Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B4FC8412B80111EDAD8A0735C4F9AE02.roa
File: B4FC8412B80111EDAD8A0735C4F9AE02.roa (raw, json)
Hash identifier: OktvIIqe+mfzqqL1KVmWD+fl/twVkHinv8PKsvnwSOc=
Subject key identifier: D8:2B:94:3F:B4:41:BF:F3:CE:D3:EE:B9:6C:12:1E:09:BB:1B:B8:30
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 6F3E
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B4FC8412B80111EDAD8A0735C4F9AE02.roa
Signing time: Wed 10 May 2023 16:37:52 +0000
ROA not before: Wed 10 May 2023 16:37:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 141877
IP address blocks: 103.167.226.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28478 (0x6f3e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 10 16:37:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=645bc860-e31c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:d2:ea:b3:2e:0c:e2:5e:b8:0a:d2:81:06:c3:
24:cf:e0:24:3a:f5:70:15:b8:1e:d9:5a:2e:10:fb:
db:2b:96:d3:47:e8:5d:c0:53:51:41:46:e9:23:87:
ac:a6:d4:65:fc:18:4e:42:50:62:d1:c6:da:dc:37:
1b:e1:e0:2e:68:c5:ef:03:01:20:f5:93:d5:ae:80:
81:46:2f:c6:cb:ef:14:36:82:7f:5b:c8:0f:c1:41:
3c:f2:3e:97:14:d4:a9:54:d9:df:ab:9b:d3:b6:cb:
fd:3c:b0:8e:1c:58:cd:e8:ae:7f:d2:ee:c8:ea:3b:
bc:ce:65:df:a8:3a:25:4d:38:21:79:10:3e:1e:27:
b6:ff:5f:b1:e6:a1:f5:9d:24:73:bf:de:16:76:91:
d8:cf:11:0c:70:19:e2:34:b8:41:72:a8:de:51:c8:
af:bb:63:30:79:5a:d5:5a:cf:4e:9d:4d:a1:9d:77:
8d:d3:de:be:a1:c2:29:0c:aa:e6:4c:2e:09:ed:5f:
fd:f5:a7:a1:8b:b9:20:76:14:84:5f:a2:31:c9:0d:
f1:b2:8f:02:65:12:1c:e9:61:01:f5:29:27:5e:62:
91:59:98:45:a1:a1:79:c5:7b:ec:c4:fa:bb:ed:9e:
5b:34:8a:65:5a:d4:ea:59:80:e5:75:bc:de:58:45:
c0:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:2B:94:3F:B4:41:BF:F3:CE:D3:EE:B9:6C:12:1E:09:BB:1B:B8:30
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B4FC8412B80111EDAD8A0735C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.167.226.0/23
Signature Algorithm: sha256WithRSAEncryption
76:29:6a:5a:85:31:c9:d8:b7:c6:92:ac:08:78:ca:29:04:93:
c5:19:15:02:71:47:61:22:e3:6a:26:da:ff:9f:4b:1d:dc:f6:
2a:87:57:4a:fa:8c:ab:28:80:41:4a:d8:5f:2f:fb:6c:95:73:
58:be:60:ee:46:fe:a2:b8:7f:e6:86:88:e3:ba:f1:96:06:13:
d0:87:bf:4e:84:91:ba:1d:f5:bc:15:17:c1:c7:4d:95:7c:61:
c6:ba:48:10:74:d9:b7:8f:50:cf:e7:d1:98:bf:7e:2f:f1:f2:
83:93:42:85:61:63:34:51:d0:5a:9a:17:89:82:85:7f:32:bb:
23:81:ea:d4:aa:4f:35:d5:00:fe:ef:06:c8:fa:7e:29:aa:4d:
8f:6e:2c:40:4d:34:1c:34:d0:2f:be:69:75:80:2b:59:df:15:
8f:e9:95:01:b9:10:11:ed:5c:67:30:df:98:1b:19:17:37:7d:
e7:32:7a:98:97:21:04:0e:f9:2f:9a:42:5c:46:d4:eb:3c:c5:
53:4d:76:4e:50:3d:d1:f6:04:48:b6:2b:e6:da:b9:ba:5b:62:
e1:23:98:b3:65:92:55:26:70:ea:80:d0:f2:ed:70:07:e3:7e:
84:e0:3d:0c:2d:f9:11:8d:70:21:0c:cd:5c:b2:42:97:65:7d:
1e:f1:f2:dd
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICbz4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwNTEwMTYzNzUyWhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDViYzg2MC1lMzFjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4NLqsy4M4l64CtKBBsMkz+AkOvVwFbge2VouEPvbK5bTR+hdwFNRQUbpI4es
ptRl/BhOQlBi0cba3Dcb4eAuaMXvAwEg9ZPVroCBRi/Gy+8UNoJ/W8gPwUE88j6X
FNSpVNnfq5vTtsv9PLCOHFjN6K5/0u7I6ju8zmXfqDolTTgheRA+Hie2/1+x5qH1
nSRzv94WdpHYzxEMcBniNLhBcqjeUcivu2MweVrVWs9OnU2hnXeN096+ocIpDKrm
TC4J7V/99aehi7kgdhSEX6IxyQ3xso8CZRIc6WEB9SknXmKRWZhFoaF5xXvsxPq7
7Z5bNIplWtTqWYDldbzeWEXAMQIDAQABo4IClTCCApEwHQYDVR0OBBYEFNgrlD+0
Qb/zztPuuWwSHgm7G7gwMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvQjRGQzg0MTJC
ODAxMTFFREFEOEEwNzM1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnp+IwDQYJKoZIhvcNAQELBQADggEBAHYpalqFMcnYt8aS
rAh4yikEk8UZFQJxR2Ei42om2v+fSx3c9iqHV0r6jKsogEFK2F8v+2yVc1i+YO5G
/qK4f+aGiOO68ZYGE9CHv06Ekbod9bwVF8HHTZV8Yca6SBB02bePUM/n0Zi/fi/x
8oOTQoVhYzRR0FqaF4mChX8yuyOB6tSqTzXVAP7vBsj6fimqTY9uLEBNNBw00C++
aXWAK1nfFY/plQG5EBHtXGcw35gbGRc3fecyepiXIQQO+S+aQlxG1Os8xVNNdk5Q
PdH2BEi2K+baubpbYuEjmLNlklUmcOqA0PLtcAfjfoTgPQwt+RGNcCEMzVyyQpdl
fR7x8t0=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:54 2023 by rpki-client on console-ams.rpki-client.org