Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9A5A031C361E11EBB1A51E85C4F9AE02.roa
File: 9A5A031C361E11EBB1A51E85C4F9AE02.roa (raw, json)
Hash identifier: IJnmz2oRs8dQgDQxAUFnVjnDOvNq7OLnM/5gyNGbW0c=
Subject key identifier: 03:94:74:14:4E:64:CF:76:3A:16:D3:09:7A:98:B3:08:46:81:1D:F6
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 5025
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9A5A031C361E11EBB1A51E85C4F9AE02.roa
Signing time: Mon 16 May 2022 04:09:37 +0000
ROA not before: Mon 16 May 2022 04:09:37 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 135192
IP address blocks: 103.218.132.0/22 maxlen: 24
2001:df5:dd80::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20517 (0x5025)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 16 04:09:37 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6281ce81-1885
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fc:4f:97:17:91:92:9c:cd:6c:50:3b:07:60:ab:
69:ee:f1:b4:8c:b7:64:ba:6f:47:49:9c:45:5c:99:
e8:53:fe:16:73:56:2b:37:0e:45:98:bf:42:28:56:
44:c5:34:4f:3d:4a:8c:66:20:b4:79:48:9b:bc:52:
24:57:cc:b8:37:29:22:d2:81:cd:67:bf:ac:45:f5:
37:96:1d:3a:01:1d:2f:03:e0:d2:fc:72:67:bb:f8:
d8:10:af:59:6d:29:08:04:53:ac:85:74:31:3c:b2:
a1:65:8b:e7:90:a9:27:35:1e:ab:40:ef:12:43:fa:
07:b4:1b:a1:9e:6b:ab:04:26:a2:0d:ff:b7:5b:fc:
08:9c:ca:e6:5c:10:77:b7:1b:52:1f:0a:aa:aa:bd:
c5:a7:d0:a3:c2:27:53:71:78:d8:c5:f6:c0:42:3b:
ed:38:b9:cc:f4:ce:f4:73:12:d8:05:a7:3c:f5:17:
04:94:b2:98:a9:22:eb:6e:8c:02:49:9b:3f:77:3a:
85:64:05:e0:8f:fe:05:52:43:a9:37:44:ef:02:bc:
ae:77:3a:90:9e:6c:7e:e9:0f:a2:4e:39:8a:65:a6:
86:da:e5:11:66:42:09:ce:93:7d:3f:c0:98:63:2c:
19:4b:da:74:27:45:1d:00:be:39:e0:cc:fd:a5:35:
ad:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:94:74:14:4E:64:CF:76:3A:16:D3:09:7A:98:B3:08:46:81:1D:F6
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9A5A031C361E11EBB1A51E85C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.218.132.0/22
IPv6:
2001:df5:dd80::/48
Signature Algorithm: sha256WithRSAEncryption
2c:4a:1b:5d:4a:01:ba:50:63:6c:c9:37:49:08:94:f0:e2:27:
5b:93:9c:e7:19:af:72:9a:bb:12:7a:28:78:86:5e:fc:2c:ec:
76:df:0a:16:0e:0c:59:d6:90:9a:44:77:d3:7c:fc:ef:1c:ff:
b7:54:09:3c:dc:00:ff:d7:a2:d0:a9:2f:a4:d5:8b:47:2f:d1:
17:0c:d5:3a:59:7c:50:c9:d6:f0:a2:3e:5d:8c:8e:84:58:fe:
e7:7a:e8:8d:b7:3b:db:55:85:5d:04:16:f2:6b:51:7e:0b:9e:
77:a8:de:c1:04:6b:06:fb:c3:e9:b2:b4:f6:42:60:ad:1c:11:
f3:df:0b:05:06:1a:e0:9c:64:76:39:9e:c6:f3:96:91:be:8f:
15:e7:ae:45:2e:1e:00:00:11:ab:ec:f9:61:fa:cd:08:48:db:
e1:29:b0:63:1e:cc:b7:c1:e7:71:a5:5b:dc:d8:8a:f1:21:d9:
ec:3f:55:83:31:8f:58:27:e0:50:8a:c2:6e:9b:22:18:98:30:
0a:4e:78:4f:89:7d:ee:f9:7f:ae:ca:bf:a4:07:26:86:74:07:
42:43:78:87:53:7d:01:55:d4:18:50:1f:e2:a2:da:3c:61:d9:
00:0a:37:7e:c8:d9:94:ec:96:d9:41:0e:60:f4:50:f7:cb:45:
6f:e9:23:9e
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICUCUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwNTE2MDQwOTM3WhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjgxY2U4MS0xODg1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA/E+XF5GSnM1sUDsHYKtp7vG0jLdkum9HSZxFXJnoU/4Wc1YrNw5FmL9CKFZE
xTRPPUqMZiC0eUibvFIkV8y4Nyki0oHNZ7+sRfU3lh06AR0vA+DS/HJnu/jYEK9Z
bSkIBFOshXQxPLKhZYvnkKknNR6rQO8SQ/oHtBuhnmurBCaiDf+3W/wInMrmXBB3
txtSHwqqqr3Fp9CjwidTcXjYxfbAQjvtOLnM9M70cxLYBac89RcElLKYqSLrbowC
SZs/dzqFZAXgj/4FUkOpN0TvAryudzqQnmx+6Q+iTjmKZaaG2uURZkIJzpN9P8CY
YywZS9p0J0UdAL454Mz9pTWtxQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFAOUdBRO
ZM92OhbTCXqYswhGgR32MB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvOUE1QTAzMUMz
NjFFMTFFQkIxQTUxRTg1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAJn2oQwDwQCAAIwCQMHACABDfXdgDANBgkqhkiG9w0BAQsF
AAOCAQEALEobXUoBulBjbMk3SQiU8OInW5Oc5xmvcpq7EnooeIZe/Czsdt8KFg4M
WdaQmkR303z87xz/t1QJPNwA/9ei0KkvpNWLRy/RFwzVOll8UMnW8KI+XYyOhFj+
53rojbc721WFXQQW8mtRfgued6jewQRrBvvD6bK09kJgrRwR898LBQYa4Jxkdjme
xvOWkb6PFeeuRS4eAAARq+z5YfrNCEjb4SmwYx7Mt8HncaVb3NiK8SHZ7D9VgzGP
WCfgUIrCbpsiGJgwCk54T4l97vl/rsq/pAcmhnQHQkN4h1N9AVXUGFAf4qLaPGHZ
AAo3fsjZlOyW2UEOYPRQ98tFb+kjng==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:53 2023 by rpki-client on console-ams.rpki-client.org