Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/87E761C4DF7811EDACC0BD77C4F9AE02.roa
File: 87E761C4DF7811EDACC0BD77C4F9AE02.roa (raw, json)
Hash identifier: MSOD6NIXi090ciwFhd6kSAQU/Wn8KqW6GE9BH40vShw=
Subject key identifier: 1F:2F:FD:D5:5C:A0:F3:C3:60:81:09:00:6F:26:64:6C:9E:84:DA:4C
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 0A43
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/87E761C4DF7811EDACC0BD77C4F9AE02.roa
Signing time: Thu 20 Apr 2023 12:40:29 +0000
ROA not before: Thu 20 Apr 2023 12:40:29 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 7018
IP address blocks: 113.203.245.0/24 maxlen: 24
113.203.252.0/22 maxlen: 24
223.29.226.0/24 maxlen: 24
223.29.235.0/24 maxlen: 24
223.29.236.0/24 maxlen: 24
223.29.237.0/24 maxlen: 24
223.29.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2627 (0xa43)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7
Validity
Not Before: Apr 20 12:40:29 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=644132bd-e474
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:14:f0:fe:07:7d:aa:b2:ee:67:f5:34:25:9a:
cc:3d:eb:7e:29:d0:9a:98:d4:3c:78:eb:fe:f0:c2:
52:f3:80:50:6b:bb:50:a4:ba:e5:70:00:3a:d6:6f:
0f:ab:66:7f:35:6c:01:2c:42:e2:96:e3:3d:14:5c:
ce:b8:18:3d:0d:08:22:92:c9:0f:a8:8f:6b:48:da:
73:aa:01:34:82:d6:20:35:28:ed:3a:3c:7a:ce:ff:
00:f3:13:df:8a:20:e4:de:01:0e:d2:8b:c0:07:7d:
80:d8:6a:ce:36:6b:7a:c5:26:7f:ed:50:62:24:74:
7f:76:90:1b:c6:de:97:e8:4c:aa:3b:44:f6:d5:0c:
ec:21:56:23:39:64:6c:54:1f:08:26:64:b7:05:69:
df:13:db:d3:48:0f:80:60:6e:1b:a6:25:8b:4e:41:
17:9e:92:6e:8d:fe:d3:b5:55:17:2f:04:c0:53:44:
ab:40:02:8f:d3:ff:f9:a3:c2:fd:b1:ca:56:13:90:
9d:1b:01:1d:71:72:0f:d9:1e:02:ed:93:d9:1f:4a:
7e:6f:9b:b8:08:a3:1d:57:f3:83:d8:df:b0:0c:9f:
4a:73:47:bf:84:d2:59:f7:70:9d:ae:a5:4b:2c:b8:
f1:4b:27:b5:bb:e5:e3:a7:0f:06:ed:40:af:49:dd:
7e:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:2F:FD:D5:5C:A0:F3:C3:60:81:09:00:6F:26:64:6C:9E:84:DA:4C
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/87E761C4DF7811EDACC0BD77C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
113.203.245.0/24
113.203.252.0/22
223.29.226.0/24
223.29.235.0-223.29.238.255
Signature Algorithm: sha256WithRSAEncryption
0b:93:92:c9:d0:d5:78:e5:66:ac:dc:d4:a2:6a:54:8d:55:64:
fb:af:f8:c5:07:79:60:f8:0b:18:da:01:86:93:d9:48:98:0e:
e4:f0:a6:f8:33:34:9d:ed:d6:51:cc:46:c5:ad:04:51:74:94:
8e:93:1d:01:2d:b6:0e:d5:85:7a:dd:6b:e4:01:89:06:6f:5f:
0d:62:f4:8b:46:58:5d:80:50:70:00:48:31:74:b2:d7:2a:c8:
a2:30:77:62:3d:6a:c0:1c:75:59:7f:0f:7f:e5:c8:4a:74:24:
12:92:3e:fb:38:97:a6:76:6a:d8:e5:d4:8e:e6:b4:70:15:20:
b2:2b:34:00:97:e9:99:d3:95:d0:be:21:1e:e7:67:07:78:d1:
ab:19:ec:14:9a:4e:83:5b:d5:bf:f3:10:c3:db:b8:23:8b:9f:
0a:bd:1d:97:c2:43:0c:06:c8:57:57:c6:44:a0:21:a8:e0:7d:
6b:e0:0e:63:80:a9:96:c7:f1:4a:37:cd:f8:20:81:34:34:73:
6c:6a:c0:ef:7a:bf:49:46:f8:1e:d0:91:f7:6b:bb:9e:18:e4:
a1:55:67:c5:05:de:93:ba:85:14:ac:dd:e6:65:91:dc:2e:f1:
1b:ba:68:a2:2d:4a:98:25:8e:0a:eb:d3:84:9d:6a:ed:d6:eb:
c6:5c:62:2b
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICCkMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwNDIwMTI0MDI5WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDQxMzJiZC1lNDc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArxTw/gd9qrLuZ/U0JZrMPet+KdCamNQ8eOv+8MJS84BQa7tQpLrlcAA61m8P
q2Z/NWwBLELiluM9FFzOuBg9DQgikskPqI9rSNpzqgE0gtYgNSjtOjx6zv8A8xPf
iiDk3gEO0ovAB32A2GrONmt6xSZ/7VBiJHR/dpAbxt6X6EyqO0T21QzsIVYjOWRs
VB8IJmS3BWnfE9vTSA+AYG4bpiWLTkEXnpJujf7TtVUXLwTAU0SrQAKP0//5o8L9
scpWE5CdGwEdcXIP2R4C7ZPZH0p+b5u4CKMdV/OD2N+wDJ9Kc0e/hNJZ93CdrqVL
LLjxSye1u+Xjpw8G7UCvSd1+xwIDAQABo4ICrzCCAqswHQYDVR0OBBYEFB8v/dVc
oPPDYIEJAG8mZGyehNpMMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvODdFNzYxQzRE
Rjc4MTFFREFDQzBCRDc3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMCYEAgABMCADBABxy/UDBAJxy/wDBADfHeIwDAMEAN8d6wMEAN8d7jANBgkq
hkiG9w0BAQsFAAOCAQEAC5OSydDVeOVmrNzUompUjVVk+6/4xQd5YPgLGNoBhpPZ
SJgO5PCm+DM0ne3WUcxGxa0EUXSUjpMdAS22DtWFet1r5AGJBm9fDWL0i0ZYXYBQ
cABIMXSy1yrIojB3Yj1qwBx1WX8Pf+XISnQkEpI++ziXpnZq2OXUjua0cBUgsis0
AJfpmdOV0L4hHudnB3jRqxnsFJpOg1vVv/MQw9u4I4ufCr0dl8JDDAbIV1fGRKAh
qOB9a+AOY4CplsfxSjfN+CCBNDRzbGrA73q/SUb4HtCR92u7nhjkoVVnxQXek7qF
FKzd5mWR3C7xG7pooi1KmCWOCuvThJ1q7dbrxlxiKw==
-----END CERTIFICATE-----
Generated at Sat Apr 12 06:09:01 2025 by rpki-client