Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/78FE85760F2511ED8B465148C4F9AE02.roa
File: 78FE85760F2511ED8B465148C4F9AE02.roa (raw, json)
Hash identifier: hjr7S875qmRDzbYJj4Ys2chZ8CYBStT+ZbCLzyiRy1E=
Subject key identifier: 3C:FA:1C:93:39:DB:DC:A8:DA:22:49:9D:E4:43:FE:4E:61:AD:8B:AA
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 6350
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/78FE85760F2511ED8B465148C4F9AE02.roa
Signing time: Wed 18 Jan 2023 04:21:36 +0000
ROA not before: Wed 18 Jan 2023 04:21:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 132335
IP address blocks: 43.230.200.0/24 maxlen: 24
43.230.201.0/24 maxlen: 24
43.230.202.0/24 maxlen: 24
43.230.203.0/24 maxlen: 24
45.64.104.0/22 maxlen: 24
45.120.136.0/22 maxlen: 24
103.12.211.0/24 maxlen: 24
103.13.112.0/22 maxlen: 24
103.26.204.0/22 maxlen: 24
103.87.172.0/24 maxlen: 24
103.105.22.0/24 maxlen: 24
103.152.79.0/24 maxlen: 24
103.165.119.0/24 maxlen: 24
103.173.68.0/24 maxlen: 24
103.182.162.0/24 maxlen: 24
103.182.163.0/24 maxlen: 24
103.187.238.0/24 maxlen: 24
103.250.184.0/23 maxlen: 24
103.250.186.0/24 maxlen: 24
2001:df0:c1c0::/48 maxlen: 48
2001:df2:1000::/48 maxlen: 48
2001:df2:1001::/48 maxlen: 48
2405:7140::/48 maxlen: 48
2405:7140:1::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25424 (0x6350)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Jan 18 04:21:36 2023 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=63c773d0-5027
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:13:a2:de:0b:bb:24:72:d9:9e:76:21:0a:21:
ba:60:f1:4f:b7:83:31:62:cc:cb:e5:a4:1d:7f:71:
c8:64:99:b8:aa:6d:7c:db:f3:34:ac:24:a3:ad:9f:
2e:b5:63:12:74:fb:42:2e:df:c5:c6:70:e6:d4:79:
2a:4f:b7:7f:90:15:2c:d9:41:be:d7:9d:65:ad:c2:
25:6a:be:55:3e:b4:bc:1e:03:ac:1f:9a:ca:b0:1c:
93:97:42:d5:b8:9d:96:9a:9f:5c:76:a9:dc:ea:de:
95:83:c9:2c:3b:fa:24:90:73:e1:ce:d4:45:f3:fc:
92:39:5e:2a:96:61:62:e2:ee:79:c9:5e:ff:87:ed:
72:b1:1a:cd:b8:ad:be:41:63:fd:98:41:b7:f1:a0:
35:a4:1f:d6:08:ae:55:4e:8b:b2:7f:6b:4b:7a:a6:
3e:c0:ab:74:42:3f:ee:0f:aa:61:f5:7a:65:c7:91:
e3:b6:c3:ca:f9:a8:f6:1e:de:bf:b1:7c:54:43:42:
26:74:8b:99:42:84:7c:14:9d:41:8e:64:62:c2:0f:
cc:2d:77:52:85:e0:0f:28:f2:f6:13:68:5d:2b:fa:
b1:61:70:6c:85:aa:f9:e6:ca:07:33:70:cd:21:96:
43:76:8b:64:33:d6:65:45:3a:60:35:26:cd:f5:65:
b9:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:FA:1C:93:39:DB:DC:A8:DA:22:49:9D:E4:43:FE:4E:61:AD:8B:AA
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/78FE85760F2511ED8B465148C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.230.200.0/22
45.64.104.0/22
45.120.136.0/22
103.12.211.0/24
103.13.112.0/22
103.26.204.0/22
103.87.172.0/24
103.105.22.0/24
103.152.79.0/24
103.165.119.0/24
103.173.68.0/24
103.182.162.0/23
103.187.238.0/24
103.250.184.0-103.250.186.255
IPv6:
2001:df0:c1c0::/48
2001:df2:1000::/47
2405:7140::/47
Signature Algorithm: sha256WithRSAEncryption
a6:b3:07:72:68:20:f9:97:ac:8f:55:d1:fd:67:1b:57:33:31:
91:2c:2b:7e:86:66:cc:da:79:33:4e:b7:fb:d0:37:24:38:21:
ca:8b:0f:3c:7f:a4:11:32:12:24:5d:1a:0d:6b:93:25:c6:33:
fc:9d:0f:35:5d:38:36:6f:db:18:5a:c0:92:f9:b7:34:1e:28:
eb:e0:68:8d:14:4c:23:b7:63:f3:de:b2:98:03:32:16:a7:0b:
77:72:cf:9f:c2:33:b9:43:aa:82:69:a2:f6:79:12:26:e4:a5:
42:91:65:74:da:d9:ff:b8:78:97:27:b0:94:00:39:08:cf:fa:
74:d7:0f:b1:ad:07:78:99:48:ae:35:70:3f:e5:66:46:6e:3c:
be:01:8e:1b:ab:86:e9:17:16:94:86:19:50:2b:9b:d2:69:22:
b4:98:bd:8e:87:e5:87:70:8d:3a:56:38:f5:6c:0b:92:46:72:
a0:b8:53:83:d0:4d:cc:5b:9e:e2:70:9f:f6:f2:10:6e:bb:2f:
bb:97:b0:68:14:f1:83:ce:61:db:8a:e4:ed:07:ef:6d:2f:e3:
6d:2e:04:b5:47:21:70:d7:0e:ba:ee:f8:73:be:a9:67:1b:ba:
c9:26:b3:e4:21:b9:fb:e0:f7:c4:ed:c7:67:bc:04:64:42:86:
1e:06:a1:69
-----BEGIN CERTIFICATE-----
MIIF7TCCBNWgAwIBAgICY1AwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwMTE4MDQyMTM2WhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2M3NzNkMC01MDI3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5xOi3gu7JHLZnnYhCiG6YPFPt4MxYszL5aQdf3HIZJm4qm182/M0rCSjrZ8u
tWMSdPtCLt/FxnDm1HkqT7d/kBUs2UG+151lrcIlar5VPrS8HgOsH5rKsByTl0LV
uJ2Wmp9cdqnc6t6Vg8ksO/okkHPhztRF8/ySOV4qlmFi4u55yV7/h+1ysRrNuK2+
QWP9mEG38aA1pB/WCK5VTouyf2tLeqY+wKt0Qj/uD6ph9Xplx5HjtsPK+aj2Ht6/
sXxUQ0ImdIuZQoR8FJ1BjmRiwg/MLXdSheAPKPL2E2hdK/qxYXBshar55soHM3DN
IZZDdotkM9ZlRTpgNSbN9WW5QQIDAQABo4IDETCCAw0wHQYDVR0OBBYEFDz6HJM5
29yo2iJJneRD/k5hrYuqMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvNzhGRTg1NzYw
RjI1MTFFRDhCNDY1MTQ4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZoGCCsGAQUFBwEHAQH/
BIGKMIGHMGIEAgABMFwDBAIr5sgDBAItQGgDBAIteIgDBABnDNMDBAJnDXADBAJn
GswDBABnV6wDBABnaRYDBABnmE8DBABnpXcDBABnrUQDBAFntqIDBABnu+4wDAME
A2f6uAMEAGf6ujAhBAIAAjAbAwcAIAEN8MHAAwcBIAEN8hAAAwcBJAVxQAAAMA0G
CSqGSIb3DQEBCwUAA4IBAQCmswdyaCD5l6yPVdH9ZxtXMzGRLCt+hmbM2nkzTrf7
0DckOCHKiw88f6QRMhIkXRoNa5MlxjP8nQ81XTg2b9sYWsCS+bc0Hijr4GiNFEwj
t2Pz3rKYAzIWpwt3cs+fwjO5Q6qCaaL2eRIm5KVCkWV02tn/uHiXJ7CUADkIz/p0
1w+xrQd4mUiuNXA/5WZGbjy+AY4bq4bpFxaUhhlQK5vSaSK0mL2Oh+WHcI06Vjj1
bAuSRnKguFOD0E3MW57icJ/28hBuuy+7l7BoFPGDzmHbiuTtB+9tL+NtLgS1RyFw
1w667vhzvqlnG7rJJrPkIbn74PfE7cdnvARkQoYeBqFp
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:53 2023 by rpki-client on console-ams.rpki-client.org