Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/8881580EE18311EC9F76C50BC4F9AE02.roa
File: 8881580EE18311EC9F76C50BC4F9AE02.roa (raw, json)
Hash identifier: 7X284iB4gibJ11nn3hy7eCv/Zv11rquKnCWcGJIPFfw=
Subject key identifier: E0:CB:C9:29:D1:E2:E4:36:BE:B1:63:4E:C4:39:36:6C:39:44:3B:2A
Certificate issuer: /CN=A91E4CF1/serialNumber=08BD1CC5AEDE7492B2F2257AA194DB08555AF6F2
Certificate serial: 099C
Authority key identifier: 08:BD:1C:C5:AE:DE:74:92:B2:F2:25:7A:A1:94:DB:08:55:5A:F6:F2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CL0cxa7edJKy8iV6oZTbCFVa9vI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/8881580EE18311EC9F76C50BC4F9AE02.roa
Signing time: Wed 01 Jun 2022 20:19:14 +0000
ROA not before: Wed 01 Jun 2022 20:19:14 +0000
ROA not after: Sat 01 Oct 2022 00:00:00 +0000
asID: 135438
IP address blocks: 103.111.12.0/24 maxlen: 24
103.111.13.0/24 maxlen: 24
103.111.14.0/24 maxlen: 24
103.111.15.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2460 (0x99c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E4CF1/serialNumber=08BD1CC5AEDE7492B2F2257AA194DB08555AF6F2
Validity
Not Before: Jun 1 20:19:14 2022 GMT
Not After : Oct 1 00:00:00 2022 GMT
Subject: CN=6297c9c2-aa98
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:77:8d:03:65:a7:4b:62:07:ea:e6:e7:19:47:
a3:83:8e:11:e4:7f:84:01:d2:8d:07:51:cb:e0:df:
9b:0f:25:3b:51:57:54:b2:1d:72:f2:c9:6a:2a:a5:
04:5d:8b:07:2a:eb:2e:7e:98:a5:a1:d3:4b:be:64:
f2:cb:16:b1:25:44:c9:3e:14:0b:79:fa:a2:eb:45:
01:fb:b1:89:e9:78:77:90:ea:9a:f6:84:2f:1f:2b:
ad:0a:74:19:10:f4:43:8d:23:fa:9a:a6:bf:ab:8d:
4b:f1:ac:36:54:5d:07:75:4e:52:e1:c8:c5:5e:f1:
93:04:90:25:56:c9:02:76:2e:59:b0:e5:3b:c2:25:
10:5a:a0:f4:5c:fd:06:d3:60:f9:a5:39:7b:82:73:
6a:f5:33:fa:47:14:e9:e7:4b:42:a6:11:cf:43:f5:
e2:c6:2e:d8:56:0e:0d:9d:12:1d:7a:78:47:15:12:
51:69:95:fd:07:30:97:68:4c:2d:c0:51:27:75:20:
f0:d5:78:fb:4f:60:4c:53:71:82:4b:87:fc:53:c8:
c4:5a:d0:8b:95:55:e6:be:81:61:1f:3f:a3:2f:9e:
51:00:23:09:4c:fd:22:9b:c6:6b:b1:8c:22:45:ab:
35:18:48:28:ed:af:52:59:c8:15:85:e4:80:aa:10:
37:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:CB:C9:29:D1:E2:E4:36:BE:B1:63:4E:C4:39:36:6C:39:44:3B:2A
X509v3 Authority Key Identifier:
keyid:08:BD:1C:C5:AE:DE:74:92:B2:F2:25:7A:A1:94:DB:08:55:5A:F6:F2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/CL0cxa7edJKy8iV6oZTbCFVa9vI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CL0cxa7edJKy8iV6oZTbCFVa9vI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/8881580EE18311EC9F76C50BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.111.12.0/22
Signature Algorithm: sha256WithRSAEncryption
59:e5:d8:86:51:1b:3e:0e:00:3a:c9:86:e4:59:96:91:a3:0c:
c7:59:51:1b:21:49:d5:e6:e7:c7:52:eb:8b:2a:de:62:ef:2c:
97:c9:56:0e:5a:c1:22:d9:09:a7:71:98:75:44:d8:f4:c2:35:
8e:47:dc:52:23:60:5b:fe:d7:d9:09:97:2a:d1:ec:55:23:a6:
16:c2:cb:88:9f:fe:88:4a:38:48:5b:c8:df:2f:70:91:cd:b5:
1b:0f:ba:45:47:34:16:1d:4c:41:5e:ef:5f:39:66:4f:cc:9a:
9d:85:d4:2d:66:09:f9:c5:01:b4:62:bf:83:b6:7a:e0:75:62:
81:94:2a:f5:96:d8:77:e7:57:a6:57:25:b6:48:c5:4e:e0:00:
cc:5a:d3:da:fb:d2:2f:70:cb:4a:44:f1:c0:5f:6d:d7:92:7e:
c3:09:27:e5:f6:0d:54:91:7e:51:57:90:77:ef:50:7c:ec:89:
7d:a0:80:ef:b6:b7:98:56:fc:21:b4:2e:01:a8:8c:fd:51:3c:
79:da:76:51:2a:b0:64:43:0f:5f:1e:7e:c2:e4:b3:14:23:38:
af:f2:73:11:20:96:a7:62:24:db:fb:83:ce:e8:52:1e:6a:ce:
16:63:86:65:b8:2d:1b:8f:d0:00:6a:c8:27:cc:6b:81:6a:69:
b0:d6:8e:b0
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCZwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTRDRjExMTAvBgNVBAUTKDA4QkQxQ0M1QUVERTc0OTJCMkYyMjU3QUExOTREQjA4
NTU1QUY2RjIwHhcNMjIwNjAxMjAxOTE0WhcNMjIxMDAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Mjk3YzljMi1hYTk4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvXeNA2WnS2IH6ubnGUejg44R5H+EAdKNB1HL4N+bDyU7UVdUsh1y8slqKqUE
XYsHKusufpilodNLvmTyyxaxJUTJPhQLefqi60UB+7GJ6Xh3kOqa9oQvHyutCnQZ
EPRDjSP6mqa/q41L8aw2VF0HdU5S4cjFXvGTBJAlVskCdi5ZsOU7wiUQWqD0XP0G
02D5pTl7gnNq9TP6RxTp50tCphHPQ/Xixi7YVg4NnRIdenhHFRJRaZX9BzCXaEwt
wFEndSDw1Xj7T2BMU3GCS4f8U8jEWtCLlVXmvoFhHz+jL55RACMJTP0im8ZrsYwi
Ras1GEgo7a9SWcgVheSAqhA3yQIDAQABo4IClTCCApEwHQYDVR0OBBYEFODLySnR
4uQ2vrFjTsQ5Nmw5RDsqMB8GA1UdIwQYMBaAFAi9HMWu3nSSsvIleqGU2whVWvby
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNENGMS9BRDkwNDZGRTA1
ODYxMUVBOTJFNTY1NTJDNEY5QUUwMi9DTDBjeGE3ZWRKS3k4aVY2b1pUYkNGVmE5
dkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0NMMGN4YTdlZEpLeThpVjZvWlRiQ0ZWYTl2SS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTRDRjEvQUQ5MDQ2RkUwNTg2MTFFQTkyRTU2NTUyQzRGOUFFMDIvODg4MTU4MEVF
MTgzMTFFQzlGNzZDNTBCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnbwwwDQYJKoZIhvcNAQELBQADggEBAFnl2IZRGz4OADrJ
huRZlpGjDMdZURshSdXm58dS64sq3mLvLJfJVg5awSLZCadxmHVE2PTCNY5H3FIj
YFv+19kJlyrR7FUjphbCy4if/ohKOEhbyN8vcJHNtRsPukVHNBYdTEFe7185Zk/M
mp2F1C1mCfnFAbRiv4O2euB1YoGUKvWW2HfnV6ZXJbZIxU7gAMxa09r70i9wy0pE
8cBfbdeSfsMJJ+X2DVSRflFXkHfvUHzsiX2ggO+2t5hW/CG0LgGojP1RPHnadlEq
sGRDD18efsLksxQjOK/ycxEglqdiJNv7g87oUh5qzhZjhmW4LRuP0ABqyCfMa4Fq
abDWjrA=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:11 2023 by rpki-client on console-fra.rpki-client.org