Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/D3682D68EFC711EDBC38D042C4F9AE02.roa
File: D3682D68EFC711EDBC38D042C4F9AE02.roa (raw, json)
Hash identifier: XxgT3ym0FmtxFe8CDF3nAv8eazo4S4W+ZK67DtxLHxk=
Subject key identifier: E9:0D:03:85:CA:54:7D:A6:E8:4D:F2:50:FA:76:5E:59:D9:68:14:0D
Certificate issuer: /CN=A91C6504/serialNumber=0E44D19B7C9589B2342D051EB094493748DEEB4F
Certificate serial: 35
Authority key identifier: 0E:44:D1:9B:7C:95:89:B2:34:2D:05:1E:B0:94:49:37:48:DE:EB:4F
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DkTRm3yVibI0LQUesJRJN0je608.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/D3682D68EFC711EDBC38D042C4F9AE02.roa
Signing time: Sat 05 Aug 2023 05:05:07 +0000
ROA not before: Sat 05 Aug 2023 05:05:07 +0000
ROA not after: Thu 31 Oct 2024 00:00:00 +0000
asID: 136993
IP address blocks: 103.69.152.0/22 maxlen: 24
180.149.236.0/24 maxlen: 24
180.149.237.0/24 maxlen: 24
180.149.238.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 53 (0x35)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C6504/serialNumber=0E44D19B7C9589B2342D051EB094493748DEEB4F
Validity
Not Before: Aug 5 05:05:07 2023 GMT
Not After : Oct 31 00:00:00 2024 GMT
Subject: CN=64cdd883-f7a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:ac:34:46:a1:b4:4c:3a:ea:3b:48:b1:e6:9e:
74:b7:d8:38:69:6b:8c:b1:a7:88:fd:58:b9:7b:eb:
a2:0a:48:f7:69:df:0d:85:dd:4c:dd:fa:61:ad:7a:
c8:c7:44:2a:21:3a:fe:60:4a:df:f4:ac:6b:27:62:
26:0f:c7:17:53:4b:a1:6f:b4:35:15:78:25:ee:bc:
4a:ae:63:dc:87:61:4e:4e:39:bc:b4:2e:53:b9:4a:
c1:69:85:78:7d:30:54:46:37:8d:40:05:1f:5c:d0:
f5:c0:aa:ee:3e:f5:87:45:41:20:02:14:bb:3b:3b:
d8:e1:23:80:ce:be:49:e0:21:4b:b9:48:35:10:67:
a3:cb:48:10:de:91:de:26:39:e5:9a:5c:41:68:90:
b7:83:33:49:09:4a:c7:e1:83:c5:a1:53:52:8d:5b:
42:a0:47:fb:c6:d6:d8:24:02:f3:9c:66:0e:f6:dc:
02:97:c9:63:a6:19:62:26:5e:20:4b:7b:10:a4:d6:
da:81:f7:19:05:2d:6d:b0:a0:07:70:8f:2a:d2:25:
20:e8:86:3f:91:71:b8:8b:ae:77:6b:03:ed:4b:1a:
32:66:0f:b8:9c:07:f9:ae:04:65:ad:c2:54:b9:3c:
66:62:5e:a7:e8:92:08:f3:9a:ee:bf:73:27:05:f4:
c3:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:0D:03:85:CA:54:7D:A6:E8:4D:F2:50:FA:76:5E:59:D9:68:14:0D
X509v3 Authority Key Identifier:
keyid:0E:44:D1:9B:7C:95:89:B2:34:2D:05:1E:B0:94:49:37:48:DE:EB:4F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/DkTRm3yVibI0LQUesJRJN0je608.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DkTRm3yVibI0LQUesJRJN0je608.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/D3682D68EFC711EDBC38D042C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.69.152.0/22
180.149.236.0/22
Signature Algorithm: sha256WithRSAEncryption
1e:c3:a5:07:77:4a:53:7e:05:dc:f6:f7:28:69:d3:29:0b:b9:
f6:b4:5e:84:e6:a7:35:a5:f3:2e:09:8f:08:78:21:94:a9:a5:
5e:27:35:a1:07:28:b2:7e:b8:3a:f1:07:84:31:60:83:ad:6b:
84:91:b5:12:e2:4f:c0:73:1e:41:a0:cf:54:c7:68:3d:c8:d6:
13:b6:f4:3c:dc:88:87:f6:d4:62:78:b5:f6:a8:bc:97:a2:92:
a9:14:43:22:fe:68:92:67:de:df:d8:3e:2b:40:67:25:06:79:
4a:75:8c:77:fe:11:f3:e9:4f:f0:7d:05:a2:1b:ed:4a:6f:90:
92:ca:4e:a8:9c:7d:4d:c5:8a:10:30:e8:44:af:db:56:97:6d:
cd:66:53:17:e1:03:12:e8:3c:31:e6:7f:c5:d6:3d:42:ca:3f:
f6:d5:f6:d8:2e:b2:21:97:65:3c:64:29:bc:f8:a1:44:b4:af:
76:58:b4:c3:ab:5a:3c:0f:1f:d9:d4:71:ef:d4:36:d2:67:99:
f6:bc:7e:a3:d7:08:63:3d:cc:f9:de:6c:b7:f2:ee:16:6d:6f:
e4:8b:a4:03:fa:05:49:e6:da:0c:bd:b1:49:3c:75:63:b8:c5:
41:5a:06:71:be:7e:e6:b3:40:93:b3:84:cb:09:90:d3:72:7b:
20:e9:44:05
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBNTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
NjUwNDExMC8GA1UEBRMoMEU0NEQxOUI3Qzk1ODlCMjM0MkQwNTFFQjA5NDQ5Mzc0
OERFRUI0RjAeFw0yMzA4MDUwNTA1MDdaFw0yNDEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0Y2RkODgzLWY3YTkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCorDRGobRMOuo7SLHmnnS32Dhpa4yxp4j9WLl766IKSPdp3w2F3Uzd+mGtesjH
RCohOv5gSt/0rGsnYiYPxxdTS6FvtDUVeCXuvEquY9yHYU5OOby0LlO5SsFphXh9
MFRGN41ABR9c0PXAqu4+9YdFQSACFLs7O9jhI4DOvkngIUu5SDUQZ6PLSBDekd4m
OeWaXEFokLeDM0kJSsfhg8WhU1KNW0KgR/vG1tgkAvOcZg723AKXyWOmGWImXiBL
exCk1tqB9xkFLW2woAdwjyrSJSDohj+RcbiLrndrA+1LGjJmD7icB/muBGWtwlS5
PGZiXqfokgjzmu6/cycF9MPfAgMBAAGjggKbMIIClzAdBgNVHQ4EFgQU6Q0DhcpU
faboTfJQ+nZeWdloFA0wHwYDVR0jBBgwFoAUDkTRm3yVibI0LQUesJRJN0je608w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUM2NTA0LzkxRTA2RTg0RUZB
NzExRUQ5QjI3MzU2RUM0RjlBRTAyL0RrVFJtM3lWaWJJMExRVWVzSlJKTjBqZTYw
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvRGtUUm0zeVZpYkkwTFFVZXNKUkpOMGplNjA4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
NjUwNC85MUUwNkU4NEVGQTcxMUVEOUIyNzM1NkVDNEY5QUUwMi9EMzY4MkQ2OEVG
QzcxMUVEQkMzOEQwNDJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEAmdFmAMEArSV7DANBgkqhkiG9w0BAQsFAAOCAQEAHsOlB3dK
U34F3Pb3KGnTKQu59rRehOanNaXzLgmPCHghlKmlXic1oQcosn64OvEHhDFgg61r
hJG1EuJPwHMeQaDPVMdoPcjWE7b0PNyIh/bUYni19qi8l6KSqRRDIv5okmfe39g+
K0BnJQZ5SnWMd/4R8+lP8H0FohvtSm+QkspOqJx9TcWKEDDoRK/bVpdtzWZTF+ED
Eug8MeZ/xdY9Qso/9tX22C6yIZdlPGQpvPihRLSvdli0w6taPA8f2dRx79Q20meZ
9rx+o9cIYz3M+d5st/LuFm1v5IukA/oFSebaDL2xSTx1Y7jFQVoGcb5+5rNAk7OE
ywmQ03J7IOlEBQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:40 2024 by rpki-client on console-fra.rpki-client.org