Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9148E62/D6B9796202A211ED91216E19C4F9AE02/6DFDBF0C02A511ED8277D41AC4F9AE02.roa
File: 6DFDBF0C02A511ED8277D41AC4F9AE02.roa (raw, json)
Hash identifier: OWfg2JiqIE+yOfdRfOr49Odtkfb/ioaTETN+JT5Ws34=
Subject key identifier: D9:F0:97:3B:F4:46:D4:D7:F6:F9:4D:39:7C:36:22:4C:66:78:03:A1
Certificate issuer: /CN=A9148E62/serialNumber=C63056041C0F90B92B2B87DBFFA97E3E9DA028D4
Certificate serial: 0204
Authority key identifier: C6:30:56:04:1C:0F:90:B9:2B:2B:87:DB:FF:A9:7E:3E:9D:A0:28:D4
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xjBWBBwPkLkrK4fb_6l-Pp2gKNQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9148E62/D6B9796202A211ED91216E19C4F9AE02/6DFDBF0C02A511ED8277D41AC4F9AE02.roa
Signing time: Sat 27 Jul 2024 03:26:53 +0000
ROA not before: Sat 27 Jul 2024 03:26:53 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 59379
IP address blocks: 103.234.236.0/24 maxlen: 24
103.234.237.0/24 maxlen: 24
103.234.238.0/24 maxlen: 24
103.234.239.0/24 maxlen: 24
2001:df6:e800::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 516 (0x204)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9148E62, serialNumber=C63056041C0F90B92B2B87DBFFA97E3E9DA028D4
Validity
Not Before: Jul 27 03:26:53 2024 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=66a468fd-c860
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:4c:ed:cd:bd:c9:06:37:25:ca:ac:6e:07:cd:
04:96:0a:62:b7:41:0b:56:1a:b2:ce:eb:35:0f:55:
0a:80:bd:c7:e0:3e:59:af:34:90:aa:94:19:51:0d:
f3:be:c3:89:a7:e2:34:85:90:3b:59:13:00:f6:b0:
e8:8a:25:8c:e2:08:14:0d:00:3d:fc:2f:a5:03:93:
01:2f:37:8b:c5:6b:9b:c9:5d:61:86:53:e9:1e:6d:
08:7b:50:45:10:44:55:59:06:ff:e5:c3:02:bc:54:
cb:b6:c8:fe:2f:6e:5b:da:d3:dd:fb:d5:a2:34:a9:
17:1d:b2:ba:51:9c:6b:60:cf:14:1f:9b:f6:ce:01:
de:87:78:75:e7:1f:81:26:ec:a0:b0:a3:ee:a1:13:
8f:e8:15:fe:39:ea:b8:c0:33:a7:bb:fb:84:c2:6e:
7b:78:70:09:c7:68:17:01:6c:7e:6c:2f:26:65:f7:
34:ae:82:84:0f:3d:69:f4:f8:41:0f:0b:6e:7f:87:
69:64:98:68:b9:4d:a6:5b:c3:db:b7:db:16:c1:0e:
16:1c:27:74:71:b5:01:9e:9d:32:77:ad:a0:68:30:
25:b5:ae:4a:15:34:e6:e2:4a:60:de:e2:b3:5b:71:
9e:69:53:1c:c3:d4:ef:5c:eb:31:54:86:92:45:25:
86:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:F0:97:3B:F4:46:D4:D7:F6:F9:4D:39:7C:36:22:4C:66:78:03:A1
X509v3 Authority Key Identifier:
keyid:C6:30:56:04:1C:0F:90:B9:2B:2B:87:DB:FF:A9:7E:3E:9D:A0:28:D4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9148E62/D6B9796202A211ED91216E19C4F9AE02/xjBWBBwPkLkrK4fb_6l-Pp2gKNQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xjBWBBwPkLkrK4fb_6l-Pp2gKNQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148E62/D6B9796202A211ED91216E19C4F9AE02/6DFDBF0C02A511ED8277D41AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.234.236.0/22
IPv6:
2001:df6:e800::/48
Signature Algorithm: sha256WithRSAEncryption
74:4c:0c:89:77:c8:75:c7:79:42:a9:ea:7b:c4:98:43:9c:f9:
79:b2:f7:6f:eb:4d:8a:7e:a3:57:08:5b:7b:0a:56:d6:9e:a0:
3b:fa:99:26:e7:2f:37:47:f2:1b:ac:51:f1:65:8f:8b:59:ef:
0d:e1:cb:8b:1f:3d:5b:b0:db:ad:fa:ac:71:48:ad:5c:4a:f2:
bc:b0:a9:41:a2:6a:6c:74:71:0f:d8:e0:47:e8:3f:bd:df:2b:
95:8d:e0:49:fe:69:4e:29:ec:7f:ce:6c:ad:7c:d2:35:17:43:
04:5a:6f:84:b7:ab:40:1e:a3:20:e8:45:2b:83:e0:c8:63:d4:
e4:96:fb:28:4a:57:ad:46:93:5e:be:0a:01:1e:ce:a9:ff:fe:
78:4e:23:d4:a6:71:f0:21:e0:8f:27:88:04:b4:85:f7:e6:b7:
41:c7:6f:d3:2c:66:76:ba:6b:6f:23:dd:36:37:99:dd:3e:34:
27:b3:95:8e:3d:fd:ca:81:01:5e:98:00:35:bc:76:44:f4:9e:
53:52:22:2b:93:e0:be:7e:d1:d9:49:1f:dc:0d:4c:72:68:86:
82:24:bd:42:87:cf:42:09:b1:b7:4b:32:f2:dd:06:cf:83:38:
98:30:f8:d1:8d:19:c0:fe:29:2e:38:56:74:f1:3c:63:33:7c:
4c:65:e4:f8
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICAgQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhFNjIxMTAvBgNVBAUTKEM2MzA1NjA0MUMwRjkwQjkyQjJCODdEQkZGQTk3RTNF
OURBMDI4RDQwHhcNMjQwNzI3MDMyNjUzWhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmE0NjhmZC1jODYwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx0ztzb3JBjclyqxuB80Elgpit0ELVhqyzus1D1UKgL3H4D5ZrzSQqpQZUQ3z
vsOJp+I0hZA7WRMA9rDoiiWM4ggUDQA9/C+lA5MBLzeLxWubyV1hhlPpHm0Ie1BF
EERVWQb/5cMCvFTLtsj+L25b2tPd+9WiNKkXHbK6UZxrYM8UH5v2zgHeh3h15x+B
JuygsKPuoROP6BX+Oeq4wDOnu/uEwm57eHAJx2gXAWx+bC8mZfc0roKEDz1p9PhB
Dwtuf4dpZJhouU2mW8Pbt9sWwQ4WHCd0cbUBnp0yd62gaDAlta5KFTTm4kpg3uKz
W3GeaVMcw9TvXOsxVIaSRSWGOwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFNnwlzv0
RtTX9vlNOXw2IkxmeAOhMB8GA1UdIwQYMBaAFMYwVgQcD5C5KyuH2/+pfj6doCjU
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEU2Mi9ENkI5Nzk2MjAy
QTIxMUVEOTEyMTZFMTlDNEY5QUUwMi94akJXQkJ3UGtMa3JLNGZiXzZsLVBwMmdL
TlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hqQldCQndQa0xrcks0ZmJfNmwtUHAyZ0tOUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhFNjIvRDZCOTc5NjIwMkEyMTFFRDkxMjE2RTE5QzRGOUFFMDIvNkRGREJGMEMw
MkE1MTFFRDgyNzdENDFBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAJn6uwwDwQCAAIwCQMHACABDfboADANBgkqhkiG9w0BAQsF
AAOCAQEAdEwMiXfIdcd5Qqnqe8SYQ5z5ebL3b+tNin6jVwhbewpW1p6gO/qZJucv
N0fyG6xR8WWPi1nvDeHLix89W7DbrfqscUitXEryvLCpQaJqbHRxD9jgR+g/vd8r
lY3gSf5pTinsf85srXzSNRdDBFpvhLerQB6jIOhFK4PgyGPU5Jb7KEpXrUaTXr4K
AR7Oqf/+eE4j1KZx8CHgjyeIBLSF9+a3Qcdv0yxmdrprbyPdNjeZ3T40J7OVjj39
yoEBXpgANbx2RPSeU1IiK5Pgvn7R2Ukf3A1McmiGgiS9QofPQgmxt0sy8t0Gz4M4
mDD40Y0ZwP4pLjhWdPE8YzN8TGXk+A==
-----END CERTIFICATE-----
Generated at Sat Apr 26 16:52:45 2025 by rpki-client