Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DFADF/585320DE8BD811EA95AAEB83C4F9AE02/FE3F29FC8BD811EA966D0E84C4F9AE02.roa
File: FE3F29FC8BD811EA966D0E84C4F9AE02.roa (raw, json)
Hash identifier: XcZGuhJMZfxA9f6AUEPMCV/CWKwu3jQd21ExmiivihU=
Subject key identifier: 3B:4B:00:66:67:CE:E4:C3:97:02:77:38:78:5D:F8:97:35:E7:F6:5E
Certificate issuer: /CN=A91DFADF/serialNumber=2E7283A8FDD5CF0B3D9FAA2BE9742881989193A5
Certificate serial: 0620
Authority key identifier: 2E:72:83:A8:FD:D5:CF:0B:3D:9F:AA:2B:E9:74:28:81:98:91:93:A5
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LnKDqP3Vzws9n6or6XQogZiRk6U.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DFADF/585320DE8BD811EA95AAEB83C4F9AE02/FE3F29FC8BD811EA966D0E84C4F9AE02.roa
Signing time: Fri 25 Mar 2022 10:08:52 +0000
ROA not before: Fri 25 Mar 2022 10:08:52 +0000
ROA not after: Sun 28 May 2023 00:00:00 +0000
asID: 140612
IP address blocks: 103.151.0.0/23 maxlen: 24
2001:df3:9a80::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1568 (0x620)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DFADF/serialNumber=2E7283A8FDD5CF0B3D9FAA2BE9742881989193A5
Validity
Not Before: Mar 25 10:08:52 2022 GMT
Not After : May 28 00:00:00 2023 GMT
Subject: CN=623d94b4-d68b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:cd:ad:f2:0d:dc:ab:94:e9:82:e8:61:b7:0f:
0d:22:d2:73:31:14:8e:60:09:f2:cb:3e:b6:d6:cc:
12:49:ea:a6:5e:2c:a5:89:08:e7:6b:ad:db:ba:6f:
1c:c4:f3:16:15:16:8f:b5:f2:7a:24:dd:a0:29:31:
d1:99:61:34:bb:85:53:71:13:7f:ba:97:c5:88:55:
e5:d0:d0:3f:da:89:a6:a0:5e:8c:cb:61:d9:98:75:
7c:fa:e6:18:95:81:ca:35:fb:f4:20:b1:4c:ec:00:
d0:e0:a0:ca:e1:60:ad:17:e1:14:c7:59:63:d0:2e:
40:ef:2d:bb:c8:57:a3:d0:1c:83:08:90:1c:a9:6e:
de:9a:6a:50:39:83:f9:c6:e7:22:90:ae:f9:42:7e:
df:be:3b:1c:db:68:37:39:06:86:9a:cb:8a:91:b9:
fa:4a:70:c1:e2:bf:26:9d:bd:b3:5c:63:f4:ef:cb:
bc:d2:71:57:4c:80:5a:d4:ee:b7:64:77:4c:6a:3d:
03:e4:54:76:38:28:de:25:09:4a:c8:d3:10:48:12:
2e:60:2d:02:2b:97:6c:e8:af:0f:4b:88:91:ab:32:
66:fd:8f:14:6b:27:a0:a0:e7:9e:11:46:c3:e7:e7:
b6:5c:2c:2b:5b:c0:7c:70:87:b6:be:9e:eb:a5:34:
6e:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:4B:00:66:67:CE:E4:C3:97:02:77:38:78:5D:F8:97:35:E7:F6:5E
X509v3 Authority Key Identifier:
keyid:2E:72:83:A8:FD:D5:CF:0B:3D:9F:AA:2B:E9:74:28:81:98:91:93:A5
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DFADF/585320DE8BD811EA95AAEB83C4F9AE02/LnKDqP3Vzws9n6or6XQogZiRk6U.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LnKDqP3Vzws9n6or6XQogZiRk6U.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DFADF/585320DE8BD811EA95AAEB83C4F9AE02/FE3F29FC8BD811EA966D0E84C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.151.0.0/23
IPv6:
2001:df3:9a80::/48
Signature Algorithm: sha256WithRSAEncryption
63:20:16:b8:9b:d4:6c:f5:f7:95:5b:77:79:d5:83:7b:8f:b0:
58:24:f0:04:34:b3:7f:cc:43:f6:cd:17:a6:e9:70:97:55:1c:
db:c8:13:b5:66:40:3c:fe:a8:58:0d:b0:ad:88:1a:5a:3a:20:
df:52:b6:8f:b8:26:5f:f1:bf:6e:7b:c7:00:d3:3c:d1:75:d6:
f2:8f:92:b8:0d:a6:40:25:88:0e:17:82:eb:3d:9c:53:bb:89:
b5:2b:58:95:f9:33:40:35:55:71:4e:13:e1:cc:1a:35:47:c1:
45:1f:31:6b:b6:8b:30:0a:a3:60:72:91:01:fc:b9:11:e3:05:
f0:a7:c0:dc:38:f1:ef:c3:3e:c0:04:78:96:b8:81:db:2f:28:
67:36:2e:d0:60:c9:cb:68:c3:16:1e:4a:72:20:42:bf:f8:26:
97:f0:ba:95:40:a6:cb:93:4f:4c:b3:9e:50:74:8a:10:7d:71:
19:a7:39:11:3b:84:eb:1f:fe:d7:e1:5b:ab:03:f1:c4:03:4e:
97:09:a1:30:6c:4b:9a:f7:07:99:3f:ca:c9:db:7d:0b:31:f6:
1f:a7:87:3e:ce:e2:16:d5:2d:51:da:f0:48:fc:0e:3c:49:19:
7d:b9:17:7f:f3:58:ce:2c:61:c8:d1:43:a0:93:45:15:2b:8f:
5a:1b:9b:b8
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICBiAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REZBREYxMTAvBgNVBAUTKDJFNzI4M0E4RkRENUNGMEIzRDlGQUEyQkU5NzQyODgx
OTg5MTkzQTUwHhcNMjIwMzI1MTAwODUyWhcNMjMwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02MjNkOTRiNC1kNjhiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr82t8g3cq5Tpguhhtw8NItJzMRSOYAnyyz621swSSeqmXiyliQjna63bum8c
xPMWFRaPtfJ6JN2gKTHRmWE0u4VTcRN/upfFiFXl0NA/2ommoF6My2HZmHV8+uYY
lYHKNfv0ILFM7ADQ4KDK4WCtF+EUx1lj0C5A7y27yFej0ByDCJAcqW7emmpQOYP5
xucikK75Qn7fvjsc22g3OQaGmsuKkbn6SnDB4r8mnb2zXGP078u80nFXTIBa1O63
ZHdMaj0D5FR2OCjeJQlKyNMQSBIuYC0CK5ds6K8PS4iRqzJm/Y8UayegoOeeEUbD
5+e2XCwrW8B8cIe2vp7rpTRuAwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFDtLAGZn
zuTDlwJ3OHhd+Jc15/ZeMB8GA1UdIwQYMBaAFC5yg6j91c8LPZ+qK+l0KIGYkZOl
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERkFERi81ODUzMjBERThC
RDgxMUVBOTVBQUVCODNDNEY5QUUwMi9MbktEcVAzVnp3czluNm9yNlhRb2daaVJr
NlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0xuS0RxUDNWendzOW42b3I2WFFvZ1ppUms2VS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REZBREYvNTg1MzIwREU4QkQ4MTFFQTk1QUFFQjgzQzRGOUFFMDIvRkUzRjI5RkM4
QkQ4MTFFQTk2NkQwRTg0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnlwAwDwQCAAIwCQMHACABDfOagDANBgkqhkiG9w0BAQsF
AAOCAQEAYyAWuJvUbPX3lVt3edWDe4+wWCTwBDSzf8xD9s0Xpulwl1Uc28gTtWZA
PP6oWA2wrYgaWjog31K2j7gmX/G/bnvHANM80XXW8o+SuA2mQCWIDheC6z2cU7uJ
tStYlfkzQDVVcU4T4cwaNUfBRR8xa7aLMAqjYHKRAfy5EeMF8KfA3Djx78M+wAR4
lriB2y8oZzYu0GDJy2jDFh5KciBCv/gml/C6lUCmy5NPTLOeUHSKEH1xGac5ETuE
6x/+1+FbqwPxxANOlwmhMGxLmvcHmT/Kydt9CzH2H6eHPs7iFtUtUdrwSPwOPEkZ
fbkXf/NYzixhyNFDoJNFFSuPWhubuA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:08 2023 by rpki-client on console-ams.rpki-client.org