Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/78F1AC18DDE011ED8FFE7366C4F9AE02.roa
File: 78F1AC18DDE011ED8FFE7366C4F9AE02.roa (raw, json)
Hash identifier: dL0q0xAlfOUftFbRkIoLXduqAcXgLCsh7Qj9DSIhOfY=
Subject key identifier: 2E:2E:B2:C3:8C:B4:3B:70:3B:06:DC:F4:E8:75:3E:C5:D3:1D:68:81
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 0A1B
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/78F1AC18DDE011ED8FFE7366C4F9AE02.roa
Signing time: Tue 18 Apr 2023 11:59:29 +0000
ROA not before: Tue 18 Apr 2023 11:59:29 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 9387
IP address blocks: 113.203.209.0/24 maxlen: 24
113.203.211.0/24 maxlen: 24
113.203.212.0/24 maxlen: 24
113.203.213.0/24 maxlen: 24
113.203.214.0/23 maxlen: 24
113.203.216.0/24 maxlen: 24
113.203.219.0/24 maxlen: 24
113.203.226.0/24 maxlen: 24
113.203.234.0/24 maxlen: 24
113.203.235.0/24 maxlen: 24
113.203.236.0/24 maxlen: 24
113.203.237.0/24 maxlen: 24
113.203.238.0/24 maxlen: 24
113.203.239.0/24 maxlen: 24
113.203.240.0/24 maxlen: 24
113.203.244.0/24 maxlen: 24
180.178.132.0/24 maxlen: 24
180.178.133.0/24 maxlen: 24
180.178.134.0/24 maxlen: 24
180.178.135.0/24 maxlen: 24
180.178.136.0/21 maxlen: 21
180.178.137.0/24 maxlen: 24
180.178.138.0/24 maxlen: 24
180.178.139.0/24 maxlen: 24
180.178.144.0/24 maxlen: 24
180.178.149.0/24 maxlen: 24
180.178.160.0/20 maxlen: 20
180.178.160.0/24 maxlen: 24
180.178.161.0/24 maxlen: 24
180.178.164.0/22 maxlen: 24
180.178.168.0/24 maxlen: 24
180.178.172.0/24 maxlen: 24
180.178.174.0/24 maxlen: 24
180.178.175.0/24 maxlen: 24
180.178.178.0/24 maxlen: 24
180.178.180.0/22 maxlen: 24
223.29.224.0/20 maxlen: 20
2401:4100::/32 maxlen: 32
2401:4100::/33 maxlen: 33
2401:4100:8000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2587 (0xa1b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7
Validity
Not Before: Apr 18 11:59:29 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=643e8621-790b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:cb:96:ad:27:08:a6:80:d3:54:47:74:d3:9b:
59:55:5a:24:44:bc:7a:78:7e:c1:b1:30:bb:e5:7a:
d5:e6:2f:fa:d0:f2:c6:a9:d3:c4:2a:34:c2:f2:27:
72:ad:b6:fb:03:db:29:f9:62:18:d3:58:a7:60:89:
7c:87:5a:c0:7f:b0:cb:9a:f9:5c:60:1f:bf:4c:88:
b1:8e:6b:6c:de:b8:2f:9a:9b:0c:af:61:e7:2b:ff:
99:07:fa:49:48:d2:73:ec:0f:e5:d4:05:cd:ec:a8:
2b:1f:33:f8:04:70:13:cb:cd:f6:65:7a:18:13:8b:
13:9e:8f:d7:0d:97:0a:3c:c2:97:6e:49:0a:0e:7a:
91:11:6f:8a:43:1d:80:a6:87:fd:39:82:8f:54:98:
c9:e2:30:48:68:3b:af:e3:5a:6f:6a:f2:8c:8b:7d:
75:55:ad:e9:45:dc:0a:15:13:d1:93:ee:b7:fd:4f:
70:44:58:c0:bd:95:49:a6:98:9f:b8:42:96:e3:d0:
cd:61:0b:83:83:c6:1d:50:81:be:b6:ef:a0:26:cf:
08:72:df:8a:35:55:bf:01:ad:34:c0:7c:04:fd:cd:
ae:0c:1c:ac:31:e0:83:0e:05:46:79:4a:8e:c1:2b:
6a:74:91:67:c4:12:80:f8:5d:d4:f4:d8:93:50:e2:
fb:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:2E:B2:C3:8C:B4:3B:70:3B:06:DC:F4:E8:75:3E:C5:D3:1D:68:81
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/78F1AC18DDE011ED8FFE7366C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
113.203.209.0/24
113.203.211.0-113.203.216.255
113.203.219.0/24
113.203.226.0/24
113.203.234.0-113.203.240.255
113.203.244.0/24
180.178.132.0-180.178.144.255
180.178.149.0/24
180.178.160.0/20
180.178.178.0/24
180.178.180.0/22
223.29.224.0/20
IPv6:
2401:4100::/32
Signature Algorithm: sha256WithRSAEncryption
06:76:52:60:3e:93:20:61:91:5c:49:fb:95:e7:19:be:da:85:
6d:de:e0:ac:0a:1f:91:a8:d5:ee:51:a0:58:1a:c2:fc:e3:b0:
e4:62:3c:21:9c:85:6c:9c:95:46:9f:6a:ca:3a:6e:c3:45:84:
cf:28:88:9b:76:07:fe:b3:8a:29:1f:ec:bc:d7:21:9f:12:3b:
75:68:88:58:75:e0:3c:40:b3:8c:2a:9e:09:48:ca:36:ec:9a:
07:25:7f:ff:94:38:b9:c9:d2:58:51:51:16:ce:54:e8:28:d0:
e8:ed:2f:a5:3b:cb:91:23:13:7d:15:cc:d7:4c:c7:f8:94:8c:
0d:ab:ac:4e:86:1d:86:b3:8d:86:98:ea:ff:24:46:44:ab:77:
c6:d7:f0:5d:91:dd:09:0e:84:37:2c:42:cb:e9:f8:16:b9:09:
bf:e1:fc:d1:0f:a4:50:f8:35:31:90:c6:51:01:08:38:ba:48:
91:e2:9e:48:61:6b:c7:ea:6b:d8:aa:14:46:39:be:7f:45:1c:
9a:6a:e4:26:b6:f6:ec:e5:47:f6:87:ef:9f:9e:35:90:83:5b:
13:ee:96:f4:9a:86:56:cc:02:5e:33:a8:67:8a:76:69:a6:7d:
bc:39:fc:e9:32:4a:d6:a1:dc:09:92:11:82:e1:ed:b0:6e:1a:
59:46:2e:a7
-----BEGIN CERTIFICATE-----
MIIF2zCCBMOgAwIBAgICChswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwNDE4MTE1OTI5WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDNlODYyMS03OTBiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6MuWrScIpoDTVEd005tZVVokRLx6eH7BsTC75XrV5i/60PLGqdPEKjTC8idy
rbb7A9sp+WIY01inYIl8h1rAf7DLmvlcYB+/TIixjmts3rgvmpsMr2HnK/+ZB/pJ
SNJz7A/l1AXN7KgrHzP4BHATy832ZXoYE4sTno/XDZcKPMKXbkkKDnqREW+KQx2A
pof9OYKPVJjJ4jBIaDuv41pvavKMi311Va3pRdwKFRPRk+63/U9wRFjAvZVJppif
uEKW49DNYQuDg8YdUIG+tu+gJs8Ict+KNVW/Aa00wHwE/c2uDBysMeCDDgVGeUqO
wStqdJFnxBKA+F3U9NiTUOL7IQIDAQABo4IC/zCCAvswHQYDVR0OBBYEFC4ussOM
tDtwOwbc9Oh1PsXTHWiBMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvNzhGMUFDMThE
REUwMTFFRDhGRkU3MzY2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgYgGCCsGAQUFBwEHAQH/
BHkwdzBmBAIAATBgAwQAccvRMAwDBABxy9MDBABxy9gDBABxy9sDBABxy+IwDAME
AXHL6gMEAHHL8AMEAHHL9DAMAwQCtLKEAwQAtLKQAwQAtLKVAwQEtLKgAwQAtLKy
AwQCtLK0AwQE3x3gMA0EAgACMAcDBQAkAUEAMA0GCSqGSIb3DQEBCwUAA4IBAQAG
dlJgPpMgYZFcSfuV5xm+2oVt3uCsCh+RqNXuUaBYGsL847DkYjwhnIVsnJVGn2rK
Om7DRYTPKIibdgf+s4opH+y81yGfEjt1aIhYdeA8QLOMKp4JSMo27JoHJX//lDi5
ydJYUVEWzlToKNDo7S+lO8uRIxN9FczXTMf4lIwNq6xOhh2Gs42GmOr/JEZEq3fG
1/Bdkd0JDoQ3LELL6fgWuQm/4fzRD6RQ+DUxkMZRAQg4ukiR4p5IYWvH6mvYqhRG
Ob5/RRyaauQmtvbs5Uf2h++fnjWQg1sT7pb0moZWzAJeM6hninZppn28OfzpMkrW
odwJkhGC4e2wbhpZRi6n
-----END CERTIFICATE-----
Generated at Sat Apr 12 06:08:54 2025 by rpki-client