Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/7DC1BFAECE1C11EDA1BCF842C4F9AE02.roa
File: 7DC1BFAECE1C11EDA1BCF842C4F9AE02.roa (raw, json)
Hash identifier: H13/q4qPaVqM86My6BaY07g9vAX1KuZIaOPWGc9sa/0=
Subject key identifier: 31:8A:D4:A8:67:13:AB:89:BC:CD:5F:5F:19:23:C8:B9:0C:4A:CE:28
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 09E7
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/7DC1BFAECE1C11EDA1BCF842C4F9AE02.roa
Signing time: Thu 30 Mar 2023 09:28:44 +0000
ROA not before: Thu 30 Mar 2023 09:28:44 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 9387
IP address blocks: 103.11.60.0/22 maxlen: 22
103.11.60.0/24 maxlen: 24
113.203.209.0/24 maxlen: 24
113.203.211.0/24 maxlen: 24
113.203.212.0/24 maxlen: 24
113.203.213.0/24 maxlen: 24
113.203.214.0/23 maxlen: 24
113.203.216.0/24 maxlen: 24
113.203.217.0/24 maxlen: 24
113.203.219.0/24 maxlen: 24
113.203.226.0/24 maxlen: 24
113.203.234.0/24 maxlen: 24
113.203.235.0/24 maxlen: 24
113.203.236.0/24 maxlen: 24
113.203.237.0/24 maxlen: 24
113.203.238.0/24 maxlen: 24
113.203.239.0/24 maxlen: 24
113.203.240.0/24 maxlen: 24
113.203.243.0/24 maxlen: 24
113.203.244.0/24 maxlen: 24
180.178.128.0/21 maxlen: 21
180.178.128.0/22 maxlen: 22
180.178.128.0/24 maxlen: 24
180.178.129.0/24 maxlen: 24
180.178.132.0/24 maxlen: 24
180.178.133.0/24 maxlen: 24
180.178.134.0/24 maxlen: 24
180.178.135.0/24 maxlen: 24
180.178.136.0/21 maxlen: 21
180.178.137.0/24 maxlen: 24
180.178.138.0/24 maxlen: 24
180.178.139.0/24 maxlen: 24
180.178.144.0/24 maxlen: 24
180.178.149.0/24 maxlen: 24
180.178.160.0/20 maxlen: 20
180.178.160.0/24 maxlen: 24
180.178.161.0/24 maxlen: 24
180.178.168.0/24 maxlen: 24
180.178.172.0/24 maxlen: 24
180.178.174.0/24 maxlen: 24
180.178.175.0/24 maxlen: 24
180.178.178.0/24 maxlen: 24
180.178.180.0/22 maxlen: 24
223.29.224.0/20 maxlen: 20
223.29.224.0/24 maxlen: 24
223.29.227.0/24 maxlen: 24
2401:4100::/32 maxlen: 32
2401:4100::/33 maxlen: 33
2401:4100:8000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2535 (0x9e7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Validity
Not Before: Mar 30 09:28:44 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=6425564c-f2fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:1a:4f:9d:6a:78:26:5f:14:ba:2d:af:c4:d5:
13:6d:16:36:1b:18:20:41:fa:7b:69:a0:c9:83:d6:
8d:98:17:ae:d3:da:e2:a9:e9:ec:2a:51:e7:3c:77:
f2:6d:04:8c:76:c9:01:07:27:49:a2:e0:d9:6b:d2:
f4:52:19:b0:a4:85:7a:e3:a5:b5:dc:88:06:27:21:
27:a4:fc:1d:44:10:3e:5c:49:01:9c:7c:39:ac:21:
e2:c1:63:1c:54:9d:3f:6c:85:03:b2:27:5f:80:fa:
a7:ec:ed:43:76:f3:6d:85:46:52:07:93:e4:90:2b:
be:60:c8:70:23:66:24:e9:5d:aa:84:e7:6b:57:60:
eb:37:e9:9f:ef:62:44:ce:55:04:df:45:df:c8:aa:
b3:9b:6a:5e:03:f4:bc:ee:8b:2a:0d:21:55:62:22:
d1:18:3b:d3:2a:85:3d:f7:30:1f:4d:6c:0b:a1:d6:
cd:b9:55:4c:4c:0f:6c:06:d4:69:23:16:7b:6b:0a:
f0:65:92:48:dd:e9:a4:0d:2c:e7:92:e1:8b:f9:73:
2e:be:7e:02:27:6e:f3:65:ce:d6:fd:02:f4:0f:40:
6f:cc:f2:43:d5:52:06:ec:3d:0b:75:60:c2:1a:85:
8f:09:14:e2:5d:c8:2b:6e:9e:1f:a3:c0:e8:4d:0e:
d7:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:8A:D4:A8:67:13:AB:89:BC:CD:5F:5F:19:23:C8:B9:0C:4A:CE:28
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/7DC1BFAECE1C11EDA1BCF842C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.11.60.0/22
113.203.209.0/24
113.203.211.0-113.203.217.255
113.203.219.0/24
113.203.226.0/24
113.203.234.0-113.203.240.255
113.203.243.0-113.203.244.255
180.178.128.0-180.178.144.255
180.178.149.0/24
180.178.160.0/20
180.178.178.0/24
180.178.180.0/22
223.29.224.0/20
IPv6:
2401:4100::/32
Signature Algorithm: sha256WithRSAEncryption
1a:a3:95:36:10:7a:7c:bc:3e:a8:3b:f5:47:48:59:6b:a9:62:
9d:d1:67:55:90:ad:db:88:65:a7:27:e0:7f:6b:62:82:0e:30:
77:04:85:38:b4:16:80:1c:48:7e:37:98:e9:14:83:5b:0f:5f:
f8:5e:89:e5:1c:60:49:80:8e:11:87:7a:2d:94:5a:96:e0:81:
79:98:38:2f:e9:0e:fc:e9:7d:91:6a:a0:ef:f4:5b:7e:d4:82:
5d:47:12:92:5b:3b:30:e6:00:07:ea:54:fd:b6:ee:f3:78:ac:
f0:5a:df:e6:4f:84:0a:6e:3d:e2:c7:a7:b7:1b:47:34:e9:f3:
3b:08:f7:93:f3:5a:99:76:e5:bd:6a:e2:cb:b1:19:30:2a:ce:
98:09:e0:d3:3c:c5:24:c5:11:73:00:2c:d8:6a:69:93:c5:77:
e5:3b:9b:98:bb:3b:a2:37:08:23:a1:43:40:8b:56:78:68:78:
7c:0a:da:7a:46:c2:10:4c:b1:9b:da:9e:bc:5c:0d:87:54:dd:
fd:5c:75:3f:7b:64:31:cb:b6:d5:9f:94:ce:26:b4:da:aa:b6:
cb:12:09:06:c0:1f:dc:49:f6:08:5c:a6:cd:f6:23:9b:07:c8:
f9:dd:9c:5e:8d:24:22:f3:2e:7d:bd:27:c2:ff:23:ba:fc:87:
fe:25:46:7a
-----BEGIN CERTIFICATE-----
MIIF6zCCBNOgAwIBAgICCecwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwMzMwMDkyODQ0WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDI1NTY0Yy1mMmZlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6RpPnWp4Jl8Uui2vxNUTbRY2GxggQfp7aaDJg9aNmBeu09riqensKlHnPHfy
bQSMdskBBydJouDZa9L0UhmwpIV646W13IgGJyEnpPwdRBA+XEkBnHw5rCHiwWMc
VJ0/bIUDsidfgPqn7O1DdvNthUZSB5PkkCu+YMhwI2Yk6V2qhOdrV2DrN+mf72JE
zlUE30XfyKqzm2peA/S87osqDSFVYiLRGDvTKoU99zAfTWwLodbNuVVMTA9sBtRp
IxZ7awrwZZJI3emkDSznkuGL+XMuvn4CJ27zZc7W/QL0D0BvzPJD1VIG7D0LdWDC
GoWPCRTiXcgrbp4fo8DoTQ7X4QIDAQABo4IDDzCCAwswHQYDVR0OBBYEFDGK1Khn
E6uJvM1fXxkjyLkMSs4oMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvN0RDMUJGQUVD
RTFDMTFFREExQkNGODQyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZgGCCsGAQUFBwEHAQH/
BIGIMIGFMHQEAgABMG4DBAJnCzwDBABxy9EwDAMEAHHL0wMEAXHL2AMEAHHL2wME
AHHL4jAMAwQBccvqAwQAccvwMAwDBABxy/MDBABxy/QwDAMEB7SygAMEALSykAME
ALSylQMEBLSyoAMEALSysgMEArSytAMEBN8d4DANBAIAAjAHAwUAJAFBADANBgkq
hkiG9w0BAQsFAAOCAQEAGqOVNhB6fLw+qDv1R0hZa6lindFnVZCt24hlpyfgf2ti
gg4wdwSFOLQWgBxIfjeY6RSDWw9f+F6J5RxgSYCOEYd6LZRaluCBeZg4L+kO/Ol9
kWqg7/RbftSCXUcSkls7MOYAB+pU/bbu83is8Frf5k+ECm494sentxtHNOnzOwj3
k/NamXblvWriy7EZMCrOmAng0zzFJMURcwAs2Gppk8V35TubmLs7ojcII6FDQItW
eGh4fAraekbCEEyxm9qevFwNh1Td/Vx1P3tkMcu21Z+Uzia02qq2yxIJBsAf3En2
CFymzfYjmwfI+d2cXo0kIvMufb0nwv8juvyH/iVGeg==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:14 2023 by rpki-client on console-fra.rpki-client.org