Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4FBA05349B3A11EF8A991F38C4F9AE02.roa
File: 4FBA05349B3A11EF8A991F38C4F9AE02.roa (raw, json)
Hash identifier: qGLSwO4Kc9PJJIh37uLV35axHyO3A1WU2hbr3td9Zso=
Subject key identifier: F0:B0:98:F1:26:4F:3B:55:13:BA:11:51:CB:3B:93:F4:25:25:8A:B8
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 9C66
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4FBA05349B3A11EF8A991F38C4F9AE02.roa
Signing time: Tue 05 Nov 2024 05:53:42 +0000
ROA not before: Tue 05 Nov 2024 05:53:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 24029
IP address blocks: 103.54.16.0/22 maxlen: 24
103.97.92.0/22 maxlen: 24
203.119.49.0/24 maxlen: 24
203.119.50.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 40038 (0x9c66)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Nov 5 05:53:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6729b2e6-62a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:89:78:bf:10:f6:bd:46:8b:ef:bf:6f:e2:59:
bc:f0:98:e9:82:fb:dc:bb:52:69:2c:aa:0e:ee:e3:
ce:06:01:13:ad:e6:25:5b:be:6d:ec:9f:74:51:87:
8e:2b:c4:46:59:03:f3:89:1f:e4:f1:46:13:7f:1e:
d8:7f:de:d3:4e:da:02:82:d0:9f:c1:94:48:79:2b:
81:3f:19:ef:fe:e5:c0:ec:b9:f7:43:8a:00:14:e6:
47:c8:38:7d:e8:e6:91:7f:e7:11:dd:67:96:d5:55:
12:a8:7a:8f:89:fe:72:8d:76:1b:7f:2b:65:ca:cd:
68:4a:4c:fa:dd:c5:33:c4:96:c1:c8:ae:cb:8b:a2:
f7:ec:c1:40:2b:74:81:90:9f:fd:1b:c7:fa:18:f9:
03:ea:4e:4b:97:d9:92:a7:33:52:6a:85:02:a2:53:
2e:9f:43:28:6e:19:b2:24:91:fa:b0:17:6f:3c:0e:
e9:ee:d4:96:d3:d2:5c:d9:2e:90:0b:d7:a5:55:ce:
38:d5:ff:4e:5f:29:25:42:76:4a:7a:1a:ed:6a:66:
bb:87:8b:41:0e:d9:9d:61:ad:bf:76:58:2d:87:54:
61:ea:15:00:37:cc:aa:ac:b1:ad:9e:f6:42:54:ca:
63:02:38:d5:db:9b:fe:c7:8d:f8:47:cc:ab:9c:4a:
42:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:B0:98:F1:26:4F:3B:55:13:BA:11:51:CB:3B:93:F4:25:25:8A:B8
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4FBA05349B3A11EF8A991F38C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.54.16.0/22
103.97.92.0/22
203.119.49.0-203.119.50.255
Signature Algorithm: sha256WithRSAEncryption
6f:c8:e5:ea:e5:65:57:47:5c:92:1b:f6:a2:03:c3:f5:f7:e0:
33:e2:76:76:8e:c0:48:bc:0b:c6:2f:99:b1:66:37:90:31:eb:
40:2b:6a:26:45:d1:78:a2:9d:55:30:d3:17:a7:0d:c1:8f:42:
37:42:3c:18:d6:06:ca:aa:05:d2:d0:5f:5e:d6:71:04:96:bf:
5a:9f:90:c6:42:9d:d9:ae:1d:bb:20:3f:7c:bb:e8:81:37:81:
e5:19:94:76:e0:48:4b:9d:06:9d:81:de:a3:ca:1d:f4:a9:2d:
57:19:37:11:db:9e:c2:a2:a8:68:19:87:f4:1f:15:94:b6:23:
66:f6:58:30:ec:19:2f:11:b5:87:79:76:e7:84:9c:c4:3e:1b:
a0:78:e5:04:fd:b0:1a:a1:f5:24:06:c0:9c:12:35:15:51:2e:
6e:0e:36:26:91:56:be:b0:e0:18:d2:ea:51:25:88:da:06:5a:
cf:9e:a8:3e:a0:d9:02:78:b3:d1:5c:3f:7a:52:8d:b3:10:48:
24:7d:25:28:0d:75:55:6e:20:2d:e1:98:cf:3c:61:7a:ba:7d:
9b:ca:19:25:f4:93:80:24:f7:5e:15:96:ff:e0:95:a2:04:51:
ea:83:3e:2a:42:c9:9f:24:ba:d6:0f:d3:eb:29:1c:db:c6:a8:
4e:6b:44:93
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgIDAJxmMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MTEwNTA1NTM0MloXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjcyOWIyZTYtNjJhOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKGJeL8Q9r1Gi++/b+JZvPCY6YL73LtSaSyqDu7jzgYBE63mJVu+beyfdFGH
jivERlkD84kf5PFGE38e2H/e007aAoLQn8GUSHkrgT8Z7/7lwOy590OKABTmR8g4
fejmkX/nEd1nltVVEqh6j4n+co12G38rZcrNaEpM+t3FM8SWwciuy4ui9+zBQCt0
gZCf/RvH+hj5A+pOS5fZkqczUmqFAqJTLp9DKG4ZsiSR+rAXbzwO6e7UltPSXNku
kAvXpVXOONX/Tl8pJUJ2Snoa7Wpmu4eLQQ7ZnWGtv3ZYLYdUYeoVADfMqqyxrZ72
QlTKYwI41dub/seN+EfMq5xKQhUCAwEAAaOCAqkwggKlMB0GA1UdDgQWBBTwsJjx
Jk87VRO6EVHLO5P0JSWKuDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzRGQkEwNTM0
OUIzQTExRUY4QTk5MUYzOEM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDMGCCsGAQUFBwEHAQH/
BCQwIjAgBAIAATAaAwQCZzYQAwQCZ2FcMAwDBADLdzEDBADLdzIwDQYJKoZIhvcN
AQELBQADggEBAG/I5erlZVdHXJIb9qIDw/X34DPidnaOwEi8C8YvmbFmN5Ax60Ar
aiZF0XiinVUw0xenDcGPQjdCPBjWBsqqBdLQX17WcQSWv1qfkMZCndmuHbsgP3y7
6IE3geUZlHbgSEudBp2B3qPKHfSpLVcZNxHbnsKiqGgZh/QfFZS2I2b2WDDsGS8R
tYd5dueEnMQ+G6B45QT9sBqh9SQGwJwSNRVRLm4ONiaRVr6w4BjS6lEliNoGWs+e
qD6g2QJ4s9FcP3pSjbMQSCR9JSgNdVVuIC3hmM88YXq6fZvKGSX0k4Ak914Vlv/g
laIEUeqDPipCyZ8kutYP0+spHNvGqE5rRJM=
-----END CERTIFICATE-----
Generated at Wed May 14 11:31:47 2025 by rpki-client