Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917C1DC/B2D1DE20594F11EB88F7A73EC4F9AE02/5D845F72C5E511EF8C922A45C4F9AE02.roa
File: 5D845F72C5E511EF8C922A45C4F9AE02.roa (raw, json)
Hash identifier: 8TFHPQfgrA7DJwh7eWIuabF8XXlV/VKh8Ha4fpbHuvU=
Subject key identifier: FC:03:9D:CF:59:70:FE:54:2A:61:50:98:8E:86:E4:A5:13:63:F3:40
Certificate issuer: /CN=A917C1DC/serialNumber=A8D576D4AFBB64045BB0295641B99427D7F878F2
Certificate serial: 06ED
Authority key identifier: A8:D5:76:D4:AF:BB:64:04:5B:B0:29:56:41:B9:94:27:D7:F8:78:F2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qNV21K-7ZARbsClWQbmUJ9f4ePI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917C1DC/B2D1DE20594F11EB88F7A73EC4F9AE02/5D845F72C5E511EF8C922A45C4F9AE02.roa
Signing time: Sun 29 Dec 2024 13:03:58 +0000
ROA not before: Sun 29 Dec 2024 13:03:58 +0000
ROA not after: Wed 28 May 2025 00:00:00 +0000
asID: 834
IP address blocks: 103.110.106.0/24 maxlen: 24
103.110.107.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1773 (0x6ed)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917C1DC, serialNumber=A8D576D4AFBB64045BB0295641B99427D7F878F2
Validity
Not Before: Dec 29 13:03:58 2024 GMT
Not After : May 28 00:00:00 2025 GMT
Subject: CN=677148be-4f1a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:da:89:44:5a:89:41:bb:28:39:fb:7d:5f:b1:
6b:53:ec:61:91:70:41:ed:1e:c2:62:18:72:f4:93:
dd:9c:0d:9c:4b:0c:3c:77:f7:72:cd:cf:d7:98:8d:
5d:af:e2:cf:44:e6:93:9e:23:70:d1:97:2c:36:43:
bd:2d:61:ea:53:ee:85:f8:61:45:56:6d:8a:35:db:
bd:4f:0d:11:b4:9a:e9:95:8f:b0:a3:87:fd:e5:c3:
ad:28:d0:0d:0d:11:d1:84:ac:6b:e7:bb:9a:bb:85:
21:6d:16:7b:ef:3b:8b:b7:ea:92:8c:5b:60:53:7f:
4b:ac:8c:3f:95:89:b8:05:3a:52:f4:c4:b0:cd:31:
7b:3b:d5:1c:af:45:71:b0:dc:07:d7:0d:05:55:1c:
f8:3b:75:10:d7:39:7c:7f:2c:70:03:3f:fb:39:ea:
a8:80:2e:e7:92:6f:b6:ee:1e:75:f7:af:4b:29:e6:
a6:e7:47:95:c7:f3:bf:ba:a8:50:e1:2b:3d:d9:dd:
6f:00:aa:e6:9e:a9:61:56:c6:11:f1:43:4c:26:4a:
77:b6:7d:c2:69:23:a2:7b:6d:23:e1:14:5f:2a:0c:
f3:c3:8c:92:f9:62:13:e4:29:43:0f:52:26:50:09:
5c:38:d6:34:ee:9d:10:e5:16:63:af:1a:31:9b:34:
8f:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:03:9D:CF:59:70:FE:54:2A:61:50:98:8E:86:E4:A5:13:63:F3:40
X509v3 Authority Key Identifier:
keyid:A8:D5:76:D4:AF:BB:64:04:5B:B0:29:56:41:B9:94:27:D7:F8:78:F2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917C1DC/B2D1DE20594F11EB88F7A73EC4F9AE02/qNV21K-7ZARbsClWQbmUJ9f4ePI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qNV21K-7ZARbsClWQbmUJ9f4ePI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917C1DC/B2D1DE20594F11EB88F7A73EC4F9AE02/5D845F72C5E511EF8C922A45C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.110.106.0/23
Signature Algorithm: sha256WithRSAEncryption
6b:d2:1c:69:91:cf:20:ba:aa:c7:cc:0b:79:4e:c0:61:c0:df:
af:67:dd:16:72:cb:58:4b:8f:15:40:93:44:ad:50:38:9a:26:
78:8b:c9:13:2e:d1:24:20:d9:93:ec:32:b6:bc:13:f5:9a:d5:
c3:22:af:d6:d3:8b:23:77:fb:5a:4e:c4:f5:90:de:a7:b2:5e:
c5:35:5f:c1:e4:5d:00:6b:cf:ba:7e:a9:d3:00:4a:72:a3:b6:
61:55:e3:69:32:e7:a5:49:fe:04:ab:b5:2e:55:9b:20:9f:89:
5f:20:c2:53:2e:14:86:ed:35:17:58:37:e9:e8:54:06:3e:39:
d9:c2:c5:a6:25:a3:03:55:aa:2e:9b:83:c7:d6:a0:f8:8d:2f:
5b:0b:ef:d1:0d:57:25:be:c2:22:bc:96:2f:1f:7e:a1:d9:02:
fd:a5:1c:7a:f8:fe:c8:25:d6:8d:94:fe:d9:11:8b:70:0d:97:
ba:48:15:81:32:b9:ac:d7:c5:04:48:60:1c:e0:d9:5e:78:b0:
e0:65:3a:fc:16:1a:a0:0c:1b:42:94:03:bb:fb:03:14:da:cf:
7c:45:18:a8:87:38:55:9b:46:c5:bb:e5:fa:3e:b6:ce:c4:af:
53:92:5a:0d:99:70:a5:d5:ce:60:30:ba:9d:75:7c:bd:da:eb:
98:52:87:60
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBu0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0MxREMxMTAvBgNVBAUTKEE4RDU3NkQ0QUZCQjY0MDQ1QkIwMjk1NjQxQjk5NDI3
RDdGODc4RjIwHhcNMjQxMjI5MTMwMzU4WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NzcxNDhiZS00ZjFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqtqJRFqJQbsoOft9X7FrU+xhkXBB7R7CYhhy9JPdnA2cSww8d/dyzc/XmI1d
r+LPROaTniNw0ZcsNkO9LWHqU+6F+GFFVm2KNdu9Tw0RtJrplY+wo4f95cOtKNAN
DRHRhKxr57uau4UhbRZ77zuLt+qSjFtgU39LrIw/lYm4BTpS9MSwzTF7O9Ucr0Vx
sNwH1w0FVRz4O3UQ1zl8fyxwAz/7OeqogC7nkm+27h51969LKeam50eVx/O/uqhQ
4Ss92d1vAKrmnqlhVsYR8UNMJkp3tn3CaSOie20j4RRfKgzzw4yS+WIT5ClDD1Im
UAlcONY07p0Q5RZjrxoxmzSPSwIDAQABo4IClTCCApEwHQYDVR0OBBYEFPwDnc9Z
cP5UKmFQmI6G5KUTY/NAMB8GA1UdIwQYMBaAFKjVdtSvu2QEW7ApVkG5lCfX+Hjy
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QzFEQy9CMkQxREUyMDU5
NEYxMUVCODhGN0E3M0VDNEY5QUUwMi9xTlYyMUstN1pBUmJzQ2xXUWJtVUo5ZjRl
UEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FOVjIxSy03WkFSYnNDbFdRYm1VSjlmNGVQSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0MxREMvQjJEMURFMjA1OTRGMTFFQjg4RjdBNzNFQzRGOUFFMDIvNUQ4NDVGNzJD
NUU1MTFFRjhDOTIyQTQ1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnbmowDQYJKoZIhvcNAQELBQADggEBAGvSHGmRzyC6qsfM
C3lOwGHA369n3RZyy1hLjxVAk0StUDiaJniLyRMu0SQg2ZPsMra8E/Wa1cMir9bT
iyN3+1pOxPWQ3qeyXsU1X8HkXQBrz7p+qdMASnKjtmFV42ky56VJ/gSrtS5VmyCf
iV8gwlMuFIbtNRdYN+noVAY+OdnCxaYlowNVqi6bg8fWoPiNL1sL79ENVyW+wiK8
li8ffqHZAv2lHHr4/sgl1o2U/tkRi3ANl7pIFYEyuazXxQRIYBzg2V54sOBlOvwW
GqAMG0KUA7v7AxTaz3xFGKiHOFWbRsW75fo+ts7Er1OSWg2ZcKXVzmAwup11fL3a
65hSh2A=
-----END CERTIFICATE-----
Generated at Sun May 11 05:44:52 2025 by rpki-client