBAIWrdWS9
nd6noDnTEBdal/1x2e6bVpiMLamA/FERqR35V4clcHpxEuQeeYKSRrXC29xl4Ozz
xF+vzlIBUYOMKbo7XWzUCu5wvG1rKKZJ7M6gt0bMUvTBtRVJ665v+gAf+EfyEYT0
yFVHqXTE8b4I49isA9tZ8dthdCUjyFRn4/dkP+botRwIQ5y4dm4GnEpnKwqIbr5e
Z+AcjlPitGdlENGBkhlfte5JnjTyoojbs30ybKoc/IBqt3Su/Z2ijSbCQWdpJScv
l+/yEFWqT4R/tfQxQtmma8Zme+TAT5ZabaxCIwAk0/B5aJpawJByKdkrrRihTpO0
u2E27j7+1Txdkcw=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:51 2023 by rpki-client on console-fra.rpki-client.org