Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/6D3DCFDEDEA111ED84E5D17BC4F9AE02.roa
File: 6D3DCFDEDEA111ED84E5D17BC4F9AE02.roa (raw, json)
Hash identifier: KW7KbGGfQUAHDPmux7LvbVQIhgm1dbH1qsRUJ4W6v0E=
Subject key identifier: E5:5E:EE:35:3B:A5:42:C9:3B:17:6C:A7:6E:29:C5:8E:26:55:B8:AC
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 0A2D
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/6D3DCFDEDEA111ED84E5D17BC4F9AE02.roa
Signing time: Wed 19 Apr 2023 11:00:42 +0000
ROA not before: Wed 19 Apr 2023 11:00:42 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 7018
IP address blocks: 113.203.208.0/24 maxlen: 24
113.203.210.0/24 maxlen: 24
113.203.218.0/24 maxlen: 24
113.203.220.0/24 maxlen: 24
113.203.222.0/24 maxlen: 24
113.203.223.0/24 maxlen: 24
113.203.224.0/24 maxlen: 24
113.203.225.0/24 maxlen: 24
113.203.227.0/24 maxlen: 24
113.203.233.0/24 maxlen: 24
113.203.245.0/24 maxlen: 24
113.203.252.0/22 maxlen: 24
180.178.173.0/24 maxlen: 24
180.178.179.0/24 maxlen: 24
223.29.226.0/24 maxlen: 24
223.29.235.0/24 maxlen: 24
223.29.236.0/24 maxlen: 24
223.29.237.0/24 maxlen: 24
223.29.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2605 (0xa2d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Validity
Not Before: Apr 19 11:00:42 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=643fc9da-792c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:25:6e:5b:1b:ae:b8:98:53:51:a3:4f:51:99:
64:10:0b:3b:32:b8:7a:db:4c:9f:38:b9:a0:df:72:
db:4d:3b:fb:b2:dc:55:34:0d:cf:d7:2f:5d:9b:94:
95:2b:a6:48:c4:29:dd:aa:90:f9:c5:bc:1e:c9:7b:
0b:28:03:98:57:30:ed:2d:51:47:89:19:4a:01:89:
a0:69:9e:e0:45:19:73:17:17:29:ef:07:4e:0d:af:
d1:41:a2:85:fc:3a:5c:55:17:b6:af:6e:18:75:ed:
f3:0b:4c:8f:55:e7:cc:d4:c0:78:74:58:69:80:75:
35:4d:98:4e:c0:a5:8f:0d:2f:3e:a4:ca:9f:5c:60:
ea:de:75:9a:b0:d2:38:08:93:2f:93:39:7c:6f:8c:
53:ae:40:cd:37:9b:ec:cd:7f:fb:d7:af:ae:d8:69:
a1:cf:8f:53:cb:98:25:0a:5d:cb:42:86:fb:16:20:
05:b2:df:b7:22:52:d9:fe:07:0e:0a:4c:09:22:ce:
72:c9:be:3a:76:7d:5c:9e:06:7a:8a:11:0c:5a:48:
1c:39:63:ef:08:a0:bd:27:4a:10:9c:c3:12:80:18:
75:ab:95:26:11:9f:48:ed:64:e7:8e:9d:fb:9e:78:
f1:a8:13:79:e0:82:5b:7c:5f:71:74:dd:ee:d5:e6:
44:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:5E:EE:35:3B:A5:42:C9:3B:17:6C:A7:6E:29:C5:8E:26:55:B8:AC
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/6D3DCFDEDEA111ED84E5D17BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
113.203.208.0/24
113.203.210.0/24
113.203.218.0/24
113.203.220.0/24
113.203.222.0-113.203.225.255
113.203.227.0/24
113.203.233.0/24
113.203.245.0/24
113.203.252.0/22
180.178.173.0/24
180.178.179.0/24
223.29.226.0/24
223.29.235.0-223.29.238.255
Signature Algorithm: sha256WithRSAEncryption
27:7f:42:a5:89:9f:19:72:e2:71:a5:07:38:ca:93:25:23:05:
b2:a3:23:fe:b7:d9:c2:b3:7b:55:42:a6:36:db:bf:c0:58:85:
ce:c0:7c:97:9e:18:e5:5d:ae:7d:98:35:01:19:22:43:74:b8:
11:74:47:e0:12:1c:9a:08:7a:88:a0:41:ad:41:1f:97:10:7e:
4a:21:4a:c6:75:d6:a8:89:7e:28:ed:eb:b3:5a:bd:d3:53:3b:
61:df:ff:16:f2:62:d2:a8:0d:34:e6:f3:39:e8:b4:b9:dd:64:
c5:c4:4e:7e:09:44:a1:ef:bc:f9:3f:9b:c0:93:78:78:00:23:
61:88:f9:2c:1b:12:24:d1:35:33:28:ae:6c:03:57:22:63:88:
5f:3e:0a:88:ad:c0:73:86:ad:4d:f0:5a:dd:00:48:00:5a:3c:
c5:75:89:33:2f:5e:25:a2:b0:1f:8d:4b:81:ef:05:51:05:19:
15:5d:51:4a:36:67:3a:84:ca:3a:1a:d6:13:0a:6e:07:46:50:
ed:31:0d:22:1f:27:6c:25:d4:73:3b:58:01:03:69:86:6b:7c:
45:ef:c4:3c:96:3f:a2:8e:ea:77:23:39:c4:4c:56:50:6a:7e:
9b:a0:09:25:8e:01:f4:99:11:c8:8f:d2:00:02:a1:01:51:f7:
20:ab:7f:23
-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgICCi0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwNDE5MTEwMDQyWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDNmYzlkYS03OTJjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArSVuWxuuuJhTUaNPUZlkEAs7Mrh620yfOLmg33LbTTv7stxVNA3P1y9dm5SV
K6ZIxCndqpD5xbweyXsLKAOYVzDtLVFHiRlKAYmgaZ7gRRlzFxcp7wdODa/RQaKF
/DpcVRe2r24Yde3zC0yPVefM1MB4dFhpgHU1TZhOwKWPDS8+pMqfXGDq3nWasNI4
CJMvkzl8b4xTrkDNN5vszX/716+u2Gmhz49Ty5glCl3LQob7FiAFst+3IlLZ/gcO
CkwJIs5yyb46dn1cngZ6ihEMWkgcOWPvCKC9J0oQnMMSgBh1q5UmEZ9I7WTnjp37
nnjxqBN54IJbfF9xdN3u1eZEXQIDAQABo4IC7TCCAukwHQYDVR0OBBYEFOVe7jU7
pULJOxdsp24pxY4mVbisMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvNkQzRENGREVE
RUExMTFFRDg0RTVEMTdCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwdwYIKwYBBQUHAQcBAf8E
aDBmMGQEAgABMF4DBABxy9ADBABxy9IDBABxy9oDBABxy9wwDAMEAXHL3gMEAXHL
4AMEAHHL4wMEAHHL6QMEAHHL9QMEAnHL/AMEALSyrQMEALSyswMEAN8d4jAMAwQA
3x3rAwQA3x3uMA0GCSqGSIb3DQEBCwUAA4IBAQAnf0KliZ8ZcuJxpQc4ypMlIwWy
oyP+t9nCs3tVQqY227/AWIXOwHyXnhjlXa59mDUBGSJDdLgRdEfgEhyaCHqIoEGt
QR+XEH5KIUrGddaoiX4o7euzWr3TUzth3/8W8mLSqA005vM56LS53WTFxE5+CUSh
77z5P5vAk3h4ACNhiPksGxIk0TUzKK5sA1ciY4hfPgqIrcBzhq1N8FrdAEgAWjzF
dYkzL14lorAfjUuB7wVRBRkVXVFKNmc6hMo6GtYTCm4HRlDtMQ0iHydsJdRzO1gB
A2mGa3xF78Q8lj+ijup3IznETFZQan6boAkljgH0mRHIj9IAAqEBUfcgq38j
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:13 2023 by rpki-client on console-ams.rpki-client.org