Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A912D2CE/2B0E7240013611EAB0006438C4F9AE02/DC43636403DF11ED91E80E1EC4F9AE02.roa
File: DC43636403DF11ED91E80E1EC4F9AE02.roa (raw, json)
Hash identifier: oSBN6HUhy+julkqmImkyhFJUpYItVdxwqQnm44h7yfI=
Subject key identifier: F5:2B:76:04:F3:E3:F7:18:D1:F0:ED:85:42:55:39:40:46:F9:D8:9B
Certificate issuer: /CN=A912D2CE/serialNumber=AE16045872DDDAC3DCF12F0795CAD70E4C09D96C
Certificate serial: 0A8C
Authority key identifier: AE:16:04:58:72:DD:DA:C3:DC:F1:2F:07:95:CA:D7:0E:4C:09:D9:6C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rhYEWHLd2sPc8S8HlcrXDkwJ2Ww.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A912D2CE/2B0E7240013611EAB0006438C4F9AE02/DC43636403DF11ED91E80E1EC4F9AE02.roa
Signing time: Mon 05 Dec 2022 08:06:25 +0000
ROA not before: Mon 05 Dec 2022 08:06:25 +0000
ROA not after: Mon 01 May 2023 00:00:00 +0000
asID: 136176
IP address blocks: 103.83.15.0/24 maxlen: 24
103.84.133.0/24 maxlen: 24
103.90.12.0/24 maxlen: 24
103.90.13.0/24 maxlen: 24
2401:32c0::/32 maxlen: 32
2401:32c0::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2700 (0xa8c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A912D2CE, serialNumber=AE16045872DDDAC3DCF12F0795CAD70E4C09D96C
Validity
Not Before: Dec 5 08:06:25 2022 GMT
Not After : May 1 00:00:00 2023 GMT
Subject: CN=638da680-97c2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:b5:97:25:93:df:53:03:f2:7b:1c:7e:4f:77:
5a:a5:ab:34:3c:47:fc:81:05:77:8d:f5:a5:a8:99:
11:7b:ad:f2:22:a9:75:81:4e:51:15:ba:6a:cb:90:
ff:7d:8d:56:4d:ac:35:f8:34:e8:f0:fb:19:4a:e5:
65:e2:a7:82:fd:75:9a:07:4c:eb:24:08:28:25:c9:
4e:d1:46:61:96:1d:1e:de:22:85:45:b4:26:2c:57:
ab:be:d0:b4:95:75:9a:29:ad:c7:10:16:64:90:a8:
78:b9:34:d4:ae:46:ae:53:97:b6:ea:2a:07:76:75:
7a:71:35:42:e8:ea:04:c0:99:26:4a:c8:c3:b8:4f:
c2:97:2b:0f:83:d4:d8:ab:e0:e7:55:8f:d8:72:34:
bd:83:68:b7:d5:ef:83:08:21:12:35:9c:d4:86:10:
83:44:8c:ae:15:a6:96:3c:72:c5:c7:0d:9a:60:49:
a3:f4:76:8d:f6:76:6f:26:41:7c:eb:9d:e9:f9:68:
09:ef:47:20:bf:55:f6:39:12:8a:65:ea:9f:c6:00:
0f:38:e0:2b:1d:d9:d6:38:8e:08:f6:a0:74:15:ea:
08:20:d2:4c:f8:7e:19:fd:c7:9a:4f:be:cb:e2:44:
d9:30:ac:67:98:a6:81:83:d5:3e:25:43:fc:66:91:
b8:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:2B:76:04:F3:E3:F7:18:D1:F0:ED:85:42:55:39:40:46:F9:D8:9B
X509v3 Authority Key Identifier:
keyid:AE:16:04:58:72:DD:DA:C3:DC:F1:2F:07:95:CA:D7:0E:4C:09:D9:6C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A912D2CE/2B0E7240013611EAB0006438C4F9AE02/rhYEWHLd2sPc8S8HlcrXDkwJ2Ww.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rhYEWHLd2sPc8S8HlcrXDkwJ2Ww.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912D2CE/2B0E7240013611EAB0006438C4F9AE02/DC43636403DF11ED91E80E1EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.83.15.0/24
103.84.133.0/24
103.90.12.0/23
IPv6:
2401:32c0::/32
Signature Algorithm: sha256WithRSAEncryption
a1:89:57:64:f8:eb:b6:1c:e8:c0:e6:89:a1:02:08:68:7b:fc:
1f:92:1b:a7:17:03:ad:96:f8:15:18:e1:25:3d:4d:06:54:ac:
af:07:2f:2b:aa:64:57:80:e2:ee:79:0c:1e:f2:73:39:85:b8:
28:bc:0b:18:e9:0e:be:e0:38:74:8e:e9:fd:72:70:e2:6b:e3:
04:41:f8:47:8d:05:59:ef:48:f3:96:a6:96:23:df:b4:ec:72:
1e:51:e7:c9:3f:d4:f9:6e:cf:d6:c6:9e:0a:91:6f:38:4f:ff:
34:83:2e:6f:b3:88:13:fb:1f:0c:4a:bf:50:f2:8e:8e:d2:8d:
75:ba:87:e3:a5:14:80:bf:bb:6e:80:72:75:f3:15:1b:3e:83:
cd:98:82:6b:79:85:18:86:94:5b:38:65:a0:f0:64:46:91:73:
bc:90:b9:a7:8b:08:1f:f5:76:fc:83:a3:ee:23:19:a7:f1:06:
67:4c:2a:3e:d7:2d:85:e5:7f:a6:7c:ea:c4:36:1f:ec:21:ad:
b6:6e:50:81:58:a8:29:9c:be:f2:89:9a:8f:04:ad:a0:f8:2f:
6e:81:ee:67:60:95:78:fc:cb:68:f6:bc:b2:ef:5f:3e:07:0f:
4c:74:57:7b:66:cd:b7:93:fd:e3:ed:11:94:65:7e:12:d7:ff:
68:23:ea:c1
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICCowwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkQyQ0UxMTAvBgNVBAUTKEFFMTYwNDU4NzJERERBQzNEQ0YxMkYwNzk1Q0FENzBF
NEMwOUQ5NkMwHhcNMjIxMjA1MDgwNjI1WhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzhkYTY4MC05N2MyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0rWXJZPfUwPyexx+T3dapas0PEf8gQV3jfWlqJkRe63yIql1gU5RFbpqy5D/
fY1WTaw1+DTo8PsZSuVl4qeC/XWaB0zrJAgoJclO0UZhlh0e3iKFRbQmLFervtC0
lXWaKa3HEBZkkKh4uTTUrkauU5e26ioHdnV6cTVC6OoEwJkmSsjDuE/ClysPg9TY
q+DnVY/YcjS9g2i31e+DCCESNZzUhhCDRIyuFaaWPHLFxw2aYEmj9HaN9nZvJkF8
653p+WgJ70cgv1X2ORKKZeqfxgAPOOArHdnWOI4I9qB0FeoIINJM+H4Z/ceaT77L
4kTZMKxnmKaBg9U+JUP8ZpG4ZQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFPUrdgTz
4/cY0fDthUJVOUBG+dibMB8GA1UdIwQYMBaAFK4WBFhy3drD3PEvB5XK1w5MCdls
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyRDJDRS8yQjBFNzI0MDAx
MzYxMUVBQjAwMDY0MzhDNEY5QUUwMi9yaFlFV0hMZDJzUGM4UzhIbGNyWERrd0oy
V3cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JoWUVXSExkMnNQYzhTOEhsY3JYRGt3SjJXdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkQyQ0UvMkIwRTcyNDAwMTM2MTFFQUIwMDA2NDM4QzRGOUFFMDIvREM0MzYzNjQw
M0RGMTFFRDkxRTgwRTFFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBABnUw8DBABnVIUDBAFnWgwwDQQCAAIwBwMFACQBMsAwDQYJ
KoZIhvcNAQELBQADggEBAKGJV2T467Yc6MDmiaECCGh7/B+SG6cXA62W+BUY4SU9
TQZUrK8HLyuqZFeA4u55DB7yczmFuCi8CxjpDr7gOHSO6f1ycOJr4wRB+EeNBVnv
SPOWppYj37Tsch5R58k/1Pluz9bGngqRbzhP/zSDLm+ziBP7HwxKv1Dyjo7SjXW6
h+OlFIC/u26AcnXzFRs+g82Ygmt5hRiGlFs4ZaDwZEaRc7yQuaeLCB/1dvyDo+4j
GafxBmdMKj7XLYXlf6Z86sQ2H+whrbZuUIFYqCmcvvKJmo8EraD4L26B7mdglXj8
y2j2vLLvXz4HD0x0V3tmzbeT/ePtEZRlfhLX/2gj6sE=
-----END CERTIFICATE-----
Generated at Sat Apr 26 15:06:30 2025 by rpki-client