Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/A7FC745CDE9E11EDADD36960C4F9AE02.roa
File: A7FC745CDE9E11EDADD36960C4F9AE02.roa (raw, json)
Hash identifier: ZCsfSe/fhhQCzjhjZ9uXZV0QDjnh44iaVWJJsvxt/V4=
Subject key identifier: 7A:8A:BE:6E:76:6C:26:5C:F9:D3:E9:EC:9F:8E:90:FB:BD:AB:BC:14
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 0A2A
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/A7FC745CDE9E11EDADD36960C4F9AE02.roa
Signing time: Wed 19 Apr 2023 10:40:52 +0000
ROA not before: Wed 19 Apr 2023 10:40:52 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 7018
IP address blocks: 113.203.208.0/24 maxlen: 24
113.203.210.0/24 maxlen: 24
113.203.218.0/24 maxlen: 24
113.203.220.0/24 maxlen: 24
113.203.222.0/24 maxlen: 24
113.203.223.0/24 maxlen: 24
113.203.224.0/24 maxlen: 24
113.203.225.0/24 maxlen: 24
113.203.227.0/24 maxlen: 24
113.203.233.0/24 maxlen: 24
113.203.245.0/24 maxlen: 24
113.203.252.0/22 maxlen: 24
180.178.162.0/24 maxlen: 24
180.178.173.0/24 maxlen: 24
180.178.179.0/24 maxlen: 24
223.29.226.0/24 maxlen: 24
223.29.235.0/24 maxlen: 24
223.29.236.0/24 maxlen: 24
223.29.237.0/24 maxlen: 24
223.29.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2602 (0xa2a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Validity
Not Before: Apr 19 10:40:52 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=643fc534-3132
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:67:ef:0a:c1:60:05:69:3f:14:c5:06:56:9f:
e2:21:52:5c:31:af:8a:4c:cc:cd:81:62:19:93:f4:
92:a6:84:30:ef:5d:d2:18:3f:b3:32:7f:eb:16:c9:
0e:9c:9e:d1:14:8d:24:df:c9:57:c6:77:0c:37:b3:
78:a6:13:7c:42:21:65:41:ce:48:21:fd:7c:8f:cb:
0e:d1:c2:de:dc:6a:d3:37:86:d5:a5:58:6f:be:81:
e9:89:26:62:09:2c:a9:02:1b:17:1c:93:d4:15:fe:
89:49:f4:bf:25:fc:65:03:a9:ca:a4:bf:4a:1e:49:
62:bb:19:27:89:30:e6:b9:d6:6a:ea:98:b7:68:fc:
dd:f4:35:89:9c:aa:dd:3d:41:c8:34:67:45:61:62:
dc:68:4e:5b:bc:00:26:c0:25:2e:2c:dc:7b:bd:c2:
a9:70:d3:02:24:1e:a2:a9:e2:7f:9e:09:3c:0f:3c:
f7:44:a4:0e:b9:3c:0a:63:30:32:61:10:b3:af:c8:
f0:7a:08:42:83:1a:28:94:36:2c:74:2f:8e:01:a0:
8e:b7:a0:9c:32:c5:16:18:23:fe:2d:ea:de:0c:ae:
6c:57:03:36:11:06:b4:f9:41:c0:6c:36:e7:ab:0b:
63:97:e5:fc:f3:76:f5:dd:b1:09:04:2a:51:02:5b:
7b:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:8A:BE:6E:76:6C:26:5C:F9:D3:E9:EC:9F:8E:90:FB:BD:AB:BC:14
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/A7FC745CDE9E11EDADD36960C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
113.203.208.0/24
113.203.210.0/24
113.203.218.0/24
113.203.220.0/24
113.203.222.0-113.203.225.255
113.203.227.0/24
113.203.233.0/24
113.203.245.0/24
113.203.252.0/22
180.178.162.0/24
180.178.173.0/24
180.178.179.0/24
223.29.226.0/24
223.29.235.0-223.29.238.255
Signature Algorithm: sha256WithRSAEncryption
40:c6:df:b0:71:a3:51:db:ab:aa:49:85:b8:97:0c:82:d3:a7:
eb:9a:0a:63:30:9b:d4:31:e4:ab:7d:3e:70:8f:d6:ac:70:15:
41:c1:69:d4:3b:ca:54:0a:01:69:f6:0e:d7:55:a0:59:48:c8:
68:0e:d7:7a:94:e7:61:0b:ba:29:23:33:53:b7:1f:51:18:b4:
b9:57:9f:17:18:87:c5:0f:52:6d:f9:1f:52:63:25:bf:02:66:
ff:e7:fe:d0:5f:58:d4:eb:4b:d3:af:0b:dd:67:ec:00:c9:f9:
aa:47:c4:a3:25:2a:18:a8:56:1a:5b:7e:00:79:0f:b6:cb:cf:
5d:56:22:17:2a:5d:c6:db:c8:1c:57:55:d2:d1:ac:cc:93:95:
32:08:13:b8:79:71:ab:25:9f:7f:76:15:75:43:d6:3c:16:f8:
d7:96:36:bb:c3:4f:1c:4f:7d:53:c1:61:b7:89:f7:26:56:82:
11:60:0a:e7:6b:16:88:e1:04:15:8f:06:da:2d:72:38:11:45:
f2:2b:81:18:f0:1f:da:87:97:d6:8e:74:81:dc:cf:63:1b:1f:
78:d9:11:fa:9a:68:3b:d9:b0:47:a3:c9:22:12:4c:1e:dc:88:
ab:7a:06:f1:1a:5d:77:ab:2f:07:90:91:d0:f0:ac:cc:cd:90:
0b:6b:be:1c
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgICCiowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwNDE5MTA0MDUyWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDNmYzUzNC0zMTMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6mfvCsFgBWk/FMUGVp/iIVJcMa+KTMzNgWIZk/SSpoQw713SGD+zMn/rFskO
nJ7RFI0k38lXxncMN7N4phN8QiFlQc5IIf18j8sO0cLe3GrTN4bVpVhvvoHpiSZi
CSypAhsXHJPUFf6JSfS/JfxlA6nKpL9KHkliuxkniTDmudZq6pi3aPzd9DWJnKrd
PUHINGdFYWLcaE5bvAAmwCUuLNx7vcKpcNMCJB6iqeJ/ngk8Dzz3RKQOuTwKYzAy
YRCzr8jweghCgxoolDYsdC+OAaCOt6CcMsUWGCP+LereDK5sVwM2EQa0+UHAbDbn
qwtjl+X883b13bEJBCpRAlt75QIDAQABo4IC8zCCAu8wHQYDVR0OBBYEFHqKvm52
bCZc+dPp7J+OkPu9q7wUMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvQTdGQzc0NUNE
RTlFMTFFREFERDM2OTYwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwfQYIKwYBBQUHAQcBAf8E
bjBsMGoEAgABMGQDBABxy9ADBABxy9IDBABxy9oDBABxy9wwDAMEAXHL3gMEAXHL
4AMEAHHL4wMEAHHL6QMEAHHL9QMEAnHL/AMEALSyogMEALSyrQMEALSyswMEAN8d
4jAMAwQA3x3rAwQA3x3uMA0GCSqGSIb3DQEBCwUAA4IBAQBAxt+wcaNR26uqSYW4
lwyC06frmgpjMJvUMeSrfT5wj9ascBVBwWnUO8pUCgFp9g7XVaBZSMhoDtd6lOdh
C7opIzNTtx9RGLS5V58XGIfFD1Jt+R9SYyW/Amb/5/7QX1jU60vTrwvdZ+wAyfmq
R8SjJSoYqFYaW34AeQ+2y89dViIXKl3G28gcV1XS0azMk5UyCBO4eXGrJZ9/dhV1
Q9Y8FvjXlja7w08cT31TwWG3ifcmVoIRYArnaxaI4QQVjwbaLXI4EUXyK4EY8B/a
h5fWjnSB3M9jGx942RH6mmg72bBHo8kiEkwe3IiregbxGl13qy8HkJHQ8KzMzZAL
a74c
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:15 2023 by rpki-client on console-fra.rpki-client.org