Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/5D5533F6067911EDBBC7F133C4F9AE02.roa
File: 5D5533F6067911EDBBC7F133C4F9AE02.roa (raw, json)
Hash identifier: AOxi6IYVz3sf4xkGyWE53RrFejpXYA+Uax582nzfsjM=
Subject key identifier: DB:07:35:23:6C:D0:80:92:9F:07:CA:0F:86:80:41:7A:CD:29:A2:5A
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 07EF
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/5D5533F6067911EDBBC7F133C4F9AE02.roa
Signing time: Mon 18 Jul 2022 09:09:45 +0000
ROA not before: Mon 18 Jul 2022 09:09:45 +0000
ROA not after: Thu 01 Dec 2022 00:00:00 +0000
asID: 210654
IP address blocks: 113.203.220.0/24 maxlen: 24
113.203.222.0/24 maxlen: 24
113.203.224.0/22 maxlen: 24
180.178.148.0/24 maxlen: 24
180.178.158.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2031 (0x7ef)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Validity
Not Before: Jul 18 09:09:45 2022 GMT
Not After : Dec 1 00:00:00 2022 GMT
Subject: CN=62d52358-d02d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:ad:41:15:29:88:78:73:e1:32:bb:fa:0f:ca:
7d:e5:02:31:93:f1:91:6c:94:c1:95:3c:b1:18:a3:
09:d3:c0:c1:12:d9:3b:d4:7b:1d:2e:42:e3:4a:f6:
7c:63:b0:e6:59:19:18:0a:32:3f:a3:a3:41:af:86:
8a:67:f9:dc:96:f8:1f:d9:5c:5a:71:fe:1a:c0:b0:
a5:a5:a4:41:a8:62:59:42:53:d3:fa:50:9a:8e:e0:
a5:6d:69:1f:7c:28:5a:c7:c1:4e:33:a3:d5:bd:ab:
8a:87:b9:11:dc:16:5c:24:52:71:f6:a5:a2:8d:3e:
94:c3:9f:1e:a7:8e:3e:b0:90:7f:02:b8:0b:87:e8:
45:2a:b3:0d:27:39:c8:89:5e:46:d7:5c:e4:25:5c:
e0:3b:e6:7a:fb:79:f4:72:69:09:47:52:62:02:05:
a8:52:9d:39:3f:e8:01:5a:b5:24:c6:2b:d6:50:06:
d7:14:83:33:01:6f:5a:59:87:cc:c4:12:2e:11:10:
fd:87:e9:68:a0:58:77:75:c0:e8:86:0e:fa:3a:18:
4c:6c:39:8a:a4:21:1c:04:56:da:44:60:1a:06:00:
a3:05:74:29:bd:b9:ae:c9:87:34:a1:77:a2:0d:37:
4a:2e:8f:7f:ee:79:c5:86:c3:35:2b:27:53:a6:b7:
22:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:07:35:23:6C:D0:80:92:9F:07:CA:0F:86:80:41:7A:CD:29:A2:5A
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/5D5533F6067911EDBBC7F133C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
113.203.220.0/24
113.203.222.0/24
113.203.224.0/22
180.178.148.0/24
180.178.158.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:1b:51:63:ad:d9:bf:85:f8:9d:d4:ea:7f:4b:11:f1:49:02:
2c:d1:6b:9b:1a:be:90:2c:e2:8a:b0:97:68:1b:ae:87:e0:47:
6a:79:f2:59:46:17:e7:9c:50:3f:5e:d3:b5:46:b9:43:f2:bb:
6b:6f:84:ca:55:81:d4:84:02:cd:49:10:0d:c3:32:b9:15:a5:
14:9b:40:9e:9b:6d:c2:d5:f1:da:63:8d:8d:7c:42:11:bf:45:
14:31:6c:85:28:cc:a2:be:89:fd:73:19:64:d5:62:7c:22:91:
76:9c:c3:91:3e:62:a3:89:b7:9e:1c:f1:b2:d0:a8:61:fa:dd:
57:c1:45:7e:8a:ff:3d:b8:da:87:20:18:64:47:b3:45:91:91:
17:8f:7f:81:5d:ea:6b:4e:f3:64:bd:0b:2c:8a:08:1e:4d:5f:
e6:20:d2:52:b6:d8:71:86:3c:b3:2a:7f:e0:16:31:56:4e:eb:
4d:fd:78:57:49:56:27:25:56:ec:26:70:3d:64:1d:34:61:c8:
0e:0d:4d:0d:f1:17:c6:7d:c1:22:ad:75:81:d3:2a:e9:6d:38:
36:df:f7:3b:8d:dc:4d:19:33:86:5e:d4:74:7e:d1:b8:60:98:
7a:69:6e:d4:49:f3:82:12:31:ef:35:f2:4a:6f:a5:4e:58:3f:
b6:80:27:26
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICB+8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjIwNzE4MDkwOTQ1WhcNMjIxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmQ1MjM1OC1kMDJkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwK1BFSmIeHPhMrv6D8p95QIxk/GRbJTBlTyxGKMJ08DBEtk71HsdLkLjSvZ8
Y7DmWRkYCjI/o6NBr4aKZ/nclvgf2Vxacf4awLClpaRBqGJZQlPT+lCajuClbWkf
fChax8FOM6PVvauKh7kR3BZcJFJx9qWijT6Uw58ep44+sJB/ArgLh+hFKrMNJznI
iV5G11zkJVzgO+Z6+3n0cmkJR1JiAgWoUp05P+gBWrUkxivWUAbXFIMzAW9aWYfM
xBIuERD9h+looFh3dcDohg76OhhMbDmKpCEcBFbaRGAaBgCjBXQpvbmuyYc0oXei
DTdKLo9/7nnFhsM1KydTprciUwIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFNsHNSNs
0ICSnwfKD4aAQXrNKaJaMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvNUQ1NTMzRjYw
Njc5MTFFREJCQzdGMTMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMCQEAgABMB4DBABxy9wDBABxy94DBAJxy+ADBAC0spQDBAC0sp4wDQYJKoZI
hvcNAQELBQADggEBAH0bUWOt2b+F+J3U6n9LEfFJAizRa5savpAs4oqwl2gbrofg
R2p58llGF+ecUD9e07VGuUPyu2tvhMpVgdSEAs1JEA3DMrkVpRSbQJ6bbcLV8dpj
jY18QhG/RRQxbIUozKK+if1zGWTVYnwikXacw5E+YqOJt54c8bLQqGH63VfBRX6K
/z242ocgGGRHs0WRkRePf4Fd6mtO82S9CyyKCB5NX+Yg0lK22HGGPLMqf+AWMVZO
6039eFdJViclVuwmcD1kHTRhyA4NTQ3xF8Z9wSKtdYHTKultODbf9zuN3E0ZM4Ze
1HR+0bhgmHppbtRJ84ISMe818kpvpU5YP7aAJyY=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:12 2023 by rpki-client on console-ams.rpki-client.org