Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/8B0212A4A6DA11EDAC813B4AC4F9AE02.roa
File: 8B0212A4A6DA11EDAC813B4AC4F9AE02.roa (raw, json)
Hash identifier: ne7/a0x947px5SogRQya0AMqWxhMihZspHMA4mnPspk=
Subject key identifier: AE:CE:D7:B3:45:61:31:42:24:A6:2B:ED:59:26:BC:F5:D6:21:6F:C1
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 0970
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/8B0212A4A6DA11EDAC813B4AC4F9AE02.roa
Signing time: Tue 07 Feb 2023 11:28:28 +0000
ROA not before: Tue 07 Feb 2023 11:28:28 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 9387
IP address blocks: 103.11.60.0/24 maxlen: 24
103.11.61.0/24 maxlen: 24
103.11.62.0/24 maxlen: 24
113.203.208.0/22 maxlen: 24
113.203.212.0/24 maxlen: 24
113.203.213.0/24 maxlen: 24
113.203.214.0/23 maxlen: 24
113.203.216.0/24 maxlen: 24
113.203.217.0/24 maxlen: 24
113.203.218.0/23 maxlen: 24
113.203.220.0/24 maxlen: 24
113.203.222.0/24 maxlen: 24
113.203.223.0/24 maxlen: 24
113.203.224.0/22 maxlen: 22
113.203.228.0/24 maxlen: 24
113.203.229.0/24 maxlen: 24
113.203.231.0/24 maxlen: 24
113.203.233.0/24 maxlen: 24
113.203.234.0/24 maxlen: 24
113.203.235.0/24 maxlen: 24
113.203.236.0/24 maxlen: 24
113.203.237.0/24 maxlen: 24
113.203.238.0/24 maxlen: 24
113.203.239.0/24 maxlen: 24
113.203.240.0/24 maxlen: 24
113.203.243.0/24 maxlen: 24
113.203.244.0/24 maxlen: 24
113.203.245.0/24 maxlen: 24
113.203.246.0/24 maxlen: 24
113.203.252.0/22 maxlen: 22
180.178.128.0/24 maxlen: 24
180.178.129.0/24 maxlen: 24
180.178.132.0/24 maxlen: 24
180.178.133.0/24 maxlen: 24
180.178.134.0/24 maxlen: 24
180.178.135.0/24 maxlen: 24
180.178.137.0/24 maxlen: 24
180.178.138.0/24 maxlen: 24
180.178.139.0/24 maxlen: 24
180.178.144.0/24 maxlen: 24
180.178.149.0/24 maxlen: 24
180.178.151.0/24 maxlen: 24
180.178.160.0/24 maxlen: 24
180.178.161.0/24 maxlen: 24
180.178.162.0/24 maxlen: 24
180.178.172.0/24 maxlen: 24
180.178.173.0/24 maxlen: 24
180.178.174.0/24 maxlen: 24
180.178.175.0/24 maxlen: 24
180.178.176.0/24 maxlen: 24
180.178.177.0/24 maxlen: 24
180.178.179.0/24 maxlen: 24
180.178.180.0/22 maxlen: 24
180.178.184.0/22 maxlen: 22
223.29.224.0/24 maxlen: 24
223.29.232.0/22 maxlen: 22
223.29.236.0/24 maxlen: 24
223.29.237.0/24 maxlen: 24
223.29.238.0/24 maxlen: 24
223.29.239.0/24 maxlen: 24
2401:4100::/33 maxlen: 33
2401:4100:8000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2416 (0x970)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7
Validity
Not Before: Feb 7 11:28:28 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=63e235dc-ba31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:d0:9d:5f:b2:c3:90:be:bc:a1:3b:d0:8e:47:
c9:d4:43:05:f0:d6:a3:fd:16:62:1e:6f:26:c5:d3:
59:59:31:c9:ea:58:77:69:33:cb:af:7f:8c:39:79:
bb:59:df:b0:59:bd:df:d8:0d:82:44:45:58:4a:5b:
a2:9f:d9:35:e4:48:97:6e:38:a2:bb:63:91:98:c8:
34:8f:2d:f6:77:da:a7:e3:d9:74:20:59:83:3e:36:
f6:09:d3:02:af:e7:ef:cc:5d:58:be:64:3c:b2:70:
15:24:5e:e7:53:78:a5:df:cc:11:8a:83:13:3d:ab:
02:a0:89:83:36:7e:34:41:94:41:2b:95:ea:79:e2:
92:07:fd:bb:19:b1:42:bf:49:ce:ff:96:ad:5e:49:
a6:c7:a3:af:19:b9:b0:d7:a1:15:32:12:ae:7d:f6:
c7:57:7b:04:26:61:70:bd:59:bd:01:b2:81:16:8b:
ac:cf:14:74:f6:d0:a2:1c:8f:86:93:6e:78:b8:9c:
2a:42:8d:2e:86:05:e4:55:c5:a4:ea:58:5b:96:46:
64:36:c8:6e:58:32:a5:f5:98:4a:c3:8e:30:5d:cf:
ff:ab:ad:60:86:7b:7c:2d:6d:b3:5f:b8:36:21:f1:
3f:6d:6d:d9:30:58:ed:d1:7a:21:e2:9e:93:2c:b6:
66:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:CE:D7:B3:45:61:31:42:24:A6:2B:ED:59:26:BC:F5:D6:21:6F:C1
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/8B0212A4A6DA11EDAC813B4AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.11.60.0-103.11.62.255
113.203.208.0-113.203.220.255
113.203.222.0-113.203.229.255
113.203.231.0/24
113.203.233.0-113.203.240.255
113.203.243.0-113.203.246.255
113.203.252.0/22
180.178.128.0/23
180.178.132.0/22
180.178.137.0-180.178.139.255
180.178.144.0/24
180.178.149.0/24
180.178.151.0/24
180.178.160.0-180.178.162.255
180.178.172.0-180.178.177.255
180.178.179.0-180.178.187.255
223.29.224.0/24
223.29.232.0/21
IPv6:
2401:4100::-2401:4100:8000:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
a3:6f:92:0d:fb:20:c9:a6:e2:9b:ab:46:31:8f:91:c3:8c:5e:
1c:2f:4a:02:73:f8:ff:7d:08:8f:c5:dd:f8:98:dd:4b:71:f2:
69:f1:d5:ea:0b:94:51:42:ba:a4:17:6f:6f:67:13:dd:e6:8f:
8e:78:4e:f3:5a:e6:9e:cb:9a:e7:56:d5:9a:4f:1b:81:46:6e:
6d:68:22:96:61:70:51:a6:5d:41:31:da:78:82:f2:7c:cd:33:
dc:b7:e9:01:1e:16:dd:8c:98:fe:25:7d:b4:25:d4:94:8c:dd:
12:cd:6c:00:47:5d:4f:97:3d:51:5e:60:56:77:c7:3c:c4:14:
67:53:17:c9:fd:f7:ad:ac:8b:eb:9d:6a:ae:db:44:aa:57:dd:
04:a6:ab:7b:3a:01:f7:b2:65:2f:53:b1:72:60:3a:ee:29:34:
36:90:eb:92:aa:3b:b4:76:9a:36:c0:67:ef:bc:ee:55:1c:88:
26:18:f2:3b:22:03:ff:b5:18:4c:39:75:c4:e4:52:dd:06:8f:
2f:15:c0:fa:d5:a8:8e:9b:15:db:94:da:99:0a:4e:dc:61:62:
87:b4:66:d2:32:ed:02:59:1a:17:a9:f5:f1:75:9e:1a:95:ae:
a9:d1:65:54:cf:bb:70:2d:19:2e:54:b6:2e:1a:c5:de:49:79:
17:cc:27:81
-----BEGIN CERTIFICATE-----
MIIGPTCCBSWgAwIBAgICCXAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwMjA3MTEyODI4WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2UyMzVkYy1iYTMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtNCdX7LDkL68oTvQjkfJ1EMF8Naj/RZiHm8mxdNZWTHJ6lh3aTPLr3+MOXm7
Wd+wWb3f2A2CREVYSluin9k15EiXbjiiu2ORmMg0jy32d9qn49l0IFmDPjb2CdMC
r+fvzF1YvmQ8snAVJF7nU3il38wRioMTPasCoImDNn40QZRBK5XqeeKSB/27GbFC
v0nO/5atXkmmx6OvGbmw16EVMhKuffbHV3sEJmFwvVm9AbKBFouszxR09tCiHI+G
k254uJwqQo0uhgXkVcWk6lhblkZkNshuWDKl9ZhKw44wXc//q61ghnt8LW2zX7g2
IfE/bW3ZMFjt0Xoh4p6TLLZm5QIDAQABo4IDYTCCA10wHQYDVR0OBBYEFK7O17NF
YTFCJKYr7VkmvPXWIW/BMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvOEIwMjEyQTRB
NkRBMTFFREFDODEzQjRBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgeoGCCsGAQUFBwEHAQH/
BIHaMIHXMIG7BAIAATCBtDAMAwQCZws8AwQAZws+MAwDBARxy9ADBABxy9wwDAME
AXHL3gMEAXHL5AMEAHHL5zAMAwQAccvpAwQAccvwMAwDBABxy/MDBABxy/YDBAJx
y/wDBAG0soADBAK0soQwDAMEALSyiQMEArSyiAMEALSykAMEALSylQMEALSylzAM
AwQFtLKgAwQAtLKiMAwDBAK0sqwDBAG0srAwDAMEALSyswMEArSyuAMEAN8d4AME
A98d6DAXBAIAAjARMA8DBAAkAUEDBwAkAUEAgAAwDQYJKoZIhvcNAQELBQADggEB
AKNvkg37IMmm4purRjGPkcOMXhwvSgJz+P99CI/F3fiY3Utx8mnx1eoLlFFCuqQX
b29nE93mj454TvNa5p7LmudW1ZpPG4FGbm1oIpZhcFGmXUEx2niC8nzNM9y36QEe
Ft2MmP4lfbQl1JSM3RLNbABHXU+XPVFeYFZ3xzzEFGdTF8n9962si+udaq7bRKpX
3QSmq3s6AfeyZS9TsXJgOu4pNDaQ65KqO7R2mjbAZ++87lUciCYY8jsiA/+1GEw5
dcTkUt0Gjy8VwPrVqI6bFduU2pkKTtxhYoe0ZtIy7QJZGhep9fF1nhqVrqnRZVTP
u3AtGS5Uti4axd5JeRfMJ4E=
-----END CERTIFICATE-----
Generated at Sat Apr 12 06:08:43 2025 by rpki-client