Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/556EF788AEDB11EE9F1F155BC4F9AE02.roa
File: 556EF788AEDB11EE9F1F155BC4F9AE02.roa (raw, json)
Hash identifier: BxQr7v4jzSRtBhZk9P48m6WY0RtcX7uNqK+t5UxzSd4=
Subject key identifier: 4A:D3:AF:5F:3E:E6:CD:F2:57:09:DA:38:A8:39:4A:92:59:EE:EF:2D
Certificate issuer: /CN=A91E4CF1/serialNumber=08BD1CC5AEDE7492B2F2257AA194DB08555AF6F2
Certificate serial: 0BC9
Authority key identifier: 08:BD:1C:C5:AE:DE:74:92:B2:F2:25:7A:A1:94:DB:08:55:5A:F6:F2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CL0cxa7edJKy8iV6oZTbCFVa9vI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/556EF788AEDB11EE9F1F155BC4F9AE02.roa
Signing time: Sat 13 Jan 2024 11:36:10 +0000
ROA not before: Sat 13 Jan 2024 11:36:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 135438
IP address blocks: 103.111.12.0/24 maxlen: 24
103.111.13.0/24 maxlen: 24
2402:91c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3017 (0xbc9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E4CF1/serialNumber=08BD1CC5AEDE7492B2F2257AA194DB08555AF6F2
Validity
Not Before: Jan 13 11:36:10 2024 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=65a275aa-85bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:0e:62:1d:29:9c:10:f9:5a:2c:cd:b6:c5:37:
83:14:c9:40:a5:a2:57:2f:75:f4:90:87:f5:23:a8:
bf:02:2e:db:44:0c:a0:a0:aa:2d:a8:4b:29:2e:07:
89:1d:01:4a:74:4d:1d:25:9f:dc:8a:71:9f:7d:ce:
f3:7e:d2:42:d9:8a:32:0f:1a:26:0a:2a:b2:39:9b:
27:91:9d:6a:c2:23:58:68:81:64:b3:c5:f6:2f:3b:
4b:72:32:06:34:fd:60:e0:eb:8f:9f:be:9c:44:4b:
f3:60:38:90:cf:71:af:52:3a:e1:d6:c5:0e:ec:96:
b7:0d:00:7d:18:dd:05:7f:96:ae:a1:c6:87:2a:33:
3a:e1:25:55:e8:68:7b:a0:65:6c:1f:7b:9a:ee:8b:
7f:65:fa:ce:c2:0b:46:bb:0d:8f:25:1c:84:db:e2:
90:60:23:09:3c:5f:a0:b2:17:de:91:5e:d5:d0:0c:
44:46:cd:50:83:20:89:6f:d6:7f:c2:a2:18:c5:28:
63:3c:0f:dd:37:50:0c:26:53:35:f0:ce:86:9d:c3:
f8:11:a7:c2:95:43:e2:66:a7:49:11:18:70:ae:d8:
a1:f1:1d:87:f1:64:5a:fb:a0:da:78:15:49:fe:31:
fa:09:84:be:76:10:d4:b3:e1:63:61:7d:ac:e0:d3:
ec:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:D3:AF:5F:3E:E6:CD:F2:57:09:DA:38:A8:39:4A:92:59:EE:EF:2D
X509v3 Authority Key Identifier:
keyid:08:BD:1C:C5:AE:DE:74:92:B2:F2:25:7A:A1:94:DB:08:55:5A:F6:F2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/CL0cxa7edJKy8iV6oZTbCFVa9vI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CL0cxa7edJKy8iV6oZTbCFVa9vI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/556EF788AEDB11EE9F1F155BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.111.12.0/23
IPv6:
2402:91c0::/32
Signature Algorithm: sha256WithRSAEncryption
6b:33:03:72:b9:d7:ad:1b:0d:f2:95:3d:f3:33:36:0f:8b:78:
9c:7b:59:d0:68:8f:e4:64:23:8c:2a:75:04:3c:8e:38:e2:90:
6d:b0:fe:bb:ee:fa:f2:11:29:7c:66:5c:96:44:f6:9b:11:a1:
39:7e:95:90:c9:86:85:d9:44:bc:5f:c1:10:9c:61:35:eb:d6:
10:80:74:6d:40:89:f0:1c:0d:3d:39:47:61:87:80:76:0a:04:
3c:81:74:04:ef:3f:72:c5:44:87:fa:4d:04:6a:8a:65:90:01:
6a:ac:71:40:2d:77:3f:52:6a:1c:fb:89:3f:5d:a2:3f:93:05:
ad:b6:b2:8e:91:af:05:08:1d:bf:05:fc:fd:9a:b3:42:77:5e:
31:d6:f7:b5:dd:0a:da:fe:77:f9:50:14:34:f1:69:08:58:2f:
bf:89:fc:67:28:61:38:8b:d2:89:77:78:0d:6b:f7:36:c7:81:
d5:0a:d2:b3:eb:b9:d7:d7:ac:1f:3c:73:40:ef:4c:5f:92:12:
11:8c:cd:c1:5e:ae:46:99:67:9b:cb:23:78:e1:84:62:9a:19:
eb:3b:d4:89:f8:61:79:9a:37:a9:7a:60:71:36:07:fc:77:10:
17:72:f2:ea:cd:c1:10:6e:7b:11:f8:64:b0:10:60:17:61:e8:
70:80:19:0a
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICC8kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTRDRjExMTAvBgNVBAUTKDA4QkQxQ0M1QUVERTc0OTJCMkYyMjU3QUExOTREQjA4
NTU1QUY2RjIwHhcNMjQwMTEzMTEzNjEwWhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWEyNzVhYS04NWJiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2A5iHSmcEPlaLM22xTeDFMlApaJXL3X0kIf1I6i/Ai7bRAygoKotqEspLgeJ
HQFKdE0dJZ/cinGffc7zftJC2YoyDxomCiqyOZsnkZ1qwiNYaIFks8X2LztLcjIG
NP1g4OuPn76cREvzYDiQz3GvUjrh1sUO7Ja3DQB9GN0Ff5auocaHKjM64SVV6Gh7
oGVsH3ua7ot/ZfrOwgtGuw2PJRyE2+KQYCMJPF+gshfekV7V0AxERs1QgyCJb9Z/
wqIYxShjPA/dN1AMJlM18M6GncP4EafClUPiZqdJERhwrtih8R2H8WRa+6DaeBVJ
/jH6CYS+dhDUs+FjYX2s4NPsVwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFErTr18+
5s3yVwnaOKg5SpJZ7u8tMB8GA1UdIwQYMBaAFAi9HMWu3nSSsvIleqGU2whVWvby
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNENGMS9BRDkwNDZGRTA1
ODYxMUVBOTJFNTY1NTJDNEY5QUUwMi9DTDBjeGE3ZWRKS3k4aVY2b1pUYkNGVmE5
dkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0NMMGN4YTdlZEpLeThpVjZvWlRiQ0ZWYTl2SS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTRDRjEvQUQ5MDQ2RkUwNTg2MTFFQTkyRTU2NTUyQzRGOUFFMDIvNTU2RUY3ODhB
RURCMTFFRTlGMUYxNTVCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAFnbwwwDQQCAAIwBwMFACQCkcAwDQYJKoZIhvcNAQELBQAD
ggEBAGszA3K5160bDfKVPfMzNg+LeJx7WdBoj+RkI4wqdQQ8jjjikG2w/rvu+vIR
KXxmXJZE9psRoTl+lZDJhoXZRLxfwRCcYTXr1hCAdG1AifAcDT05R2GHgHYKBDyB
dATvP3LFRIf6TQRqimWQAWqscUAtdz9Sahz7iT9doj+TBa22so6RrwUIHb8F/P2a
s0J3XjHW97XdCtr+d/lQFDTxaQhYL7+J/GcoYTiL0ol3eA1r9zbHgdUK0rPrudfX
rB88c0DvTF+SEhGMzcFerkaZZ5vLI3jhhGKaGes71In4YXmaN6l6YHE2B/x3EBdy
8urNwRBuexH4ZLAQYBdh6HCAGQo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:44 2024 by rpki-client on console-fra.rpki-client.org