Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/95904B06C1A611ECBBCB0D82C4F9AE02.roa
File: 95904B06C1A611ECBBCB0D82C4F9AE02.roa (raw, json)
Hash identifier: l1Hfyux4ynnxI1eTokPQ+R52ut5nVYmz4Ad4OvgqSzk=
Subject key identifier: 0B:F5:13:D0:6A:97:5E:8D:AF:5B:7E:41:FB:B9:76:2D:E3:41:62:32
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 070E
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/95904B06C1A611ECBBCB0D82C4F9AE02.roa
Signing time: Thu 21 Apr 2022 19:09:36 +0000
ROA not before: Thu 21 Apr 2022 19:09:36 +0000
ROA not after: Thu 01 Dec 2022 00:00:00 +0000
asID: 9387
IP address blocks: 103.11.60.0/24 maxlen: 24
103.11.62.0/24 maxlen: 24
103.11.63.0/24 maxlen: 24
113.203.208.0/22 maxlen: 24
113.203.212.0/24 maxlen: 24
113.203.216.0/24 maxlen: 24
113.203.224.0/22 maxlen: 24
113.203.228.0/24 maxlen: 24
113.203.229.0/24 maxlen: 24
113.203.230.0/24 maxlen: 24
113.203.231.0/24 maxlen: 24
113.203.234.0/24 maxlen: 24
113.203.235.0/24 maxlen: 24
113.203.236.0/24 maxlen: 24
113.203.237.0/24 maxlen: 24
113.203.238.0/24 maxlen: 24
113.203.239.0/24 maxlen: 24
113.203.240.0/24 maxlen: 24
113.203.242.0/24 maxlen: 24
113.203.243.0/24 maxlen: 24
113.203.244.0/24 maxlen: 24
113.203.245.0/24 maxlen: 24
113.203.246.0/24 maxlen: 24
180.178.128.0/24 maxlen: 24
180.178.129.0/24 maxlen: 24
180.178.132.0/24 maxlen: 24
180.178.133.0/24 maxlen: 24
180.178.134.0/24 maxlen: 24
180.178.135.0/24 maxlen: 24
180.178.137.0/24 maxlen: 24
180.178.138.0/24 maxlen: 24
180.178.139.0/24 maxlen: 24
180.178.140.0/22 maxlen: 22
180.178.156.0/22 maxlen: 24
180.178.161.0/24 maxlen: 24
180.178.162.0/24 maxlen: 24
180.178.164.0/22 maxlen: 24
180.178.168.0/24 maxlen: 24
180.178.172.0/24 maxlen: 24
180.178.173.0/24 maxlen: 24
180.178.174.0/24 maxlen: 24
180.178.175.0/24 maxlen: 24
180.178.176.0/21 maxlen: 24
223.29.224.0/23 maxlen: 24
223.29.227.0/24 maxlen: 24
223.29.232.0/22 maxlen: 22
2401:4100::/33 maxlen: 33
2401:4100:8000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1806 (0x70e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7
Validity
Not Before: Apr 21 19:09:36 2022 GMT
Not After : Dec 1 00:00:00 2022 GMT
Subject: CN=6261abf0-51b5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:b3:0e:de:62:23:85:f0:41:a9:b1:83:ae:71:
76:ea:bf:c0:c7:09:7b:af:35:ed:5f:0e:eb:f0:6e:
10:0a:c2:55:5f:3d:9b:12:a4:28:84:4a:23:39:e7:
e1:c3:2e:93:9a:95:2f:c1:36:c7:91:1c:8b:bf:25:
a7:2a:f0:59:c9:1d:cd:19:54:e6:49:3f:62:8b:96:
59:3b:d1:5f:c1:3d:05:ef:54:5b:de:37:40:6e:66:
7f:82:54:86:24:b1:5c:01:2a:12:c9:6e:1f:e6:60:
b3:4f:42:66:a7:84:08:db:2c:ce:3f:ff:2d:4f:41:
c1:9d:95:83:ac:6f:8f:91:76:07:75:b9:d3:16:1d:
88:b0:46:e6:6f:11:2a:fa:a5:32:55:de:c4:96:45:
22:81:ef:a3:91:9a:f7:75:7d:72:0b:bf:33:98:a9:
bf:0a:0c:a3:f5:ee:95:02:e3:52:05:0e:8a:5d:6a:
ca:cc:15:76:e9:c2:d1:de:12:84:1c:32:68:e5:03:
91:ed:eb:9f:4e:b0:d9:90:16:04:21:0c:d4:35:c5:
d2:63:20:b6:8a:3d:f4:63:32:fc:9c:08:01:07:60:
54:99:44:96:88:67:09:1a:2b:bb:0f:ba:de:3d:bc:
68:4f:4f:3a:9b:e6:08:46:06:b0:68:d4:22:82:60:
d6:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:F5:13:D0:6A:97:5E:8D:AF:5B:7E:41:FB:B9:76:2D:E3:41:62:32
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/95904B06C1A611ECBBCB0D82C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.11.60.0/24
103.11.62.0/23
113.203.208.0-113.203.212.255
113.203.216.0/24
113.203.224.0/21
113.203.234.0-113.203.240.255
113.203.242.0-113.203.246.255
180.178.128.0/23
180.178.132.0/22
180.178.137.0-180.178.143.255
180.178.156.0/22
180.178.161.0-180.178.162.255
180.178.164.0-180.178.168.255
180.178.172.0-180.178.183.255
223.29.224.0/23
223.29.227.0/24
223.29.232.0/22
IPv6:
2401:4100::-2401:4100:8000:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
5a:6d:3e:06:e4:1d:4d:75:4e:6e:3e:6a:17:93:f3:8a:73:7b:
a2:5f:69:bd:fa:67:1b:c6:2e:ba:57:99:9d:65:b6:a2:74:fe:
91:00:6d:82:5f:65:37:5f:67:90:5e:bd:92:76:84:3d:8f:c9:
34:a4:45:2b:aa:2d:cc:60:b9:19:5a:5e:fd:29:a4:d5:82:2c:
91:46:2e:ff:a0:af:33:6a:49:00:2c:cc:8c:e1:54:54:ad:6f:
74:0d:94:db:23:0c:2b:44:b0:64:bb:82:f4:f5:bf:64:e7:3c:
78:f5:18:8f:11:5c:ef:7b:80:1c:a6:47:0d:64:24:16:4d:68:
52:ab:d9:6d:7c:b1:90:01:0c:11:45:e3:9e:e2:36:94:6a:29:
b3:26:cb:2d:31:d3:af:33:6a:fb:22:f4:65:0b:77:fe:af:57:
09:bf:83:fa:98:db:ae:6d:9f:cb:18:cd:9c:23:5c:6a:ca:d4:
fb:16:b1:de:34:a1:34:a8:09:48:a1:c6:f8:1e:0f:8c:79:ab:
1b:1f:47:94:d1:2f:47:8a:83:95:a5:e1:e1:ea:64:40:55:c9:
d1:62:dc:11:fa:26:d3:fc:20:37:32:bf:2b:a0:ee:45:3d:3f:
ee:ff:67:a8:22:c9:5b:97:77:cb:06:77:c0:68:b4:60:cf:b4:
4a:cf:73:f8
-----BEGIN CERTIFICATE-----
MIIGJzCCBQ+gAwIBAgICBw4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjIwNDIxMTkwOTM2WhcNMjIxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjYxYWJmMC01MWI1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAp7MO3mIjhfBBqbGDrnF26r/Axwl7rzXtXw7r8G4QCsJVXz2bEqQohEojOefh
wy6TmpUvwTbHkRyLvyWnKvBZyR3NGVTmST9ii5ZZO9FfwT0F71Rb3jdAbmZ/glSG
JLFcASoSyW4f5mCzT0Jmp4QI2yzOP/8tT0HBnZWDrG+PkXYHdbnTFh2IsEbmbxEq
+qUyVd7ElkUige+jkZr3dX1yC78zmKm/Cgyj9e6VAuNSBQ6KXWrKzBV26cLR3hKE
HDJo5QOR7eufTrDZkBYEIQzUNcXSYyC2ij30YzL8nAgBB2BUmUSWiGcJGiu7D7re
PbxoT086m+YIRgawaNQigmDWpQIDAQABo4IDSzCCA0cwHQYDVR0OBBYEFAv1E9Bq
l16Nr1t+Qfu5di3jQWIyMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvOTU5MDRCMDZD
MUE2MTFFQ0JCQ0IwRDgyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgdQGCCsGAQUFBwEHAQH/
BIHEMIHBMIGlBAIAATCBngMEAGcLPAMEAWcLPjAMAwQEccvQAwQAccvUAwQAccvY
AwQDccvgMAwDBAFxy+oDBABxy/AwDAMEAXHL8gMEAHHL9gMEAbSygAMEArSyhDAM
AwQAtLKJAwQEtLKAAwQCtLKcMAwDBAC0sqEDBAC0sqIwDAMEArSypAMEALSyqDAM
AwQCtLKsAwQDtLKwAwQB3x3gAwQA3x3jAwQC3x3oMBcEAgACMBEwDwMEACQBQQMH
ACQBQQCAADANBgkqhkiG9w0BAQsFAAOCAQEAWm0+BuQdTXVObj5qF5PzinN7ol9p
vfpnG8YuuleZnWW2onT+kQBtgl9lN19nkF69knaEPY/JNKRFK6otzGC5GVpe/Smk
1YIskUYu/6CvM2pJACzMjOFUVK1vdA2U2yMMK0SwZLuC9PW/ZOc8ePUYjxFc73uA
HKZHDWQkFk1oUqvZbXyxkAEMEUXjnuI2lGopsybLLTHTrzNq+yL0ZQt3/q9XCb+D
+pjbrm2fyxjNnCNcasrU+xax3jShNKgJSKHG+B4PjHmrGx9HlNEvR4qDlaXh4epk
QFXJ0WLcEfom0/wgNzK/K6DuRT0/7v9nqCLJW5d3ywZ3wGi0YM+0Ss9z+A==
-----END CERTIFICATE-----
Generated at Sat Apr 12 09:00:47 2025 by rpki-client