Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/A7A612D4C4BC11EDA97B5F53C4F9AE02.roa
File: A7A612D4C4BC11EDA97B5F53C4F9AE02.roa (raw, json)
Hash identifier: DI+rxQEiAUOvExBAcjuvRSuoKQfFJ80VPBkATVM19iA=
Subject key identifier: DA:D6:64:8D:96:B3:0E:7B:C2:19:AF:DE:8A:24:E2:57:7D:7A:C9:0E
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 09BE
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/A7A612D4C4BC11EDA97B5F53C4F9AE02.roa
Signing time: Fri 17 Mar 2023 12:10:07 +0000
ROA not before: Fri 17 Mar 2023 12:10:07 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 9387
IP address blocks: 103.11.60.0/22 maxlen: 22
103.11.60.0/24 maxlen: 24
103.11.62.0/24 maxlen: 24
113.203.209.0/24 maxlen: 24
113.203.211.0/24 maxlen: 24
113.203.212.0/24 maxlen: 24
113.203.213.0/24 maxlen: 24
113.203.214.0/23 maxlen: 24
113.203.216.0/24 maxlen: 24
113.203.217.0/24 maxlen: 24
113.203.219.0/24 maxlen: 24
113.203.226.0/24 maxlen: 24
113.203.234.0/24 maxlen: 24
113.203.235.0/24 maxlen: 24
113.203.236.0/24 maxlen: 24
113.203.237.0/24 maxlen: 24
113.203.238.0/24 maxlen: 24
113.203.239.0/24 maxlen: 24
113.203.240.0/24 maxlen: 24
113.203.243.0/24 maxlen: 24
113.203.244.0/24 maxlen: 24
113.203.246.0/24 maxlen: 24
180.178.128.0/21 maxlen: 21
180.178.128.0/22 maxlen: 22
180.178.128.0/24 maxlen: 24
180.178.129.0/24 maxlen: 24
180.178.132.0/24 maxlen: 24
180.178.133.0/24 maxlen: 24
180.178.134.0/24 maxlen: 24
180.178.135.0/24 maxlen: 24
180.178.136.0/21 maxlen: 21
180.178.137.0/24 maxlen: 24
180.178.138.0/24 maxlen: 24
180.178.139.0/24 maxlen: 24
180.178.144.0/24 maxlen: 24
180.178.149.0/24 maxlen: 24
180.178.160.0/20 maxlen: 20
180.178.160.0/24 maxlen: 24
180.178.161.0/24 maxlen: 24
180.178.172.0/24 maxlen: 24
180.178.174.0/24 maxlen: 24
180.178.175.0/24 maxlen: 24
180.178.178.0/24 maxlen: 24
180.178.180.0/22 maxlen: 24
223.29.224.0/20 maxlen: 20
223.29.224.0/24 maxlen: 24
2401:4100::/32 maxlen: 32
2401:4100::/33 maxlen: 33
2401:4100:8000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2494 (0x9be)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Validity
Not Before: Mar 17 12:10:07 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=6414589e-46d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:b6:ec:cc:e4:ca:e2:b9:b6:0a:84:63:eb:b7:
82:50:b6:5d:bf:50:96:2e:81:a7:f5:c6:a1:cd:bd:
40:6c:24:af:a1:6d:7b:14:11:93:be:7f:4e:43:0e:
9a:7c:b0:c0:6f:7d:85:4f:f9:71:97:80:58:71:08:
53:74:9e:8b:c7:1f:1f:59:c5:e1:59:33:c5:d9:b0:
39:39:f5:33:2b:36:dc:bf:7a:89:56:e8:d7:12:78:
cd:48:71:66:3b:9f:8c:68:cb:44:06:f7:08:d3:e9:
9b:4d:89:14:00:ee:a4:d6:74:3b:d9:7b:5c:b7:aa:
d5:70:15:32:c1:ff:16:7d:1f:a4:54:f6:fb:02:8a:
a1:c0:40:2a:56:cd:ca:46:5e:2d:34:36:fc:da:2c:
98:9c:8b:80:0b:a0:a9:b6:34:90:59:82:03:4d:e7:
13:98:03:c9:39:e7:f7:0f:c2:9b:54:47:ea:96:98:
e4:96:65:52:99:e8:dd:64:3f:5d:17:47:fd:ed:24:
c9:77:fc:58:57:b2:9d:7b:a5:e5:f4:73:5f:ad:f6:
03:5f:0a:58:f6:e0:66:1c:70:b6:8d:38:cc:f1:d1:
2b:ee:ee:30:b4:ea:69:f3:f7:a6:2f:a8:1d:49:8d:
36:61:79:08:78:67:22:85:61:39:d9:ee:a6:b3:b4:
67:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:D6:64:8D:96:B3:0E:7B:C2:19:AF:DE:8A:24:E2:57:7D:7A:C9:0E
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/A7A612D4C4BC11EDA97B5F53C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.11.60.0/22
113.203.209.0/24
113.203.211.0-113.203.217.255
113.203.219.0/24
113.203.226.0/24
113.203.234.0-113.203.240.255
113.203.243.0-113.203.244.255
113.203.246.0/24
180.178.128.0-180.178.144.255
180.178.149.0/24
180.178.160.0/20
180.178.178.0/24
180.178.180.0/22
223.29.224.0/20
IPv6:
2401:4100::/32
Signature Algorithm: sha256WithRSAEncryption
63:41:62:76:d8:23:e6:ed:9f:c3:94:75:39:7c:7d:bd:e0:2a:
c3:17:e0:da:44:72:4a:28:68:b3:5e:a3:df:76:3f:0b:4a:1e:
d6:5f:38:b1:e5:4a:e6:87:3d:ef:42:f7:6a:2d:18:f7:7a:f5:
02:d9:93:ed:40:03:e3:ec:01:a6:64:3a:55:88:16:00:7e:99:
29:85:a5:c8:9b:bd:f2:80:51:5a:2c:18:e7:c9:5d:ba:3d:47:
79:f7:75:95:3f:dc:88:c7:01:4a:01:a7:00:92:40:8c:06:e4:
d7:11:7d:e6:77:8f:8f:36:a3:23:09:63:45:e2:04:1a:2a:6a:
94:55:a1:39:92:db:2e:c4:f6:43:c5:91:7f:0a:2e:1c:35:d3:
d3:9b:ce:8d:14:60:3e:e0:24:2a:83:7c:d0:a0:0f:24:15:6d:
e4:eb:37:a0:92:d5:0d:02:58:fa:7c:7f:7e:d0:7c:30:d4:31:
4a:11:eb:5f:e0:10:1d:12:09:58:f4:5e:32:8c:a5:28:9b:75:
60:6d:af:b0:a9:fe:7c:4e:10:ce:5f:2b:e1:3e:d6:df:19:d9:
46:fe:29:14:38:43:51:1b:25:42:98:b2:5b:ab:70:ec:3b:89:
18:54:cf:f1:25:f6:c7:e7:29:e1:56:4a:ce:06:13:82:c6:32:
b6:95:a1:3d
-----BEGIN CERTIFICATE-----
MIIF8TCCBNmgAwIBAgICCb4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwMzE3MTIxMDA3WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDE0NTg5ZS00NmQzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0bbszOTK4rm2CoRj67eCULZdv1CWLoGn9cahzb1AbCSvoW17FBGTvn9OQw6a
fLDAb32FT/lxl4BYcQhTdJ6Lxx8fWcXhWTPF2bA5OfUzKzbcv3qJVujXEnjNSHFm
O5+MaMtEBvcI0+mbTYkUAO6k1nQ72Xtct6rVcBUywf8WfR+kVPb7AoqhwEAqVs3K
Rl4tNDb82iyYnIuAC6CptjSQWYIDTecTmAPJOef3D8KbVEfqlpjklmVSmejdZD9d
F0f97STJd/xYV7Kde6Xl9HNfrfYDXwpY9uBmHHC2jTjM8dEr7u4wtOpp8/emL6gd
SY02YXkIeGcihWE52e6ms7RnCQIDAQABo4IDFTCCAxEwHQYDVR0OBBYEFNrWZI2W
sw57whmv3ook4ld9eskOMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvQTdBNjEyRDRD
NEJDMTFFREE5N0I1RjUzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZ4GCCsGAQUFBwEHAQH/
BIGOMIGLMHoEAgABMHQDBAJnCzwDBABxy9EwDAMEAHHL0wMEAXHL2AMEAHHL2wME
AHHL4jAMAwQBccvqAwQAccvwMAwDBABxy/MDBABxy/QDBABxy/YwDAMEB7SygAME
ALSykAMEALSylQMEBLSyoAMEALSysgMEArSytAMEBN8d4DANBAIAAjAHAwUAJAFB
ADANBgkqhkiG9w0BAQsFAAOCAQEAY0Fidtgj5u2fw5R1OXx9veAqwxfg2kRySiho
s16j33Y/C0oe1l84seVK5oc970L3ai0Y93r1AtmT7UAD4+wBpmQ6VYgWAH6ZKYWl
yJu98oBRWiwY58lduj1Hefd1lT/ciMcBSgGnAJJAjAbk1xF95nePjzajIwljReIE
GipqlFWhOZLbLsT2Q8WRfwouHDXT05vOjRRgPuAkKoN80KAPJBVt5Os3oJLVDQJY
+nx/ftB8MNQxShHrX+AQHRIJWPReMoylKJt1YG2vsKn+fE4Qzl8r4T7W3xnZRv4p
FDhDURslQpiyW6tw7DuJGFTP8SX2x+cp4VZKzgYTgsYytpWhPQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:15 2023 by rpki-client on console-fra.rpki-client.org