Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/A13278A0927711EEB0E40C0DC4F9AE02.roa
File: A13278A0927711EEB0E40C0DC4F9AE02.roa (raw, json)
Hash identifier: TI81HO/FBxPH52r+i+0nf5PAFy3VUxn/+EFIeZqoWIg=
Subject key identifier: E9:71:11:29:31:9E:A9:A3:E3:53:F5:4E:6B:AE:91:16:9E:90:27:B3
Certificate issuer: /CN=A91B7C1A/serialNumber=F97E72027F72336455A36453FB29B1E45B5AED40
Certificate serial: 10
Authority key identifier: F9:7E:72:02:7F:72:33:64:55:A3:64:53:FB:29:B1:E4:5B:5A:ED:40
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-X5yAn9yM2RVo2RT-ymx5Fta7UA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/A13278A0927711EEB0E40C0DC4F9AE02.roa
Signing time: Mon 04 Dec 2023 08:20:38 +0000
ROA not before: Mon 04 Dec 2023 08:20:38 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 4785
IP address blocks: 103.47.186.0/24 maxlen: 24
103.53.80.0/23 maxlen: 23
103.91.144.0/23 maxlen: 23
103.99.178.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16 (0x10)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B7C1A/serialNumber=F97E72027F72336455A36453FB29B1E45B5AED40
Validity
Not Before: Dec 4 08:20:38 2023 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=656d8bd6-35e7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:da:c7:fa:b8:ca:ed:b7:57:b8:ea:71:c1:fe:
11:ad:e2:a1:a9:a9:53:1c:23:c1:64:a9:89:ad:71:
99:d6:65:ad:4e:58:c1:43:b5:0d:e0:1d:c1:bb:73:
e0:33:23:a6:6d:cd:64:6e:93:6d:1a:3d:b1:6e:20:
64:7c:2f:96:d8:be:2f:6b:0a:37:c6:9f:6c:a4:3f:
fc:43:74:fc:69:f6:f4:f9:00:6b:86:06:10:81:77:
1c:dc:e0:d6:a9:50:f4:9a:4a:9f:c4:d6:c7:93:29:
a7:c4:22:7a:f3:86:06:d3:ca:e5:6d:b0:c7:f4:76:
cd:49:15:4d:c6:f8:7b:8d:6d:f3:4e:de:55:a6:27:
b5:f1:f6:3b:8f:6a:1a:7f:69:0f:ca:11:e4:67:3f:
44:6f:1d:ac:ae:d4:4d:9e:bf:f6:c1:fa:07:08:0a:
09:c8:8f:9e:0b:15:10:ff:21:5b:62:6a:9d:17:27:
ab:78:6e:af:36:92:de:0f:d7:3f:5d:37:e8:4c:3a:
c7:51:d6:19:54:36:3f:c2:25:29:5b:34:fe:bc:5c:
ba:ff:d8:f0:34:fd:3d:6c:71:d4:cf:0b:df:8b:f3:
ed:2c:97:4b:90:2b:5f:86:85:34:54:1e:e3:24:23:
8b:fd:49:bf:aa:bc:de:3d:37:1e:6b:96:8c:47:6e:
53:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:71:11:29:31:9E:A9:A3:E3:53:F5:4E:6B:AE:91:16:9E:90:27:B3
X509v3 Authority Key Identifier:
keyid:F9:7E:72:02:7F:72:33:64:55:A3:64:53:FB:29:B1:E4:5B:5A:ED:40
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/-X5yAn9yM2RVo2RT-ymx5Fta7UA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-X5yAn9yM2RVo2RT-ymx5Fta7UA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/A13278A0927711EEB0E40C0DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.47.186.0/24
103.53.80.0/23
103.91.144.0/23
103.99.178.0/23
Signature Algorithm: sha256WithRSAEncryption
20:b0:1d:f5:1d:8c:a6:c4:af:37:32:bf:98:c3:05:00:23:cc:
31:75:e5:12:29:5b:ec:b5:28:ec:c1:73:a5:f9:69:89:08:1e:
06:b1:d9:f0:ae:da:f7:7c:d2:f2:10:bf:28:a7:20:ca:d9:e4:
e7:13:5a:e6:6c:9e:a8:11:22:c6:56:8d:da:64:f2:b7:d4:05:
31:4d:b1:c5:d6:bf:79:13:1b:1a:cc:ca:df:73:d7:24:df:43:
9e:53:91:39:0a:41:89:7f:9e:84:ec:02:34:63:c4:97:1b:85:
0f:b2:66:87:63:b4:e3:e4:3c:54:5e:35:39:02:86:9a:bb:38:
bb:26:25:8c:4a:47:ae:c0:54:bf:3e:bd:46:31:fc:af:10:8d:
ee:66:30:59:a7:02:c4:6a:34:2d:d9:0a:8e:e0:3c:eb:ba:cd:
42:78:47:8e:bb:d4:1f:7e:21:59:39:0f:55:6f:fa:ab:79:89:
b3:5b:f2:69:ce:7f:83:95:ef:e0:1f:4d:4a:e7:68:71:50:03:
3f:1f:e2:86:47:fe:8c:86:de:b6:7e:db:1d:56:bf:2d:1a:1f:
cc:d6:3c:18:db:ce:29:65:ae:09:2d:00:31:1a:6e:0a:c5:80:
98:70:82:1d:af:37:71:36:ad:7e:cf:57:95:76:09:5d:51:49:
f1:a7:ab:ec
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
N0MxQTExMC8GA1UEBRMoRjk3RTcyMDI3RjcyMzM2NDU1QTM2NDUzRkIyOUIxRTQ1
QjVBRUQ0MDAeFw0yMzEyMDQwODIwMzhaFw0yNDEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1NmQ4YmQ2LTM1ZTcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDE2sf6uMrtt1e46nHB/hGt4qGpqVMcI8FkqYmtcZnWZa1OWMFDtQ3gHcG7c+Az
I6ZtzWRuk20aPbFuIGR8L5bYvi9rCjfGn2ykP/xDdPxp9vT5AGuGBhCBdxzc4Nap
UPSaSp/E1seTKafEInrzhgbTyuVtsMf0ds1JFU3G+HuNbfNO3lWmJ7Xx9juPahp/
aQ/KEeRnP0RvHayu1E2ev/bB+gcICgnIj54LFRD/IVtiap0XJ6t4bq82kt4P1z9d
N+hMOsdR1hlUNj/CJSlbNP68XLr/2PA0/T1scdTPC9+L8+0sl0uQK1+GhTRUHuMk
I4v9Sb+qvN49Nx5rloxHblNxAgMBAAGjggKnMIICozAdBgNVHQ4EFgQU6XERKTGe
qaPjU/VOa66RFp6QJ7MwHwYDVR0jBBgwFoAU+X5yAn9yM2RVo2RT+ymx5Fta7UAw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUI3QzFBLzFBM0M2RjBFOTI3
NzExRUVBMzk0NEUwQ0M0RjlBRTAyLy1YNXlBbjl5TTJSVm8yUlQteW14NUZ0YTdV
QS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvLVg1eUFuOXlNMlJWbzJSVC15bXg1RnRhN1VBLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
N0MxQS8xQTNDNkYwRTkyNzcxMUVFQTM5NDRFMENDNEY5QUUwMi9BMTMyNzhBMDky
NzcxMUVFQjBFNDBDMERDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAxBggrBgEFBQcBBwEB/wQi
MCAwHgQCAAEwGAMEAGcvugMEAWc1UAMEAWdbkAMEAWdjsjANBgkqhkiG9w0BAQsF
AAOCAQEAILAd9R2MpsSvNzK/mMMFACPMMXXlEilb7LUo7MFzpflpiQgeBrHZ8K7a
93zS8hC/KKcgytnk5xNa5myeqBEixlaN2mTyt9QFMU2xxda/eRMbGszK33PXJN9D
nlOROQpBiX+ehOwCNGPElxuFD7Jmh2O04+Q8VF41OQKGmrs4uyYljEpHrsBUvz69
RjH8rxCN7mYwWacCxGo0LdkKjuA867rNQnhHjrvUH34hWTkPVW/6q3mJs1vyac5/
g5Xv4B9NSudocVADPx/ihkf+jIbetn7bHVa/LRofzNY8GNvOKWWuCS0AMRpuCsWA
mHCCHa83cTatfs9XlXYJXVFJ8aer7A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:57 2024 by rpki-client on console-ams.rpki-client.org