Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9199560/CE17025C2E7D11EB9EF74267C4F9AE02/E66FA5282E7F11EB8870606CC4F9AE02.roa
File: E66FA5282E7F11EB8870606CC4F9AE02.roa (raw, json)
Hash identifier: hvQ6ZuWnOVpBdH2//70ssxwTnhrGcw4Jb0aMYQ4Vvsw=
Subject key identifier: E1:AF:06:3A:17:02:A9:C5:CB:55:3B:E7:7A:34:31:B4:A9:E4:F9:CE
Certificate issuer: /CN=A9199560/serialNumber=27395E42B97D78CE3B2F85946B27E7C688075432
Certificate serial: 0621
Authority key identifier: 27:39:5E:42:B9:7D:78:CE:3B:2F:85:94:6B:27:E7:C6:88:07:54:32
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JzleQrl9eM47L4WUayfnxogHVDI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9199560/CE17025C2E7D11EB9EF74267C4F9AE02/E66FA5282E7F11EB8870606CC4F9AE02.roa
Signing time: Tue 31 Oct 2023 23:31:17 +0000
ROA not before: Tue 31 Oct 2023 23:31:17 +0000
ROA not after: Mon 30 Dec 2024 00:00:00 +0000
asID: 9009
IP address blocks: 103.130.176.0/24 maxlen: 24
103.130.177.0/24 maxlen: 24
103.130.178.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1569 (0x621)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9199560/serialNumber=27395E42B97D78CE3B2F85946B27E7C688075432
Validity
Not Before: Oct 31 23:31:17 2023 GMT
Not After : Dec 30 00:00:00 2024 GMT
Subject: CN=65418e45-b558
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:bd:be:aa:bd:63:e4:82:0c:24:ca:27:0f:b4:
27:65:00:af:03:78:59:a2:f3:c7:6c:67:2e:c9:ee:
7f:c0:5e:70:ac:96:07:1c:d0:87:8c:0b:16:6a:0c:
ff:88:29:1d:4d:d1:1c:38:7d:44:c4:7e:dd:00:28:
a1:53:57:fe:b2:9e:e2:d0:22:51:d9:09:6e:31:27:
7d:4b:c6:06:df:7f:ba:d1:32:68:bc:b3:2a:a1:13:
fc:82:7f:e4:2f:99:e7:4e:b7:b0:fa:0c:0d:b7:c1:
66:87:9a:53:1a:65:0c:bd:e7:49:e9:5b:cb:f4:9d:
7f:3f:ff:08:ec:43:ba:63:33:59:6d:68:55:f6:e4:
52:17:0a:37:fd:f6:34:cc:e2:ef:09:5e:c6:45:eb:
fa:99:55:e5:89:6a:d4:ae:80:6e:0e:bb:46:f5:f1:
c4:f2:c3:52:a0:63:6b:51:d1:65:c1:3d:1f:e2:27:
21:0a:59:48:9e:61:4e:0a:08:9a:6f:fc:07:a1:0c:
7d:e7:f7:19:7c:fc:49:33:d2:7a:58:6d:1b:7c:71:
2f:c0:83:d1:82:51:06:65:85:41:48:dc:a9:00:4c:
c1:87:f0:e1:f2:26:c5:78:91:f6:7e:db:f8:9c:ef:
47:a7:5f:5b:60:c6:86:75:9d:ce:24:ef:5d:4d:06:
8d:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:AF:06:3A:17:02:A9:C5:CB:55:3B:E7:7A:34:31:B4:A9:E4:F9:CE
X509v3 Authority Key Identifier:
keyid:27:39:5E:42:B9:7D:78:CE:3B:2F:85:94:6B:27:E7:C6:88:07:54:32
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9199560/CE17025C2E7D11EB9EF74267C4F9AE02/JzleQrl9eM47L4WUayfnxogHVDI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JzleQrl9eM47L4WUayfnxogHVDI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9199560/CE17025C2E7D11EB9EF74267C4F9AE02/E66FA5282E7F11EB8870606CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.130.176.0-103.130.178.255
Signature Algorithm: sha256WithRSAEncryption
96:64:16:ce:49:5c:92:93:ac:10:8e:7f:95:30:f1:47:1f:bb:
20:3a:65:71:58:b6:d4:49:fe:ca:40:3a:94:56:b4:a1:ce:b5:
5a:7b:0b:7f:98:34:fa:c0:f3:a8:a9:f2:08:8c:32:6d:c3:ca:
66:46:c7:ff:e0:32:76:cb:07:53:2a:25:f1:8a:67:e5:05:cb:
5b:d6:14:a3:e3:f2:2b:6e:10:e6:14:d2:7a:ae:63:19:5b:c9:
16:ee:dc:db:74:ca:11:32:c4:b3:b7:96:2f:a7:b8:de:6d:9d:
68:a6:fd:74:14:0f:b9:35:a8:78:bf:e5:aa:89:46:41:dd:4d:
df:e8:74:1b:6c:69:8c:14:cc:1d:1c:5c:71:e8:79:3a:7b:b7:
9b:56:6e:eb:5a:2a:a9:ad:13:bb:ec:7a:d3:22:fc:12:f4:40:
f4:d1:9e:a9:4b:74:15:f9:73:58:a9:7f:50:6b:7c:9c:c4:d0:
28:ff:b0:e2:13:62:b8:74:58:0a:1c:61:bf:d6:41:0e:7e:f5:
e1:44:82:54:77:2e:08:24:99:ea:0f:0b:62:db:8a:54:25:05:
db:4a:d7:2f:c4:8c:a3:db:b4:fd:6a:96:5b:5b:b6:f6:1d:65:
a0:0c:5f:a8:63:ae:5d:bc:89:83:1c:d5:45:44:ba:bc:d4:61:
56:0d:1d:6a
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgICBiEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTk1NjAxMTAvBgNVBAUTKDI3Mzk1RTQyQjk3RDc4Q0UzQjJGODU5NDZCMjdFN0M2
ODgwNzU0MzIwHhcNMjMxMDMxMjMzMTE3WhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTQxOGU0NS1iNTU4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnb2+qr1j5IIMJMonD7QnZQCvA3hZovPHbGcuye5/wF5wrJYHHNCHjAsWagz/
iCkdTdEcOH1ExH7dACihU1f+sp7i0CJR2QluMSd9S8YG33+60TJovLMqoRP8gn/k
L5nnTrew+gwNt8Fmh5pTGmUMvedJ6VvL9J1/P/8I7EO6YzNZbWhV9uRSFwo3/fY0
zOLvCV7GRev6mVXliWrUroBuDrtG9fHE8sNSoGNrUdFlwT0f4ichCllInmFOCgia
b/wHoQx95/cZfPxJM9J6WG0bfHEvwIPRglEGZYVBSNypAEzBh/Dh8ibFeJH2ftv4
nO9Hp19bYMaGdZ3OJO9dTQaN5wIDAQABo4ICnTCCApkwHQYDVR0OBBYEFOGvBjoX
AqnFy1U753o0MbSp5PnOMB8GA1UdIwQYMBaAFCc5XkK5fXjOOy+FlGsn58aIB1Qy
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5OTU2MC9DRTE3MDI1QzJF
N0QxMUVCOUVGNzQyNjdDNEY5QUUwMi9KemxlUXJsOWVNNDdMNFdVYXlmbnhvZ0hW
REkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0p6bGVRcmw5ZU00N0w0V1VheWZueG9nSFZESS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTk1NjAvQ0UxNzAyNUMyRTdEMTFFQjlFRjc0MjY3QzRGOUFFMDIvRTY2RkE1Mjgy
RTdGMTFFQjg4NzA2MDZDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQcBAf8E
GDAWMBQEAgABMA4wDAMEBGeCsAMEAGeCsjANBgkqhkiG9w0BAQsFAAOCAQEAlmQW
zklckpOsEI5/lTDxRx+7IDplcVi21En+ykA6lFa0oc61WnsLf5g0+sDzqKnyCIwy
bcPKZkbH/+AydssHUyol8Ypn5QXLW9YUo+PyK24Q5hTSeq5jGVvJFu7c23TKETLE
s7eWL6e43m2daKb9dBQPuTWoeL/lqolGQd1N3+h0G2xpjBTMHRxcceh5Onu3m1Zu
61oqqa0Tu+x60yL8EvRA9NGeqUt0FflzWKl/UGt8nMTQKP+w4hNiuHRYChxhv9ZB
Dn714USCVHcuCCSZ6g8LYtuKVCUF20rXL8SMo9u0/WqWW1u29h1loAxfqGOuXbyJ
gxzVRUS6vNRhVg0dag==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:48 2024 by rpki-client on console-ams.rpki-client.org