Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/40D76E9244DD11EB9B13D16BC4F9AE02.roa
File: 40D76E9244DD11EB9B13D16BC4F9AE02.roa (raw, json)
Hash identifier: wwjeEDSiZy3cNTI8V9+njtYpITazaOe4ZU/2yDvvhFc=
Subject key identifier: 48:9E:DB:BD:15:DD:AE:04:66:A7:53:83:D7:E7:56:4C:0B:6D:D7:91
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 5041
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/40D76E9244DD11EB9B13D16BC4F9AE02.roa
Signing time: Mon 16 May 2022 04:10:08 +0000
ROA not before: Mon 16 May 2022 04:10:08 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 135242
IP address blocks: 103.213.208.0/22 maxlen: 24
2404:f540::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20545 (0x5041)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 16 04:10:08 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6281ce9f-0376
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:2f:49:19:bc:0d:c0:fa:55:83:2b:cf:51:17:
84:8e:ed:20:89:05:7a:17:eb:8c:db:a4:36:6f:ae:
2e:fd:30:0c:23:6c:5d:d6:2a:c0:3d:2f:91:19:70:
5f:bf:30:84:3c:cc:1a:19:55:0c:ff:06:ec:73:bb:
81:27:a7:3c:14:8f:a8:83:2a:46:5e:2c:df:99:73:
e1:cf:b0:3e:50:06:d0:14:50:f2:3b:c3:f7:c9:b1:
84:d2:61:e3:04:f1:69:19:54:1b:a6:e5:cd:f3:47:
0b:da:81:df:22:a6:c0:ec:f0:d2:d3:23:42:69:2d:
4a:0d:7d:e7:14:69:48:a2:f5:97:75:3c:70:db:3e:
58:c9:67:6e:6e:d8:72:8c:5a:6d:75:7a:09:bb:eb:
fb:eb:6b:40:c3:46:ee:eb:d7:83:a8:cd:08:13:c4:
3b:15:35:78:ba:06:95:b1:a7:42:03:fe:95:21:93:
d7:7c:b7:05:99:1f:f7:5a:b0:98:dd:03:48:d3:04:
a3:98:ea:c1:27:c9:98:a0:4f:fb:a0:5f:7e:8c:2c:
d0:ff:fd:05:9a:79:93:f6:d1:37:ab:04:3a:56:21:
63:d8:6f:ff:3a:6c:f2:7c:e6:f2:c0:a3:11:dc:d7:
fa:5a:b7:d8:55:85:3f:04:b8:ec:d2:67:91:7d:84:
e2:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:9E:DB:BD:15:DD:AE:04:66:A7:53:83:D7:E7:56:4C:0B:6D:D7:91
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/40D76E9244DD11EB9B13D16BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.213.208.0/22
IPv6:
2404:f540::/32
Signature Algorithm: sha256WithRSAEncryption
3d:9b:0d:7e:1d:bc:d6:ca:94:36:a8:cf:4b:63:5b:7a:f2:23:
40:36:0c:a3:eb:22:10:a1:ab:f2:50:30:95:ed:21:30:ea:bc:
95:34:99:33:28:c6:3f:04:b7:41:ca:84:ad:4d:b0:70:46:d7:
ef:e4:23:c5:e6:b1:9e:dd:46:f0:d3:38:4c:2a:33:2c:5f:cc:
41:ee:72:f0:f7:b8:86:6a:d5:a9:5c:fb:5f:ca:26:e0:41:b2:
6d:9f:23:f2:f4:02:dd:95:4e:61:1e:80:b8:8e:c7:e9:b6:11:
95:9b:3d:fe:e1:1d:6a:a7:26:96:8c:24:6d:10:2b:54:cf:97:
88:40:d2:36:62:ae:be:e2:ab:81:8d:2a:9a:1d:47:40:9d:ca:
e9:f9:39:4a:f7:a7:91:9a:83:06:b7:89:38:10:60:3d:b6:59:
a2:8a:73:57:db:11:0d:19:9b:65:64:e4:87:bd:57:6a:3d:9b:
a8:96:e4:98:dc:e2:9c:5e:e4:c2:8c:9c:6a:90:8e:f8:88:1f:
42:39:0b:54:07:c9:64:95:fe:3d:74:ad:0c:aa:44:1e:a0:33:
7f:55:ff:be:17:04:2b:0e:6d:f4:6f:f7:69:87:11:5f:22:ca:
15:99:4d:68:c4:90:08:e4:ca:49:10:e6:1c:bc:00:3c:d0:94:
53:d1:f2:68
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICUEEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwNTE2MDQxMDA4WhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjgxY2U5Zi0wMzc2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0y9JGbwNwPpVgyvPUReEju0giQV6F+uM26Q2b64u/TAMI2xd1irAPS+RGXBf
vzCEPMwaGVUM/wbsc7uBJ6c8FI+ogypGXizfmXPhz7A+UAbQFFDyO8P3ybGE0mHj
BPFpGVQbpuXN80cL2oHfIqbA7PDS0yNCaS1KDX3nFGlIovWXdTxw2z5YyWdubthy
jFptdXoJu+v762tAw0bu69eDqM0IE8Q7FTV4ugaVsadCA/6VIZPXfLcFmR/3WrCY
3QNI0wSjmOrBJ8mYoE/7oF9+jCzQ//0FmnmT9tE3qwQ6ViFj2G//OmzyfObywKMR
3Nf6WrfYVYU/BLjs0meRfYTiPQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFEie270V
3a4EZqdTg9fnVkwLbdeRMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvNDBENzZFOTI0
NEREMTFFQjlCMTNEMTZCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJn1dAwDQQCAAIwBwMFACQE9UAwDQYJKoZIhvcNAQELBQAD
ggEBAD2bDX4dvNbKlDaoz0tjW3ryI0A2DKPrIhChq/JQMJXtITDqvJU0mTMoxj8E
t0HKhK1NsHBG1+/kI8XmsZ7dRvDTOEwqMyxfzEHucvD3uIZq1alc+1/KJuBBsm2f
I/L0At2VTmEegLiOx+m2EZWbPf7hHWqnJpaMJG0QK1TPl4hA0jZirr7iq4GNKpod
R0Cdyun5OUr3p5Gagwa3iTgQYD22WaKKc1fbEQ0Zm2Vk5Ie9V2o9m6iW5Jjc4pxe
5MKMnGqQjviIH0I5C1QHyWSV/j10rQyqRB6gM39V/74XBCsObfRv92mHEV8iyhWZ
TWjEkAjkykkQ5hy8ADzQlFPR8mg=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:51 2023 by rpki-client on console-ams.rpki-client.org