Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/DFC2F8D4E77011EA9D25A142C4F9AE02.roa
File: DFC2F8D4E77011EA9D25A142C4F9AE02.roa (raw, json)
Hash identifier: uK2hyn1iTY0DiyCGcolJKBnUHTjU24CecSdEkqIZ/RI=
Subject key identifier: 86:0C:AB:DD:EC:A1:03:DD:A3:8B:78:4E:2E:8E:2B:27:66:CB:F1:8E
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 5101
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/DFC2F8D4E77011EA9D25A142C4F9AE02.roa
Signing time: Mon 16 May 2022 04:13:44 +0000
ROA not before: Mon 16 May 2022 04:13:44 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 136643
IP address blocks: 103.97.203.0/24 maxlen: 24
103.131.24.0/23 maxlen: 24
103.131.26.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20737 (0x5101)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 16 04:13:44 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6281cf77-9d17
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:e1:eb:75:49:8d:c7:ea:95:15:19:ce:c9:4f:
07:4d:ba:69:76:6f:ab:32:d2:da:44:30:1a:94:8e:
52:96:79:b4:0d:1d:bc:ec:d3:e9:7f:41:e9:c1:cb:
eb:ee:2a:b1:0d:f1:e4:59:ec:34:c8:fc:52:dc:e1:
54:af:5d:0f:df:90:9a:0e:70:bb:d9:76:c7:40:88:
f6:b4:44:f1:65:21:91:5a:2e:dd:78:69:e7:b1:1a:
eb:0a:1f:9b:6f:b6:48:b1:b8:53:fa:88:b8:a4:f5:
8e:5c:0a:72:2b:c6:53:96:ce:3f:4e:6a:02:db:ea:
b1:8d:d5:3e:0d:99:d2:cf:1c:e7:b8:c3:da:fb:c3:
5c:80:cf:e5:9f:95:47:b1:8f:c9:4e:a7:4b:e1:de:
8d:e3:f2:85:87:46:8e:9f:ca:bc:d2:82:41:d4:04:
d3:89:64:fa:00:e2:10:b0:3f:c6:ba:0f:b9:e4:52:
18:85:0c:36:0a:50:cb:87:d7:4c:24:bb:09:f1:a4:
03:97:13:56:2e:b9:d3:c0:fd:e8:0e:f4:27:7c:09:
8b:6d:df:8d:68:d6:b9:c1:1d:4a:e7:50:6f:ea:60:
35:63:7e:9c:c1:5f:46:58:f2:84:6e:c2:df:09:5a:
9b:5c:56:60:71:0f:3e:b0:f1:f4:de:4d:01:59:67:
6f:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:0C:AB:DD:EC:A1:03:DD:A3:8B:78:4E:2E:8E:2B:27:66:CB:F1:8E
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/DFC2F8D4E77011EA9D25A142C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.97.203.0/24
103.131.24.0-103.131.26.255
Signature Algorithm: sha256WithRSAEncryption
8d:6f:91:a7:4a:80:1c:c6:aa:6d:59:b7:d4:b7:b3:7b:72:3f:
63:02:c5:48:68:cc:2b:4e:40:13:93:66:5b:d8:2f:37:cd:4c:
50:45:23:f7:0f:09:77:0f:fe:a7:73:fb:3e:3b:d9:41:f0:96:
6d:38:ea:b2:9f:1b:94:be:a1:54:a5:19:21:25:4a:c9:60:7e:
41:a7:57:43:50:7f:c8:95:a7:7f:52:c5:3f:0c:38:99:5b:ac:
08:22:f8:96:22:ed:f6:b3:c7:b7:06:32:31:04:a6:e6:e5:62:
9c:42:11:22:28:8a:09:1e:ec:25:4e:5e:e5:8c:8f:dc:7b:41:
72:50:7e:d4:b3:46:ed:ec:4a:bb:cd:3e:cc:25:5b:b4:ca:a9:
2b:99:20:79:76:8b:61:95:12:02:d0:8c:46:45:54:4b:54:f8:
08:40:38:35:07:34:c3:81:b3:90:fe:7c:4d:d3:b4:45:e6:06:
75:98:0d:a7:a1:5f:e8:7f:61:48:dc:9f:3b:8d:ba:94:16:da:
88:01:b2:e8:af:08:ca:50:62:53:f2:8c:69:1e:42:44:65:54:
fb:3a:87:f8:27:d6:cb:f2:bd:f2:b2:b8:3b:8d:cb:d0:80:1f:
c4:59:45:20:1f:d9:2a:e6:2a:9d:ea:4b:c5:a7:f1:60:4b:4c:
5b:bb:1d:68
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICUQEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwNTE2MDQxMzQ0WhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjgxY2Y3Ny05ZDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAv+HrdUmNx+qVFRnOyU8HTbppdm+rMtLaRDAalI5Slnm0DR287NPpf0Hpwcvr
7iqxDfHkWew0yPxS3OFUr10P35CaDnC72XbHQIj2tETxZSGRWi7deGnnsRrrCh+b
b7ZIsbhT+oi4pPWOXApyK8ZTls4/TmoC2+qxjdU+DZnSzxznuMPa+8NcgM/ln5VH
sY/JTqdL4d6N4/KFh0aOn8q80oJB1ATTiWT6AOIQsD/Gug+55FIYhQw2ClDLh9dM
JLsJ8aQDlxNWLrnTwP3oDvQnfAmLbd+NaNa5wR1K51Bv6mA1Y36cwV9GWPKEbsLf
CVqbXFZgcQ8+sPH03k0BWWdvUwIDAQABo4ICozCCAp8wHQYDVR0OBBYEFIYMq93s
oQPdo4t4Ti6OKydmy/GOMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvREZDMkY4RDRF
NzcwMTFFQTlEMjVBMTQyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQDBABnYcswDAMEA2eDGAMEAGeDGjANBgkqhkiG9w0BAQsFAAOC
AQEAjW+Rp0qAHMaqbVm31Leze3I/YwLFSGjMK05AE5NmW9gvN81MUEUj9w8Jdw/+
p3P7PjvZQfCWbTjqsp8blL6hVKUZISVKyWB+QadXQ1B/yJWnf1LFPww4mVusCCL4
liLt9rPHtwYyMQSm5uVinEIRIiiKCR7sJU5e5YyP3HtBclB+1LNG7exKu80+zCVb
tMqpK5kgeXaLYZUSAtCMRkVUS1T4CEA4NQc0w4GzkP58TdO0ReYGdZgNp6Ff6H9h
SNyfO426lBbaiAGy6K8IylBiU/KMaR5CRGVU+zqH+CfWy/K98rK4O43L0IAfxFlF
IB/ZKuYqnepLxafxYEtMW7sdaA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:55 2023 by rpki-client on console-ams.rpki-client.org