Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91203DF/927397B4CA3411E996837E56C4F9AE02/E41A2BEE400A11F08117C986C4F9AE02.roa
File: E41A2BEE400A11F08117C986C4F9AE02.roa (raw, json)
Hash identifier: yGV6N9xK5v+jfaXF116EQ42M1CVDQnVhMAbJObBgr0c=
Subject key identifier: 43:12:AE:45:5A:89:1E:CA:A4:9A:DE:33:D0:4E:85:7A:75:FD:E2:06
Certificate issuer: /CN=A91203DF/serialNumber=56790B8C9507D9D4F3900950D329E275747767AC
Certificate serial: 0D90
Authority key identifier: 56:79:0B:8C:95:07:D9:D4:F3:90:09:50:D3:29:E2:75:74:77:67:AC
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VnkLjJUH2dTzkAlQ0ynidXR3Z6w.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91203DF/927397B4CA3411E996837E56C4F9AE02/E41A2BEE400A11F08117C986C4F9AE02.roa
Signing time: Mon 02 Jun 2025 23:39:57 +0000
ROA not before: Mon 02 Jun 2025 23:39:57 +0000
ROA not after: Sat 31 Jan 2026 00:00:00 +0000
asID: 138397
IP address blocks: 103.124.110.0/23 maxlen: 23
103.124.111.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3472 (0xd90)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91203DF, serialNumber=56790B8C9507D9D4F3900950D329E275747767AC
Validity
Not Before: Jun 2 23:39:57 2025 GMT
Not After : Jan 31 00:00:00 2026 GMT
Subject: CN=683e364d-d0d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:f8:94:e4:f1:c3:e1:a9:c0:01:20:55:92:13:
79:15:7b:5a:07:35:ab:4d:37:b7:f1:d1:96:b5:96:
bb:50:83:22:ae:7d:8b:48:e1:2b:21:29:15:86:0c:
14:b9:31:39:d5:59:6c:be:f9:2d:8e:3e:29:33:ef:
c7:c2:7b:ac:8e:4c:bf:c5:30:7f:31:3c:68:7e:7c:
d2:ca:0a:ea:03:22:1b:86:f9:af:40:f4:f9:2c:6f:
f6:09:7c:aa:d8:d4:d1:c0:2c:ec:1f:24:f4:e9:47:
69:1c:59:05:bc:f2:d5:79:67:38:c7:85:d9:93:aa:
9b:7c:56:38:ce:af:93:bc:e4:06:6e:e1:2c:63:18:
83:e3:d1:e3:45:65:67:3b:52:18:21:8c:4f:17:6c:
4d:2b:1a:b0:64:96:96:08:c2:db:ac:d3:82:e8:a4:
9f:25:38:82:82:87:4a:62:c4:a3:ba:a5:9f:58:a3:
f8:ef:49:4c:32:d2:75:06:9a:b3:8c:60:7a:aa:65:
1a:c3:f8:4d:6a:26:82:43:dd:7c:c6:ea:d4:f9:1a:
1a:e9:59:46:6f:29:60:17:19:69:30:bd:02:82:d3:
25:d5:37:f0:2f:cb:dc:d0:67:02:50:e1:8a:94:26:
bc:2c:f9:2f:bd:a0:55:91:0b:5f:76:19:c1:3c:7b:
af:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:12:AE:45:5A:89:1E:CA:A4:9A:DE:33:D0:4E:85:7A:75:FD:E2:06
X509v3 Authority Key Identifier:
keyid:56:79:0B:8C:95:07:D9:D4:F3:90:09:50:D3:29:E2:75:74:77:67:AC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91203DF/927397B4CA3411E996837E56C4F9AE02/VnkLjJUH2dTzkAlQ0ynidXR3Z6w.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VnkLjJUH2dTzkAlQ0ynidXR3Z6w.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91203DF/927397B4CA3411E996837E56C4F9AE02/E41A2BEE400A11F08117C986C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.124.110.0/23
Signature Algorithm: sha256WithRSAEncryption
2c:01:20:45:11:c6:ec:33:15:b2:1e:a8:12:08:ce:37:fc:cf:
13:2d:e3:59:d6:18:0b:07:3d:64:80:15:ee:0c:90:b8:9b:bc:
54:44:8a:b7:0d:52:25:01:88:b6:d1:88:72:5b:fc:f2:75:17:
2a:64:72:e5:60:24:97:26:6a:fc:4d:e7:c2:75:42:3b:20:00:
e7:62:2f:4e:9f:6f:a3:bc:6b:ff:bb:b5:9d:f3:f0:53:b7:bc:
8f:eb:45:68:19:a6:0d:f2:1a:17:78:a0:a2:89:b8:05:c3:bc:
56:a5:55:f3:46:61:80:94:40:25:98:74:70:d3:ba:4f:0f:0c:
22:b4:10:9f:18:94:bd:df:5f:4d:e2:51:a5:65:7e:66:29:e9:
49:5c:28:1d:97:d1:35:81:17:4d:88:00:e4:3d:c3:c1:b3:87:
62:65:bc:d7:4c:37:0d:4f:ec:04:7f:3e:6e:bc:76:84:55:6c:
c6:4c:4b:c3:98:a7:e6:c2:af:1c:7c:62:9b:f8:d1:40:c4:5c:
4d:65:38:25:64:52:2c:79:93:89:cf:11:15:4b:50:b7:06:39:
ec:ca:ff:8a:28:c0:cd:28:51:0b:b6:c2:2c:c5:43:d0:31:7f:
a7:21:6f:d4:bb:63:a4:78:cb:0b:0e:a5:6e:8c:e3:b0:cc:2a:
19:97:73:14
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICDZAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjAzREYxMTAvBgNVBAUTKDU2NzkwQjhDOTUwN0Q5RDRGMzkwMDk1MEQzMjlFMjc1
NzQ3NzY3QUMwHhcNMjUwNjAyMjMzOTU3WhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODNlMzY0ZC1kMGQzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8viU5PHD4anAASBVkhN5FXtaBzWrTTe38dGWtZa7UIMirn2LSOErISkVhgwU
uTE51Vlsvvktjj4pM+/Hwnusjky/xTB/MTxofnzSygrqAyIbhvmvQPT5LG/2CXyq
2NTRwCzsHyT06UdpHFkFvPLVeWc4x4XZk6qbfFY4zq+TvOQGbuEsYxiD49HjRWVn
O1IYIYxPF2xNKxqwZJaWCMLbrNOC6KSfJTiCgodKYsSjuqWfWKP470lMMtJ1Bpqz
jGB6qmUaw/hNaiaCQ918xurU+Roa6VlGbylgFxlpML0CgtMl1TfwL8vc0GcCUOGK
lCa8LPkvvaBVkQtfdhnBPHuvBQIDAQABo4IClTCCApEwHQYDVR0OBBYEFEMSrkVa
iR7KpJreM9BOhXp1/eIGMB8GA1UdIwQYMBaAFFZ5C4yVB9nU85AJUNMp4nV0d2es
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyMDNERi85MjczOTdCNENB
MzQxMUU5OTY4MzdFNTZDNEY5QUUwMi9WbmtMakpVSDJkVHprQWxRMHluaWRYUjNa
NncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1Zua0xqSlVIMmRUemtBbFEweW5pZFhSM1o2dy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjAzREYvOTI3Mzk3QjRDQTM0MTFFOTk2ODM3RTU2QzRGOUFFMDIvRTQxQTJCRUU0
MDBBMTFGMDgxMTdDOTg2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnfG4wDQYJKoZIhvcNAQELBQADggEBACwBIEURxuwzFbIe
qBIIzjf8zxMt41nWGAsHPWSAFe4MkLibvFREircNUiUBiLbRiHJb/PJ1FypkcuVg
JJcmavxN58J1QjsgAOdiL06fb6O8a/+7tZ3z8FO3vI/rRWgZpg3yGhd4oKKJuAXD
vFalVfNGYYCUQCWYdHDTuk8PDCK0EJ8YlL3fX03iUaVlfmYp6UlcKB2X0TWBF02I
AOQ9w8Gzh2JlvNdMNw1P7AR/Pm68doRVbMZMS8OYp+bCrxx8Ypv40UDEXE1lOCVk
Uix5k4nPERVLULcGOezK/4oowM0oUQu2wizFQ9Axf6chb9S7Y6R4ywsOpW6M47DM
KhmXcxQ=
-----END CERTIFICATE-----
Generated at Thu Jun 19 21:30:37 2025 by rpki-client