Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3E79D8803C0411EEAF1A6F59C4F9AE02.roa
File: 3E79D8803C0411EEAF1A6F59C4F9AE02.roa (raw, json)
Hash identifier: b7bhx6Zb8ohvHg4VJtqrP+ue0z8s6ODi3Qlw+M5cjoM=
Subject key identifier: 42:11:31:B7:DB:5F:3D:E4:2D:95:8D:8A:06:AD:76:D5:79:9D:D7:3E
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 7A5D
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3E79D8803C0411EEAF1A6F59C4F9AE02.roa
Signing time: Tue 19 Sep 2023 05:42:59 +0000
ROA not before: Tue 19 Sep 2023 05:42:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 133283
IP address blocks: 103.252.240.0/24 maxlen: 24
103.252.241.0/24 maxlen: 24
2001:df2:cfc0::/48 maxlen: 48
2001:df7:6300::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 31325 (0x7a5d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Sep 19 05:42:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=650934e3-c548
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:dd:64:05:1f:de:9d:b5:cd:f6:d6:01:d9:c6:
81:2a:88:bf:6b:41:6e:6a:95:2e:ef:c4:6d:2e:30:
00:92:7b:c7:9d:db:85:30:17:db:47:62:28:ce:b9:
ad:55:f5:19:6f:dd:32:af:f6:97:54:65:78:4f:1c:
ad:51:fe:b3:12:c1:7b:7d:4c:82:44:28:a6:c8:73:
87:8a:98:8e:dd:ca:8e:2f:75:0b:ce:c8:ad:5c:df:
25:cd:34:d3:bb:8b:c9:47:e4:47:72:ad:78:ef:4f:
b8:79:7d:ef:7f:f2:b4:69:1f:05:5c:8f:97:8d:44:
60:13:47:4b:13:a5:17:ee:ea:8c:9a:78:db:75:b1:
a3:41:ce:60:05:28:e2:7f:0d:cb:85:3d:d4:31:d0:
42:3a:51:1d:17:51:aa:0e:48:12:48:87:c6:3f:2e:
a0:f5:69:18:1d:2e:81:83:81:e7:cf:4d:d1:d8:59:
d5:d6:2d:e8:a7:b0:dd:4b:ec:f0:51:e8:c1:83:7c:
18:5f:48:2e:08:be:78:79:2e:13:12:46:7a:10:29:
99:a2:9c:7e:23:8f:9c:71:06:5c:71:d9:06:7a:ac:
4b:9b:f1:f7:6b:d0:8f:fc:a5:5a:a2:91:cb:7a:85:
4e:d5:72:59:c3:d3:d6:3d:63:02:ed:b3:e8:1f:1f:
1e:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:11:31:B7:DB:5F:3D:E4:2D:95:8D:8A:06:AD:76:D5:79:9D:D7:3E
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3E79D8803C0411EEAF1A6F59C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.252.240.0/23
IPv6:
2001:df2:cfc0::/48
2001:df7:6300::/48
Signature Algorithm: sha256WithRSAEncryption
6b:67:40:da:7b:78:48:b8:ab:45:20:00:8d:e0:26:a6:55:f9:
06:70:1f:f5:99:c5:2a:5c:f1:9b:a9:91:5f:84:e6:42:d3:0c:
c1:91:34:b0:7a:bc:4f:f4:f3:c5:39:0f:22:b5:35:de:41:46:
f7:a0:a8:ea:9f:48:40:d4:15:6d:fe:21:fa:b6:71:ec:70:60:
f9:d1:f4:f8:2a:33:6d:51:cb:3e:d3:e5:9c:9c:2b:c7:75:02:
8d:a8:e3:28:a6:5a:58:fa:af:a2:77:18:5d:f2:00:5b:8f:67:
e7:92:f4:1f:d6:c9:68:66:6a:85:0b:6f:ba:a5:0a:5c:e9:c7:
a4:82:9a:fe:4d:aa:8b:a8:35:f6:80:7d:e0:88:6a:3c:9b:66:
3e:57:6e:b2:ca:4c:fc:ad:19:95:7d:03:84:53:26:01:bf:70:
08:af:7e:f8:be:fa:23:ae:ff:8a:1f:13:c4:cb:58:88:ee:ee:
b2:6b:75:9f:cf:8d:81:b9:ee:a6:0a:de:22:47:e7:6b:77:c4:
c3:d3:5b:e3:09:64:3f:2b:77:f0:13:86:62:bd:b3:35:15:8b:
b0:1d:53:a9:dd:51:0a:84:2e:a0:69:8d:24:6a:f1:2d:a1:e0:
9c:a2:c5:04:7e:bb:d8:ba:c4:b3:24:c8:eb:07:af:81:04:df:
b0:8a:0d:c1
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICel0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwOTE5MDU0MjU5WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTA5MzRlMy1jNTQ4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArN1kBR/enbXN9tYB2caBKoi/a0FuapUu78RtLjAAknvHnduFMBfbR2Iozrmt
VfUZb90yr/aXVGV4TxytUf6zEsF7fUyCRCimyHOHipiO3cqOL3ULzsitXN8lzTTT
u4vJR+RHcq1470+4eX3vf/K0aR8FXI+XjURgE0dLE6UX7uqMmnjbdbGjQc5gBSji
fw3LhT3UMdBCOlEdF1GqDkgSSIfGPy6g9WkYHS6Bg4Hnz03R2FnV1i3op7DdS+zw
UejBg3wYX0guCL54eS4TEkZ6ECmZopx+I4+ccQZccdkGeqxLm/H3a9CP/KVaopHL
eoVO1XJZw9PWPWMC7bPoHx8evQIDAQABo4ICrzCCAqswHQYDVR0OBBYEFEIRMbfb
Xz3kLZWNigatdtV5ndc+MB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvM0U3OUQ4ODAz
QzA0MTFFRUFGMUE2RjU5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMAwEAgABMAYDBAFn/PAwGAQCAAIwEgMHACABDfLPwAMHACABDfdjADANBgkq
hkiG9w0BAQsFAAOCAQEAa2dA2nt4SLirRSAAjeAmplX5BnAf9ZnFKlzxm6mRX4Tm
QtMMwZE0sHq8T/TzxTkPIrU13kFG96Co6p9IQNQVbf4h+rZx7HBg+dH0+CozbVHL
PtPlnJwrx3UCjajjKKZaWPqvoncYXfIAW49n55L0H9bJaGZqhQtvuqUKXOnHpIKa
/k2qi6g19oB94IhqPJtmPldusspM/K0ZlX0DhFMmAb9wCK9++L76I67/ih8TxMtY
iO7usmt1n8+NgbnupgreIkfna3fEw9Nb4wlkPyt38BOGYr2zNRWLsB1Tqd1RCoQu
oGmNJGrxLaHgnKLFBH672LrEsyTI6wevgQTfsIoNwQ==
-----END CERTIFICATE-----
Generated at Wed Oct 25 20:17:47 2023 by rpki-client on console-ams.rpki-client.org