Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/A1669E4459E011EDB36D1E30C4F9AE02.roa
File: A1669E4459E011EDB36D1E30C4F9AE02.roa (raw, json)
Hash identifier: rEoCBbe6qYw3zSr272sFA9CdhWmMHLEVl/5E1bSOeZY=
Subject key identifier: AA:B6:1E:92:75:1A:64:EF:47:F7:ED:71:82:FB:AF:6F:82:12:CD:E3
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 09C0
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/A1669E4459E011EDB36D1E30C4F9AE02.roa
Signing time: Fri 17 Mar 2023 16:28:30 +0000
ROA not before: Fri 17 Mar 2023 16:28:30 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 140900
IP address blocks: 113.203.246.0/24 maxlen: 24
180.178.140.0/24 maxlen: 24
180.178.141.0/24 maxlen: 24
180.178.142.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2496 (0x9c0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Validity
Not Before: Mar 17 16:28:30 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=6414952e-e2dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:b3:3f:f6:df:aa:43:a0:06:8c:58:1e:09:53:
a5:05:20:8e:3b:b5:b9:90:f5:a9:b6:b0:09:14:fc:
fc:0a:4c:d4:8e:69:d3:fe:c6:c5:39:9e:58:44:6f:
a7:6f:4a:aa:87:2d:47:dd:74:f2:d5:62:cc:2f:b3:
2c:72:b9:bf:82:48:98:d5:f3:24:44:2a:1d:c1:5e:
81:36:d8:d0:6f:9c:ae:20:2e:a6:8d:1b:77:86:18:
2d:23:bd:3e:48:53:70:3d:8c:a7:ff:50:41:29:24:
68:c0:b6:82:f3:9f:d1:c5:53:89:d0:69:3f:89:1e:
71:8e:21:39:07:fd:aa:b1:cb:1a:94:64:7a:33:11:
8c:96:75:ca:e2:ae:b1:24:16:71:92:62:c6:7f:ba:
b5:22:3f:88:90:2b:93:71:19:4d:83:78:48:98:4b:
8e:ac:63:6c:3f:1c:79:32:79:ca:a3:24:b1:2b:1f:
0c:35:4b:28:f4:91:a7:a1:a3:66:f3:a0:f0:4f:10:
26:8f:53:1f:3a:fd:4c:6b:72:16:21:a8:c7:1c:a2:
6a:f4:84:3d:44:b6:3d:17:5e:e1:43:00:b7:1e:b6:
41:22:90:a5:cf:ea:3b:7a:b1:b4:c1:90:b0:e8:07:
91:55:ec:30:31:92:6d:48:27:7b:d3:f4:bb:3c:98:
ea:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:B6:1E:92:75:1A:64:EF:47:F7:ED:71:82:FB:AF:6F:82:12:CD:E3
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/A1669E4459E011EDB36D1E30C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
113.203.246.0/24
180.178.140.0-180.178.142.255
Signature Algorithm: sha256WithRSAEncryption
4d:8c:d9:f4:91:3d:8d:3c:33:a2:36:05:3e:c1:e2:78:97:e3:
e4:4b:9d:b6:e0:75:0a:d2:93:d3:a2:dd:df:9a:6c:a8:7f:af:
d8:26:97:a8:09:61:13:9e:dd:eb:61:47:0f:3b:fc:bf:b6:7a:
80:e1:1e:42:b7:bb:66:b2:3c:d7:bf:b3:ab:ad:5d:32:94:1c:
b6:d2:ea:f6:46:ea:a9:f0:5c:01:fa:3b:3c:db:09:9b:70:df:
e9:4a:95:17:bb:e7:20:db:23:5f:91:ef:bf:88:23:63:b4:4b:
37:25:21:2a:0f:a5:b3:83:70:59:ee:c1:c6:61:ed:62:a2:51:
bc:db:89:f5:a1:45:bc:5a:fb:e3:5a:40:fa:2f:f5:09:89:d3:
d0:f6:24:8c:65:b1:c8:b8:f5:47:61:51:89:e1:06:b4:fd:70:
c4:96:1e:52:a8:15:d1:a8:01:81:66:a3:e3:a6:e5:bb:f4:e0:
9a:7b:ce:6c:7f:6b:0c:a7:62:42:f1:5d:57:5b:44:14:06:7c:
d8:85:3c:dd:3c:07:62:24:f9:03:19:dd:22:94:10:b3:46:74:
d9:85:d8:6a:82:7f:ee:9f:39:b0:60:88:4b:3f:c9:7c:2d:2d:
18:1e:55:1a:a8:c3:74:03:23:d5:f8:32:60:18:1e:b7:31:0c:
1d:ac:a9:eb
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICCcAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwMzE3MTYyODMwWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDE0OTUyZS1lMmRjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5rM/9t+qQ6AGjFgeCVOlBSCOO7W5kPWptrAJFPz8CkzUjmnT/sbFOZ5YRG+n
b0qqhy1H3XTy1WLML7Mscrm/gkiY1fMkRCodwV6BNtjQb5yuIC6mjRt3hhgtI70+
SFNwPYyn/1BBKSRowLaC85/RxVOJ0Gk/iR5xjiE5B/2qscsalGR6MxGMlnXK4q6x
JBZxkmLGf7q1Ij+IkCuTcRlNg3hImEuOrGNsPxx5MnnKoySxKx8MNUso9JGnoaNm
86DwTxAmj1MfOv1Ma3IWIajHHKJq9IQ9RLY9F17hQwC3HrZBIpClz+o7erG0wZCw
6AeRVewwMZJtSCd70/S7PJjqYQIDAQABo4ICozCCAp8wHQYDVR0OBBYEFKq2HpJ1
GmTvR/ftcYL7r2+CEs3jMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvQTE2NjlFNDQ1
OUUwMTFFREIzNkQxRTMwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQDBABxy/YwDAMEArSyjAMEALSyjjANBgkqhkiG9w0BAQsFAAOC
AQEATYzZ9JE9jTwzojYFPsHieJfj5EudtuB1CtKT06Ld35psqH+v2CaXqAlhE57d
62FHDzv8v7Z6gOEeQre7ZrI817+zq61dMpQcttLq9kbqqfBcAfo7PNsJm3Df6UqV
F7vnINsjX5Hvv4gjY7RLNyUhKg+ls4NwWe7BxmHtYqJRvNuJ9aFFvFr741pA+i/1
CYnT0PYkjGWxyLj1R2FRieEGtP1wxJYeUqgV0agBgWaj46blu/TgmnvObH9rDKdi
QvFdV1tEFAZ82IU83TwHYiT5AxndIpQQs0Z02YXYaoJ/7p85sGCISz/JfC0tGB5V
GqjDdAMj1fgyYBgetzEMHayp6w==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:15 2023 by rpki-client on console-fra.rpki-client.org