Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/917DA88C477C11EC9513EF5CC4F9AE02.roa
File: 917DA88C477C11EC9513EF5CC4F9AE02.roa (raw, json)
Hash identifier: J1zcB5f8FPAWPK6wTKArgVluM2cu/QQGyCmWcH4rJNg=
Subject key identifier: D7:77:47:2B:4C:45:F1:33:C0:2C:DA:6C:9A:AF:BD:0C:6D:C7:85:87
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 4F91
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/917DA88C477C11EC9513EF5CC4F9AE02.roa
Signing time: Mon 16 May 2022 04:06:44 +0000
ROA not before: Mon 16 May 2022 04:06:44 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 134030
IP address blocks: 103.56.84.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20369 (0x4f91)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 16 04:06:44 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6281cdd4-e771
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:48:a7:c8:2c:4f:4d:de:1d:41:89:38:39:34:
cb:d8:05:fc:35:33:5c:27:70:97:a6:1d:b0:06:0c:
11:6e:1a:7e:65:7c:a0:0f:f3:53:f3:70:7d:c5:09:
d9:e8:d0:41:15:bc:cd:db:6a:2f:c7:69:09:73:6f:
70:e3:4c:76:cb:6e:7b:a4:f7:b4:80:96:00:1a:9e:
5b:e1:59:9d:9f:86:9d:04:88:5e:d1:31:e8:c6:ad:
24:4d:a9:e1:06:93:3c:38:ea:e3:d7:2a:22:09:f0:
0e:52:df:d5:b8:7a:52:17:b3:7b:4c:2f:85:84:30:
25:35:cf:6b:7f:55:cf:8e:52:03:f0:50:be:1c:6f:
15:ab:4d:02:7c:af:8c:e0:a9:26:c0:bb:b5:98:d4:
e8:cd:06:44:82:ba:dc:f5:eb:d4:af:da:93:97:9f:
02:d2:a0:40:a8:b3:c1:f3:f7:74:6f:d6:32:aa:42:
76:f2:c7:79:31:7a:5a:02:b3:21:7d:99:7b:24:83:
73:6c:9d:1c:d1:24:7a:a4:61:81:ed:8c:d7:48:e4:
cd:5e:be:5c:1c:91:35:87:24:e1:6a:f1:e1:90:2d:
67:cc:8b:9c:22:a6:91:b6:e6:ad:b4:48:d1:89:7d:
b3:b9:eb:cf:31:39:cd:bd:5e:4e:e9:dc:41:70:23:
9b:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:77:47:2B:4C:45:F1:33:C0:2C:DA:6C:9A:AF:BD:0C:6D:C7:85:87
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/917DA88C477C11EC9513EF5CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.56.84.0/22
Signature Algorithm: sha256WithRSAEncryption
3e:99:f7:1c:cf:5d:6f:a0:17:dc:5b:72:fa:90:91:46:8b:58:
80:f0:42:e0:ed:27:24:3c:c0:86:b0:cb:d6:ef:fa:cb:ce:03:
10:14:93:3c:e1:15:15:f8:43:2e:55:3f:72:87:79:0e:7b:77:
3f:47:e3:2e:71:b7:50:89:7a:61:15:ff:fb:f7:6a:7c:b3:8b:
b2:7f:d2:9b:42:2d:bc:a4:62:15:4c:98:0f:26:d4:57:c6:ab:
bf:5c:56:0a:ac:67:50:7d:46:8a:9b:f1:14:ff:ef:c3:cf:35:
90:45:94:f2:08:38:6c:04:bd:69:64:41:f3:78:85:b2:44:01:
cd:b6:5c:8c:8f:a6:b5:00:73:7a:10:e3:96:b6:3c:b2:44:88:
87:96:c0:cc:6d:16:f2:8f:77:68:8c:b4:2f:f6:82:46:d8:5a:
59:93:28:db:0b:be:5d:42:ed:8f:0f:48:78:26:77:01:c9:c8:
2c:c6:5e:14:70:ee:de:ed:2f:ad:82:e6:0e:8a:e3:dd:16:2e:
20:ad:47:62:40:f8:ad:49:52:cd:1b:85:63:c8:0d:95:82:1c:
a8:cb:c8:bb:55:39:69:40:94:77:ee:81:dc:25:27:18:92:8c:
55:b9:70:0f:68:25:07:e0:d3:f2:3b:15:d2:8b:dd:99:f9:9e:
6b:72:0e:11
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICT5EwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwNTE2MDQwNjQ0WhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjgxY2RkNC1lNzcxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqkinyCxPTd4dQYk4OTTL2AX8NTNcJ3CXph2wBgwRbhp+ZXygD/NT83B9xQnZ
6NBBFbzN22ovx2kJc29w40x2y257pPe0gJYAGp5b4Vmdn4adBIhe0THoxq0kTanh
BpM8OOrj1yoiCfAOUt/VuHpSF7N7TC+FhDAlNc9rf1XPjlID8FC+HG8Vq00CfK+M
4KkmwLu1mNTozQZEgrrc9evUr9qTl58C0qBAqLPB8/d0b9YyqkJ28sd5MXpaArMh
fZl7JINzbJ0c0SR6pGGB7YzXSOTNXr5cHJE1hyThavHhkC1nzIucIqaRtuattEjR
iX2zuevPMTnNvV5O6dxBcCObdwIDAQABo4IClTCCApEwHQYDVR0OBBYEFNd3RytM
RfEzwCzabJqvvQxtx4WHMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvOTE3REE4OEM0
NzdDMTFFQzk1MTNFRjVDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnOFQwDQYJKoZIhvcNAQELBQADggEBAD6Z9xzPXW+gF9xb
cvqQkUaLWIDwQuDtJyQ8wIawy9bv+svOAxAUkzzhFRX4Qy5VP3KHeQ57dz9H4y5x
t1CJemEV//v3anyzi7J/0ptCLbykYhVMmA8m1FfGq79cVgqsZ1B9Roqb8RT/78PP
NZBFlPIIOGwEvWlkQfN4hbJEAc22XIyPprUAc3oQ45a2PLJEiIeWwMxtFvKPd2iM
tC/2gkbYWlmTKNsLvl1C7Y8PSHgmdwHJyCzGXhRw7t7tL62C5g6K490WLiCtR2JA
+K1JUs0bhWPIDZWCHKjLyLtVOWlAlHfugdwlJxiSjFW5cA9oJQfg0/I7FdKL3Zn5
nmtyDhE=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:53 2023 by rpki-client on console-ams.rpki-client.org