Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/3F5CAE982D0111EDADD3A717C4F9AE02.roa
File: 3F5CAE982D0111EDADD3A717C4F9AE02.roa (raw, json)
Hash identifier: n9TOjoCtRYGisdEB5mEjbaYOtJMH2+MuWjaB25klkxw=
Subject key identifier: 6E:93:10:BE:28:A9:36:CE:C2:40:C4:51:F5:FD:F3:E7:B4:FF:6C:5E
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 089A
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/3F5CAE982D0111EDADD3A717C4F9AE02.roa
Signing time: Thu 15 Sep 2022 10:00:35 +0000
ROA not before: Thu 15 Sep 2022 10:00:35 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 210654
IP address blocks: 113.203.220.0/24 maxlen: 24
113.203.222.0/24 maxlen: 24
113.203.224.0/22 maxlen: 24
180.178.158.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2202 (0x89a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Validity
Not Before: Sep 15 10:00:35 2022 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=6322f7c3-d5a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:70:89:56:13:3d:a0:cd:dd:0a:b5:ea:1d:fd:
13:d9:15:27:92:6e:5d:f6:18:05:79:7c:f1:ca:a3:
00:b6:7d:30:fc:c6:3a:36:2c:a2:6a:54:f9:f4:df:
17:95:63:c1:b2:a3:47:78:b5:39:11:f6:86:98:98:
1e:cf:2b:05:10:c3:9d:2c:ca:8e:5d:65:e6:5c:eb:
55:4f:ab:63:9d:e1:be:69:ed:cd:c8:60:d8:ff:57:
c3:67:8e:cd:ee:f3:16:8d:7b:1e:fb:4e:44:8d:06:
cf:6f:06:c9:66:e7:fa:b6:f0:58:f6:5d:79:f1:0f:
a8:5b:fe:f4:f7:64:f1:a6:29:a6:d3:1d:7d:c4:ce:
28:62:3f:17:e3:92:ad:bf:3e:27:cf:33:20:a6:40:
dd:de:be:7d:21:48:08:7b:c8:d3:54:20:a8:4f:86:
95:b7:88:b3:81:c1:29:ad:1f:ab:4d:d5:dc:05:d5:
fa:5a:47:ab:de:a9:37:f7:03:24:d4:56:53:2f:6f:
e2:f2:6b:00:7d:74:8a:ae:7b:c6:ff:62:8b:85:3b:
a0:42:ee:c3:81:98:ef:ab:c4:6f:73:bc:eb:5b:60:
da:7d:43:c6:63:62:70:3b:5e:d3:6c:b1:af:63:20:
e4:a6:47:58:58:ad:57:74:ee:1b:bf:a7:fe:45:da:
2f:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:93:10:BE:28:A9:36:CE:C2:40:C4:51:F5:FD:F3:E7:B4:FF:6C:5E
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/3F5CAE982D0111EDADD3A717C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
113.203.220.0/24
113.203.222.0/24
113.203.224.0/22
180.178.158.0/24
Signature Algorithm: sha256WithRSAEncryption
a3:34:18:67:e5:68:74:4b:46:3a:7a:40:a5:93:75:bb:2b:2f:
b3:18:50:dd:f3:1a:c3:d8:c0:4f:92:47:e7:1b:4a:1b:f6:2e:
83:1d:bb:d9:99:ac:bb:59:7f:a3:64:b1:2c:fa:a4:9b:3a:ca:
cc:41:57:37:ab:fb:8e:7a:33:89:b0:f5:f8:0c:bf:f8:ff:7e:
8a:89:55:db:61:34:51:a9:79:88:32:2b:34:fa:cd:af:4a:b3:
2c:31:1d:f6:1e:f2:86:f1:8d:77:42:44:d0:dd:a7:12:7b:66:
41:cb:6d:90:c0:93:3d:9a:b7:a2:b5:91:fc:da:54:c7:5c:ca:
16:5a:32:62:40:fc:55:3f:e8:94:bb:d2:a0:2d:48:77:87:e1:
63:04:f0:4b:24:58:ac:07:bf:ac:bd:2e:4c:11:70:59:03:a7:
ed:b7:ab:ae:15:d7:50:96:a4:b7:f1:ab:eb:bd:a2:6e:62:e7:
4d:78:b8:9e:0d:49:60:0f:0e:d4:42:72:2b:53:21:23:7f:18:
fa:9c:83:62:2c:df:26:e7:17:1e:95:6f:a4:32:b5:d3:4e:17:
82:83:e4:3c:3b:84:03:43:05:c0:2e:fe:03:43:d3:19:a6:fb:
2b:16:d5:f3:bc:30:0a:e8:c2:4f:4a:8e:07:1c:90:4d:10:80:
ef:d5:f8:5d
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICCJowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjIwOTE1MTAwMDM1WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzIyZjdjMy1kNWExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6XCJVhM9oM3dCrXqHf0T2RUnkm5d9hgFeXzxyqMAtn0w/MY6NiyialT59N8X
lWPBsqNHeLU5EfaGmJgezysFEMOdLMqOXWXmXOtVT6tjneG+ae3NyGDY/1fDZ47N
7vMWjXse+05EjQbPbwbJZuf6tvBY9l158Q+oW/7092Txpimm0x19xM4oYj8X45Kt
vz4nzzMgpkDd3r59IUgIe8jTVCCoT4aVt4izgcEprR+rTdXcBdX6Wker3qk39wMk
1FZTL2/i8msAfXSKrnvG/2KLhTugQu7DgZjvq8Rvc7zrW2DafUPGY2JwO17TbLGv
YyDkpkdYWK1XdO4bv6f+RdovvwIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFG6TEL4o
qTbOwkDEUfX98+e0/2xeMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvM0Y1Q0FFOTgy
RDAxMTFFREFERDNBNzE3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBABxy9wDBABxy94DBAJxy+ADBAC0sp4wDQYJKoZIhvcNAQEL
BQADggEBAKM0GGflaHRLRjp6QKWTdbsrL7MYUN3zGsPYwE+SR+cbShv2LoMdu9mZ
rLtZf6NksSz6pJs6ysxBVzer+456M4mw9fgMv/j/foqJVdthNFGpeYgyKzT6za9K
sywxHfYe8obxjXdCRNDdpxJ7ZkHLbZDAkz2at6K1kfzaVMdcyhZaMmJA/FU/6JS7
0qAtSHeH4WME8EskWKwHv6y9LkwRcFkDp+23q64V11CWpLfxq+u9om5i5014uJ4N
SWAPDtRCcitTISN/GPqcg2Is3ybnFx6Vb6QytdNOF4KD5Dw7hANDBcAu/gND0xmm
+ysW1fO8MArowk9KjgcckE0QgO/V+F0=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:12 2023 by rpki-client on console-ams.rpki-client.org