Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DD4A6/6A5969A87E9511EC82EE520AC4F9AE02/6167C26AD7F511EF8E0A8B6EC4F9AE02.roa
File: 6167C26AD7F511EF8E0A8B6EC4F9AE02.roa (raw, json)
Hash identifier: UWsKKJORAXKxk0vP0kDgwONbn5LBugLcPgpW8g4naWQ=
Subject key identifier: 04:A1:F6:C2:D7:7C:4C:91:84:B8:C2:69:7A:21:7D:61:FA:4F:17:5F
Certificate issuer: /CN=A91DD4A6/serialNumber=17004AA33105B0A0E6D3EB4E47C513063D92CEC2
Certificate serial: 03BB
Authority key identifier: 17:00:4A:A3:31:05:B0:A0:E6:D3:EB:4E:47:C5:13:06:3D:92:CE:C2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FwBKozEFsKDm0-tOR8UTBj2SzsI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DD4A6/6A5969A87E9511EC82EE520AC4F9AE02/6167C26AD7F511EF8E0A8B6EC4F9AE02.roa
Signing time: Tue 21 Jan 2025 12:45:58 +0000
ROA not before: Tue 21 Jan 2025 12:45:58 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 56209
IP address blocks: 103.17.80.0/22 maxlen: 22
103.17.80.0/24 maxlen: 24
103.17.81.0/24 maxlen: 24
103.17.82.0/24 maxlen: 24
103.17.83.0/24 maxlen: 24
150.129.172.0/23 maxlen: 23
150.129.172.0/24 maxlen: 24
150.129.173.0/24 maxlen: 24
202.47.112.0/21 maxlen: 21
202.47.112.0/24 maxlen: 24
202.47.113.0/24 maxlen: 24
202.47.114.0/24 maxlen: 24
202.47.115.0/24 maxlen: 24
202.47.116.0/24 maxlen: 24
202.47.117.0/24 maxlen: 24
202.47.118.0/24 maxlen: 24
202.47.119.0/24 maxlen: 24
202.71.0.0/19 maxlen: 19
202.71.0.0/23 maxlen: 24
202.71.2.0/23 maxlen: 24
202.71.4.0/24 maxlen: 24
202.71.5.0/24 maxlen: 24
202.71.6.0/24 maxlen: 24
202.71.7.0/24 maxlen: 24
202.71.8.0/24 maxlen: 24
202.71.9.0/24 maxlen: 24
202.71.10.0/24 maxlen: 24
202.71.11.0/24 maxlen: 24
202.71.12.0/24 maxlen: 24
202.71.13.0/24 maxlen: 24
202.71.14.0/24 maxlen: 24
202.71.15.0/24 maxlen: 24
202.71.16.0/24 maxlen: 24
202.71.17.0/24 maxlen: 24
202.71.18.0/24 maxlen: 24
202.71.19.0/24 maxlen: 24
202.71.20.0/24 maxlen: 24
202.71.21.0/24 maxlen: 24
202.71.22.0/24 maxlen: 24
202.71.23.0/24 maxlen: 24
202.71.24.0/24 maxlen: 24
202.71.25.0/24 maxlen: 24
202.71.26.0/24 maxlen: 24
202.71.27.0/24 maxlen: 24
202.71.28.0/24 maxlen: 24
202.71.29.0/24 maxlen: 24
202.71.30.0/23 maxlen: 24
2406:2100::/32 maxlen: 32
2406:2100::/48 maxlen: 48
2406:2100:1::/48 maxlen: 48
2406:2100:2::/48 maxlen: 48
2406:2100:3::/48 maxlen: 48
2406:2100:4::/48 maxlen: 48
2406:2100:5::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 955 (0x3bb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DD4A6, serialNumber=17004AA33105B0A0E6D3EB4E47C513063D92CEC2
Validity
Not Before: Jan 21 12:45:58 2025 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=678f9705-21ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:e6:f2:43:57:fe:25:cd:1e:41:4d:08:fb:be:
99:66:ce:90:f1:3f:6f:95:b9:cb:e5:34:04:73:20:
aa:0c:86:de:98:1f:5b:c0:9c:56:ae:71:46:bc:11:
9d:72:16:6f:df:5e:5b:3e:0b:76:da:17:e0:24:d3:
b8:c4:56:a6:6b:3b:c2:8d:9a:b2:16:a2:9e:90:8b:
c9:a9:1a:d6:b4:63:75:bc:e4:0e:8a:75:70:62:94:
0f:63:bf:1e:4b:5c:4c:e3:85:52:2a:d0:b1:b5:21:
90:6e:84:90:e0:bf:b2:78:5c:ca:ab:08:a3:48:1d:
70:cc:61:a1:7a:0f:83:16:07:e7:3e:aa:dd:7e:1c:
5b:18:a9:a1:fc:10:f2:b8:24:e3:1e:b7:98:59:5c:
5d:25:c6:c8:50:8e:89:42:e4:25:a5:3a:08:57:05:
12:6b:ae:4c:60:3d:1d:68:54:07:0c:d9:51:bc:ae:
a2:06:e3:2c:4d:7b:87:cc:c8:5a:5e:e0:5f:9b:9d:
52:83:e4:a9:b0:ab:a3:be:92:b3:36:27:ec:82:b4:
79:34:59:c6:94:c1:f0:d8:0f:e2:9b:b5:20:b7:c7:
61:90:a0:ee:de:f1:23:49:29:53:2d:d7:65:81:98:
97:d2:fe:33:4e:da:6e:11:a8:14:cf:30:a1:c1:83:
c5:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:A1:F6:C2:D7:7C:4C:91:84:B8:C2:69:7A:21:7D:61:FA:4F:17:5F
X509v3 Authority Key Identifier:
keyid:17:00:4A:A3:31:05:B0:A0:E6:D3:EB:4E:47:C5:13:06:3D:92:CE:C2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DD4A6/6A5969A87E9511EC82EE520AC4F9AE02/FwBKozEFsKDm0-tOR8UTBj2SzsI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FwBKozEFsKDm0-tOR8UTBj2SzsI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DD4A6/6A5969A87E9511EC82EE520AC4F9AE02/6167C26AD7F511EF8E0A8B6EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.17.80.0/22
150.129.172.0/23
202.47.112.0/21
202.71.0.0/19
IPv6:
2406:2100::/32
Signature Algorithm: sha256WithRSAEncryption
79:33:b6:0d:0c:47:db:28:40:0d:9a:8b:c6:56:34:c7:6d:bc:
1b:56:95:f6:85:22:f6:fb:a1:80:30:ee:d3:bc:e4:2d:12:4a:
fa:1f:a6:7b:25:2a:2d:33:43:3c:1a:e1:66:11:62:e9:bb:d5:
33:ae:77:8c:2b:a4:9d:97:ab:28:4c:e6:07:8e:a6:80:a9:aa:
12:0d:00:c3:b4:42:b0:4a:65:ef:1e:55:53:13:89:ab:2f:76:
c6:0b:1d:f7:30:3f:4e:ee:a9:08:f9:e4:f1:8a:8a:f0:f6:ce:
03:b3:77:63:dd:42:f8:41:ae:66:4c:98:c3:c1:c0:bd:e0:5a:
a6:7e:61:7e:b6:60:8f:b2:3e:e0:19:b0:52:98:5f:62:8e:54:
10:d3:89:31:4e:ad:9d:15:1e:0e:1b:4d:14:97:dc:02:16:d7:
f4:76:3f:9d:94:2e:02:02:09:41:d2:d4:96:ea:58:27:5c:f6:
12:c3:a3:11:f2:51:43:09:23:98:7a:a3:ec:b8:5f:10:08:e3:
46:a7:81:5d:47:a0:d1:0d:a1:95:1f:be:5d:a1:c5:d2:d8:56:
c1:db:0b:67:60:fa:ce:77:24:9f:e3:fe:76:78:53:3f:39:df:
af:85:4f:08:d4:77:a7:23:0d:8c:54:2b:d9:d9:d1:62:18:ca:
b0:7d:90:2b
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICA7swDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REQ0QTYxMTAvBgNVBAUTKDE3MDA0QUEzMzEwNUIwQTBFNkQzRUI0RTQ3QzUxMzA2
M0Q5MkNFQzIwHhcNMjUwMTIxMTI0NTU4WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzhmOTcwNS0yMWFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5ObyQ1f+Jc0eQU0I+76ZZs6Q8T9vlbnL5TQEcyCqDIbemB9bwJxWrnFGvBGd
chZv315bPgt22hfgJNO4xFamazvCjZqyFqKekIvJqRrWtGN1vOQOinVwYpQPY78e
S1xM44VSKtCxtSGQboSQ4L+yeFzKqwijSB1wzGGheg+DFgfnPqrdfhxbGKmh/BDy
uCTjHreYWVxdJcbIUI6JQuQlpToIVwUSa65MYD0daFQHDNlRvK6iBuMsTXuHzMha
XuBfm51Sg+SpsKujvpKzNifsgrR5NFnGlMHw2A/im7Ugt8dhkKDu3vEjSSlTLddl
gZiX0v4zTtpuEagUzzChwYPFjwIDAQABo4ICtjCCArIwHQYDVR0OBBYEFASh9sLX
fEyRhLjCaXohfWH6TxdfMB8GA1UdIwQYMBaAFBcASqMxBbCg5tPrTkfFEwY9ks7C
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERDRBNi82QTU5NjlBODdF
OTUxMUVDODJFRTUyMEFDNEY5QUUwMi9Gd0JLb3pFRnNLRG0wLXRPUjhVVEJqMlN6
c0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0Z3QktvekVGc0tEbTAtdE9SOFVUQmoyU3pzSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REQ0QTYvNkE1OTY5QTg3RTk1MTFFQzgyRUU1MjBBQzRGOUFFMDIvNjE2N0MyNkFE
N0Y1MTFFRjhFMEE4QjZFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAJnEVADBAGWgawDBAPKL3ADBAXKRwAwDQQCAAIwBwMFACQG
IQAwDQYJKoZIhvcNAQELBQADggEBAHkztg0MR9soQA2ai8ZWNMdtvBtWlfaFIvb7
oYAw7tO85C0SSvofpnslKi0zQzwa4WYRYum71TOud4wrpJ2XqyhM5geOpoCpqhIN
AMO0QrBKZe8eVVMTiasvdsYLHfcwP07uqQj55PGKivD2zgOzd2PdQvhBrmZMmMPB
wL3gWqZ+YX62YI+yPuAZsFKYX2KOVBDTiTFOrZ0VHg4bTRSX3AIW1/R2P52ULgIC
CUHS1JbqWCdc9hLDoxHyUUMJI5h6o+y4XxAI40angV1HoNENoZUfvl2hxdLYVsHb
C2dg+s53JJ/j/nZ4Uz8536+FTwjUd6cjDYxUK9nZ0WIYyrB9kCs=
-----END CERTIFICATE-----
Generated at Tue Apr 22 02:09:40 2025 by rpki-client