Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3F6B45A6D90F11EDB2DBEA49C4F9AE02.roa
File: 3F6B45A6D90F11EDB2DBEA49C4F9AE02.roa (raw, json)
Hash identifier: xTsn43xPzTNnftrJfK1lJzLb80ZFfsVRn0f7d4Ghci8=
Subject key identifier: D2:C1:F3:36:83:35:A5:7E:96:7C:53:8F:3D:46:3B:0D:57:37:29:0B
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 684F
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3F6B45A6D90F11EDB2DBEA49C4F9AE02.roa
Signing time: Wed 12 Apr 2023 10:31:44 +0000
ROA not before: Wed 12 Apr 2023 10:31:44 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 132752
IP address blocks: 103.77.20.0/24 maxlen: 24
103.77.21.0/24 maxlen: 24
103.77.22.0/24 maxlen: 24
103.77.23.0/24 maxlen: 24
103.114.66.0/24 maxlen: 24
103.114.67.0/24 maxlen: 24
103.163.14.0/23 maxlen: 24
103.168.60.0/24 maxlen: 24
103.171.108.0/24 maxlen: 24
103.179.121.0/24 maxlen: 24
103.180.177.0/24 maxlen: 24
103.229.209.0/24 maxlen: 24
2400:3ce0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26703 (0x684f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Apr 12 10:31:44 2023 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=64368890-d101
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:3f:81:72:cc:4b:c2:79:73:73:68:ae:d0:d8:
a4:7e:64:7d:2a:a7:bb:5e:5b:73:3d:a6:dc:97:06:
00:64:eb:52:2a:1c:ba:37:8c:cc:09:26:55:93:8c:
50:43:58:5e:77:c9:f0:2b:0b:3a:c1:fb:1d:38:ab:
da:85:96:f8:5d:9d:8e:b1:5d:69:79:c6:16:6d:62:
b7:98:6f:66:9d:9b:ab:93:21:0f:ea:c6:86:b2:f5:
2e:23:08:db:b1:28:ad:3b:b5:f3:b5:f7:a3:6d:c4:
bd:24:cc:84:2b:ab:e9:d9:3f:0a:c7:c9:50:60:58:
71:be:7a:2b:ef:60:fa:4d:2b:02:ca:7b:e9:14:98:
80:14:27:5d:9d:cf:0e:c4:75:a7:53:00:2b:7a:39:
6e:61:2e:a7:7c:04:89:eb:de:d5:b1:9a:6b:35:fd:
c8:9e:f5:2c:26:51:70:b5:cb:8c:f4:7c:e8:41:44:
c5:a9:7d:2d:43:6b:bb:c5:17:63:b4:29:99:d6:cf:
66:00:e8:87:1d:c2:64:9c:55:f0:93:6b:17:5a:4f:
d3:79:0c:90:19:3d:30:bb:68:80:b3:08:88:06:31:
1d:eb:ca:82:7b:ff:cc:02:06:3a:48:7f:fe:a5:47:
50:98:38:28:06:df:af:12:d1:f7:5b:26:a8:c7:44:
66:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:C1:F3:36:83:35:A5:7E:96:7C:53:8F:3D:46:3B:0D:57:37:29:0B
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3F6B45A6D90F11EDB2DBEA49C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.77.20.0/22
103.114.66.0/23
103.163.14.0/23
103.168.60.0/24
103.171.108.0/24
103.179.121.0/24
103.180.177.0/24
103.229.209.0/24
IPv6:
2400:3ce0::/32
Signature Algorithm: sha256WithRSAEncryption
30:19:fb:f3:98:3d:ba:96:32:c2:29:4a:37:93:24:00:55:6c:
87:e5:38:d5:cc:7d:ed:5e:e9:c8:47:38:f4:f6:c3:fe:83:54:
d4:0e:a1:ed:63:66:7a:61:55:ae:71:99:74:ed:b8:14:b9:be:
61:1f:57:26:13:a5:cf:d9:51:28:74:00:31:15:9c:ed:7f:ad:
02:85:a1:f3:42:04:4f:c7:bd:33:12:59:7c:bf:18:52:39:90:
02:d6:ed:f4:8d:c2:57:4d:e5:87:cc:8e:d6:1e:a4:e0:f3:1d:
7b:03:4d:6e:20:45:a8:cb:cd:4e:a4:f3:8b:ed:fa:44:06:75:
13:bd:77:67:69:7f:b7:3a:70:19:0d:e1:ad:ea:2d:a4:c5:32:
2b:70:f7:e0:6b:7d:2c:73:14:a5:bb:e4:6e:f5:2e:15:29:43:
89:9c:fa:c8:eb:9e:d3:c2:ff:3c:05:96:e6:0c:17:fa:e7:ee:
b0:5e:00:99:60:b7:78:9c:24:f7:b1:6b:6a:6d:56:cb:86:09:
82:3c:63:78:f5:e4:74:d9:1a:2a:7d:a7:41:4b:dc:de:49:c7:
90:dd:56:03:c0:90:4a:76:a5:03:4b:92:10:d6:b5:bd:57:73:
9f:b1:53:50:2a:50:49:14:84:a4:78:76:4c:e3:5b:8e:4e:85:
7f:1a:13:7d
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgICaE8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwNDEyMTAzMTQ0WhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDM2ODg5MC1kMTAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtz+BcsxLwnlzc2iu0NikfmR9Kqe7XltzPabclwYAZOtSKhy6N4zMCSZVk4xQ
Q1hed8nwKws6wfsdOKvahZb4XZ2OsV1pecYWbWK3mG9mnZurkyEP6saGsvUuIwjb
sSitO7XztfejbcS9JMyEK6vp2T8Kx8lQYFhxvnor72D6TSsCynvpFJiAFCddnc8O
xHWnUwArejluYS6nfASJ697VsZprNf3InvUsJlFwtcuM9HzoQUTFqX0tQ2u7xRdj
tCmZ1s9mAOiHHcJknFXwk2sXWk/TeQyQGT0wu2iAswiIBjEd68qCe//MAgY6SH/+
pUdQmDgoBt+vEtH3Wyaox0RmDwIDAQABo4ICzjCCAsowHQYDVR0OBBYEFNLB8zaD
NaV+lnxTjz1GOw1XNykLMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvM0Y2QjQ1QTZE
OTBGMTFFREIyREJFQTQ5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWAYIKwYBBQUHAQcBAf8E
STBHMDYEAgABMDADBAJnTRQDBAFnckIDBAFnow4DBABnqDwDBABnq2wDBABns3kD
BABntLEDBABn5dEwDQQCAAIwBwMFACQAPOAwDQYJKoZIhvcNAQELBQADggEBADAZ
+/OYPbqWMsIpSjeTJABVbIflONXMfe1e6chHOPT2w/6DVNQOoe1jZnphVa5xmXTt
uBS5vmEfVyYTpc/ZUSh0ADEVnO1/rQKFofNCBE/HvTMSWXy/GFI5kALW7fSNwldN
5YfMjtYepODzHXsDTW4gRajLzU6k84vt+kQGdRO9d2dpf7c6cBkN4a3qLaTFMitw
9+BrfSxzFKW75G71LhUpQ4mc+sjrntPC/zwFluYMF/rn7rBeAJlgt3icJPexa2pt
VsuGCYI8Y3j15HTZGip9p0FL3N5Jx5DdVgPAkEp2pQNLkhDWtb1Xc5+xU1AqUEkU
hKR4dkzjW45OhX8aE30=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:52 2023 by rpki-client on console-fra.rpki-client.org