Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/CF789136EDF011EC830C1744C4F9AE02.roa
File: CF789136EDF011EC830C1744C4F9AE02.roa (raw, json)
Hash identifier: VOY+AT/vmvwxf23cVuqYCBoGr6R8u/XmzP0YJ2gXA4A=
Subject key identifier: 21:C8:27:8F:10:C0:1E:F7:D6:6F:0B:40:BB:BF:C1:0F:89:1A:DC:7C
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 5804
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/CF789136EDF011EC830C1744C4F9AE02.roa
Signing time: Mon 27 Jun 2022 04:02:07 +0000
ROA not before: Mon 27 Jun 2022 04:02:07 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 45661
IP address blocks: 103.68.45.0/24 maxlen: 24
103.68.47.0/24 maxlen: 24
116.199.168.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22532 (0x5804)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Jun 27 04:02:07 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=62b92bbe-6de0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:4c:3a:e2:fe:71:bc:cf:32:a7:b4:8b:43:0e:
56:04:27:2b:ce:20:1f:ed:c6:81:c1:4f:d7:15:12:
9a:4c:a9:25:9d:e4:40:45:5f:b5:15:f2:2f:d7:3b:
47:6d:8e:3c:c1:f7:75:2e:74:bd:02:9d:65:b7:4b:
72:54:0d:2b:20:14:76:d3:67:ac:0d:c6:2d:b1:87:
f2:0f:fa:88:7a:23:b8:7e:16:d6:80:13:4b:47:d4:
27:cc:69:02:4c:c9:9d:67:d5:c9:59:69:eb:86:77:
9e:e4:04:c4:5c:f1:2a:01:c7:57:c0:74:75:a2:90:
37:f3:54:ab:63:0d:ae:6f:44:e7:e7:f1:38:1b:5d:
11:dd:16:73:81:0c:7f:69:d2:5f:0b:2e:8a:cb:eb:
e8:43:d8:08:0a:a7:b2:ee:71:54:c6:3d:4b:a8:91:
7d:97:ff:76:55:73:d6:80:da:c8:66:dc:c1:b7:2e:
2a:3d:b1:4d:84:1d:1c:2c:b9:71:85:dd:b9:46:0c:
6b:9c:6e:67:0c:14:ba:71:b1:b2:f3:78:51:c7:a3:
a6:33:8d:fc:c1:fc:9d:7b:ab:9b:fb:b5:ac:d6:9c:
e9:31:96:58:47:39:18:9c:fb:01:9c:71:ad:aa:5f:
82:6c:bf:50:c3:f8:48:8b:3d:7b:bb:ce:7e:41:fd:
1f:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:C8:27:8F:10:C0:1E:F7:D6:6F:0B:40:BB:BF:C1:0F:89:1A:DC:7C
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/CF789136EDF011EC830C1744C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.68.45.0/24
103.68.47.0/24
116.199.168.0/21
Signature Algorithm: sha256WithRSAEncryption
33:54:8e:ee:90:6a:30:e7:89:39:e1:8a:ab:52:ab:f6:31:5b:
b8:16:d0:66:97:e2:0e:b8:14:b9:a6:76:91:fc:dd:10:71:03:
ec:a0:1b:c0:05:23:d9:62:76:39:5e:1f:2f:72:36:9f:96:a6:
89:72:43:90:42:48:c1:8f:1f:59:e9:3c:51:df:2e:87:57:fe:
98:9e:9f:14:1d:63:76:10:bb:ea:f8:b5:87:d9:de:da:38:e0:
42:02:dc:d3:b0:7e:2e:11:59:b6:4f:79:ca:8e:2f:1c:ef:93:
b7:10:95:d9:a6:ac:ca:8f:64:42:37:d4:4e:bd:ff:20:bb:86:
bc:be:fc:d1:f1:20:10:e1:bc:f4:90:2b:65:ba:e3:e9:67:8e:
da:f8:b9:8a:2b:fb:20:50:e5:53:0a:3e:c8:61:00:bc:d8:93:
42:17:44:f0:fe:b5:90:29:63:85:5f:81:ab:df:53:b6:e8:3e:
1f:29:ec:fb:c8:51:f2:fb:71:5b:9a:3e:b2:c2:11:8a:20:91:
d2:52:68:f2:7e:3c:81:b6:31:e3:14:11:fa:c3:6c:39:69:31:
66:59:f2:d9:ae:42:58:32:1c:a6:55:fd:24:7b:2f:b6:a9:38:
6c:bd:1a:89:58:e7:8b:74:63:1c:5d:78:3c:d5:20:2d:89:a2:
b5:ad:fa:96
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICWAQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwNjI3MDQwMjA3WhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmI5MmJiZS02ZGUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2Ew64v5xvM8yp7SLQw5WBCcrziAf7caBwU/XFRKaTKklneRARV+1FfIv1ztH
bY48wfd1LnS9Ap1lt0tyVA0rIBR202esDcYtsYfyD/qIeiO4fhbWgBNLR9QnzGkC
TMmdZ9XJWWnrhnee5ATEXPEqAcdXwHR1opA381SrYw2ub0Tn5/E4G10R3RZzgQx/
adJfCy6Ky+voQ9gICqey7nFUxj1LqJF9l/92VXPWgNrIZtzBty4qPbFNhB0cLLlx
hd25RgxrnG5nDBS6cbGy83hRx6OmM438wfyde6ub+7Ws1pzpMZZYRzkYnPsBnHGt
ql+CbL9Qw/hIiz17u85+Qf0fbQIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFCHIJ48Q
wB731m8LQLu/wQ+JGtx8MB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvQ0Y3ODkxMzZF
REYwMTFFQzgzMEMxNzQ0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBABnRC0DBABnRC8DBAN0x6gwDQYJKoZIhvcNAQELBQADggEB
ADNUju6QajDniTnhiqtSq/YxW7gW0GaX4g64FLmmdpH83RBxA+ygG8AFI9lidjle
Hy9yNp+WpolyQ5BCSMGPH1npPFHfLodX/pienxQdY3YQu+r4tYfZ3to44EIC3NOw
fi4RWbZPecqOLxzvk7cQldmmrMqPZEI31E69/yC7hry+/NHxIBDhvPSQK2W64+ln
jtr4uYor+yBQ5VMKPshhALzYk0IXRPD+tZApY4VfgavfU7boPh8p7PvIUfL7cVua
PrLCEYogkdJSaPJ+PIG2MeMUEfrDbDlpMWZZ8tmuQlgyHKZV/SR7L7apOGy9GolY
54t0YxxdeDzVIC2JorWt+pY=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:57 2023 by rpki-client on console-fra.rpki-client.org