Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9143DB0/B895AF74051511E58D49AE42C4F9AE02/83A2596EBF7511EFBD090913C4F9AE02.roa
File: 83A2596EBF7511EFBD090913C4F9AE02.roa (raw, json)
Hash identifier: m9yjYcDfB83n0yGUijWk/s1siVngFrwsLTk44gBHpas=
Subject key identifier: 3F:86:F8:F4:B9:D4:31:56:D5:82:0C:48:04:DC:EE:82:EF:6B:27:81
Certificate issuer: /CN=A9143DB0/serialNumber=9BC7651AC4BABF8C4478534FADA610ACDA746BD4
Certificate serial: 2648
Authority key identifier: 9B:C7:65:1A:C4:BA:BF:8C:44:78:53:4F:AD:A6:10:AC:DA:74:6B:D4
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/m8dlGsS6v4xEeFNPraYQrNp0a9Q.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9143DB0/B895AF74051511E58D49AE42C4F9AE02/83A2596EBF7511EFBD090913C4F9AE02.roa
Signing time: Sat 21 Dec 2024 08:30:29 +0000
ROA not before: Sat 21 Dec 2024 08:30:29 +0000
ROA not after: Wed 28 May 2025 00:00:00 +0000
asID: 139870
IP address blocks: 103.139.234.0/23 maxlen: 23
103.139.234.0/24 maxlen: 24
150.107.48.0/23 maxlen: 23
150.107.48.0/24 maxlen: 24
150.107.49.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9800 (0x2648)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9143DB0, serialNumber=9BC7651AC4BABF8C4478534FADA610ACDA746BD4
Validity
Not Before: Dec 21 08:30:29 2024 GMT
Not After : May 28 00:00:00 2025 GMT
Subject: CN=67667ca5-3c23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:97:01:99:87:18:5d:4f:10:dc:cb:f0:90:c9:
e2:cc:e8:f0:ff:3f:29:1e:8b:08:0b:54:be:d4:5f:
d5:18:2a:85:1e:86:bf:3a:56:f4:dc:2e:c0:b8:fb:
08:da:ae:c7:12:c6:d5:e5:06:82:cb:b9:a0:3b:dd:
72:6b:72:bc:7b:66:50:ae:a8:d1:c2:85:1d:db:f5:
28:f6:a9:57:e6:3c:9b:27:45:f7:a9:88:11:38:14:
ee:c1:50:ce:be:bf:d9:9a:ee:8d:18:94:25:16:21:
7c:ef:bb:21:3c:7d:0e:01:2f:4a:f6:b7:1a:a7:01:
26:06:f0:f2:af:f9:34:45:6d:9a:7a:7a:74:c5:ce:
5b:f2:00:db:8a:29:d7:79:c4:82:6f:be:df:21:dc:
15:7f:fe:66:72:95:31:21:25:3b:59:2c:8c:89:bb:
0f:02:7e:ec:96:4e:d6:db:dc:90:0a:af:51:2a:65:
e4:62:3e:f1:13:71:dc:a1:29:bf:cb:6f:5a:65:a0:
48:da:8b:2c:d7:6a:27:b2:2e:1b:e1:14:81:8d:05:
d1:b9:87:fe:d7:3b:d1:e1:0c:01:5c:76:42:05:9e:
13:a9:52:33:cf:f5:87:74:56:29:3f:5f:ee:94:9c:
05:37:40:db:2e:44:2b:12:75:a5:ea:d3:22:cf:47:
36:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:86:F8:F4:B9:D4:31:56:D5:82:0C:48:04:DC:EE:82:EF:6B:27:81
X509v3 Authority Key Identifier:
keyid:9B:C7:65:1A:C4:BA:BF:8C:44:78:53:4F:AD:A6:10:AC:DA:74:6B:D4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9143DB0/B895AF74051511E58D49AE42C4F9AE02/m8dlGsS6v4xEeFNPraYQrNp0a9Q.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/m8dlGsS6v4xEeFNPraYQrNp0a9Q.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9143DB0/B895AF74051511E58D49AE42C4F9AE02/83A2596EBF7511EFBD090913C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.139.234.0/23
150.107.48.0/23
Signature Algorithm: sha256WithRSAEncryption
63:74:61:83:1b:f6:c6:03:71:e2:fe:a2:ef:96:32:5d:48:18:
d0:e4:7e:de:35:a4:f3:9f:32:de:d5:5c:3f:22:fb:b2:37:1c:
ff:31:5e:ce:65:a4:c6:10:de:8b:87:15:41:f6:08:da:c5:f4:
96:ae:2b:7a:c9:c7:ca:bb:46:64:22:3f:2f:af:b1:9a:6d:7a:
96:07:93:a2:31:74:d5:48:f2:d6:bc:66:80:d9:8e:11:0e:d3:
05:32:9d:96:51:54:41:10:51:08:dd:d9:ea:84:66:03:a9:a4:
25:b4:fa:c9:96:b3:bf:8b:13:fe:d3:62:44:70:49:f0:98:8e:
2c:42:cb:12:29:c2:44:e6:1c:3d:71:75:19:58:fe:29:5e:cf:
9d:d6:72:40:7b:4a:6e:ab:2c:be:96:0e:00:d7:cb:65:47:f5:
4b:33:89:cb:76:26:ae:e4:e1:29:a1:f5:6f:d8:3b:38:e8:1b:
b6:10:e2:76:d8:cf:a2:e9:b7:15:8f:2f:40:ee:18:39:cd:20:
34:33:27:9d:0f:ef:d2:bf:4e:de:89:cb:c8:46:c6:4e:5c:48:
18:f4:20:4c:68:74:39:c4:05:af:49:9a:aa:6e:17:42:c2:35:
3f:92:04:56:c6:c0:4e:53:50:08:e5:a5:79:46:0f:83:ca:97:
53:ef:4c:92
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICJkgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDNEQjAxMTAvBgNVBAUTKDlCQzc2NTFBQzRCQUJGOEM0NDc4NTM0RkFEQTYxMEFD
REE3NDZCRDQwHhcNMjQxMjIxMDgzMDI5WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NzY2N2NhNS0zYzIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyZcBmYcYXU8Q3MvwkMnizOjw/z8pHosIC1S+1F/VGCqFHoa/Olb03C7AuPsI
2q7HEsbV5QaCy7mgO91ya3K8e2ZQrqjRwoUd2/Uo9qlX5jybJ0X3qYgROBTuwVDO
vr/Zmu6NGJQlFiF877shPH0OAS9K9rcapwEmBvDyr/k0RW2aenp0xc5b8gDbiinX
ecSCb77fIdwVf/5mcpUxISU7WSyMibsPAn7slk7W29yQCq9RKmXkYj7xE3HcoSm/
y29aZaBI2oss12onsi4b4RSBjQXRuYf+1zvR4QwBXHZCBZ4TqVIzz/WHdFYpP1/u
lJwFN0DbLkQrEnWl6tMiz0c2UwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFD+G+PS5
1DFW1YIMSATc7oLvayeBMB8GA1UdIwQYMBaAFJvHZRrEur+MRHhTT62mEKzadGvU
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0M0RCMC9CODk1QUY3NDA1
MTUxMUU1OEQ0OUFFNDJDNEY5QUUwMi9tOGRsR3NTNnY0eEVlRk5QcmFZUXJOcDBh
OVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL204ZGxHc1M2djR4RWVGTlByYVlRck5wMGE5US5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDNEQjAvQjg5NUFGNzQwNTE1MTFFNThENDlBRTQyQzRGOUFFMDIvODNBMjU5NkVC
Rjc1MTFFRkJEMDkwOTEzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAFni+oDBAGWazAwDQYJKoZIhvcNAQELBQADggEBAGN0YYMb
9sYDceL+ou+WMl1IGNDkft41pPOfMt7VXD8i+7I3HP8xXs5lpMYQ3ouHFUH2CNrF
9JauK3rJx8q7RmQiPy+vsZptepYHk6IxdNVI8ta8ZoDZjhEO0wUynZZRVEEQUQjd
2eqEZgOppCW0+smWs7+LE/7TYkRwSfCYjixCyxIpwkTmHD1xdRlY/ilez53WckB7
Sm6rLL6WDgDXy2VH9Uszict2Jq7k4Smh9W/YOzjoG7YQ4nbYz6LptxWPL0DuGDnN
IDQzJ50P79K/Tt6Jy8hGxk5cSBj0IExodDnEBa9JmqpuF0LCNT+SBFbGwE5TUAjl
pXlGD4PKl1PvTJI=
-----END CERTIFICATE-----
Generated at Thu May 15 19:24:34 2025 by rpki-client