Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E7319/B03A3134976C11EBB8F5BE12C4F9AE02/9BE3BB5E976E11EB9D66C115C4F9AE02.roa
File: 9BE3BB5E976E11EB9D66C115C4F9AE02.roa (raw, json)
Hash identifier: 4DkwF0GeDVJnvh7Z536FMTDgLAoMVYabbFzxwpuLj0k=
Subject key identifier: 20:7F:50:11:E5:BE:D3:BF:A3:9F:1C:17:86:91:4C:34:D8:ED:3D:FA
Certificate issuer: /CN=A91E7319/serialNumber=3ABDE0B30EAC0419283E8A64CB1192FFA0B70951
Certificate serial: 04DF
Authority key identifier: 3A:BD:E0:B3:0E:AC:04:19:28:3E:8A:64:CB:11:92:FF:A0:B7:09:51
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Or3gsw6sBBkoPopkyxGS_6C3CVE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E7319/B03A3134976C11EBB8F5BE12C4F9AE02/9BE3BB5E976E11EB9D66C115C4F9AE02.roa
Signing time: Thu 03 Aug 2023 00:00:46 +0000
ROA not before: Thu 03 Aug 2023 00:00:46 +0000
ROA not after: Mon 30 Sep 2024 00:00:00 +0000
asID: 137939
IP address blocks: 103.117.148.0/22 maxlen: 22
103.117.148.0/24 maxlen: 24
103.117.149.0/24 maxlen: 24
103.117.150.0/24 maxlen: 24
103.117.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1247 (0x4df)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E7319/serialNumber=3ABDE0B30EAC0419283E8A64CB1192FFA0B70951
Validity
Not Before: Aug 3 00:00:46 2023 GMT
Not After : Sep 30 00:00:00 2024 GMT
Subject: CN=64caee2e-91f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:1a:7b:10:ae:15:3b:e5:20:01:6e:0d:5a:49:
a5:8c:c8:35:fb:b2:d7:e6:c7:18:ef:3b:98:f0:20:
92:9e:43:d6:1a:5b:56:4a:c0:bb:5c:65:9e:13:a0:
29:2c:d6:9b:c1:b0:7a:7f:97:9b:be:76:00:d3:bb:
3a:fe:06:58:be:c9:80:c9:5c:3a:42:42:42:36:7c:
eb:5f:51:95:72:dc:45:1b:d8:c4:d7:af:73:d4:de:
66:30:02:33:48:23:a2:0b:3c:f1:dc:aa:27:73:33:
50:b1:af:59:43:87:15:47:e5:87:39:5f:c3:c9:ff:
af:8b:fd:cf:6b:ae:96:94:58:95:35:de:53:6b:bd:
31:48:d7:27:3b:99:3d:fa:ba:57:63:23:cc:e3:38:
f5:80:45:da:26:f2:68:c5:70:6a:0e:b2:48:6b:7f:
8c:fc:f3:4c:0f:bf:6d:3f:87:3f:eb:ed:ef:a3:04:
74:2f:d2:96:53:3e:15:d3:5e:ec:c4:87:e0:51:1f:
c6:16:07:a6:d0:7e:00:59:99:3a:29:ca:54:20:e4:
67:0e:e2:dc:22:a2:dd:a6:49:f5:02:1d:3b:60:ea:
83:6b:ad:09:c9:8a:49:76:b6:a0:e6:86:ca:50:73:
74:94:e0:ee:20:0e:e6:41:52:b9:a6:5a:40:35:97:
94:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:7F:50:11:E5:BE:D3:BF:A3:9F:1C:17:86:91:4C:34:D8:ED:3D:FA
X509v3 Authority Key Identifier:
keyid:3A:BD:E0:B3:0E:AC:04:19:28:3E:8A:64:CB:11:92:FF:A0:B7:09:51
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E7319/B03A3134976C11EBB8F5BE12C4F9AE02/Or3gsw6sBBkoPopkyxGS_6C3CVE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Or3gsw6sBBkoPopkyxGS_6C3CVE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E7319/B03A3134976C11EBB8F5BE12C4F9AE02/9BE3BB5E976E11EB9D66C115C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.117.148.0/22
Signature Algorithm: sha256WithRSAEncryption
2a:5f:62:c3:58:a5:71:64:25:32:17:07:8b:ba:3f:9d:ea:3b:
d7:54:bd:0c:bf:4e:a7:a2:7a:16:e2:5b:97:6b:2d:e1:5e:36:
7d:cc:8c:79:42:32:db:7a:01:96:d1:8b:1c:d3:4c:56:e6:6c:
a5:27:19:40:0e:27:68:15:00:fc:a5:21:ff:32:d5:9f:16:8f:
9f:6d:4a:78:a4:2f:05:6c:9d:2f:db:40:e2:f2:ab:d6:d7:63:
ce:57:cf:08:c7:e2:92:5c:b0:77:c4:12:f4:22:dd:a7:aa:ff:
20:fc:eb:49:67:3c:3b:1a:14:fa:85:7a:63:c4:9f:5b:fa:1d:
85:c3:32:ea:fc:60:e4:9d:88:1c:45:d9:1e:94:b2:cc:7e:79:
ae:fa:da:4f:dc:83:07:df:ea:19:40:cf:00:0c:2a:14:84:30:
cb:31:3a:b1:b0:6d:8d:b0:b1:17:96:f1:54:cd:6f:1d:0f:63:
96:9c:6b:af:89:ae:4c:7c:ba:33:a0:5e:bb:64:0e:f1:f2:3f:
49:ac:e7:ac:c7:6e:b8:08:93:66:20:ee:6d:4c:72:44:a2:22:
e7:cd:c9:97:c3:82:66:f8:f6:8a:9f:1d:69:f6:7a:9a:69:47:
96:76:a9:3b:a2:1a:0d:dd:16:90:b6:4e:d4:92:c7:47:88:98:
aa:24:ef:69
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBN8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTczMTkxMTAvBgNVBAUTKDNBQkRFMEIzMEVBQzA0MTkyODNFOEE2NENCMTE5MkZG
QTBCNzA5NTEwHhcNMjMwODAzMDAwMDQ2WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGNhZWUyZS05MWY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxhp7EK4VO+UgAW4NWkmljMg1+7LX5scY7zuY8CCSnkPWGltWSsC7XGWeE6Ap
LNabwbB6f5ebvnYA07s6/gZYvsmAyVw6QkJCNnzrX1GVctxFG9jE169z1N5mMAIz
SCOiCzzx3KonczNQsa9ZQ4cVR+WHOV/Dyf+vi/3Pa66WlFiVNd5Ta70xSNcnO5k9
+rpXYyPM4zj1gEXaJvJoxXBqDrJIa3+M/PNMD79tP4c/6+3vowR0L9KWUz4V017s
xIfgUR/GFgem0H4AWZk6KcpUIORnDuLcIqLdpkn1Ah07YOqDa60JyYpJdrag5obK
UHN0lODuIA7mQVK5plpANZeUUwIDAQABo4IClTCCApEwHQYDVR0OBBYEFCB/UBHl
vtO/o58cF4aRTDTY7T36MB8GA1UdIwQYMBaAFDq94LMOrAQZKD6KZMsRkv+gtwlR
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNzMxOS9CMDNBMzEzNDk3
NkMxMUVCQjhGNUJFMTJDNEY5QUUwMi9PcjNnc3c2c0JCa29Qb3BreXhHU182QzND
VkUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09yM2dzdzZzQkJrb1BvcGt5eEdTXzZDM0NWRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTczMTkvQjAzQTMxMzQ5NzZDMTFFQkI4RjVCRTEyQzRGOUFFMDIvOUJFM0JCNUU5
NzZFMTFFQjlENjZDMTE1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJndZQwDQYJKoZIhvcNAQELBQADggEBACpfYsNYpXFkJTIX
B4u6P53qO9dUvQy/TqeiehbiW5drLeFeNn3MjHlCMtt6AZbRixzTTFbmbKUnGUAO
J2gVAPylIf8y1Z8Wj59tSnikLwVsnS/bQOLyq9bXY85XzwjH4pJcsHfEEvQi3aeq
/yD860lnPDsaFPqFemPEn1v6HYXDMur8YOSdiBxF2R6Ussx+ea762k/cgwff6hlA
zwAMKhSEMMsxOrGwbY2wsReW8VTNbx0PY5aca6+Jrkx8ujOgXrtkDvHyP0ms56zH
brgIk2Yg7m1MckSiIufNyZfDgmb49oqfHWn2epppR5Z2qTuiGg3dFpC2TtSSx0eI
mKok72k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:46 2024 by rpki-client on console-fra.rpki-client.org