Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/A0C7CB0E927711EEB0E40C0DC4F9AE02.roa
File: A0C7CB0E927711EEB0E40C0DC4F9AE02.roa (raw, json)
Hash identifier: FeLtkHqE1mN58KCx28x4WIQZnI9qQTFoOOKhG2NqbRw=
Subject key identifier: CB:07:4F:71:46:7C:F7:88:4F:8B:4E:06:37:1D:F0:4D:BA:7E:E7:7A
Certificate issuer: /CN=A91B7C1A/serialNumber=F97E72027F72336455A36453FB29B1E45B5AED40
Certificate serial: 09
Authority key identifier: F9:7E:72:02:7F:72:33:64:55:A3:64:53:FB:29:B1:E4:5B:5A:ED:40
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-X5yAn9yM2RVo2RT-ymx5Fta7UA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/A0C7CB0E927711EEB0E40C0DC4F9AE02.roa
Signing time: Mon 04 Dec 2023 08:10:27 +0000
ROA not before: Mon 04 Dec 2023 08:10:27 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 40065
IP address blocks: 103.99.178.0/24 maxlen: 24
103.99.179.0/24 maxlen: 24
202.91.33.0/24 maxlen: 24
202.91.34.0/24 maxlen: 24
202.91.35.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9 (0x9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B7C1A/serialNumber=F97E72027F72336455A36453FB29B1E45B5AED40
Validity
Not Before: Dec 4 08:10:27 2023 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=656d8973-cc75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:05:2e:c5:45:7c:cf:f3:16:7e:08:6a:87:a6:
8e:49:50:29:05:f5:3a:e6:29:5d:cd:e3:d5:8f:20:
a6:40:77:b2:da:30:1c:cc:44:43:b9:d5:a3:b4:51:
84:a9:8b:06:2b:78:7b:27:85:24:c1:c8:06:d7:3d:
63:ad:b4:50:de:1e:72:77:60:89:3b:8e:cc:77:b7:
62:92:db:3c:f0:fe:8e:a9:7c:bd:97:0e:6b:33:b7:
4c:d8:89:5c:59:12:e8:d2:72:14:7b:53:f0:50:27:
11:9c:40:e1:1f:dc:c6:d2:08:3a:53:9f:86:7d:f5:
52:cd:ab:4d:5f:fd:59:e4:ee:a5:92:ba:93:8d:45:
a2:9f:99:84:d8:37:dc:a9:55:48:49:9b:06:f4:2f:
ba:ca:66:2c:b1:55:98:9c:63:da:c4:65:31:ec:46:
e9:d5:68:ba:78:0b:30:55:2c:19:4e:9c:8a:9b:5c:
1b:d7:1d:b7:c1:33:b3:97:09:67:11:12:e5:46:b0:
a7:88:c6:8c:16:b0:86:14:ab:d1:51:df:8c:e1:c9:
6f:60:6f:17:94:71:af:44:6b:60:71:51:ad:e2:e5:
29:61:79:c5:f4:1c:af:a1:ff:91:d0:ed:76:59:32:
2e:e0:6b:ba:75:02:cb:3a:db:1f:38:da:2d:10:41:
10:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:07:4F:71:46:7C:F7:88:4F:8B:4E:06:37:1D:F0:4D:BA:7E:E7:7A
X509v3 Authority Key Identifier:
keyid:F9:7E:72:02:7F:72:33:64:55:A3:64:53:FB:29:B1:E4:5B:5A:ED:40
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/-X5yAn9yM2RVo2RT-ymx5Fta7UA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-X5yAn9yM2RVo2RT-ymx5Fta7UA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/A0C7CB0E927711EEB0E40C0DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.99.178.0/23
202.91.33.0-202.91.35.255
Signature Algorithm: sha256WithRSAEncryption
88:a9:b8:bb:7a:2f:26:32:ce:8d:34:55:79:8e:be:71:eb:ed:
da:fc:61:ab:b2:19:27:d0:60:09:c1:0f:70:47:bd:aa:17:52:
89:c3:4d:5d:bf:79:8f:c3:b1:ed:c9:c6:55:68:cc:b1:22:27:
1e:61:4b:33:ba:9f:30:cc:01:55:8a:eb:05:43:e5:ba:d2:a5:
2d:a4:1c:dc:e1:4a:41:2b:e0:d3:76:13:cd:c4:a2:b0:fa:59:
44:8f:c7:61:4a:59:db:86:0e:18:f3:07:30:6d:18:2f:af:84:
b0:38:fb:8d:42:c0:cc:fd:85:13:23:93:e9:e4:9c:f1:04:b3:
8e:bf:44:86:e4:67:d3:85:a6:ea:8e:e1:14:35:1b:36:83:a4:
15:64:45:d9:a5:2e:a4:eb:1a:bc:cf:d4:e8:0f:30:03:3b:eb:
e0:9e:3e:b9:05:92:ac:c1:ad:89:27:56:5e:7a:34:b0:f5:d5:
18:cd:7f:c9:44:cb:d0:3f:aa:fb:1e:dd:b5:f2:7f:79:6a:ae:
cd:94:8d:68:21:5c:62:59:21:85:3d:97:ca:f7:34:54:62:1c:
63:f9:bf:1a:f9:a2:28:4e:80:40:09:7f:54:5e:9c:a5:d6:1f:
cd:ce:67:41:40:49:ea:47:ff:58:da:be:e1:d2:99:4d:73:b7:
6d:d6:b2:e6
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgIBCTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
N0MxQTExMC8GA1UEBRMoRjk3RTcyMDI3RjcyMzM2NDU1QTM2NDUzRkIyOUIxRTQ1
QjVBRUQ0MDAeFw0yMzEyMDQwODEwMjdaFw0yNDEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1NmQ4OTczLWNjNzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDpBS7FRXzP8xZ+CGqHpo5JUCkF9TrmKV3N49WPIKZAd7LaMBzMREO51aO0UYSp
iwYreHsnhSTByAbXPWOttFDeHnJ3YIk7jsx3t2KS2zzw/o6pfL2XDmszt0zYiVxZ
EujSchR7U/BQJxGcQOEf3MbSCDpTn4Z99VLNq01f/Vnk7qWSupONRaKfmYTYN9yp
VUhJmwb0L7rKZiyxVZicY9rEZTHsRunVaLp4CzBVLBlOnIqbXBvXHbfBM7OXCWcR
EuVGsKeIxowWsIYUq9FR34zhyW9gbxeUca9Ea2BxUa3i5SlhecX0HK+h/5HQ7XZZ
Mi7ga7p1Ass62x842i0QQRDNAgMBAAGjggKjMIICnzAdBgNVHQ4EFgQUywdPcUZ8
94hPi04GNx3wTbp+53owHwYDVR0jBBgwFoAU+X5yAn9yM2RVo2RT+ymx5Fta7UAw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUI3QzFBLzFBM0M2RjBFOTI3
NzExRUVBMzk0NEUwQ0M0RjlBRTAyLy1YNXlBbjl5TTJSVm8yUlQteW14NUZ0YTdV
QS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvLVg1eUFuOXlNMlJWbzJSVC15bXg1RnRhN1VBLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
N0MxQS8xQTNDNkYwRTkyNzcxMUVFQTM5NDRFMENDNEY5QUUwMi9BMEM3Q0IwRTky
NzcxMUVFQjBFNDBDMERDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAtBggrBgEFBQcBBwEB/wQe
MBwwGgQCAAEwFAMEAWdjsjAMAwQAylshAwQCylsgMA0GCSqGSIb3DQEBCwUAA4IB
AQCIqbi7ei8mMs6NNFV5jr5x6+3a/GGrshkn0GAJwQ9wR72qF1KJw01dv3mPw7Ht
ycZVaMyxIiceYUszup8wzAFViusFQ+W60qUtpBzc4UpBK+DTdhPNxKKw+llEj8dh
Slnbhg4Y8wcwbRgvr4SwOPuNQsDM/YUTI5Pp5JzxBLOOv0SG5GfThabqjuEUNRs2
g6QVZEXZpS6k6xq8z9ToDzADO+vgnj65BZKswa2JJ1ZeejSw9dUYzX/JRMvQP6r7
Ht218n95aq7NlI1oIVxiWSGFPZfK9zRUYhxj+b8a+aIoToBACX9UXpyl1h/NzmdB
QEnqR/9Y2r7h0plNc7dt1rLm
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:38 2024 by rpki-client on console-fra.rpki-client.org