Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/C97D7A38C8A911EC936B7A3AC4F9AE02.roa
File: C97D7A38C8A911EC936B7A3AC4F9AE02.roa (raw, json)
Hash identifier: ParqUu8zG0FWgoXLfUxWBvwEG4CXn5ecSMELcUQd2LA=
Subject key identifier: 67:81:64:31:73:67:51:6D:54:65:4E:72:33:B7:DC:12:EC:B9:56:05
Certificate issuer: /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial: 3998
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/C97D7A38C8A911EC936B7A3AC4F9AE02.roa
Signing time: Sun 01 May 2022 02:20:09 +0000
ROA not before: Sun 01 May 2022 02:20:09 +0000
ROA not after: Fri 30 Sep 2022 00:00:00 +0000
asID: 3970
IP address blocks: 103.171.218.0/24 maxlen: 24
103.171.219.0/24 maxlen: 24
2001:df7:5380::/48 maxlen: 48
2001:df7:5381::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14744 (0x3998)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Validity
Not Before: May 1 02:20:09 2022 GMT
Not After : Sep 30 00:00:00 2022 GMT
Subject: CN=626dee58-dfae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:2f:a0:0d:f6:7b:bb:5f:c0:2f:ee:27:de:7f:
06:1d:97:16:20:fe:b4:e0:42:fe:37:15:92:00:39:
55:64:48:8f:ba:db:f7:23:4c:46:0d:5f:27:be:ce:
0c:a8:1d:cf:4c:7a:fa:e0:c1:db:96:64:60:55:a6:
5e:d0:7c:ef:8b:ec:f1:f3:d4:be:15:c7:fe:b2:f6:
55:00:fc:e6:bd:36:09:5e:d1:e3:51:d2:18:b2:73:
ca:32:da:ca:40:58:51:bd:75:05:e2:d6:ea:22:c2:
ea:91:79:12:85:8c:52:59:11:b1:e5:ba:86:28:6b:
ce:74:5e:36:b6:b8:16:11:3f:56:f3:26:99:d2:8b:
66:df:63:b1:ba:1c:85:cf:ab:d3:a4:9b:5a:c5:93:
6b:1b:36:a5:89:ac:74:7f:8d:b8:e2:64:9e:c2:0e:
fc:a9:55:30:05:86:40:9b:db:a6:ae:12:b6:02:59:
ff:6d:4f:ed:3c:c9:53:42:a0:28:62:77:1f:12:79:
56:66:f4:8e:17:a8:dc:0a:5d:6b:81:82:81:bb:b2:
e0:6d:36:22:f4:fc:f7:7b:78:49:80:9b:e7:2e:e7:
02:b7:ce:ee:9c:6d:41:27:2b:ec:46:d3:5d:fb:83:
b9:bc:6e:fe:70:c6:a8:f3:43:13:24:5a:0f:58:f1:
08:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:81:64:31:73:67:51:6D:54:65:4E:72:33:B7:DC:12:EC:B9:56:05
X509v3 Authority Key Identifier:
keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/C97D7A38C8A911EC936B7A3AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.171.218.0/23
IPv6:
2001:df7:5380::/47
Signature Algorithm: sha256WithRSAEncryption
4a:68:3e:54:65:0e:f8:48:54:0c:e0:7f:9f:62:c9:b5:a2:fb:
2b:ff:4a:55:09:86:6c:53:a9:59:30:eb:84:4d:22:3e:8c:e8:
39:b0:f7:8a:ff:bb:b1:4c:ab:10:17:d3:9f:7c:82:24:11:c3:
50:e2:22:27:2e:6b:5a:d8:52:26:e4:29:08:51:38:8a:2c:99:
80:20:cd:cc:5f:3e:1b:fd:3a:b0:26:d0:b4:b2:36:62:3d:c0:
bb:ab:4f:35:0c:66:1b:c8:51:9d:48:34:19:b5:3d:bf:d6:08:
0a:8d:cf:0d:48:c1:22:1e:a4:57:6f:13:a6:1f:8a:49:4a:a7:
9a:d3:17:9d:7c:35:2b:d1:b3:37:1a:3d:52:a5:47:2b:de:ec:
90:78:ed:7d:36:83:39:f3:9b:95:85:66:12:b3:59:11:14:b0:
da:3b:6b:41:f5:30:7e:d5:34:45:af:24:fc:70:61:30:e6:c8:
f0:6d:63:c0:d8:fb:13:b5:50:80:72:7e:50:a6:03:bb:0a:82:
e6:4a:18:2a:f4:79:00:a3:8b:22:0c:e5:e2:ae:35:a5:9c:dd:
1a:19:13:55:01:3e:85:12:5a:57:93:9e:14:23:ee:1e:af:d1:
3c:8e:1f:07:f1:c8:c7:63:79:be:67:ff:5c:f0:66:21:55:a8:
9e:20:32:52
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICOZgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwNTAxMDIyMDA5WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjZkZWU1OC1kZmFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4C+gDfZ7u1/AL+4n3n8GHZcWIP604EL+NxWSADlVZEiPutv3I0xGDV8nvs4M
qB3PTHr64MHblmRgVaZe0Hzvi+zx89S+Fcf+svZVAPzmvTYJXtHjUdIYsnPKMtrK
QFhRvXUF4tbqIsLqkXkShYxSWRGx5bqGKGvOdF42trgWET9W8yaZ0otm32OxuhyF
z6vTpJtaxZNrGzaliax0f4244mSewg78qVUwBYZAm9umrhK2Aln/bU/tPMlTQqAo
YncfEnlWZvSOF6jcCl1rgYKBu7LgbTYi9Pz3e3hJgJvnLucCt87unG1BJyvsRtNd
+4O5vG7+cMao80MTJFoPWPEIowIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFGeBZDFz
Z1FtVGVOcjO33BLsuVYFMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvQzk3RDdBMzhD
OEE5MTFFQzkzNkI3QTNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEASmg+VGUO+EhUDOB/n2LJtaL7K/9KVQmGbFOpWTDrhE0iPozoObD3iv+7
sUyrEBfTn3yCJBHDUOIiJy5rWthSJuQpCFE4iiyZgCDNzF8+G/06sCbQtLI2Yj3A
u6tPNQxmG8hRnUg0GbU9v9YICo3PDUjBIh6kV28Tph+KSUqnmtMXnXw1K9GzNxo9
UqVHK97skHjtfTaDOfOblYVmErNZERSw2jtrQfUwftU0Ra8k/HBhMObI8G1jwNj7
E7VQgHJ+UKYDuwqC5koYKvR5AKOLIgzl4q41pZzdGhkTVQE+hRJaV5OeFCPuHq/R
PI4fB/HIx2N5vmf/XPBmIVWoniAyUg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org