Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C7633/81DB5F821D7F11EB8AECD529C4F9AE02/7BFE1058244A11EEA719C74CC4F9AE02.roa
File: 7BFE1058244A11EEA719C74CC4F9AE02.roa (raw, json)
Hash identifier: EU0xRJt9OUjDEp5kcFdkSY0ud/ZvtHtpHT1EbLePxCY=
Subject key identifier: AA:C7:B4:D4:B7:7B:0A:E8:F2:62:FA:A3:CE:E6:A0:23:80:0C:06:8D
Certificate issuer: /CN=A91C7633/serialNumber=F1293940856BFD03AAA12C2DC952AEEB5486B1D8
Certificate serial: 060D
Authority key identifier: F1:29:39:40:85:6B:FD:03:AA:A1:2C:2D:C9:52:AE:EB:54:86:B1:D8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/8Sk5QIVr_QOqoSwtyVKu61SGsdg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C7633/81DB5F821D7F11EB8AECD529C4F9AE02/7BFE1058244A11EEA719C74CC4F9AE02.roa
Signing time: Mon 17 Jul 2023 02:34:42 +0000
ROA not before: Mon 17 Jul 2023 02:34:42 +0000
ROA not after: Tue 31 Oct 2023 00:00:00 +0000
asID: 133579
IP address blocks: 101.100.159.0/24 maxlen: 24
103.237.40.0/24 maxlen: 24
103.237.41.0/24 maxlen: 24
103.237.42.0/24 maxlen: 24
103.237.43.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1549 (0x60d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C7633/serialNumber=F1293940856BFD03AAA12C2DC952AEEB5486B1D8
Validity
Not Before: Jul 17 02:34:42 2023 GMT
Not After : Oct 31 00:00:00 2023 GMT
Subject: CN=64b4a8c2-9f54
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:20:b4:4c:9f:d6:7e:e4:69:ee:7c:4f:50:78:
1a:b2:05:73:ba:9c:e5:ed:30:b1:8a:89:a3:6a:1f:
23:44:d7:4a:c5:19:07:4d:c8:b7:45:bb:44:36:85:
de:e2:57:f2:6d:bb:f6:2a:eb:8e:c3:0d:df:f1:f2:
a7:47:c8:28:93:79:25:86:20:07:6d:70:4e:85:8c:
38:79:05:83:af:3d:a2:1e:bb:00:02:6e:3a:2e:6f:
57:51:23:11:1d:f7:7f:45:bf:93:5e:9e:3b:75:96:
9e:66:61:ab:9d:57:ea:b0:93:49:cd:19:92:1b:8f:
e4:03:fc:71:19:74:0f:d7:4d:dd:47:05:09:82:b7:
71:16:2c:2e:b5:7c:db:a9:8c:2e:7b:d8:2a:9f:65:
45:a8:91:6e:92:83:92:02:c6:8a:db:c7:55:61:17:
d9:2b:0b:26:30:4a:ef:05:ba:88:2f:78:a0:85:c8:
f0:10:03:32:fc:1c:ec:b5:9b:cb:a2:b1:a1:9f:47:
49:11:cb:b5:01:08:da:69:9e:4a:42:50:dd:3a:8b:
85:1a:aa:c2:26:fa:d6:0a:33:0a:9b:43:b9:63:0a:
34:3c:fc:80:f9:a0:1a:1d:77:c8:c5:b2:52:1d:e5:
b6:fc:4d:e5:88:08:44:46:af:9d:af:27:21:e0:e2:
0f:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:C7:B4:D4:B7:7B:0A:E8:F2:62:FA:A3:CE:E6:A0:23:80:0C:06:8D
X509v3 Authority Key Identifier:
keyid:F1:29:39:40:85:6B:FD:03:AA:A1:2C:2D:C9:52:AE:EB:54:86:B1:D8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C7633/81DB5F821D7F11EB8AECD529C4F9AE02/8Sk5QIVr_QOqoSwtyVKu61SGsdg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/8Sk5QIVr_QOqoSwtyVKu61SGsdg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C7633/81DB5F821D7F11EB8AECD529C4F9AE02/7BFE1058244A11EEA719C74CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
101.100.159.0/24
103.237.40.0/22
Signature Algorithm: sha256WithRSAEncryption
41:af:07:0c:13:3e:da:a3:b8:eb:ca:c0:47:50:2e:c0:08:0a:
cb:40:31:00:78:90:0e:05:74:4e:5f:62:1d:0e:be:8f:b9:31:
39:46:0f:f3:36:c1:6b:79:80:4d:4c:5e:37:91:93:b9:50:2f:
80:55:77:10:fc:7a:76:05:d7:f4:41:b1:66:47:ed:cb:27:5f:
63:58:4d:bb:63:f5:9d:e2:a1:5f:5e:5a:c7:64:e1:9b:7b:a3:
1b:c0:05:41:5d:1c:95:f6:54:09:be:5d:dd:5f:74:82:7f:af:
86:4a:de:56:20:5e:b4:22:3c:e4:27:ed:fa:01:99:64:c0:ca:
92:40:2e:26:b1:7a:02:6b:91:b5:ed:eb:54:88:b9:eb:02:ff:
a3:e2:b8:42:44:ba:10:ea:f5:4f:da:c0:b1:6d:fb:13:71:31:
f3:30:52:78:16:48:fa:5f:59:e9:e8:aa:8c:92:bb:b9:93:03:
8d:0b:95:d6:e6:54:88:66:dc:a0:34:be:e1:2c:02:86:c1:e0:
c4:f1:38:86:0e:19:57:28:84:6c:64:be:c3:87:2e:34:51:f6:
96:5c:8c:0e:f2:51:17:eb:2e:ba:aa:43:f3:18:f5:f8:33:83:
4d:fc:b3:5e:20:0d:2f:5a:0f:f1:50:c8:25:4a:0f:72:c8:9e:
30:3a:ac:32
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBg0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Qzc2MzMxMTAvBgNVBAUTKEYxMjkzOTQwODU2QkZEMDNBQUExMkMyREM5NTJBRUVC
NTQ4NkIxRDgwHhcNMjMwNzE3MDIzNDQyWhcNMjMxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGI0YThjMi05ZjU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsiC0TJ/WfuRp7nxPUHgasgVzupzl7TCxiomjah8jRNdKxRkHTci3RbtENoXe
4lfybbv2KuuOww3f8fKnR8gok3klhiAHbXBOhYw4eQWDrz2iHrsAAm46Lm9XUSMR
Hfd/Rb+TXp47dZaeZmGrnVfqsJNJzRmSG4/kA/xxGXQP103dRwUJgrdxFiwutXzb
qYwue9gqn2VFqJFukoOSAsaK28dVYRfZKwsmMErvBbqIL3ighcjwEAMy/BzstZvL
orGhn0dJEcu1AQjaaZ5KQlDdOouFGqrCJvrWCjMKm0O5Ywo0PPyA+aAaHXfIxbJS
HeW2/E3liAhERq+drych4OIPrwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFKrHtNS3
ewro8mL6o87moCOADAaNMB8GA1UdIwQYMBaAFPEpOUCFa/0DqqEsLclSrutUhrHY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDNzYzMy84MURCNUY4MjFE
N0YxMUVCOEFFQ0Q1MjlDNEY5QUUwMi84U2s1UUlWcl9RT3FvU3d0eVZLdTYxU0dz
ZGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzhTazVRSVZyX1FPcW9Td3R5Vkt1NjFTR3NkZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Qzc2MzMvODFEQjVGODIxRDdGMTFFQjhBRUNENTI5QzRGOUFFMDIvN0JGRTEwNTgy
NDRBMTFFRUE3MTlDNzRDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABlZJ8DBAJn7SgwDQYJKoZIhvcNAQELBQADggEBAEGvBwwT
PtqjuOvKwEdQLsAICstAMQB4kA4FdE5fYh0Ovo+5MTlGD/M2wWt5gE1MXjeRk7lQ
L4BVdxD8enYF1/RBsWZH7csnX2NYTbtj9Z3ioV9eWsdk4Zt7oxvABUFdHJX2VAm+
Xd1fdIJ/r4ZK3lYgXrQiPOQn7foBmWTAypJALiaxegJrkbXt61SIuesC/6PiuEJE
uhDq9U/awLFt+xNxMfMwUngWSPpfWenoqoySu7mTA40LldbmVIhm3KA0vuEsAobB
4MTxOIYOGVcohGxkvsOHLjRR9pZcjA7yURfrLrqqQ/MY9fgzg038s14gDS9aD/FQ
yCVKD3LInjA6rDI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:25 2024 by rpki-client on console-ams.rpki-client.org