Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91D6DEC/D421794A8BEE11EDA7B3D522C4F9AE02/10D71ADA8BF311EDA4B0BF28C4F9AE02.roa
File: 10D71ADA8BF311EDA4B0BF28C4F9AE02.roa (raw, json)
Hash identifier: j+clqje6wjrNuhZRCAEnrMl2yPMmhaSHEemGBzRaF78=
Subject key identifier: 3D:A7:65:26:80:75:70:DE:D6:D3:8E:7B:5F:BE:D0:AE:F9:7D:DF:F3
Certificate issuer: /CN=A91D6DEC/serialNumber=3F73CC3A8679C0DB04491A47BE769D75BA6DC194
Certificate serial: 02
Authority key identifier: 3F:73:CC:3A:86:79:C0:DB:04:49:1A:47:BE:76:9D:75:BA:6D:C1:94
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/P3PMOoZ5wNsESRpHvnaddbptwZQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91D6DEC/D421794A8BEE11EDA7B3D522C4F9AE02/10D71ADA8BF311EDA4B0BF28C4F9AE02.roa
Signing time: Wed 04 Jan 2023 05:46:00 +0000
ROA not before: Wed 04 Jan 2023 05:46:00 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 131465
IP address blocks: 103.49.146.0/24 maxlen: 24
2400:c860::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91D6DEC/serialNumber=3F73CC3A8679C0DB04491A47BE769D75BA6DC194
Validity
Not Before: Jan 4 05:46:00 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=63b51297-5ec3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:46:c6:e9:85:ea:ea:f4:97:8c:bf:2f:bf:c4:
68:90:5a:2b:99:7c:d3:6e:5d:e2:62:24:b1:c3:08:
1c:9c:53:f3:9c:5a:20:6a:fe:70:a6:8b:6b:60:3c:
b7:ac:43:d6:4b:e0:b2:e6:76:06:41:f0:8c:7f:4d:
8e:ab:01:be:af:13:14:f1:83:e5:80:9f:47:c8:37:
b0:24:61:4d:0d:7b:c6:d0:d3:d9:9a:61:b7:d0:84:
4f:d7:e9:a9:ec:6b:52:64:70:81:96:32:fe:58:c3:
92:31:da:d2:63:61:f0:62:04:88:40:57:8e:4c:a2:
5b:af:08:68:d7:d9:ae:e6:19:2c:30:bf:ae:62:41:
ef:b4:7d:f5:3e:ae:23:3b:43:28:63:3d:ef:36:aa:
ff:71:e0:01:eb:3a:96:e8:95:07:8a:93:7d:54:59:
a3:f7:2f:5d:0c:0b:e7:91:94:f4:3c:99:c0:d8:cf:
a9:db:72:f2:0c:54:c0:7b:92:89:58:aa:c0:f6:63:
fb:35:fb:c2:c2:f5:a9:93:25:5f:6c:93:c9:ec:2b:
1f:7f:cf:e1:43:75:e8:b3:4b:8c:fe:7c:d2:3b:8a:
49:b6:46:ba:c3:c7:53:01:9f:98:62:21:fb:bb:15:
89:5d:58:7c:94:77:40:90:22:58:18:bf:27:b8:bd:
d4:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:A7:65:26:80:75:70:DE:D6:D3:8E:7B:5F:BE:D0:AE:F9:7D:DF:F3
X509v3 Authority Key Identifier:
keyid:3F:73:CC:3A:86:79:C0:DB:04:49:1A:47:BE:76:9D:75:BA:6D:C1:94
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91D6DEC/D421794A8BEE11EDA7B3D522C4F9AE02/P3PMOoZ5wNsESRpHvnaddbptwZQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/P3PMOoZ5wNsESRpHvnaddbptwZQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D6DEC/D421794A8BEE11EDA7B3D522C4F9AE02/10D71ADA8BF311EDA4B0BF28C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.49.146.0/24
IPv6:
2400:c860::/32
Signature Algorithm: sha256WithRSAEncryption
13:11:15:da:7a:bd:b3:8b:50:22:97:5f:d0:15:b3:8c:27:a9:
53:fd:0c:d5:19:43:04:52:05:ad:39:54:ba:0e:28:ea:b9:7f:
ea:22:59:1e:74:0d:da:12:74:31:4d:2c:b1:8a:31:1a:5b:67:
4d:a9:a1:a9:61:b8:46:7f:73:fe:0b:65:e1:6f:3a:c4:bc:01:
d0:48:34:9a:36:52:90:cb:0d:3f:9f:b9:03:83:d2:25:2d:ec:
48:2a:63:4d:36:75:05:f4:48:73:16:6c:36:6c:99:ef:d5:f6:
89:57:7c:07:13:ee:e4:d9:51:c6:f6:b3:df:e8:f9:85:aa:52:
4d:57:74:40:d2:19:8c:7a:6c:4c:93:ab:48:e8:96:f7:6f:d4:
68:af:f3:8f:f2:6b:3a:54:9d:9d:dd:65:76:4b:8b:39:88:12:
48:46:a1:d4:f8:35:3d:51:21:74:29:62:9e:75:e7:c7:dc:7f:
2f:7c:b1:4b:a2:33:2f:0f:55:b9:99:d0:03:f6:e4:24:50:14:
c8:af:97:c3:a9:56:a2:f6:72:7c:e4:81:d6:06:b1:c9:15:63:
72:1d:22:6b:97:d3:10:c0:02:61:b7:66:2c:03:28:39:5b:84:
4a:bc:61:9c:ae:a1:65:38:2f:5d:0c:8f:b8:f0:a9:ac:01:93:
51:5b:d8:33
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFE
NkRFQzExMC8GA1UEBRMoM0Y3M0NDM0E4Njc5QzBEQjA0NDkxQTQ3QkU3NjlENzVC
QTZEQzE5NDAeFw0yMzAxMDQwNTQ2MDBaFw0yMzEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYzYjUxMjk3LTVlYzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClRsbpherq9JeMvy+/xGiQWiuZfNNuXeJiJLHDCBycU/OcWiBq/nCmi2tgPLes
Q9ZL4LLmdgZB8Ix/TY6rAb6vExTxg+WAn0fIN7AkYU0Ne8bQ09maYbfQhE/X6ans
a1JkcIGWMv5Yw5Ix2tJjYfBiBIhAV45MoluvCGjX2a7mGSwwv65iQe+0ffU+riM7
QyhjPe82qv9x4AHrOpbolQeKk31UWaP3L10MC+eRlPQ8mcDYz6nbcvIMVMB7kolY
qsD2Y/s1+8LC9amTJV9sk8nsKx9/z+FDdeizS4z+fNI7ikm2RrrDx1MBn5hiIfu7
FYldWHyUd0CQIlgYvye4vdQNAgMBAAGjggKkMIICoDAdBgNVHQ4EFgQUPadlJoB1
cN7W0457X77Qrvl93/MwHwYDVR0jBBgwFoAUP3PMOoZ5wNsESRpHvnaddbptwZQw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUQ2REVDL0Q0MjE3OTRBOEJF
RTExRURBN0IzRDUyMkM0RjlBRTAyL1AzUE1Pb1o1d05zRVNScEh2bmFkZGJwdHda
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvUDNQTU9vWjV3TnNFU1JwSHZuYWRkYnB0d1pRLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFE
NkRFQy9ENDIxNzk0QThCRUUxMUVEQTdCM0Q1MjJDNEY5QUUwMi8xMEQ3MUFEQThC
RjMxMUVEQTRCMEJGMjhDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAuBggrBgEFBQcBBwEB/wQf
MB0wDAQCAAEwBgMEAGcxkjANBAIAAjAHAwUAJADIYDANBgkqhkiG9w0BAQsFAAOC
AQEAExEV2nq9s4tQIpdf0BWzjCepU/0M1RlDBFIFrTlUug4o6rl/6iJZHnQN2hJ0
MU0ssYoxGltnTamhqWG4Rn9z/gtl4W86xLwB0Eg0mjZSkMsNP5+5A4PSJS3sSCpj
TTZ1BfRIcxZsNmyZ79X2iVd8BxPu5NlRxvaz3+j5hapSTVd0QNIZjHpsTJOrSOiW
92/UaK/zj/JrOlSdnd1ldkuLOYgSSEah1Pg1PVEhdClinnXnx9x/L3yxS6IzLw9V
uZnQA/bkJFAUyK+Xw6lWovZyfOSB1gaxyRVjch0ia5fTEMACYbdmLAMoOVuESrxh
nK6hZTgvXQyPuPCprAGTUVvYMw==
-----END CERTIFICATE-----
Generated at Mon Sep 11 06:41:25 2023 by rpki-client on console-fra.rpki-client.org