Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/4362107CCEDD11ED86A31E7FC4F9AE02.roa
File: 4362107CCEDD11ED86A31E7FC4F9AE02.roa (raw, json)
Hash identifier: 1RXYCWBgUFV4s8mT/Yqhn+ppcswtKbG3GJJPMlvpTP4=
Subject key identifier: 5F:00:BF:08:83:3C:19:58:92:A2:C7:7B:C0:99:EA:E0:B7:BE:A3:0A
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 09E6
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/4362107CCEDD11ED86A31E7FC4F9AE02.roa
Signing time: Thu 30 Mar 2023 09:28:43 +0000
ROA not before: Thu 30 Mar 2023 09:28:43 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 140732
IP address blocks: 103.11.62.0/24 maxlen: 24
223.29.228.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2534 (0x9e6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Validity
Not Before: Mar 30 09:28:43 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=6425564b-1947
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:cf:f8:a5:72:33:1f:57:e8:c5:61:8f:67:45:
f7:87:64:ba:42:18:91:d2:00:23:55:df:47:40:50:
0d:e5:ff:60:47:02:91:07:78:fc:96:c5:4c:69:08:
af:c1:4f:fb:df:97:d0:36:0d:c8:54:47:78:54:55:
fe:d7:58:ab:a2:1c:46:70:ee:bb:18:77:0d:ae:3f:
37:44:f8:de:ac:cf:71:b1:6b:73:40:09:82:13:4c:
cb:ed:5a:5d:55:67:ce:c3:63:32:72:08:3b:41:37:
57:28:8a:83:4a:34:3c:8b:ad:91:94:8f:dc:44:5e:
8a:34:60:a3:eb:c8:1e:d5:97:03:df:30:71:72:46:
62:cb:3c:89:41:9c:0a:6b:c1:d2:84:96:8c:a3:cf:
ae:e0:80:fa:ef:4f:fa:f5:cd:a3:42:c4:42:47:28:
85:13:a1:7b:23:cc:ed:d6:45:bb:82:1e:b0:25:f9:
35:35:e2:7c:33:98:7c:7f:45:b4:a8:25:96:11:cc:
a8:1a:2b:84:62:f3:c6:d2:7d:de:28:8a:fb:c4:dd:
f5:96:77:f9:3f:76:71:9e:d1:4f:7b:81:7b:de:df:
4f:dd:1e:a8:14:31:6c:9c:32:cd:7b:78:1d:1f:72:
90:79:5b:83:74:cf:cd:84:3d:b1:16:36:2b:97:03:
30:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:00:BF:08:83:3C:19:58:92:A2:C7:7B:C0:99:EA:E0:B7:BE:A3:0A
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/4362107CCEDD11ED86A31E7FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.11.62.0/24
223.29.228.0/23
Signature Algorithm: sha256WithRSAEncryption
19:f1:60:a6:7b:89:6a:c0:a8:1b:6f:61:53:62:c8:db:2e:98:
f7:41:25:1c:6a:43:a2:3a:66:51:e4:81:57:40:e7:d0:6b:ab:
8d:a8:f8:67:3a:33:c5:3b:34:38:c4:7f:f1:3e:f9:14:2d:2b:
41:71:0d:51:41:34:01:b9:d1:75:da:17:7d:dd:4c:09:64:cb:
27:8f:14:9c:57:52:42:be:01:fd:97:54:d6:e7:b6:5c:fd:fb:
59:51:d1:75:48:ff:b2:e1:50:9f:e8:11:93:e1:e7:39:23:60:
09:a3:64:30:d9:0b:2b:34:af:97:ec:e7:d4:ce:d2:3f:bb:bd:
b4:d6:53:a8:c0:da:a4:70:b1:b4:3e:5b:40:a3:3b:7c:0c:b0:
58:74:5f:5a:b4:e7:e8:7d:18:f8:1d:8c:ec:03:a6:46:dd:f8:
b5:b4:ae:99:f4:cc:cd:c7:4c:f1:75:bf:d0:f2:53:1f:b6:0f:
39:99:48:7f:c3:da:0c:e6:81:a0:4c:17:c7:3a:f2:b5:e9:34:
c9:d6:9f:11:b4:d3:11:35:3c:9d:00:31:39:56:5f:64:ff:6b:
3a:68:62:97:7e:d6:79:84:32:cc:8a:b1:67:9d:95:a1:21:15:
dc:af:12:0f:03:9f:69:55:57:e7:6a:51:8c:33:65:71:e8:fd:
6d:37:d9:e8
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICCeYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwMzMwMDkyODQzWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDI1NTY0Yi0xOTQ3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA08/4pXIzH1foxWGPZ0X3h2S6QhiR0gAjVd9HQFAN5f9gRwKRB3j8lsVMaQiv
wU/735fQNg3IVEd4VFX+11irohxGcO67GHcNrj83RPjerM9xsWtzQAmCE0zL7Vpd
VWfOw2Mycgg7QTdXKIqDSjQ8i62RlI/cRF6KNGCj68ge1ZcD3zBxckZiyzyJQZwK
a8HShJaMo8+u4ID670/69c2jQsRCRyiFE6F7I8zt1kW7gh6wJfk1NeJ8M5h8f0W0
qCWWEcyoGiuEYvPG0n3eKIr7xN31lnf5P3ZxntFPe4F73t9P3R6oFDFsnDLNe3gd
H3KQeVuDdM/NhD2xFjYrlwMwJwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFF8AvwiD
PBlYkqLHe8CZ6uC3vqMKMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvNDM2MjEwN0ND
RUREMTFFRDg2QTMxRTdGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnCz4DBAHfHeQwDQYJKoZIhvcNAQELBQADggEBABnxYKZ7
iWrAqBtvYVNiyNsumPdBJRxqQ6I6ZlHkgVdA59Brq42o+Gc6M8U7NDjEf/E++RQt
K0FxDVFBNAG50XXaF33dTAlkyyePFJxXUkK+Af2XVNbntlz9+1lR0XVI/7LhUJ/o
EZPh5zkjYAmjZDDZCys0r5fs59TO0j+7vbTWU6jA2qRwsbQ+W0CjO3wMsFh0X1q0
5+h9GPgdjOwDpkbd+LW0rpn0zM3HTPF1v9DyUx+2DzmZSH/D2gzmgaBMF8c68rXp
NMnWnxG00xE1PJ0AMTlWX2T/azpoYpd+1nmEMsyKsWedlaEhFdyvEg8Dn2lVV+dq
UYwzZXHo/W032eg=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:12 2023 by rpki-client on console-ams.rpki-client.org