Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/3BF9A228DEAF11EDB7B0C04EC4F9AE02.roa
File: 3BF9A228DEAF11EDB7B0C04EC4F9AE02.roa (raw, json)
Hash identifier: kivvaD7T4q03sDyo1gTBtLBrrDDMa4+ciQQ3/JgmpwY=
Subject key identifier: 74:1D:06:A3:F6:34:B4:C7:61:13:00:D9:CA:73:D7:70:50:E4:6F:B1
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 0A32
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/3BF9A228DEAF11EDB7B0C04EC4F9AE02.roa
Signing time: Wed 19 Apr 2023 12:39:33 +0000
ROA not before: Wed 19 Apr 2023 12:39:33 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 9387
IP address blocks: 113.203.209.0/24 maxlen: 24
113.203.211.0/24 maxlen: 24
113.203.212.0/24 maxlen: 24
113.203.213.0/24 maxlen: 24
113.203.214.0/23 maxlen: 24
113.203.216.0/24 maxlen: 24
113.203.219.0/24 maxlen: 24
113.203.226.0/24 maxlen: 24
113.203.234.0/24 maxlen: 24
113.203.235.0/24 maxlen: 24
113.203.236.0/24 maxlen: 24
113.203.237.0/24 maxlen: 24
113.203.238.0/24 maxlen: 24
113.203.239.0/24 maxlen: 24
113.203.240.0/24 maxlen: 24
113.203.244.0/24 maxlen: 24
180.178.172.0/24 maxlen: 24
180.178.174.0/24 maxlen: 24
180.178.175.0/24 maxlen: 24
180.178.178.0/24 maxlen: 24
180.178.180.0/22 maxlen: 24
223.29.224.0/20 maxlen: 20
2401:4100::/32 maxlen: 32
2401:4100::/33 maxlen: 33
2401:4100:8000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2610 (0xa32)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7
Validity
Not Before: Apr 19 12:39:33 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=643fe104-e90b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:36:81:5b:a3:87:33:4f:a4:cc:8c:75:24:00:
52:fb:36:67:d3:3d:f0:a6:6c:39:33:cd:53:f8:a0:
07:cd:2d:aa:0e:92:a0:48:8c:91:fc:06:2a:f9:02:
18:e1:82:2d:c2:16:1e:09:da:21:f2:b8:73:94:b6:
ad:80:25:56:20:97:24:32:f3:10:1e:e3:e9:c0:55:
25:40:25:58:3b:f1:8b:c6:dc:50:28:99:00:74:7d:
9a:bb:73:c4:69:79:9b:f1:70:82:9c:e1:ef:50:6b:
19:05:ef:5f:1a:59:8c:e5:3e:59:64:50:97:e1:c1:
c6:22:88:f2:ca:dc:e9:c7:4e:06:17:2c:69:cd:25:
3f:a4:7b:53:4e:b4:ce:1e:0c:19:22:e0:48:69:97:
0f:5b:79:18:bb:82:2f:48:81:86:81:fd:be:6f:46:
da:c9:45:d7:0d:1e:8e:79:98:f8:29:c8:d1:09:ce:
60:86:b4:0b:e5:8f:f1:10:9c:50:46:91:fb:f3:1e:
6b:3d:c5:56:ed:15:1b:3e:20:dd:3e:a4:a4:fb:be:
bd:c6:ac:b1:c1:3b:86:3c:cc:76:ca:83:dc:fb:cf:
e8:4e:d6:bb:fa:50:e6:4b:79:7f:c8:f1:83:ea:a7:
26:b8:c4:35:f9:7b:d1:8b:8f:37:06:f0:6c:31:f3:
b6:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:1D:06:A3:F6:34:B4:C7:61:13:00:D9:CA:73:D7:70:50:E4:6F:B1
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/3BF9A228DEAF11EDB7B0C04EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
113.203.209.0/24
113.203.211.0-113.203.216.255
113.203.219.0/24
113.203.226.0/24
113.203.234.0-113.203.240.255
113.203.244.0/24
180.178.172.0/24
180.178.174.0/23
180.178.178.0/24
180.178.180.0/22
223.29.224.0/20
IPv6:
2401:4100::/32
Signature Algorithm: sha256WithRSAEncryption
27:48:11:f3:03:3d:4f:0f:9a:0f:8c:20:a7:92:e0:33:df:4b:
9a:7d:4d:66:c2:fa:f4:da:4e:2e:72:c1:33:bd:4a:08:52:b1:
7b:af:bb:ba:51:df:58:df:35:e8:5c:01:d8:c5:43:5f:4f:57:
34:8e:4b:35:3e:87:d3:a8:36:de:e1:d5:6e:97:0f:dc:13:4f:
3f:31:76:e5:24:83:8e:fc:ca:9e:23:f6:ce:97:43:7f:78:00:
8f:14:be:23:77:88:d0:5b:cb:e5:d7:83:52:01:0d:8d:49:4a:
73:58:b3:a0:3b:cb:0a:e2:83:db:02:09:b9:61:41:13:73:e8:
be:13:27:e5:3e:fb:69:0f:d7:c3:32:2f:80:61:c4:e4:82:dd:
e7:d7:a1:12:4b:65:65:ca:85:d4:b2:cf:a7:1b:f5:ec:fd:55:
2c:27:be:38:3b:3f:29:60:1d:c6:f4:eb:24:b4:a1:28:d3:f6:
af:b7:10:ec:a0:c1:f3:03:a5:48:85:7d:d4:76:74:38:fe:1c:
ef:21:14:df:35:4d:fe:c2:42:45:b7:0e:79:7e:dd:6d:8c:cf:
2e:85:71:cc:4e:da:a2:4f:e6:38:5d:70:6c:71:00:40:6e:da:
0e:3d:ab:a7:40:5d:b0:9e:55:cf:ba:78:88:80:5b:6a:30:22:
d9:24:e9:92
-----BEGIN CERTIFICATE-----
MIIFzDCCBLSgAwIBAgICCjIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwNDE5MTIzOTMzWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDNmZTEwNC1lOTBiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAujaBW6OHM0+kzIx1JABS+zZn0z3wpmw5M81T+KAHzS2qDpKgSIyR/AYq+QIY
4YItwhYeCdoh8rhzlLatgCVWIJckMvMQHuPpwFUlQCVYO/GLxtxQKJkAdH2au3PE
aXmb8XCCnOHvUGsZBe9fGlmM5T5ZZFCX4cHGIojyytzpx04GFyxpzSU/pHtTTrTO
HgwZIuBIaZcPW3kYu4IvSIGGgf2+b0bayUXXDR6OeZj4KcjRCc5ghrQL5Y/xEJxQ
RpH78x5rPcVW7RUbPiDdPqSk+769xqyxwTuGPMx2yoPc+8/oTta7+lDmS3l/yPGD
6qcmuMQ1+XvRi483BvBsMfO2zQIDAQABo4IC8DCCAuwwHQYDVR0OBBYEFHQdBqP2
NLTHYRMA2cpz13BQ5G+xMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvM0JGOUEyMjhE
RUFGMTFFREI3QjBDMDRFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwegYIKwYBBQUHAQcBAf8E
azBpMFgEAgABMFIDBABxy9EwDAMEAHHL0wMEAHHL2AMEAHHL2wMEAHHL4jAMAwQB
ccvqAwQAccvwAwQAccv0AwQAtLKsAwQBtLKuAwQAtLKyAwQCtLK0AwQE3x3gMA0E
AgACMAcDBQAkAUEAMA0GCSqGSIb3DQEBCwUAA4IBAQAnSBHzAz1PD5oPjCCnkuAz
30uafU1mwvr02k4ucsEzvUoIUrF7r7u6Ud9Y3zXoXAHYxUNfT1c0jks1PofTqDbe
4dVulw/cE08/MXblJIOO/MqeI/bOl0N/eACPFL4jd4jQW8vl14NSAQ2NSUpzWLOg
O8sK4oPbAgm5YUETc+i+EyflPvtpD9fDMi+AYcTkgt3n16ESS2VlyoXUss+nG/Xs
/VUsJ744Oz8pYB3G9OsktKEo0/avtxDsoMHzA6VIhX3UdnQ4/hzvIRTfNU3+wkJF
tw55ft1tjM8uhXHMTtqiT+Y4XXBscQBAbtoOPaunQF2wnlXPuniIgFtqMCLZJOmS
-----END CERTIFICATE-----
Generated at Sat Apr 12 08:17:31 2025 by rpki-client