Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/F3C6CA7CD21911EDB67A7A76C4F9AE02.roa
File: F3C6CA7CD21911EDB67A7A76C4F9AE02.roa (raw, json)
Hash identifier: XeTS7B5UWXyt6u8IqMdt0N5U/dS1NzsTgqRmgK+l0Oc=
Subject key identifier: E0:9B:BF:81:AF:FB:E9:E7:A7:00:81:FD:7E:1E:83:A8:A5:DE:6C:01
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 09F1
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/F3C6CA7CD21911EDB67A7A76C4F9AE02.roa
Signing time: Wed 05 Apr 2023 11:20:16 +0000
ROA not before: Wed 05 Apr 2023 11:20:16 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 9387
IP address blocks: 103.11.60.0/22 maxlen: 22
103.11.60.0/24 maxlen: 24
113.203.209.0/24 maxlen: 24
113.203.211.0/24 maxlen: 24
113.203.212.0/24 maxlen: 24
113.203.213.0/24 maxlen: 24
113.203.214.0/23 maxlen: 24
113.203.216.0/24 maxlen: 24
113.203.217.0/24 maxlen: 24
113.203.219.0/24 maxlen: 24
113.203.226.0/24 maxlen: 24
113.203.234.0/24 maxlen: 24
113.203.235.0/24 maxlen: 24
113.203.236.0/24 maxlen: 24
113.203.237.0/24 maxlen: 24
113.203.238.0/24 maxlen: 24
113.203.239.0/24 maxlen: 24
113.203.240.0/24 maxlen: 24
113.203.243.0/24 maxlen: 24
113.203.244.0/24 maxlen: 24
180.178.128.0/21 maxlen: 21
180.178.128.0/22 maxlen: 22
180.178.128.0/24 maxlen: 24
180.178.129.0/24 maxlen: 24
180.178.132.0/24 maxlen: 24
180.178.133.0/24 maxlen: 24
180.178.134.0/24 maxlen: 24
180.178.135.0/24 maxlen: 24
180.178.136.0/21 maxlen: 21
180.178.137.0/24 maxlen: 24
180.178.138.0/24 maxlen: 24
180.178.139.0/24 maxlen: 24
180.178.144.0/24 maxlen: 24
180.178.149.0/24 maxlen: 24
180.178.150.0/24 maxlen: 24
180.178.160.0/20 maxlen: 20
180.178.160.0/24 maxlen: 24
180.178.161.0/24 maxlen: 24
180.178.168.0/24 maxlen: 24
180.178.172.0/24 maxlen: 24
180.178.174.0/24 maxlen: 24
180.178.175.0/24 maxlen: 24
180.178.178.0/24 maxlen: 24
180.178.180.0/22 maxlen: 24
223.29.224.0/20 maxlen: 20
223.29.227.0/24 maxlen: 24
2401:4100::/32 maxlen: 32
2401:4100::/33 maxlen: 33
2401:4100:8000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2545 (0x9f1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7
Validity
Not Before: Apr 5 11:20:16 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=642d596f-ff11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:be:a1:d2:d8:0a:2d:c0:b2:59:36:3b:3c:60:
76:d4:ce:44:29:1d:52:c2:f3:ff:45:7e:5e:cf:be:
47:53:a3:35:40:b6:ad:00:e3:34:bf:46:15:82:94:
62:94:53:5b:90:85:d0:fb:3b:30:77:45:8c:db:c9:
13:f1:7a:f2:f7:c2:b1:8b:6f:8c:0e:fe:12:5f:84:
25:27:0c:d5:73:81:4d:e6:cf:56:d8:cf:19:44:40:
17:1e:de:c4:6e:83:88:e5:81:1f:ac:e8:c1:12:a8:
11:f4:f1:3a:33:6a:a9:86:5f:c7:12:66:29:ad:0b:
9b:5f:16:55:ec:22:21:0f:d2:0b:4b:08:5f:ff:44:
19:e8:70:5a:f6:92:29:21:f2:8d:ec:cb:86:6b:2b:
e2:dd:31:17:9c:f7:b1:56:79:f9:58:20:e8:d4:92:
48:f6:84:21:55:bc:48:ea:34:59:ee:bf:5c:dc:6b:
79:4e:30:09:7b:26:8f:43:1c:0b:5e:51:9f:4e:23:
c7:15:25:a4:37:d5:c8:f4:95:e6:67:98:97:c2:13:
c3:96:79:ce:0b:34:08:7e:e9:ec:dd:9c:33:46:7f:
4c:cc:cf:f8:81:9c:42:23:a5:1b:8b:31:9c:cf:66:
42:0e:7a:05:4b:48:b3:2b:d9:28:44:4d:a0:e4:2e:
54:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:9B:BF:81:AF:FB:E9:E7:A7:00:81:FD:7E:1E:83:A8:A5:DE:6C:01
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/F3C6CA7CD21911EDB67A7A76C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.11.60.0/22
113.203.209.0/24
113.203.211.0-113.203.217.255
113.203.219.0/24
113.203.226.0/24
113.203.234.0-113.203.240.255
113.203.243.0-113.203.244.255
180.178.128.0-180.178.144.255
180.178.149.0-180.178.150.255
180.178.160.0/20
180.178.178.0/24
180.178.180.0/22
223.29.224.0/20
IPv6:
2401:4100::/32
Signature Algorithm: sha256WithRSAEncryption
39:01:68:e2:26:db:97:fb:11:91:17:22:02:72:94:f1:61:29:
83:0a:40:d7:b1:05:c8:81:22:39:aa:cb:08:34:c8:ca:7a:0a:
14:73:af:49:42:b3:d3:28:99:7c:5b:b4:54:94:e0:bb:42:36:
50:50:96:3f:0e:a4:08:1f:17:47:f7:fd:a9:34:e9:9b:60:2e:
75:7e:e6:2d:1a:37:91:0c:d8:1b:4d:2a:60:c9:72:b0:4c:23:
36:b5:c6:52:b0:e9:e2:e5:2c:4e:e8:3a:93:6e:5f:d4:ee:b3:
9a:34:37:75:02:e5:8c:b9:37:2a:a1:16:0a:a7:bb:61:31:d1:
20:f1:26:e6:5b:91:9f:29:52:c5:f2:b2:30:4f:b2:82:76:b7:
42:6a:6f:83:e5:65:59:81:c6:af:2a:26:17:b0:a7:96:f2:a7:
64:5d:eb:4e:46:98:ff:01:98:59:c4:02:8b:39:1b:c7:ff:e8:
42:aa:6d:4e:f8:38:64:c7:a1:9c:d8:30:30:5d:2d:bb:97:f9:
ff:d0:b9:a8:b6:f4:e0:3f:be:5c:36:dd:f9:4a:23:f4:9c:72:
88:1a:ac:1d:e1:6c:8c:0e:68:5b:31:6f:39:ed:51:b6:d6:57:
76:15:2d:0e:82:01:17:b2:4b:c1:f2:ea:b1:6f:bf:a2:62:7e:
f8:b4:bb:ea
-----BEGIN CERTIFICATE-----
MIIF8zCCBNugAwIBAgICCfEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwNDA1MTEyMDE2WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDJkNTk2Zi1mZjExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA576h0tgKLcCyWTY7PGB21M5EKR1SwvP/RX5ez75HU6M1QLatAOM0v0YVgpRi
lFNbkIXQ+zswd0WM28kT8Xry98Kxi2+MDv4SX4QlJwzVc4FN5s9W2M8ZREAXHt7E
boOI5YEfrOjBEqgR9PE6M2qphl/HEmYprQubXxZV7CIhD9ILSwhf/0QZ6HBa9pIp
IfKN7MuGayvi3TEXnPexVnn5WCDo1JJI9oQhVbxI6jRZ7r9c3Gt5TjAJeyaPQxwL
XlGfTiPHFSWkN9XI9JXmZ5iXwhPDlnnOCzQIfuns3ZwzRn9MzM/4gZxCI6UbizGc
z2ZCDnoFS0izK9koRE2g5C5UBQIDAQABo4IDFzCCAxMwHQYDVR0OBBYEFOCbv4Gv
++nnpwCB/X4eg6il3mwBMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvRjNDNkNBN0NE
MjE5MTFFREI2N0E3QTc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgaAGCCsGAQUFBwEHAQH/
BIGQMIGNMHwEAgABMHYDBAJnCzwDBABxy9EwDAMEAHHL0wMEAXHL2AMEAHHL2wME
AHHL4jAMAwQBccvqAwQAccvwMAwDBABxy/MDBABxy/QwDAMEB7SygAMEALSykDAM
AwQAtLKVAwQAtLKWAwQEtLKgAwQAtLKyAwQCtLK0AwQE3x3gMA0EAgACMAcDBQAk
AUEAMA0GCSqGSIb3DQEBCwUAA4IBAQA5AWjiJtuX+xGRFyICcpTxYSmDCkDXsQXI
gSI5qssINMjKegoUc69JQrPTKJl8W7RUlOC7QjZQUJY/DqQIHxdH9/2pNOmbYC51
fuYtGjeRDNgbTSpgyXKwTCM2tcZSsOni5SxO6DqTbl/U7rOaNDd1AuWMuTcqoRYK
p7thMdEg8SbmW5GfKVLF8rIwT7KCdrdCam+D5WVZgcavKiYXsKeW8qdkXetORpj/
AZhZxAKLORvH/+hCqm1O+Dhkx6Gc2DAwXS27l/n/0LmotvTgP75cNt35SiP0nHKI
Gqwd4WyMDmhbMW857VG21ld2FS0OggEXskvB8uqxb7+iYn74tLvq
-----END CERTIFICATE-----
Generated at Sat Apr 12 06:07:39 2025 by rpki-client