Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/F40360AE8FEE11EC95974919C4F9AE02.roa
File: F40360AE8FEE11EC95974919C4F9AE02.roa (raw, json)
Hash identifier: 9R/cM/r+QlR0KkwPbB/5YXZzgmesfkB9y/MobQVWCfM=
Subject key identifier: 37:EB:FE:6A:D0:76:22:C1:09:6F:A0:72:4E:A7:9E:9A:82:ED:63:3D
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 48A2
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/F40360AE8FEE11EC95974919C4F9AE02.roa
Signing time: Thu 17 Feb 2022 12:41:40 +0000
ROA not before: Thu 17 Feb 2022 12:41:40 +0000
ROA not after: Fri 01 Jul 2022 00:00:00 +0000
asID: 141321
IP address blocks: 103.157.222.0/23 maxlen: 24
2406:a740::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18594 (0x48a2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Feb 17 12:41:40 2022 GMT
Not After : Jul 1 00:00:00 2022 GMT
Subject: CN=620e4284-43d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:33:f3:dd:06:e3:3a:97:2a:59:70:06:69:8b:
b6:ee:bd:00:84:fb:17:bd:9b:c0:e0:ab:bb:e2:01:
0f:52:37:e6:6f:08:60:2d:63:7f:07:3a:a7:92:8b:
68:7a:f7:03:2f:e8:c1:9d:04:e5:96:34:14:81:20:
43:45:60:ba:2a:69:44:18:ff:ce:cd:01:77:17:fa:
14:a2:6e:53:f4:f4:bf:a8:57:5d:81:a0:32:67:b6:
c2:3e:f3:14:88:cf:91:0d:f7:0f:96:35:71:51:98:
1a:6d:fd:d5:98:59:3d:f7:4f:6b:2a:8a:84:45:79:
54:37:8b:28:53:f4:26:64:eb:b0:42:1d:f4:26:04:
dd:16:01:54:e6:41:6c:af:0d:f5:28:9c:d0:d3:26:
2c:64:e7:c3:e0:c0:84:03:02:1a:cc:15:9d:ec:4b:
43:de:6a:d1:e7:fc:6d:54:d2:40:99:eb:1c:e1:12:
7f:f0:c7:69:19:ea:1b:85:a6:b1:52:68:d1:06:f6:
43:4d:05:cc:b4:bb:ce:f3:aa:18:7e:8a:1b:5d:1f:
d4:16:c6:49:75:c4:4a:49:21:66:81:49:c1:3f:91:
0c:d0:f0:c0:18:85:18:3f:ee:8a:b5:ae:d5:d0:b4:
8a:52:7e:59:f9:d7:ac:f0:a7:8d:1d:19:22:76:4d:
8c:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:EB:FE:6A:D0:76:22:C1:09:6F:A0:72:4E:A7:9E:9A:82:ED:63:3D
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/F40360AE8FEE11EC95974919C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.157.222.0/23
IPv6:
2406:a740::/32
Signature Algorithm: sha256WithRSAEncryption
72:dd:b6:05:5f:b7:53:83:c4:49:24:77:1b:2b:3f:fd:f4:47:
8b:bd:70:d0:5e:2f:76:99:ed:80:c6:b9:ba:26:a3:83:52:c5:
51:95:47:58:6e:65:92:c2:a3:93:d6:a7:91:5e:f3:d1:73:cd:
c6:0b:4f:81:ab:1b:7f:72:f6:0f:0a:4e:36:29:6a:10:18:d2:
26:8b:49:22:3c:87:3e:4c:7f:1d:f8:39:47:3a:40:0b:18:e7:
b3:9d:6c:72:d1:84:7c:1d:09:22:43:a7:8a:41:b2:80:4c:62:
de:8b:65:7a:34:e1:35:f3:83:74:b7:9f:76:8b:5a:b3:86:48:
72:ff:be:b8:64:da:55:fb:3e:fd:01:69:aa:0e:6a:33:52:19:
60:d6:01:79:80:19:42:38:14:9e:8a:de:31:23:9b:16:d6:2e:
00:b9:39:b2:a5:04:94:2b:03:ec:0a:e8:9f:d9:78:2c:40:75:
88:a7:ff:18:17:c6:93:14:2a:fa:aa:81:1b:0f:94:85:84:43:
64:5f:8e:18:b0:e7:5f:24:6a:20:e1:0b:66:90:82:85:0d:ef:
bf:3b:90:e3:ed:5b:2f:df:28:a6:78:b2:0d:76:60:71:a6:9e:
95:6c:8b:ce:d7:76:66:f7:bf:32:c6:fe:90:cc:db:3c:0d:76:
17:0f:a2:34
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICSKIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwMjE3MTI0MTQwWhcNMjIwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjBlNDI4NC00M2Q3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtTPz3QbjOpcqWXAGaYu27r0AhPsXvZvA4Ku74gEPUjfmbwhgLWN/Bzqnkoto
evcDL+jBnQTlljQUgSBDRWC6KmlEGP/OzQF3F/oUom5T9PS/qFddgaAyZ7bCPvMU
iM+RDfcPljVxUZgabf3VmFk9909rKoqERXlUN4soU/QmZOuwQh30JgTdFgFU5kFs
rw31KJzQ0yYsZOfD4MCEAwIazBWd7EtD3mrR5/xtVNJAmesc4RJ/8MdpGeobhaax
UmjRBvZDTQXMtLvO86oYfoobXR/UFsZJdcRKSSFmgUnBP5EM0PDAGIUYP+6Kta7V
0LSKUn5Z+des8KeNHRkidk2MPwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFDfr/mrQ
diLBCW+gck6nnpqC7WM9MB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvRjQwMzYwQUU4
RkVFMTFFQzk1OTc0OTE5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAFnnd4wDQQCAAIwBwMFACQGp0AwDQYJKoZIhvcNAQELBQAD
ggEBAHLdtgVft1ODxEkkdxsrP/30R4u9cNBeL3aZ7YDGubomo4NSxVGVR1huZZLC
o5PWp5Fe89FzzcYLT4GrG39y9g8KTjYpahAY0iaLSSI8hz5Mfx34OUc6QAsY57Od
bHLRhHwdCSJDp4pBsoBMYt6LZXo04TXzg3S3n3aLWrOGSHL/vrhk2lX7Pv0BaaoO
ajNSGWDWAXmAGUI4FJ6K3jEjmxbWLgC5ObKlBJQrA+wK6J/ZeCxAdYin/xgXxpMU
KvqqgRsPlIWEQ2Rfjhiw518kaiDhC2aQgoUN7787kOPtWy/fKKZ4sg12YHGmnpVs
i87Xdmb3vzLG/pDM2zwNdhcPojQ=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:58 2023 by rpki-client on console-fra.rpki-client.org