Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/D74FECB8C24A11ED98FF7A6BC4F9AE02.roa
File: D74FECB8C24A11ED98FF7A6BC4F9AE02.roa (raw, json)
Hash identifier: wgoQ9wZsyM38PC82fAxkZg+8bVaHntkhtjNi7uJWKFE=
Subject key identifier: 3F:5C:7C:8F:D3:43:0C:81:FC:99:95:08:89:E5:B0:5E:6A:E2:A1:DD
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 09B1
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/D74FECB8C24A11ED98FF7A6BC4F9AE02.roa
Signing time: Tue 14 Mar 2023 09:30:22 +0000
ROA not before: Tue 14 Mar 2023 09:30:22 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 9387
IP address blocks: 103.11.60.0/22 maxlen: 22
103.11.60.0/24 maxlen: 24
103.11.62.0/24 maxlen: 24
113.203.209.0/24 maxlen: 24
113.203.211.0/24 maxlen: 24
113.203.212.0/24 maxlen: 24
113.203.213.0/24 maxlen: 24
113.203.214.0/23 maxlen: 24
113.203.216.0/24 maxlen: 24
113.203.217.0/24 maxlen: 24
113.203.219.0/24 maxlen: 24
113.203.223.0/24 maxlen: 24
113.203.224.0/24 maxlen: 24
113.203.225.0/24 maxlen: 24
113.203.226.0/24 maxlen: 24
113.203.234.0/24 maxlen: 24
113.203.235.0/24 maxlen: 24
113.203.236.0/24 maxlen: 24
113.203.237.0/24 maxlen: 24
113.203.238.0/24 maxlen: 24
113.203.239.0/24 maxlen: 24
113.203.240.0/24 maxlen: 24
113.203.243.0/24 maxlen: 24
113.203.244.0/24 maxlen: 24
113.203.246.0/24 maxlen: 24
180.178.128.0/21 maxlen: 21
180.178.128.0/22 maxlen: 22
180.178.128.0/24 maxlen: 24
180.178.129.0/24 maxlen: 24
180.178.132.0/24 maxlen: 24
180.178.133.0/24 maxlen: 24
180.178.134.0/24 maxlen: 24
180.178.135.0/24 maxlen: 24
180.178.136.0/21 maxlen: 21
180.178.137.0/24 maxlen: 24
180.178.138.0/24 maxlen: 24
180.178.139.0/24 maxlen: 24
180.178.144.0/24 maxlen: 24
180.178.149.0/24 maxlen: 24
180.178.160.0/20 maxlen: 20
180.178.160.0/24 maxlen: 24
180.178.161.0/24 maxlen: 24
180.178.172.0/24 maxlen: 24
180.178.174.0/24 maxlen: 24
180.178.175.0/24 maxlen: 24
180.178.178.0/24 maxlen: 24
180.178.180.0/22 maxlen: 24
180.178.184.0/22 maxlen: 22
223.29.224.0/20 maxlen: 20
223.29.224.0/24 maxlen: 24
2401:4100::/32 maxlen: 32
2401:4100::/33 maxlen: 33
2401:4100:8000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2481 (0x9b1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7
Validity
Not Before: Mar 14 09:30:22 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=64103ead-3159
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:a2:80:2c:53:5d:95:37:30:e4:86:a8:23:2e:
2e:e1:cc:2e:a2:33:4b:98:b6:c3:c4:f3:bc:fe:c8:
47:60:29:b8:22:61:30:03:02:76:ee:3c:1a:54:9a:
06:8d:0f:be:ca:a7:39:5c:68:37:3d:09:f4:36:55:
49:f0:7d:29:eb:59:b1:76:33:79:54:fd:84:3e:fd:
cb:95:73:63:8e:13:5f:99:58:68:1c:ca:e2:69:f1:
fd:f3:25:b8:f8:3d:f1:56:0d:e7:a5:be:47:32:ba:
0a:8f:31:b9:e6:5f:12:83:69:21:e6:ce:d6:8d:de:
79:d1:6a:a3:77:97:80:61:51:81:18:92:5f:fb:c6:
1c:37:47:72:4b:08:04:bc:fb:03:54:2d:8d:68:6b:
ff:fa:59:20:ec:cb:8e:a4:c6:82:9b:2b:de:47:1c:
a2:29:08:10:0b:df:f5:b5:a0:79:64:47:c9:dd:9c:
a9:89:67:db:1a:c3:39:d7:7f:8f:16:fc:ea:c6:0e:
35:97:db:d8:7a:3f:4c:ee:a1:7a:dc:c2:ba:e7:d8:
0a:7a:9c:f7:5c:b4:d2:1e:3d:27:19:0f:7f:83:67:
7d:89:1c:c9:ac:a8:89:0d:d5:45:6d:95:dd:0d:fe:
17:ac:d9:9e:3e:14:eb:c9:66:76:f9:06:d9:65:76:
ef:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:5C:7C:8F:D3:43:0C:81:FC:99:95:08:89:E5:B0:5E:6A:E2:A1:DD
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/D74FECB8C24A11ED98FF7A6BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.11.60.0/22
113.203.209.0/24
113.203.211.0-113.203.217.255
113.203.219.0/24
113.203.223.0-113.203.226.255
113.203.234.0-113.203.240.255
113.203.243.0-113.203.244.255
113.203.246.0/24
180.178.128.0-180.178.144.255
180.178.149.0/24
180.178.160.0/20
180.178.178.0/24
180.178.180.0-180.178.187.255
223.29.224.0/20
IPv6:
2401:4100::/32
Signature Algorithm: sha256WithRSAEncryption
37:ac:4a:b8:f7:78:cd:27:9c:9a:af:de:59:a2:38:45:d5:1d:
51:4f:57:9d:19:f7:9f:a8:71:f5:f5:ec:e6:18:55:dc:53:0b:
b4:15:62:af:c5:4b:fe:d6:a1:c3:f5:36:26:7b:61:97:3d:04:
79:08:88:df:25:b8:f2:ec:c3:a1:fc:77:99:cf:32:6e:ee:73:
ed:10:82:25:df:d2:97:de:0b:a8:b8:4b:06:55:69:ed:fb:dc:
76:53:f2:44:6e:52:a0:d0:47:56:cb:c8:bd:a6:88:19:01:d5:
da:c1:c8:36:b3:85:2f:82:27:26:e7:4d:fa:ff:f5:30:dd:c2:
82:31:b4:ce:35:88:b0:fe:22:84:70:3f:02:3c:34:7d:b5:9c:
b0:2b:c1:6a:d0:c2:28:de:f0:40:11:f4:22:89:54:f2:74:e4:
7e:14:91:d3:ff:6f:85:9c:dd:4d:b2:d7:77:5a:47:e3:0d:4f:
01:3d:bb:7c:23:de:e6:1b:5d:2e:e3:af:ec:61:43:0f:b0:01:
f8:5e:f6:a8:66:9a:f9:8a:71:26:95:35:b4:91:a8:33:05:a8:
6a:1e:d4:15:c9:a1:ba:34:20:5b:53:e6:9d:59:94:e0:22:03:
29:1e:5c:2d:bd:44:19:d9:00:be:b6:cf:61:5b:3a:5c:75:84:
d0:ac:78:f5
-----BEGIN CERTIFICATE-----
MIIGAzCCBOugAwIBAgICCbEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwMzE0MDkzMDIyWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDEwM2VhZC0zMTU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0aKALFNdlTcw5IaoIy4u4cwuojNLmLbDxPO8/shHYCm4ImEwAwJ27jwaVJoG
jQ++yqc5XGg3PQn0NlVJ8H0p61mxdjN5VP2EPv3LlXNjjhNfmVhoHMriafH98yW4
+D3xVg3npb5HMroKjzG55l8Sg2kh5s7Wjd550Wqjd5eAYVGBGJJf+8YcN0dySwgE
vPsDVC2NaGv/+lkg7MuOpMaCmyveRxyiKQgQC9/1taB5ZEfJ3ZypiWfbGsM513+P
Fvzqxg41l9vYej9M7qF63MK659gKepz3XLTSHj0nGQ9/g2d9iRzJrKiJDdVFbZXd
Df4XrNmePhTryWZ2+QbZZXbvAQIDAQABo4IDJzCCAyMwHQYDVR0OBBYEFD9cfI/T
QwyB/JmVCInlsF5q4qHdMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvRDc0RkVDQjhD
MjRBMTFFRDk4RkY3QTZCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgbAGCCsGAQUFBwEHAQH/
BIGgMIGdMIGLBAIAATCBhAMEAmcLPAMEAHHL0TAMAwQAccvTAwQBccvYAwQAccvb
MAwDBABxy98DBABxy+IwDAMEAXHL6gMEAHHL8DAMAwQAccvzAwQAccv0AwQAccv2
MAwDBAe0soADBAC0spADBAC0spUDBAS0sqADBAC0srIwDAMEArSytAMEArSyuAME
BN8d4DANBAIAAjAHAwUAJAFBADANBgkqhkiG9w0BAQsFAAOCAQEAN6xKuPd4zSec
mq/eWaI4RdUdUU9XnRn3n6hx9fXs5hhV3FMLtBVir8VL/tahw/U2Jnthlz0EeQiI
3yW48uzDofx3mc8ybu5z7RCCJd/Sl94LqLhLBlVp7fvcdlPyRG5SoNBHVsvIvaaI
GQHV2sHINrOFL4InJudN+v/1MN3CgjG0zjWIsP4ihHA/Ajw0fbWcsCvBatDCKN7w
QBH0IolU8nTkfhSR0/9vhZzdTbLXd1pH4w1PAT27fCPe5htdLuOv7GFDD7AB+F72
qGaa+YpxJpU1tJGoMwWoah7UFcmhujQgW1PmnVmU4CIDKR5cLb1EGdkAvrbPYVs6
XHWE0Kx49Q==
-----END CERTIFICATE-----
Generated at Sat Apr 12 08:03:37 2025 by rpki-client