Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/A1B96FD6927711EEB0E40C0DC4F9AE02.roa
File: A1B96FD6927711EEB0E40C0DC4F9AE02.roa (raw, json)
Hash identifier: LYnUH+gJQ1y4UURHNmem4ygaJdqHG7SIbPut/BV71lY=
Subject key identifier: 36:16:20:7E:86:42:97:7B:CC:7F:1B:FD:25:E3:D6:01:E7:A5:2B:B5
Certificate issuer: /CN=A91B7C1A/serialNumber=F97E72027F72336455A36453FB29B1E45B5AED40
Certificate serial: 04
Authority key identifier: F9:7E:72:02:7F:72:33:64:55:A3:64:53:FB:29:B1:E4:5B:5A:ED:40
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-X5yAn9yM2RVo2RT-ymx5Fta7UA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/A1B96FD6927711EEB0E40C0DC4F9AE02.roa
Signing time: Mon 04 Dec 2023 07:35:01 +0000
ROA not before: Mon 04 Dec 2023 07:35:01 +0000
ROA not after: Sun 01 Dec 2024 00:00:00 +0000
asID: 8100
IP address blocks: 103.79.76.0/24 maxlen: 24
103.79.77.0/24 maxlen: 24
103.79.78.0/24 maxlen: 24
103.79.79.0/24 maxlen: 24
202.91.32.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B7C1A/serialNumber=F97E72027F72336455A36453FB29B1E45B5AED40
Validity
Not Before: Dec 4 07:35:01 2023 GMT
Not After : Dec 1 00:00:00 2024 GMT
Subject: CN=656d8124-6ac3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:ce:41:b5:0f:49:39:d9:39:22:e0:d8:66:8a:
77:c7:ef:3e:4c:80:48:78:fa:70:1b:f9:f3:29:c3:
01:2c:b2:5b:90:94:03:91:17:6d:4d:24:fd:9f:26:
ef:4d:2f:d1:1d:44:73:56:bf:38:f0:fe:35:c4:71:
c8:6b:07:49:c5:e2:00:d8:bd:a3:79:fd:9d:2e:92:
08:d8:24:fe:99:81:e5:00:f6:f7:86:f6:6c:08:d9:
1d:97:74:6d:11:09:d1:3d:dd:41:9f:10:98:74:c0:
81:92:5d:42:76:19:c4:59:61:cc:86:1f:48:31:29:
0f:15:30:a4:83:aa:de:04:74:ec:e2:33:e9:83:d8:
98:60:e9:29:6a:0d:52:78:f0:50:a3:3f:2f:6d:7e:
90:c3:01:8f:64:83:c7:28:1f:8e:a7:5e:e8:03:73:
8f:e6:94:52:c1:c0:a7:d1:40:5a:41:ad:7d:69:77:
c5:6d:e5:50:f0:da:9f:f1:78:ac:ea:55:c1:80:37:
13:cd:22:7b:80:72:8c:62:5f:03:e1:fd:6e:e4:39:
38:af:ba:03:7e:f5:30:7e:7e:c3:1a:c4:04:be:4e:
fc:19:da:3c:9d:d2:50:1f:d3:60:54:2a:6d:99:47:
78:f6:0a:2f:47:17:ce:78:44:d2:9b:18:67:94:c3:
d4:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:16:20:7E:86:42:97:7B:CC:7F:1B:FD:25:E3:D6:01:E7:A5:2B:B5
X509v3 Authority Key Identifier:
keyid:F9:7E:72:02:7F:72:33:64:55:A3:64:53:FB:29:B1:E4:5B:5A:ED:40
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/-X5yAn9yM2RVo2RT-ymx5Fta7UA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-X5yAn9yM2RVo2RT-ymx5Fta7UA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/A1B96FD6927711EEB0E40C0DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.79.76.0/22
202.91.32.0/24
Signature Algorithm: sha256WithRSAEncryption
1a:d0:7e:64:9b:7f:20:ec:9e:44:ac:41:1a:d0:9c:04:ce:97:
92:4f:de:f8:52:e5:d9:02:07:6d:25:d8:fe:30:00:2c:6d:a4:
90:e5:d3:a0:07:2b:52:75:82:50:e6:18:4d:71:60:78:0a:ca:
74:c0:20:40:25:55:06:67:cd:1a:e9:6b:15:7b:db:24:ce:c6:
19:16:d5:22:55:9b:52:5b:78:fa:3c:39:8d:1b:cb:20:89:c4:
fa:9e:1b:5f:a5:50:a8:35:25:77:57:ee:30:37:6e:ca:d7:e6:
ec:e3:52:89:ce:1c:68:09:c5:db:49:ae:04:49:f0:e1:a3:8c:
c3:fc:0c:d6:3c:61:f6:6d:bf:05:1a:0e:3f:b0:7e:6e:13:3a:
bc:79:c5:77:a8:e3:b6:7a:bb:22:75:64:6a:80:5e:29:88:ee:
4a:ba:36:8d:52:60:ab:ed:7e:93:7b:b1:48:f5:92:4b:c4:9c:
e0:14:66:c2:65:a5:25:2b:f0:9f:08:db:3b:d0:4f:95:07:2b:
0f:81:a5:d5:10:c8:fd:f2:ff:58:fa:0a:72:3a:4f:b8:7f:43:
f0:80:88:a4:a0:2e:ca:fa:96:01:6b:02:a7:9f:7d:79:1a:7b:
ed:dd:12:b6:4f:ab:96:6c:89:22:05:1b:43:e1:e5:2c:fd:a1:
0c:3f:14:21
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBBDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
N0MxQTExMC8GA1UEBRMoRjk3RTcyMDI3RjcyMzM2NDU1QTM2NDUzRkIyOUIxRTQ1
QjVBRUQ0MDAeFw0yMzEyMDQwNzM1MDFaFw0yNDEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1NmQ4MTI0LTZhYzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDazkG1D0k52Tki4NhminfH7z5MgEh4+nAb+fMpwwEssluQlAORF21NJP2fJu9N
L9EdRHNWvzjw/jXEcchrB0nF4gDYvaN5/Z0ukgjYJP6ZgeUA9veG9mwI2R2XdG0R
CdE93UGfEJh0wIGSXUJ2GcRZYcyGH0gxKQ8VMKSDqt4EdOziM+mD2Jhg6SlqDVJ4
8FCjPy9tfpDDAY9kg8coH46nXugDc4/mlFLBwKfRQFpBrX1pd8Vt5VDw2p/xeKzq
VcGANxPNInuAcoxiXwPh/W7kOTivugN+9TB+fsMaxAS+TvwZ2jyd0lAf02BUKm2Z
R3j2Ci9HF854RNKbGGeUw9THAgMBAAGjggKbMIIClzAdBgNVHQ4EFgQUNhYgfoZC
l3vMfxv9JePWAeelK7UwHwYDVR0jBBgwFoAU+X5yAn9yM2RVo2RT+ymx5Fta7UAw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUI3QzFBLzFBM0M2RjBFOTI3
NzExRUVBMzk0NEUwQ0M0RjlBRTAyLy1YNXlBbjl5TTJSVm8yUlQteW14NUZ0YTdV
QS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvLVg1eUFuOXlNMlJWbzJSVC15bXg1RnRhN1VBLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
N0MxQS8xQTNDNkYwRTkyNzcxMUVFQTM5NDRFMENDNEY5QUUwMi9BMUI5NkZENjky
NzcxMUVFQjBFNDBDMERDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEAmdPTAMEAMpbIDANBgkqhkiG9w0BAQsFAAOCAQEAGtB+ZJt/
IOyeRKxBGtCcBM6Xkk/e+FLl2QIHbSXY/jAALG2kkOXToAcrUnWCUOYYTXFgeArK
dMAgQCVVBmfNGulrFXvbJM7GGRbVIlWbUlt4+jw5jRvLIInE+p4bX6VQqDUld1fu
MDduytfm7ONSic4caAnF20muBEnw4aOMw/wM1jxh9m2/BRoOP7B+bhM6vHnFd6jj
tnq7InVkaoBeKYjuSro2jVJgq+1+k3uxSPWSS8Sc4BRmwmWlJSvwnwjbO9BPlQcr
D4Gl1RDI/fL/WPoKcjpPuH9D8ICIpKAuyvqWAWsCp599eRp77d0Stk+rlmyJIgUb
Q+HlLP2hDD8UIQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:38 2024 by rpki-client on console-fra.rpki-client.org