Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/3F9A23D288DC11ECAC36C11FC4F9AE02.roa
File: 3F9A23D288DC11ECAC36C11FC4F9AE02.roa (raw, json)
Hash identifier: w+9OFStR+dyTTi7bByTRUdW9qFk0Qy0Q0WBWLvU6A0k=
Subject key identifier: 39:94:69:ED:2B:39:F5:EB:06:50:EF:09:29:A6:2B:69:80:47:B0:05
Certificate issuer: /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial: 368E
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/3F9A23D288DC11ECAC36C11FC4F9AE02.roa
Signing time: Tue 08 Feb 2022 12:40:08 +0000
ROA not before: Tue 08 Feb 2022 12:40:08 +0000
ROA not after: Fri 30 Sep 2022 00:00:00 +0000
asID: 3970
IP address blocks: 103.171.218.0/24 maxlen: 24
103.171.219.0/24 maxlen: 24
2001:df7:5380::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13966 (0x368e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Validity
Not Before: Feb 8 12:40:08 2022 GMT
Not After : Sep 30 00:00:00 2022 GMT
Subject: CN=620264a8-bd26
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:88:bc:11:41:7b:cc:0f:c1:55:49:3d:3a:04:
7c:1f:2d:8a:91:4f:6a:16:2d:9f:42:ea:33:3a:31:
1a:ba:ee:e6:b8:49:c3:9d:3e:d3:01:75:b3:59:54:
09:d4:21:06:d3:46:5a:84:48:19:d9:91:ad:d6:9c:
1b:f0:ed:18:75:ab:b8:29:f0:3d:41:31:81:74:17:
19:c3:1f:fe:5f:c1:20:4b:34:64:2a:cd:0a:2d:4e:
13:1b:74:c5:bc:56:0d:54:1c:f7:1f:fb:cc:b0:04:
8b:f5:11:ee:ef:60:3b:05:93:28:3f:98:86:77:fb:
94:ac:13:f5:b2:fb:e3:52:68:a8:c5:61:6f:dc:53:
44:d1:f0:9e:40:13:56:a3:16:cd:f6:c4:ab:35:4a:
61:ee:7f:46:78:f0:18:6c:63:72:15:23:61:06:28:
f3:da:7e:ba:53:31:95:c6:78:f4:45:c2:e8:7d:ee:
c1:c3:82:f9:99:91:92:98:c6:28:df:98:59:98:a0:
38:6d:d6:a4:3d:4a:bd:c2:cf:77:43:2f:8e:0a:49:
be:74:fb:72:6d:97:9a:ec:b2:35:ed:aa:b1:09:7b:
4c:6f:cd:7e:64:d2:b8:50:ce:7b:c5:87:8d:72:e6:
7a:f9:73:cf:9e:46:72:34:65:d7:ca:08:02:f0:33:
a9:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:94:69:ED:2B:39:F5:EB:06:50:EF:09:29:A6:2B:69:80:47:B0:05
X509v3 Authority Key Identifier:
keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/3F9A23D288DC11ECAC36C11FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.171.218.0/23
IPv6:
2001:df7:5380::/48
Signature Algorithm: sha256WithRSAEncryption
1f:05:91:f3:56:80:70:0c:da:05:65:59:50:2d:29:44:f5:36:
17:1e:9c:4c:f9:0f:1d:cb:9b:b9:67:69:d4:8c:56:5d:2d:b4:
c2:39:4f:44:c6:1e:32:ea:8f:51:35:3a:57:51:9d:2b:e6:00:
69:9b:a3:c4:c4:c3:d6:1d:2d:47:96:f3:8b:87:d8:b4:93:53:
9c:c9:04:ae:8b:36:ba:31:db:3c:58:ea:ee:18:fb:0a:b9:93:
06:a1:81:5e:68:d9:2c:27:3c:fa:d8:f6:72:c5:c1:17:89:2c:
41:c2:b4:98:d5:f1:44:6c:1e:fb:37:c6:05:68:aa:d3:42:35:
b4:94:f1:33:7a:ae:f8:a0:b3:09:e2:32:a0:76:38:46:50:aa:
4e:f2:98:9b:ad:10:93:16:3d:bd:4e:9b:43:a7:a8:ec:24:4d:
ed:14:0e:b6:7d:92:03:0e:9c:a2:ed:e0:6a:f6:7b:d9:c0:1d:
4a:d5:fb:54:80:4b:1a:32:d0:68:e6:7e:ec:8e:e3:e6:8f:bc:
e6:5f:90:5a:7f:d0:9d:5d:e4:24:f1:c3:be:86:02:37:17:6e:
83:b2:e0:3e:da:78:2b:56:54:3c:81:54:ff:11:bd:0f:fc:92:
27:31:36:c6:dd:d7:55:b0:2c:2b:98:e3:cc:cb:1b:1f:86:58:
a1:db:a8:57
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICNo4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwMjA4MTI0MDA4WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjAyNjRhOC1iZDI2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr4i8EUF7zA/BVUk9OgR8Hy2KkU9qFi2fQuozOjEauu7muEnDnT7TAXWzWVQJ
1CEG00ZahEgZ2ZGt1pwb8O0Ydau4KfA9QTGBdBcZwx/+X8EgSzRkKs0KLU4TG3TF
vFYNVBz3H/vMsASL9RHu72A7BZMoP5iGd/uUrBP1svvjUmioxWFv3FNE0fCeQBNW
oxbN9sSrNUph7n9GePAYbGNyFSNhBijz2n66UzGVxnj0RcLofe7Bw4L5mZGSmMYo
35hZmKA4bdakPUq9ws93Qy+OCkm+dPtybZea7LI17aqxCXtMb81+ZNK4UM57xYeN
cuZ6+XPPnkZyNGXXyggC8DOpuwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFDmUae0r
OfXrBlDvCSmmK2mAR7AFMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvM0Y5QTIzRDI4
OERDMTFFQ0FDMzZDMTFGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHACABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAHwWR81aAcAzaBWVZUC0pRPU2Fx6cTPkPHcubuWdp1IxWXS20wjlPRMYe
MuqPUTU6V1GdK+YAaZujxMTD1h0tR5bzi4fYtJNTnMkEros2ujHbPFjq7hj7CrmT
BqGBXmjZLCc8+tj2csXBF4ksQcK0mNXxRGwe+zfGBWiq00I1tJTxM3qu+KCzCeIy
oHY4RlCqTvKYm60QkxY9vU6bQ6eo7CRN7RQOtn2SAw6cou3gavZ72cAdStX7VIBL
GjLQaOZ+7I7j5o+85l+QWn/QnV3kJPHDvoYCNxdug7LgPtp4K1ZUPIFU/xG9D/yS
JzE2xt3XVbAsK5jjzMsbH4ZYoduoVw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org