Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/F9E0F7E2CF8C11ECBC56CF13C4F9AE02.roa
File: F9E0F7E2CF8C11ECBC56CF13C4F9AE02.roa (raw, json)
Hash identifier: bT3yjr0TwGShflzHiTZ4eoHKtFO/4Vi94tPtuE3inx0=
Subject key identifier: 1F:8B:09:D7:0B:57:9D:AF:77:E3:6C:B2:40:51:14:FF:7F:4B:72:3C
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 4ECF
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/F9E0F7E2CF8C11ECBC56CF13C4F9AE02.roa
Signing time: Mon 16 May 2022 04:02:59 +0000
ROA not before: Mon 16 May 2022 04:02:59 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 132768
IP address blocks: 103.28.240.0/23 maxlen: 24
103.246.170.0/23 maxlen: 24
2405:ec0::/32 maxlen: 32
2405:ec0::/36 maxlen: 36
2405:ec0:1000::/36 maxlen: 36
2405:ec0:2000::/36 maxlen: 36
2407:a780:1000::/36 maxlen: 36
2407:a780:1000::/48 maxlen: 48
2407:a780:1001::/48 maxlen: 48
2407:a780:1002::/48 maxlen: 48
2407:a780:1003::/48 maxlen: 48
2407:a780:1004::/48 maxlen: 48
2407:a780:1005::/48 maxlen: 48
2407:a780:1006::/48 maxlen: 48
2407:a780:1007::/48 maxlen: 48
2407:a780:1008::/48 maxlen: 48
2407:a780:1009::/48 maxlen: 48
2407:a780:100a::/48 maxlen: 48
2407:a780:100b::/48 maxlen: 48
2407:a780:100c::/48 maxlen: 48
2407:a780:100d::/48 maxlen: 48
2407:a780:100e::/48 maxlen: 48
2407:a780:100f::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20175 (0x4ecf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 16 04:02:59 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6281ccf2-8b5f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:fc:ca:b9:02:5b:49:e0:08:db:bd:0a:d0:2e:
c4:f1:31:ce:b9:c5:a6:3d:11:0f:f8:ce:23:e3:c7:
7e:d1:11:6c:3f:b4:40:ad:04:0e:aa:c8:fe:8c:c4:
de:d6:c4:2e:4c:b6:dd:dc:f5:fc:90:23:5d:ce:bf:
1a:44:e0:65:8f:8e:44:8e:cd:3c:9f:ba:db:1b:a6:
1d:22:7b:f9:b1:ee:f9:b8:fb:d2:0b:d2:78:96:38:
67:5f:32:32:bf:f8:e3:04:7c:79:f8:4d:67:0d:2e:
25:9c:7c:83:c0:60:35:e0:67:75:1a:6d:1c:8f:7b:
b9:02:07:41:e2:22:0a:8f:75:0c:09:2c:57:30:ca:
de:f0:63:c4:55:8b:9f:9c:94:a3:64:0c:98:07:b4:
a9:cd:94:d7:16:2b:57:27:0b:31:bb:fe:8e:02:34:
d5:b8:f3:47:e8:2a:8a:9d:26:14:68:f2:33:44:36:
8d:0d:19:95:4d:6b:9a:e1:b7:db:7f:f9:70:03:37:
bc:9d:a2:73:59:66:73:86:c1:0b:0a:42:98:1a:75:
93:9e:b2:bd:db:13:f2:ee:4e:c8:78:16:d5:ce:6b:
b6:04:4d:ad:92:1f:13:ac:a6:8e:b5:86:7d:a6:46:
2d:94:d5:42:e0:89:75:e6:be:3f:0e:ff:7d:8d:9b:
71:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:8B:09:D7:0B:57:9D:AF:77:E3:6C:B2:40:51:14:FF:7F:4B:72:3C
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/F9E0F7E2CF8C11ECBC56CF13C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.28.240.0/23
103.246.170.0/23
IPv6:
2405:ec0::/32
2407:a780:1000::/36
Signature Algorithm: sha256WithRSAEncryption
95:bc:d1:0b:87:f8:64:c9:8d:54:2e:5a:2b:79:9d:ca:8c:79:
c4:d8:f5:db:1b:44:62:58:0c:a3:95:6d:86:2c:04:fd:51:5e:
b6:e4:bc:5d:6e:35:d9:65:f2:05:8c:a5:8c:cc:fd:74:d9:1a:
a1:70:4d:2e:b4:12:12:c8:6d:7c:e3:61:ca:88:34:73:71:f2:
e9:97:de:46:e1:63:2b:2d:0b:d0:81:50:9d:5d:4f:92:c1:95:
03:82:e2:1d:d3:fa:1f:ab:b6:39:50:35:81:fa:04:8b:06:e3:
be:f4:e1:95:e1:ab:d7:cf:aa:96:88:94:16:7c:ea:a2:dc:dd:
a0:54:34:c4:c1:5c:6e:de:48:27:ab:34:87:d8:69:0e:25:4c:
52:ce:f1:81:9b:7e:fe:d5:54:31:86:ce:d9:65:93:bd:bf:0e:
4c:ea:56:6d:90:5f:9d:96:ce:5f:4b:5e:2f:a1:98:2a:07:16:
c3:f1:ad:c1:4a:89:e9:32:50:6b:b1:0e:4b:2c:cd:a4:53:ef:
9e:a3:0f:e4:d0:af:d0:4d:ad:99:51:09:a3:61:08:38:ae:38:
60:24:bb:d8:de:06:cd:c9:87:11:84:01:40:54:24:ea:ac:8e:
93:de:2f:fc:d6:64:ec:c7:3b:a4:17:e9:3a:0e:ae:b9:13:6b:
9b:27:06:9b
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgICTs8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwNTE2MDQwMjU5WhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjgxY2NmMi04YjVmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsfzKuQJbSeAI270K0C7E8THOucWmPREP+M4j48d+0RFsP7RArQQOqsj+jMTe
1sQuTLbd3PX8kCNdzr8aROBlj45Ejs08n7rbG6YdInv5se75uPvSC9J4ljhnXzIy
v/jjBHx5+E1nDS4lnHyDwGA14Gd1Gm0cj3u5AgdB4iIKj3UMCSxXMMre8GPEVYuf
nJSjZAyYB7SpzZTXFitXJwsxu/6OAjTVuPNH6CqKnSYUaPIzRDaNDRmVTWua4bfb
f/lwAze8naJzWWZzhsELCkKYGnWTnrK92xPy7k7IeBbVzmu2BE2tkh8TrKaOtYZ9
pkYtlNVC4Il15r4/Dv99jZtxrwIDAQABo4ICsjCCAq4wHQYDVR0OBBYEFB+LCdcL
V52vd+NsskBRFP9/S3I8MB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvRjlFMEY3RTJD
RjhDMTFFQ0JDNTZDRjEzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPAYIKwYBBQUHAQcBAf8E
LTArMBIEAgABMAwDBAFnHPADBAFn9qowFQQCAAIwDwMFACQFDsADBgQkB6eAEDAN
BgkqhkiG9w0BAQsFAAOCAQEAlbzRC4f4ZMmNVC5aK3mdyox5xNj12xtEYlgMo5Vt
hiwE/VFetuS8XW412WXyBYyljMz9dNkaoXBNLrQSEshtfONhyog0c3Hy6ZfeRuFj
Ky0L0IFQnV1PksGVA4LiHdP6H6u2OVA1gfoEiwbjvvThleGr18+qloiUFnzqotzd
oFQ0xMFcbt5IJ6s0h9hpDiVMUs7xgZt+/tVUMYbO2WWTvb8OTOpWbZBfnZbOX0te
L6GYKgcWw/GtwUqJ6TJQa7EOSyzNpFPvnqMP5NCv0E2tmVEJo2EIOK44YCS72N4G
zcmHEYQBQFQk6qyOk94v/NZk7Mc7pBfpOg6uuRNrmycGmw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:58 2023 by rpki-client on console-fra.rpki-client.org