Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/FF7FCAD0CD3C11EDB33C0614C4F9AE02.roa
File: FF7FCAD0CD3C11EDB33C0614C4F9AE02.roa (raw, json)
Hash identifier: HZN/BVtBirCERF8c1dU7utDHv1JaYyAuzz4VbHYSBDg=
Subject key identifier: A0:93:23:3A:CA:5B:8E:C7:37:22:84:F4:0D:4D:51:2F:5F:D6:1A:0D
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 09DB
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/FF7FCAD0CD3C11EDB33C0614C4F9AE02.roa
Signing time: Tue 28 Mar 2023 07:48:59 +0000
ROA not before: Tue 28 Mar 2023 07:48:59 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 996
IP address blocks: 113.203.223.0/24 maxlen: 24
113.203.224.0/24 maxlen: 24
113.203.225.0/24 maxlen: 24
113.203.228.0/22 maxlen: 24
180.178.176.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2523 (0x9db)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7
Validity
Not Before: Mar 28 07:48:59 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=64229beb-4c01
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:48:86:36:0c:36:62:39:92:67:24:31:8c:a5:
cf:41:77:91:98:3c:31:77:93:72:5e:d7:42:8a:30:
53:07:ed:c8:4b:b4:91:fc:3f:6c:54:11:ba:aa:7c:
58:49:07:05:dc:32:98:49:71:3c:c2:8e:67:62:d3:
3d:c5:99:8b:3f:04:85:74:e0:bb:c4:71:03:8a:05:
30:43:a4:59:22:41:f6:22:88:c9:80:92:da:8f:1b:
49:4d:b3:72:0b:58:e7:13:75:ad:76:0e:0f:22:34:
67:56:95:f3:a9:4b:fb:24:3f:d4:b5:84:ac:e2:b5:
81:05:fa:6e:00:f6:91:60:1c:cf:9c:df:d4:b8:3b:
ac:0e:fd:69:6c:94:41:86:a0:b8:d6:0a:a2:77:2e:
5c:9e:72:e6:aa:4d:5f:b7:47:35:05:16:f7:87:bc:
0b:fd:ca:0e:4b:83:08:9a:6e:cc:3e:f1:82:09:38:
f1:e5:09:dc:24:7e:d8:12:6f:a6:d4:b9:9a:43:00:
ed:fa:14:7a:24:76:0d:54:96:1c:22:f5:07:e2:20:
56:c5:1a:e5:ee:ad:f2:3d:13:e5:4d:c5:44:15:2b:
44:07:b6:8e:ee:55:e0:a3:66:ad:8c:b1:30:59:74:
07:4c:b7:43:46:ed:59:23:f3:6d:a9:19:88:a0:51:
96:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:93:23:3A:CA:5B:8E:C7:37:22:84:F4:0D:4D:51:2F:5F:D6:1A:0D
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/FF7FCAD0CD3C11EDB33C0614C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
113.203.223.0-113.203.225.255
113.203.228.0/22
180.178.176.0/23
Signature Algorithm: sha256WithRSAEncryption
97:26:ba:12:06:54:12:b5:01:2d:2f:c9:5b:a0:41:80:d9:5d:
37:86:3b:c0:09:5c:db:7a:92:9c:f8:b0:39:5c:6d:8d:14:2d:
42:8f:4c:54:75:25:d5:e5:50:72:f4:8f:cf:32:8c:7f:e2:5d:
dd:e0:63:e8:12:f9:7b:2a:65:71:54:af:bb:1b:f8:2a:62:86:
6f:14:08:38:9c:7b:30:66:a8:65:e9:00:11:af:b1:2d:03:b8:
3c:db:9e:6a:e5:a3:a8:77:12:1f:b7:05:d3:9e:22:e8:1d:cd:
5a:df:49:7e:b3:d4:b7:ec:79:1b:40:6d:b5:d9:bd:58:81:e1:
0f:1c:4b:5d:64:a8:bc:7b:9f:62:a9:bd:f7:52:57:24:d5:69:
8c:15:95:c0:ce:68:b7:c2:2a:f0:03:e1:16:2e:c7:48:23:98:
ab:dd:8b:a8:bf:88:99:44:e9:5d:db:f3:df:e1:f8:e7:f5:4e:
e9:f2:d5:3b:24:fa:b6:e0:c5:bc:b8:68:04:ca:69:9a:05:2b:
4c:fa:83:47:42:d9:a4:36:e3:6b:f9:c3:ce:cb:03:c4:80:51:
54:2a:0a:34:f5:5a:6e:7c:5c:fb:79:a0:47:a8:84:4b:5e:28:
f8:9d:40:bd:80:3c:a9:5e:2e:b4:07:4b:4d:dd:6b:fa:b7:9d:
7e:d1:bf:32
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICCdswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwMzI4MDc0ODU5WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDIyOWJlYi00YzAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA80iGNgw2YjmSZyQxjKXPQXeRmDwxd5NyXtdCijBTB+3IS7SR/D9sVBG6qnxY
SQcF3DKYSXE8wo5nYtM9xZmLPwSFdOC7xHEDigUwQ6RZIkH2IojJgJLajxtJTbNy
C1jnE3Wtdg4PIjRnVpXzqUv7JD/UtYSs4rWBBfpuAPaRYBzPnN/UuDusDv1pbJRB
hqC41gqidy5cnnLmqk1ft0c1BRb3h7wL/coOS4MImm7MPvGCCTjx5QncJH7YEm+m
1LmaQwDt+hR6JHYNVJYcIvUH4iBWxRrl7q3yPRPlTcVEFStEB7aO7lXgo2atjLEw
WXQHTLdDRu1ZI/NtqRmIoFGWhQIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFKCTIzrK
W47HNyKE9A1NUS9f1hoNMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvRkY3RkNBRDBD
RDNDMTFFREIzM0MwNjE0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBowDAMEAHHL3wMEAXHL4AMEAnHL5AMEAbSysDANBgkqhkiG9w0B
AQsFAAOCAQEAlya6EgZUErUBLS/JW6BBgNldN4Y7wAlc23qSnPiwOVxtjRQtQo9M
VHUl1eVQcvSPzzKMf+Jd3eBj6BL5eyplcVSvuxv4KmKGbxQIOJx7MGaoZekAEa+x
LQO4PNueauWjqHcSH7cF054i6B3NWt9JfrPUt+x5G0Bttdm9WIHhDxxLXWSovHuf
Yqm991JXJNVpjBWVwM5ot8Iq8APhFi7HSCOYq92LqL+ImUTpXdvz3+H45/VO6fLV
OyT6tuDFvLhoBMppmgUrTPqDR0LZpDbja/nDzssDxIBRVCoKNPVabnxc+3mgR6iE
S14o+J1AvYA8qV4utAdLTd1r+redftG/Mg==
-----END CERTIFICATE-----
Generated at Sat Apr 12 05:48:58 2025 by rpki-client