Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/E52325C6B13811ED86A1122FC4F9AE02.roa
File: E52325C6B13811ED86A1122FC4F9AE02.roa (raw, json)
Hash identifier: CvlzIMOJlsAaUpGGb4pKTSlvuQT1e9AeHY/azm3xGl4=
Subject key identifier: B2:DE:8D:75:9F:0A:C2:CB:0E:A4:42:29:D1:CF:E6:5A:69:5A:96:99
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 0993
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/E52325C6B13811ED86A1122FC4F9AE02.roa
Signing time: Mon 20 Feb 2023 16:09:04 +0000
ROA not before: Mon 20 Feb 2023 16:09:04 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 9387
IP address blocks: 103.11.60.0/24 maxlen: 24
103.11.62.0/24 maxlen: 24
113.203.209.0/24 maxlen: 24
113.203.211.0/24 maxlen: 24
113.203.212.0/24 maxlen: 24
113.203.213.0/24 maxlen: 24
113.203.214.0/23 maxlen: 24
113.203.216.0/24 maxlen: 24
113.203.217.0/24 maxlen: 24
113.203.219.0/24 maxlen: 24
113.203.223.0/24 maxlen: 24
113.203.224.0/24 maxlen: 24
113.203.225.0/24 maxlen: 24
113.203.226.0/24 maxlen: 24
113.203.234.0/24 maxlen: 24
113.203.235.0/24 maxlen: 24
113.203.236.0/24 maxlen: 24
113.203.237.0/24 maxlen: 24
113.203.238.0/24 maxlen: 24
113.203.239.0/24 maxlen: 24
113.203.240.0/24 maxlen: 24
113.203.243.0/24 maxlen: 24
113.203.244.0/24 maxlen: 24
113.203.246.0/24 maxlen: 24
180.178.128.0/24 maxlen: 24
180.178.129.0/24 maxlen: 24
180.178.132.0/24 maxlen: 24
180.178.133.0/24 maxlen: 24
180.178.134.0/24 maxlen: 24
180.178.135.0/24 maxlen: 24
180.178.137.0/24 maxlen: 24
180.178.138.0/24 maxlen: 24
180.178.139.0/24 maxlen: 24
180.178.144.0/24 maxlen: 24
180.178.149.0/24 maxlen: 24
180.178.160.0/24 maxlen: 24
180.178.161.0/24 maxlen: 24
180.178.172.0/24 maxlen: 24
180.178.174.0/24 maxlen: 24
180.178.175.0/24 maxlen: 24
180.178.180.0/22 maxlen: 24
180.178.184.0/22 maxlen: 22
223.29.224.0/24 maxlen: 24
223.29.236.0/24 maxlen: 24
223.29.237.0/24 maxlen: 24
223.29.238.0/24 maxlen: 24
223.29.239.0/24 maxlen: 24
2401:4100::/33 maxlen: 33
2401:4100:8000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2451 (0x993)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7
Validity
Not Before: Feb 20 16:09:04 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=63f39b20-538b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:3b:ba:9f:6f:f4:64:cb:06:be:73:04:1f:e1:
a6:f7:2a:da:eb:3d:c4:fb:a9:77:af:e9:de:ed:e8:
c8:47:1b:39:cf:d3:47:fd:81:13:74:50:43:1e:f1:
66:03:cf:12:68:f8:e2:71:fa:24:33:eb:57:17:ce:
6c:c3:07:37:ab:ac:2c:b9:d1:2f:44:00:3a:e3:70:
55:99:e6:1d:5a:7b:8b:c6:80:ef:75:5f:8d:48:77:
1b:98:f8:87:65:10:f4:86:35:f1:4a:23:0d:af:7b:
c1:ba:d0:de:23:13:44:31:8c:72:69:58:d8:44:7c:
e3:a9:45:f8:ae:32:77:22:f0:8c:d0:c9:24:47:67:
b0:56:27:70:be:7d:94:ae:f8:cf:36:2c:1f:7b:b4:
36:c2:8b:40:6a:16:47:35:c6:bd:b2:27:39:c5:13:
c6:72:7c:97:3a:55:63:e8:56:c0:a7:33:b5:01:63:
df:d7:bc:17:86:42:fa:12:16:31:ec:55:ae:9c:19:
5b:84:a1:a0:77:07:9e:d2:03:f6:67:98:ea:07:be:
1c:2e:a1:52:74:5f:ae:e2:b7:25:03:3a:17:ad:bb:
9f:10:da:af:0c:4b:d5:d1:4f:64:56:80:7d:e6:50:
f1:25:97:a1:17:19:a1:88:d2:d3:7f:92:70:d6:07:
a5:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:DE:8D:75:9F:0A:C2:CB:0E:A4:42:29:D1:CF:E6:5A:69:5A:96:99
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/E52325C6B13811ED86A1122FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.11.60.0/24
103.11.62.0/24
113.203.209.0/24
113.203.211.0-113.203.217.255
113.203.219.0/24
113.203.223.0-113.203.226.255
113.203.234.0-113.203.240.255
113.203.243.0-113.203.244.255
113.203.246.0/24
180.178.128.0/23
180.178.132.0/22
180.178.137.0-180.178.139.255
180.178.144.0/24
180.178.149.0/24
180.178.160.0/23
180.178.172.0/24
180.178.174.0/23
180.178.180.0-180.178.187.255
223.29.224.0/24
223.29.236.0/22
IPv6:
2401:4100::-2401:4100:8000:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
7a:e7:3a:30:c8:89:d4:89:23:4a:21:4a:3c:e9:e2:a9:47:ea:
43:f4:48:5e:8c:ab:9b:88:63:2f:df:7f:dc:e2:cf:6b:95:ea:
19:b7:e8:31:ed:f8:65:bf:0f:2d:d6:81:e3:02:9a:49:e8:46:
e8:30:6e:3c:95:65:67:a5:3d:9e:53:25:33:28:bb:bb:07:a1:
c9:21:4e:d4:8b:4c:1c:05:10:b2:71:3d:cf:55:5c:6f:4e:7c:
7e:dd:81:7b:95:2f:72:31:b0:a6:d8:e3:dc:7c:0a:0d:69:ca:
2a:5c:1b:5a:fc:93:19:08:8c:db:01:8e:68:b7:0e:b1:ef:9a:
c2:aa:9c:a5:d0:9d:b8:ef:39:c7:2d:35:52:8e:c6:99:62:c3:
9c:c5:30:b5:fa:87:58:9e:de:0f:7f:b5:b7:d7:69:bc:15:85:
64:ae:4a:85:0d:97:18:8f:47:32:e2:48:10:96:04:60:dd:b7:
a3:c8:4a:5e:21:ee:df:cd:39:a1:48:ea:dd:0f:ac:ef:80:cb:
3f:65:b0:da:8d:d1:3f:55:12:e3:41:38:d5:44:fa:61:10:3e:
cd:f9:83:23:df:29:34:3b:14:44:0e:13:cb:2d:7f:32:c8:a2:
9e:f5:61:b8:10:7e:7f:1b:6b:55:8e:c3:57:ff:3e:db:c1:36:
35:6d:2d:fb
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgICCZMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwMjIwMTYwOTA0WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2YzOWIyMC01MzhiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyDu6n2/0ZMsGvnMEH+Gm9yra6z3E+6l3r+ne7ejIRxs5z9NH/YETdFBDHvFm
A88SaPjicfokM+tXF85swwc3q6wsudEvRAA643BVmeYdWnuLxoDvdV+NSHcbmPiH
ZRD0hjXxSiMNr3vButDeIxNEMYxyaVjYRHzjqUX4rjJ3IvCM0MkkR2ewVidwvn2U
rvjPNiwfe7Q2wotAahZHNca9sic5xRPGcnyXOlVj6FbApzO1AWPf17wXhkL6EhYx
7FWunBlbhKGgdwee0gP2Z5jqB74cLqFSdF+u4rclAzoXrbufENqvDEvV0U9kVoB9
5lDxJZehFxmhiNLTf5Jw1geltQIDAQABo4IDVTCCA1EwHQYDVR0OBBYEFLLejXWf
CsLLDqRCKdHP5lppWpaZMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvRTUyMzI1QzZC
MTM4MTFFRDg2QTExMjJGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgd4GCCsGAQUFBwEHAQH/
BIHOMIHLMIGvBAIAATCBqAMEAGcLPAMEAGcLPgMEAHHL0TAMAwQAccvTAwQBccvY
AwQAccvbMAwDBABxy98DBABxy+IwDAMEAXHL6gMEAHHL8DAMAwQAccvzAwQAccv0
AwQAccv2AwQBtLKAAwQCtLKEMAwDBAC0sokDBAK0sogDBAC0spADBAC0spUDBAG0
sqADBAC0sqwDBAG0sq4wDAMEArSytAMEArSyuAMEAN8d4AMEAt8d7DAXBAIAAjAR
MA8DBAAkAUEDBwAkAUEAgAAwDQYJKoZIhvcNAQELBQADggEBAHrnOjDIidSJI0oh
Sjzp4qlH6kP0SF6Mq5uIYy/ff9ziz2uV6hm36DHt+GW/Dy3WgeMCmknoRugwbjyV
ZWelPZ5TJTMou7sHockhTtSLTBwFELJxPc9VXG9OfH7dgXuVL3IxsKbY49x8Cg1p
yipcG1r8kxkIjNsBjmi3DrHvmsKqnKXQnbjvOcctNVKOxpliw5zFMLX6h1ie3g9/
tbfXabwVhWSuSoUNlxiPRzLiSBCWBGDdt6PISl4h7t/NOaFI6t0PrO+Ayz9lsNqN
0T9VEuNBONVE+mEQPs35gyPfKTQ7FEQOE8stfzLIop71YbgQfn8ba1WOw1f/PtvB
NjVtLfs=
-----END CERTIFICATE-----
Generated at Sat Apr 12 06:04:21 2025 by rpki-client