Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E76F3/AE32AA2010E811EB8525153AC4F9AE02/9FBB6B3810EA11EBB040AA3FC4F9AE02.roa
File: 9FBB6B3810EA11EBB040AA3FC4F9AE02.roa (raw, json)
Hash identifier: jbhw31AfZoQ5/lHJwa1u4UQWXabZWq3Ugi0Z1Kdrgn4=
Subject key identifier: CA:AE:5C:CF:C8:5B:FC:C8:2F:A8:11:C1:48:53:34:DF:C9:3D:88:00
Certificate issuer: /CN=A91E76F3/serialNumber=AD4F8C4C239DE03976C02DA212224657DF2827A8
Certificate serial: 0610
Authority key identifier: AD:4F:8C:4C:23:9D:E0:39:76:C0:2D:A2:12:22:46:57:DF:28:27:A8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rU-MTCOd4Dl2wC2iEiJGV98oJ6g.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E76F3/AE32AA2010E811EB8525153AC4F9AE02/9FBB6B3810EA11EBB040AA3FC4F9AE02.roa
Signing time: Sat 03 Jun 2023 00:36:43 +0000
ROA not before: Sat 03 Jun 2023 00:36:43 +0000
ROA not after: Tue 30 Jul 2024 00:00:00 +0000
asID: 55720
IP address blocks: 103.113.8.0/24 maxlen: 24
103.113.9.0/24 maxlen: 24
103.113.10.0/24 maxlen: 24
103.113.11.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1552 (0x610)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E76F3/serialNumber=AD4F8C4C239DE03976C02DA212224657DF2827A8
Validity
Not Before: Jun 3 00:36:43 2023 GMT
Not After : Jul 30 00:00:00 2024 GMT
Subject: CN=647a8b1a-157d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:11:4b:2a:54:ff:37:84:06:e5:9f:f1:01:fb:
61:5d:30:06:f5:e7:02:20:9c:c3:67:ab:ac:a1:dd:
97:d1:4c:b5:dd:13:ee:6c:39:52:d4:44:8c:58:b2:
f3:2c:0a:fd:52:eb:6d:37:02:fc:ee:b8:96:90:6a:
b2:a8:2f:67:33:86:d0:e3:72:e9:28:ad:aa:d9:94:
fb:50:ce:7f:db:6f:9b:fe:61:6d:59:2d:fc:93:48:
9a:b7:9a:08:f1:86:a8:27:dd:b3:77:23:af:cb:11:
2b:4a:bb:5a:62:86:5b:56:a1:d3:5c:0a:81:cf:d8:
40:b7:a8:21:17:cf:86:a3:1a:99:c4:31:9c:47:13:
2f:be:0d:29:a9:92:66:79:8f:04:c1:d8:c0:cc:39:
01:9a:c3:b0:b1:84:f1:f8:a7:9f:59:8f:6d:2f:e4:
d3:3b:14:d6:62:29:1c:15:90:26:03:97:11:51:d9:
9a:7d:0f:1f:c2:d7:d2:2a:7d:26:ad:35:4c:74:b2:
1b:21:69:2c:59:8b:db:99:d0:a1:3b:c5:77:c9:19:
bd:43:bc:b0:f6:19:83:cb:3a:d8:34:99:24:41:94:
0a:e3:89:6f:3f:05:78:27:1f:88:b9:b9:c8:e1:42:
a0:52:ef:78:64:58:ba:b6:6a:4f:84:8d:02:55:68:
51:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:AE:5C:CF:C8:5B:FC:C8:2F:A8:11:C1:48:53:34:DF:C9:3D:88:00
X509v3 Authority Key Identifier:
keyid:AD:4F:8C:4C:23:9D:E0:39:76:C0:2D:A2:12:22:46:57:DF:28:27:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E76F3/AE32AA2010E811EB8525153AC4F9AE02/rU-MTCOd4Dl2wC2iEiJGV98oJ6g.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rU-MTCOd4Dl2wC2iEiJGV98oJ6g.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E76F3/AE32AA2010E811EB8525153AC4F9AE02/9FBB6B3810EA11EBB040AA3FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.113.8.0/22
Signature Algorithm: sha256WithRSAEncryption
cc:86:33:7a:2b:3a:29:e4:2b:53:fc:ef:fe:7a:82:3d:db:ac:
94:f8:60:d7:46:2b:2c:d9:aa:98:a2:04:26:4c:49:c4:cb:5c:
85:cc:68:a6:71:71:1d:90:e3:5d:a3:c6:fa:a5:12:06:69:6a:
39:fa:15:49:92:1d:1b:cc:f9:57:c5:90:37:b6:bb:9f:ee:85:
58:ff:27:60:a7:60:16:f4:c7:96:db:33:81:0e:2e:87:9b:1d:
b7:2c:16:27:f9:19:27:ae:c5:da:c8:3f:53:e0:0f:63:7d:f4:
13:92:07:a0:b5:bf:07:48:75:55:7e:05:ad:d9:29:44:69:03:
9f:58:d2:f1:54:dd:15:1e:68:b3:c6:21:47:e2:6f:be:f3:c6:
53:0a:bc:ae:fe:37:f4:10:c7:fa:04:c7:91:74:75:d8:94:d6:
63:42:e4:bf:40:cd:6f:22:a2:8a:3d:9b:66:57:4c:a8:1b:27:
46:09:64:9f:d2:e1:ed:6e:6f:31:4c:3d:a0:2f:47:8e:7d:21:
19:4f:a2:b3:9c:9f:82:b4:63:f4:4e:b2:e4:e0:a6:b3:78:44:
44:8c:36:16:de:94:f7:9a:30:5b:08:1f:47:24:20:7c:87:c0:
68:cf:f6:42:aa:54:9e:0d:ba:79:38:bf:e1:a3:ff:5c:91:40:
df:af:77:2d
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBhAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTc2RjMxMTAvBgNVBAUTKEFENEY4QzRDMjM5REUwMzk3NkMwMkRBMjEyMjI0NjU3
REYyODI3QTgwHhcNMjMwNjAzMDAzNjQzWhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDdhOGIxYS0xNTdkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuBFLKlT/N4QG5Z/xAfthXTAG9ecCIJzDZ6usod2X0Uy13RPubDlS1ESMWLLz
LAr9UuttNwL87riWkGqyqC9nM4bQ43LpKK2q2ZT7UM5/22+b/mFtWS38k0iat5oI
8YaoJ92zdyOvyxErSrtaYoZbVqHTXAqBz9hAt6ghF8+GoxqZxDGcRxMvvg0pqZJm
eY8EwdjAzDkBmsOwsYTx+KefWY9tL+TTOxTWYikcFZAmA5cRUdmafQ8fwtfSKn0m
rTVMdLIbIWksWYvbmdChO8V3yRm9Q7yw9hmDyzrYNJkkQZQK44lvPwV4Jx+IubnI
4UKgUu94ZFi6tmpPhI0CVWhRpwIDAQABo4IClTCCApEwHQYDVR0OBBYEFMquXM/I
W/zIL6gRwUhTNN/JPYgAMB8GA1UdIwQYMBaAFK1PjEwjneA5dsAtohIiRlffKCeo
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNzZGMy9BRTMyQUEyMDEw
RTgxMUVCODUyNTE1M0FDNEY5QUUwMi9yVS1NVENPZDREbDJ3QzJpRWlKR1Y5OG9K
NmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JVLU1UQ09kNERsMndDMmlFaUpHVjk4b0o2Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTc2RjMvQUUzMkFBMjAxMEU4MTFFQjg1MjUxNTNBQzRGOUFFMDIvOUZCQjZCMzgx
MEVBMTFFQkIwNDBBQTNGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJncQgwDQYJKoZIhvcNAQELBQADggEBAMyGM3orOinkK1P8
7/56gj3brJT4YNdGKyzZqpiiBCZMScTLXIXMaKZxcR2Q412jxvqlEgZpajn6FUmS
HRvM+VfFkDe2u5/uhVj/J2CnYBb0x5bbM4EOLoebHbcsFif5GSeuxdrIP1PgD2N9
9BOSB6C1vwdIdVV+Ba3ZKURpA59Y0vFU3RUeaLPGIUfib77zxlMKvK7+N/QQx/oE
x5F0ddiU1mNC5L9AzW8iooo9m2ZXTKgbJ0YJZJ/S4e1ubzFMPaAvR459IRlPorOc
n4K0Y/ROsuTgprN4RESMNhbelPeaMFsIH0ckIHyHwGjP9kKqVJ4Nunk4v+Gj/1yR
QN+vdy0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:36 2024 by rpki-client on console-ams.rpki-client.org