Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/4788CC6AA6F911ED9412F928C4F9AE02.roa
File: 4788CC6AA6F911ED9412F928C4F9AE02.roa (raw, json)
Hash identifier: HDFXPKc0Coh7i5dAtRJK6RUGDN+4CAvPlw4XjuLsFfc=
Subject key identifier: 0F:43:EC:7E:03:82:AC:71:7A:9A:19:6A:59:00:4E:A2:E5:8D:AB:B4
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 0977
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/4788CC6AA6F911ED9412F928C4F9AE02.roa
Signing time: Tue 07 Feb 2023 17:48:21 +0000
ROA not before: Tue 07 Feb 2023 17:48:21 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 9387
IP address blocks: 103.11.60.0/24 maxlen: 24
103.11.61.0/24 maxlen: 24
103.11.62.0/24 maxlen: 24
113.203.209.0/24 maxlen: 24
113.203.210.0/24 maxlen: 24
113.203.211.0/24 maxlen: 24
113.203.212.0/24 maxlen: 24
113.203.213.0/24 maxlen: 24
113.203.214.0/23 maxlen: 24
113.203.216.0/24 maxlen: 24
113.203.217.0/24 maxlen: 24
113.203.218.0/23 maxlen: 24
113.203.220.0/24 maxlen: 24
113.203.222.0/24 maxlen: 24
113.203.223.0/24 maxlen: 24
113.203.224.0/22 maxlen: 22
113.203.228.0/24 maxlen: 24
113.203.229.0/24 maxlen: 24
113.203.231.0/24 maxlen: 24
113.203.233.0/24 maxlen: 24
113.203.234.0/24 maxlen: 24
113.203.235.0/24 maxlen: 24
113.203.236.0/24 maxlen: 24
113.203.237.0/24 maxlen: 24
113.203.238.0/24 maxlen: 24
113.203.239.0/24 maxlen: 24
113.203.240.0/24 maxlen: 24
113.203.243.0/24 maxlen: 24
113.203.244.0/24 maxlen: 24
113.203.245.0/24 maxlen: 24
113.203.246.0/24 maxlen: 24
113.203.252.0/22 maxlen: 22
180.178.128.0/24 maxlen: 24
180.178.129.0/24 maxlen: 24
180.178.132.0/24 maxlen: 24
180.178.133.0/24 maxlen: 24
180.178.134.0/24 maxlen: 24
180.178.135.0/24 maxlen: 24
180.178.137.0/24 maxlen: 24
180.178.138.0/24 maxlen: 24
180.178.139.0/24 maxlen: 24
180.178.144.0/24 maxlen: 24
180.178.149.0/24 maxlen: 24
180.178.151.0/24 maxlen: 24
180.178.160.0/24 maxlen: 24
180.178.161.0/24 maxlen: 24
180.178.162.0/24 maxlen: 24
180.178.172.0/24 maxlen: 24
180.178.173.0/24 maxlen: 24
180.178.174.0/24 maxlen: 24
180.178.175.0/24 maxlen: 24
180.178.176.0/24 maxlen: 24
180.178.177.0/24 maxlen: 24
180.178.179.0/24 maxlen: 24
180.178.180.0/22 maxlen: 24
180.178.184.0/22 maxlen: 22
223.29.224.0/24 maxlen: 24
223.29.232.0/22 maxlen: 22
223.29.236.0/24 maxlen: 24
223.29.237.0/24 maxlen: 24
223.29.238.0/24 maxlen: 24
223.29.239.0/24 maxlen: 24
2401:4100::/33 maxlen: 33
2401:4100:8000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2423 (0x977)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7
Validity
Not Before: Feb 7 17:48:21 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=63e28ee4-e673
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:7f:e5:0b:5a:ea:2b:f5:c6:54:15:41:23:47:
d6:56:5d:9b:0c:f4:08:3f:62:df:b4:9f:ee:9c:b1:
b7:ce:22:26:36:73:09:dc:ab:14:a5:02:05:00:d3:
b5:15:33:bd:b0:81:63:9e:65:98:d0:28:42:1c:70:
39:d8:89:db:38:63:91:7a:3f:5d:44:74:ef:95:8a:
db:ea:29:a9:24:ef:d3:9d:a3:16:b0:2b:ab:18:78:
9d:25:d3:94:61:f7:8c:a6:55:50:dc:d3:d4:13:89:
63:30:91:23:4e:05:46:6c:a8:49:50:1e:eb:4f:d0:
a3:4d:23:0d:31:ed:df:9e:c4:5e:ea:2d:47:19:e2:
00:45:39:3e:4e:69:b7:14:05:12:17:e0:97:e4:d1:
ef:bf:9d:16:3d:7a:73:63:ce:62:4b:0f:0f:c4:0f:
f0:8f:22:29:6c:12:26:19:e3:9e:12:fc:63:c5:2a:
aa:8d:fb:25:85:c3:53:9c:f2:10:6b:2b:b9:2c:ee:
75:94:54:4d:0b:fa:b7:72:e9:aa:b4:c1:06:b5:cf:
d5:06:a0:2e:48:db:c7:00:0c:68:05:93:84:99:cf:
32:67:4d:ab:b4:5f:b3:6f:ce:a8:2b:76:1d:e0:6d:
cb:fa:aa:52:c7:d7:f2:e7:f8:6f:c1:a4:45:15:f1:
6c:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:43:EC:7E:03:82:AC:71:7A:9A:19:6A:59:00:4E:A2:E5:8D:AB:B4
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/4788CC6AA6F911ED9412F928C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.11.60.0-103.11.62.255
113.203.209.0-113.203.220.255
113.203.222.0-113.203.229.255
113.203.231.0/24
113.203.233.0-113.203.240.255
113.203.243.0-113.203.246.255
113.203.252.0/22
180.178.128.0/23
180.178.132.0/22
180.178.137.0-180.178.139.255
180.178.144.0/24
180.178.149.0/24
180.178.151.0/24
180.178.160.0-180.178.162.255
180.178.172.0-180.178.177.255
180.178.179.0-180.178.187.255
223.29.224.0/24
223.29.232.0/21
IPv6:
2401:4100::-2401:4100:8000:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
65:04:be:73:83:49:a6:57:5e:78:2e:55:e8:34:7e:c3:75:d6:
2c:65:a7:55:44:86:dc:22:58:fb:47:64:65:cf:18:8a:91:05:
8e:28:1b:8d:a8:d5:04:b1:64:2b:cd:bc:aa:82:e5:6c:9b:0c:
f4:72:ad:d8:1e:2d:2d:61:0b:65:90:2a:db:32:03:33:2a:94:
3f:c4:f0:ca:2a:d1:6a:bf:d9:51:c7:4b:7b:d5:f5:b3:43:bb:
04:d9:ed:e4:95:59:02:12:fc:dd:c0:23:1a:2a:0c:13:e8:c4:
9a:c0:72:bb:b8:60:9f:0d:42:7f:5e:92:3a:ee:8f:85:2b:85:
05:a0:c9:6e:2f:d9:02:f7:2c:97:e3:20:51:e6:a9:cc:09:92:
cb:84:b9:60:da:ff:df:c1:b9:b8:84:79:eb:e6:ef:c5:92:59:
6c:49:6d:51:31:7d:f6:5a:29:11:5f:1d:d4:17:98:cc:e4:78:
2b:98:41:5d:61:9a:7f:d7:94:31:1c:9d:6c:ae:4e:72:8a:09:
c5:52:83:8f:0b:5a:d9:c1:58:2c:8a:a0:65:45:e2:7a:e6:57:
0a:7b:35:eb:a2:d1:6d:03:a1:42:1a:43:27:93:04:7b:04:ef:
a7:43:0c:95:2c:d1:5b:6d:ec:97:cd:35:12:c8:55:56:40:f2:
de:4d:c3:f1
-----BEGIN CERTIFICATE-----
MIIGPTCCBSWgAwIBAgICCXcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwMjA3MTc0ODIxWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2UyOGVlNC1lNjczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyX/lC1rqK/XGVBVBI0fWVl2bDPQIP2LftJ/unLG3ziImNnMJ3KsUpQIFANO1
FTO9sIFjnmWY0ChCHHA52InbOGORej9dRHTvlYrb6impJO/TnaMWsCurGHidJdOU
YfeMplVQ3NPUE4ljMJEjTgVGbKhJUB7rT9CjTSMNMe3fnsRe6i1HGeIARTk+Tmm3
FAUSF+CX5NHvv50WPXpzY85iSw8PxA/wjyIpbBImGeOeEvxjxSqqjfslhcNTnPIQ
ayu5LO51lFRNC/q3cumqtMEGtc/VBqAuSNvHAAxoBZOEmc8yZ02rtF+zb86oK3Yd
4G3L+qpSx9fy5/hvwaRFFfFsewIDAQABo4IDYTCCA10wHQYDVR0OBBYEFA9D7H4D
gqxxepoZalkATqLljau0MB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvNDc4OENDNkFB
NkY5MTFFRDk0MTJGOTI4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgeoGCCsGAQUFBwEHAQH/
BIHaMIHXMIG7BAIAATCBtDAMAwQCZws8AwQAZws+MAwDBABxy9EDBABxy9wwDAME
AXHL3gMEAXHL5AMEAHHL5zAMAwQAccvpAwQAccvwMAwDBABxy/MDBABxy/YDBAJx
y/wDBAG0soADBAK0soQwDAMEALSyiQMEArSyiAMEALSykAMEALSylQMEALSylzAM
AwQFtLKgAwQAtLKiMAwDBAK0sqwDBAG0srAwDAMEALSyswMEArSyuAMEAN8d4AME
A98d6DAXBAIAAjARMA8DBAAkAUEDBwAkAUEAgAAwDQYJKoZIhvcNAQELBQADggEB
AGUEvnODSaZXXnguVeg0fsN11ixlp1VEhtwiWPtHZGXPGIqRBY4oG42o1QSxZCvN
vKqC5WybDPRyrdgeLS1hC2WQKtsyAzMqlD/E8Moq0Wq/2VHHS3vV9bNDuwTZ7eSV
WQIS/N3AIxoqDBPoxJrAcru4YJ8NQn9ekjruj4UrhQWgyW4v2QL3LJfjIFHmqcwJ
ksuEuWDa/9/BubiEeevm78WSWWxJbVExffZaKRFfHdQXmMzkeCuYQV1hmn/XlDEc
nWyuTnKKCcVSg48LWtnBWCyKoGVF4nrmVwp7Neui0W0DoUIaQyeTBHsE76dDDJUs
0Vtt7JfNNRLIVVZA8t5Nw/E=
-----END CERTIFICATE-----
Generated at Sat Apr 12 09:00:48 2025 by rpki-client