Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91917EF/2F8C6278421111ECB0C0A060C4F9AE02/CD104F209E6A11EEAF79FB40C4F9AE02.roa
File: CD104F209E6A11EEAF79FB40C4F9AE02.roa (raw, json)
Hash identifier: k/PXPtk/TpC3EWLYqBOFXZCsZN0EN2iL6QTpkMRFrxU=
Subject key identifier: 18:67:5F:E6:DD:2D:77:A2:6A:81:B7:80:CD:C8:CA:2C:6C:89:8D:04
Certificate issuer: /CN=A91917EF/serialNumber=4B4ADE73CE505844785ECEEE0A75046D6C2FB54C
Certificate serial: 0384
Authority key identifier: 4B:4A:DE:73:CE:50:58:44:78:5E:CE:EE:0A:75:04:6D:6C:2F:B5:4C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/S0rec85QWER4Xs7uCnUEbWwvtUw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91917EF/2F8C6278421111ECB0C0A060C4F9AE02/CD104F209E6A11EEAF79FB40C4F9AE02.roa
Signing time: Tue 19 Dec 2023 12:33:24 +0000
ROA not before: Tue 19 Dec 2023 12:33:24 +0000
ROA not after: Sat 31 Aug 2024 00:00:00 +0000
asID: 58987
IP address blocks: 103.12.40.0/24 maxlen: 24
103.12.43.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 900 (0x384)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91917EF/serialNumber=4B4ADE73CE505844785ECEEE0A75046D6C2FB54C
Validity
Not Before: Dec 19 12:33:24 2023 GMT
Not After : Aug 31 00:00:00 2024 GMT
Subject: CN=65818d94-a210
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:a3:4f:4f:a8:95:b3:a6:69:02:47:06:b1:89:
da:2c:59:d3:7d:63:58:1d:bf:c3:de:5e:76:81:11:
7b:62:d1:59:f6:53:d1:26:c8:a2:69:3e:26:ce:16:
ea:f3:5f:d0:4f:ea:32:69:c2:b9:22:b1:09:4a:49:
59:02:dd:0a:00:24:81:39:2e:63:9f:00:14:39:4a:
e1:51:e7:df:a4:7f:53:dc:47:fe:74:0d:4c:11:a9:
96:e6:5f:2c:22:df:2f:61:9c:0f:b4:14:fe:08:c2:
35:6d:c6:a8:86:5f:cf:c2:39:38:31:ee:d0:93:c4:
da:24:36:2f:1e:8c:4e:92:ae:3f:17:b5:3a:a1:29:
eb:83:d0:d2:71:bb:00:af:68:e1:2e:c8:90:c3:84:
b2:c3:81:bd:9f:30:35:06:eb:ab:37:20:98:47:54:
66:bc:6c:bf:bb:22:22:1b:53:32:b5:0a:79:d0:39:
63:30:76:21:17:b6:b9:f8:cb:97:94:e5:a7:db:50:
82:67:97:bd:0b:13:e9:01:e2:d3:d8:df:e0:dd:50:
d1:9a:9c:6b:01:8d:2a:53:84:22:14:d7:f5:0f:83:
52:3c:cf:72:d9:c5:68:7c:1e:a9:9c:df:2a:bd:59:
04:c8:2f:ed:c5:6d:1a:41:fb:55:b2:dd:1e:8a:0b:
cb:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:67:5F:E6:DD:2D:77:A2:6A:81:B7:80:CD:C8:CA:2C:6C:89:8D:04
X509v3 Authority Key Identifier:
keyid:4B:4A:DE:73:CE:50:58:44:78:5E:CE:EE:0A:75:04:6D:6C:2F:B5:4C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91917EF/2F8C6278421111ECB0C0A060C4F9AE02/S0rec85QWER4Xs7uCnUEbWwvtUw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/S0rec85QWER4Xs7uCnUEbWwvtUw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91917EF/2F8C6278421111ECB0C0A060C4F9AE02/CD104F209E6A11EEAF79FB40C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.12.40.0/24
103.12.43.0/24
Signature Algorithm: sha256WithRSAEncryption
03:af:b9:dc:59:54:40:58:73:ea:84:09:ba:bd:bf:28:e9:7f:
97:af:2f:6d:30:2e:29:d7:0c:66:4f:47:25:4f:f3:1b:ec:90:
d9:9c:60:5d:f4:cb:b8:6e:2a:ed:0b:0f:ee:08:a6:37:fd:cb:
4a:d8:0f:f5:f7:7b:0d:8a:29:93:a2:61:b1:ff:6a:e3:6d:05:
e8:e7:05:be:88:67:e4:98:3e:d6:4e:1e:22:ee:fb:20:4c:18:
d9:91:ee:aa:f4:3d:46:20:a0:ea:f5:c0:26:fa:a1:92:99:c5:
bc:af:9d:92:e2:97:65:ad:5b:f1:e7:23:55:85:e6:6a:58:0d:
48:1b:96:5a:c9:38:20:18:9f:67:71:0b:7d:12:44:27:65:d1:
b2:c9:b4:b6:c5:58:a7:64:ba:1c:55:00:61:0b:2a:ec:78:08:
b4:32:d3:c3:d5:6d:07:fc:72:40:2b:b4:c4:aa:77:cc:31:88:
bc:3f:f9:b1:30:a0:e1:29:1a:5a:a8:06:42:c1:46:96:4f:b6:
30:82:20:c6:ff:62:80:94:cb:7c:8e:4d:84:d3:e7:49:eb:08:
e0:a3:bd:d0:8d:ef:55:e2:9a:ea:a9:70:21:86:2e:e2:8b:66:
76:4e:81:51:7c:91:e9:91:16:4d:75:c2:24:b3:42:51:64:57:
1e:a9:ed:68
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICA4QwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTE3RUYxMTAvBgNVBAUTKDRCNEFERTczQ0U1MDU4NDQ3ODVFQ0VFRTBBNzUwNDZE
NkMyRkI1NEMwHhcNMjMxMjE5MTIzMzI0WhcNMjQwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTgxOGQ5NC1hMjEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxaNPT6iVs6ZpAkcGsYnaLFnTfWNYHb/D3l52gRF7YtFZ9lPRJsiiaT4mzhbq
81/QT+oyacK5IrEJSklZAt0KACSBOS5jnwAUOUrhUeffpH9T3Ef+dA1MEamW5l8s
It8vYZwPtBT+CMI1bcaohl/Pwjk4Me7Qk8TaJDYvHoxOkq4/F7U6oSnrg9DScbsA
r2jhLsiQw4Syw4G9nzA1BuurNyCYR1RmvGy/uyIiG1MytQp50DljMHYhF7a5+MuX
lOWn21CCZ5e9CxPpAeLT2N/g3VDRmpxrAY0qU4QiFNf1D4NSPM9y2cVofB6pnN8q
vVkEyC/txW0aQftVst0eigvLewIDAQABo4ICmzCCApcwHQYDVR0OBBYEFBhnX+bd
LXeiaoG3gM3IyixsiY0EMB8GA1UdIwQYMBaAFEtK3nPOUFhEeF7O7gp1BG1sL7VM
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MTdFRi8yRjhDNjI3ODQy
MTExMUVDQjBDMEEwNjBDNEY5QUUwMi9TMHJlYzg1UVdFUjRYczd1Q25VRWJXd3Z0
VXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1MwcmVjODVRV0VSNFhzN3VDblVFYld3dnRVdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTE3RUYvMkY4QzYyNzg0MjExMTFFQ0IwQzBBMDYwQzRGOUFFMDIvQ0QxMDRGMjA5
RTZBMTFFRUFGNzlGQjQwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnDCgDBABnDCswDQYJKoZIhvcNAQELBQADggEBAAOvudxZ
VEBYc+qECbq9vyjpf5evL20wLinXDGZPRyVP8xvskNmcYF30y7huKu0LD+4Ipjf9
y0rYD/X3ew2KKZOiYbH/auNtBejnBb6IZ+SYPtZOHiLu+yBMGNmR7qr0PUYgoOr1
wCb6oZKZxbyvnZLil2WtW/HnI1WF5mpYDUgbllrJOCAYn2dxC30SRCdl0bLJtLbF
WKdkuhxVAGELKux4CLQy08PVbQf8ckArtMSqd8wxiLw/+bEwoOEpGlqoBkLBRpZP
tjCCIMb/YoCUy3yOTYTT50nrCOCjvdCN71XimuqpcCGGLuKLZnZOgVF8kemRFk11
wiSzQlFkVx6p7Wg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:33 2024 by rpki-client on console-fra.rpki-client.org