Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/2D68306EAD6F11EEB4E6BB6EC4F9AE02.roa
File: 2D68306EAD6F11EEB4E6BB6EC4F9AE02.roa (raw, json)
Hash identifier: lWpyoCfa5CwkWnfUl86E5aMz2FKP5XU3egyd6uJDWDE=
Subject key identifier: 5E:0C:64:98:D1:CD:0D:2A:D5:1B:DD:1A:A7:D8:2A:D8:DD:22:2F:F2
Certificate issuer: /CN=A91B7C1A/serialNumber=F97E72027F72336455A36453FB29B1E45B5AED40
Certificate serial: 29
Authority key identifier: F9:7E:72:02:7F:72:33:64:55:A3:64:53:FB:29:B1:E4:5B:5A:ED:40
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-X5yAn9yM2RVo2RT-ymx5Fta7UA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/2D68306EAD6F11EEB4E6BB6EC4F9AE02.roa
Signing time: Sun 07 Jan 2024 15:12:31 +0000
ROA not before: Sun 07 Jan 2024 15:12:31 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 4785
IP address blocks: 103.91.144.0/23 maxlen: 23
103.99.178.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 41 (0x29)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B7C1A/serialNumber=F97E72027F72336455A36453FB29B1E45B5AED40
Validity
Not Before: Jan 7 15:12:31 2024 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=659abf5f-03c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:15:83:a4:51:ed:a9:24:78:f0:2f:54:32:1b:
64:aa:45:3b:74:81:2e:d4:8a:4a:35:3f:aa:6e:08:
70:f5:bf:a3:01:bd:34:1f:f8:38:da:d6:58:65:79:
1b:7f:43:a0:bf:b2:ed:ab:a7:59:99:ee:77:7b:8e:
8c:07:39:27:f8:32:eb:81:3e:e6:42:97:79:d5:3b:
08:db:cd:fe:1f:a2:73:db:32:14:07:cf:34:99:c9:
81:7a:bb:72:61:14:71:80:23:03:78:5a:bf:a0:7f:
7e:94:46:28:96:c2:d9:ae:bf:ce:99:7b:0c:d9:5f:
f4:f5:69:d9:82:63:d9:07:be:74:b4:24:ca:00:a9:
04:58:0a:ed:58:7c:0f:f8:02:83:23:14:3c:cb:bf:
98:a5:96:c3:e2:36:b0:a6:e9:c4:bf:3c:6b:34:c9:
95:98:da:72:67:ce:c4:22:ba:65:77:c5:be:00:82:
ec:10:16:fc:4f:30:cd:5d:1c:cd:6c:8b:50:0e:db:
77:16:df:24:31:c5:26:fb:a3:4b:d0:10:c0:6f:f0:
5c:65:a3:a9:03:b9:3f:93:07:88:a9:05:b6:a3:67:
cf:97:d1:6e:2e:9e:a2:a4:e3:1a:3a:23:c9:d8:35:
db:52:3f:78:d3:7e:60:6e:63:74:3f:d4:a6:8b:91:
15:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:0C:64:98:D1:CD:0D:2A:D5:1B:DD:1A:A7:D8:2A:D8:DD:22:2F:F2
X509v3 Authority Key Identifier:
keyid:F9:7E:72:02:7F:72:33:64:55:A3:64:53:FB:29:B1:E4:5B:5A:ED:40
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/-X5yAn9yM2RVo2RT-ymx5Fta7UA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-X5yAn9yM2RVo2RT-ymx5Fta7UA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/2D68306EAD6F11EEB4E6BB6EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.91.144.0/23
103.99.178.0/23
Signature Algorithm: sha256WithRSAEncryption
41:3d:12:87:f1:d8:12:e9:4b:41:81:9c:35:73:2c:83:5a:a0:
cf:e4:ae:80:b8:6c:30:06:c4:0a:54:fa:e3:95:53:6d:34:cf:
16:0f:20:1c:15:aa:6c:65:82:56:dd:bd:4d:e1:73:bc:b7:91:
72:ac:26:47:72:56:77:93:65:a1:76:9d:6b:71:9c:60:7c:7b:
52:91:28:c6:59:19:5b:98:21:45:27:79:07:05:37:23:d5:19:
46:8f:a1:f4:d7:23:25:db:fb:7c:10:8b:7f:4d:e3:2c:22:3d:
bc:95:54:65:0e:2f:e6:e7:92:45:ac:8c:df:2e:85:c8:89:51:
43:70:f7:22:fd:a3:9c:34:20:f5:92:4d:42:17:d6:e8:36:bf:
c4:a1:a3:72:57:5a:39:5b:87:96:92:2b:74:44:d5:b3:12:8c:
d6:37:49:ed:1c:30:0b:03:dc:39:c6:87:79:ff:d6:77:00:42:
00:89:06:fa:71:a4:8a:4f:fc:b6:43:57:08:39:55:fd:17:da:
81:eb:52:65:ad:ea:9d:b5:e2:d7:81:24:75:0c:e9:71:32:de:
04:f1:48:b2:98:b7:96:c2:be:24:cb:50:68:5f:c4:4e:3a:44:
8d:c7:e1:28:28:53:c7:11:01:b7:54:8b:29:61:aa:cc:73:a4:
e7:28:96:b1
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBKTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
N0MxQTExMC8GA1UEBRMoRjk3RTcyMDI3RjcyMzM2NDU1QTM2NDUzRkIyOUIxRTQ1
QjVBRUQ0MDAeFw0yNDAxMDcxNTEyMzFaFw0yNDEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1OWFiZjVmLTAzYzkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDNFYOkUe2pJHjwL1QyG2SqRTt0gS7Uiko1P6puCHD1v6MBvTQf+Dja1lhleRt/
Q6C/su2rp1mZ7nd7jowHOSf4MuuBPuZCl3nVOwjbzf4fonPbMhQHzzSZyYF6u3Jh
FHGAIwN4Wr+gf36URiiWwtmuv86ZewzZX/T1admCY9kHvnS0JMoAqQRYCu1YfA/4
AoMjFDzLv5illsPiNrCm6cS/PGs0yZWY2nJnzsQiumV3xb4AguwQFvxPMM1dHM1s
i1AO23cW3yQxxSb7o0vQEMBv8Fxlo6kDuT+TB4ipBbajZ8+X0W4unqKk4xo6I8nY
NdtSP3jTfmBuY3Q/1KaLkRVTAgMBAAGjggKbMIIClzAdBgNVHQ4EFgQUXgxkmNHN
DSrVG90ap9gq2N0iL/IwHwYDVR0jBBgwFoAU+X5yAn9yM2RVo2RT+ymx5Fta7UAw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUI3QzFBLzFBM0M2RjBFOTI3
NzExRUVBMzk0NEUwQ0M0RjlBRTAyLy1YNXlBbjl5TTJSVm8yUlQteW14NUZ0YTdV
QS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvLVg1eUFuOXlNMlJWbzJSVC15bXg1RnRhN1VBLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
N0MxQS8xQTNDNkYwRTkyNzcxMUVFQTM5NDRFMENDNEY5QUUwMi8yRDY4MzA2RUFE
NkYxMUVFQjRFNkJCNkVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEAWdbkAMEAWdjsjANBgkqhkiG9w0BAQsFAAOCAQEAQT0Sh/HY
EulLQYGcNXMsg1qgz+SugLhsMAbEClT645VTbTTPFg8gHBWqbGWCVt29TeFzvLeR
cqwmR3JWd5NloXada3GcYHx7UpEoxlkZW5ghRSd5BwU3I9UZRo+h9NcjJdv7fBCL
f03jLCI9vJVUZQ4v5ueSRayM3y6FyIlRQ3D3Iv2jnDQg9ZJNQhfW6Da/xKGjclda
OVuHlpIrdETVsxKM1jdJ7RwwCwPcOcaHef/WdwBCAIkG+nGkik/8tkNXCDlV/Rfa
getSZa3qnbXi14EkdQzpcTLeBPFIspi3lsK+JMtQaF/ETjpEjcfhKChTxxEBt1SL
KWGqzHOk5yiWsQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:38 2024 by rpki-client on console-fra.rpki-client.org