Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/171ED7C4DCF311ED95257E3DC4F9AE02.roa
File: 171ED7C4DCF311ED95257E3DC4F9AE02.roa (raw, json)
Hash identifier: 7jZDclmPD8yfhT19S9cTRrYGfPfD9embL+YEGGcr0ws=
Subject key identifier: 37:7D:08:67:44:A7:A7:66:2F:26:28:23:A1:3A:E4:9F:87:41:B0:DF
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 0A11
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/171ED7C4DCF311ED95257E3DC4F9AE02.roa
Signing time: Mon 17 Apr 2023 07:40:14 +0000
ROA not before: Mon 17 Apr 2023 07:40:14 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 9387
IP address blocks: 103.11.60.0/22 maxlen: 22
113.203.209.0/24 maxlen: 24
113.203.211.0/24 maxlen: 24
113.203.212.0/24 maxlen: 24
113.203.213.0/24 maxlen: 24
113.203.214.0/23 maxlen: 24
113.203.216.0/24 maxlen: 24
113.203.219.0/24 maxlen: 24
113.203.226.0/24 maxlen: 24
113.203.234.0/24 maxlen: 24
113.203.235.0/24 maxlen: 24
113.203.236.0/24 maxlen: 24
113.203.237.0/24 maxlen: 24
113.203.238.0/24 maxlen: 24
113.203.239.0/24 maxlen: 24
113.203.240.0/24 maxlen: 24
113.203.244.0/24 maxlen: 24
180.178.128.0/21 maxlen: 21
180.178.128.0/22 maxlen: 22
180.178.128.0/24 maxlen: 24
180.178.129.0/24 maxlen: 24
180.178.132.0/24 maxlen: 24
180.178.133.0/24 maxlen: 24
180.178.134.0/24 maxlen: 24
180.178.135.0/24 maxlen: 24
180.178.136.0/21 maxlen: 21
180.178.137.0/24 maxlen: 24
180.178.138.0/24 maxlen: 24
180.178.139.0/24 maxlen: 24
180.178.144.0/24 maxlen: 24
180.178.149.0/24 maxlen: 24
180.178.160.0/20 maxlen: 20
180.178.160.0/24 maxlen: 24
180.178.161.0/24 maxlen: 24
180.178.164.0/22 maxlen: 24
180.178.168.0/24 maxlen: 24
180.178.172.0/24 maxlen: 24
180.178.174.0/24 maxlen: 24
180.178.175.0/24 maxlen: 24
180.178.178.0/24 maxlen: 24
180.178.180.0/22 maxlen: 24
223.29.224.0/20 maxlen: 20
2401:4100::/32 maxlen: 32
2401:4100::/33 maxlen: 33
2401:4100:8000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2577 (0xa11)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7, serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Validity
Not Before: Apr 17 07:40:14 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=643cf7de-045c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f7:b9:5f:dc:82:92:f6:d9:fd:96:0b:9b:40:24:
d7:7c:c7:02:d0:10:3b:5e:e7:bf:d2:a4:da:e3:c6:
8b:64:72:19:15:44:51:e7:04:80:d7:f7:5f:2d:89:
f7:6a:e6:ee:4a:20:ce:0c:ba:7d:89:b8:da:4a:0c:
76:55:c6:13:a3:4d:f0:5b:4f:d2:de:07:25:65:1a:
c0:85:9c:2c:c2:7b:08:97:d5:bc:2f:43:72:ad:81:
f8:7c:72:67:81:bb:f4:64:fd:67:b8:4f:98:ec:56:
9a:95:63:21:bc:f8:a3:f9:c6:9b:ba:f0:50:57:4b:
cc:bd:55:09:39:3e:ca:f7:80:f0:f6:8f:be:33:ea:
47:62:1b:60:bb:e0:1b:bc:10:ff:59:04:0c:f7:96:
91:b9:53:0c:02:ca:4f:3e:f7:2f:eb:98:87:b7:c2:
82:13:ee:e2:fe:5c:a7:8a:ee:2c:52:30:35:6a:df:
51:98:81:1c:cf:8d:ba:ff:08:0d:7c:ac:12:cc:a4:
cc:9d:27:55:8e:18:d6:60:ba:3b:24:4d:3c:e2:de:
c7:57:3a:99:e0:17:f9:4b:f3:a1:16:72:ca:3f:e0:
19:e3:df:0d:33:3c:72:59:f2:ab:37:0b:07:a9:81:
16:10:89:73:be:7b:60:e8:68:0d:40:1f:c4:1f:9a:
12:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:7D:08:67:44:A7:A7:66:2F:26:28:23:A1:3A:E4:9F:87:41:B0:DF
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/171ED7C4DCF311ED95257E3DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.11.60.0/22
113.203.209.0/24
113.203.211.0-113.203.216.255
113.203.219.0/24
113.203.226.0/24
113.203.234.0-113.203.240.255
113.203.244.0/24
180.178.128.0-180.178.144.255
180.178.149.0/24
180.178.160.0/20
180.178.178.0/24
180.178.180.0/22
223.29.224.0/20
IPv6:
2401:4100::/32
Signature Algorithm: sha256WithRSAEncryption
21:22:54:6b:76:a0:b8:29:92:b6:9b:9d:5c:4c:6e:40:07:38:
c8:a7:97:2c:2a:77:15:33:e1:e2:2f:19:57:4c:67:ff:70:82:
b2:71:a1:10:0e:45:74:6f:31:0b:4a:eb:c1:2a:06:14:f3:34:
11:1b:5d:06:cd:f5:83:ad:95:1e:57:72:6d:8c:1a:03:34:cc:
99:68:2d:4f:5f:4f:d6:99:65:ad:3e:24:5e:ee:37:2c:f3:89:
b4:55:f1:84:c2:ca:56:62:6e:85:b4:d7:c0:cf:f7:ac:cc:3b:
90:ec:b1:22:3f:b8:03:ee:51:44:e6:56:86:fa:5d:6d:1c:97:
c0:61:88:b8:49:1a:e5:7d:78:49:bb:f2:41:46:c4:75:89:e1:
14:eb:ea:82:b6:ef:58:85:b5:50:09:97:58:b8:dc:13:3d:04:
ce:7c:08:50:e3:b2:59:f4:9c:14:56:aa:07:4d:9e:04:b4:d4:
ba:d7:42:79:81:6b:f2:a1:d8:ee:6c:42:99:0e:8a:18:c1:dc:
86:40:e2:ba:a7:d4:e1:cf:37:28:3d:cb:8e:d4:09:08:72:21:
ed:e0:f7:4e:c2:df:34:0d:58:e0:e3:9c:4a:8e:bf:37:00:f7:
3a:30:d9:ae:00:87:e9:9b:70:e2:9f:4f:97:79:3a:88:89:93:
b2:69:e4:33
-----BEGIN CERTIFICATE-----
MIIF4TCCBMmgAwIBAgICChEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwNDE3MDc0MDE0WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDNjZjdkZS0wNDVjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA97lf3IKS9tn9lgubQCTXfMcC0BA7Xue/0qTa48aLZHIZFURR5wSA1/dfLYn3
aubuSiDODLp9ibjaSgx2VcYTo03wW0/S3gclZRrAhZwswnsIl9W8L0NyrYH4fHJn
gbv0ZP1nuE+Y7FaalWMhvPij+cabuvBQV0vMvVUJOT7K94Dw9o++M+pHYhtgu+Ab
vBD/WQQM95aRuVMMAspPPvcv65iHt8KCE+7i/lyniu4sUjA1at9RmIEcz426/wgN
fKwSzKTMnSdVjhjWYLo7JE084t7HVzqZ4Bf5S/OhFnLKP+AZ498NMzxyWfKrNwsH
qYEWEIlzvntg6GgNQB/EH5oSzQIDAQABo4IDBTCCAwEwHQYDVR0OBBYEFDd9CGdE
p6dmLyYoI6E65J+HQbDfMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvMTcxRUQ3QzRE
Q0YzMTFFRDk1MjU3RTNEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgY4GCCsGAQUFBwEHAQH/
BH8wfTBsBAIAATBmAwQCZws8AwQAccvRMAwDBABxy9MDBABxy9gDBABxy9sDBABx
y+IwDAMEAXHL6gMEAHHL8AMEAHHL9DAMAwQHtLKAAwQAtLKQAwQAtLKVAwQEtLKg
AwQAtLKyAwQCtLK0AwQE3x3gMA0EAgACMAcDBQAkAUEAMA0GCSqGSIb3DQEBCwUA
A4IBAQAhIlRrdqC4KZK2m51cTG5ABzjIp5csKncVM+HiLxlXTGf/cIKycaEQDkV0
bzELSuvBKgYU8zQRG10GzfWDrZUeV3JtjBoDNMyZaC1PX0/WmWWtPiRe7jcs84m0
VfGEwspWYm6FtNfAz/eszDuQ7LEiP7gD7lFE5laG+l1tHJfAYYi4SRrlfXhJu/JB
RsR1ieEU6+qCtu9YhbVQCZdYuNwTPQTOfAhQ47JZ9JwUVqoHTZ4EtNS610J5gWvy
odjubEKZDooYwdyGQOK6p9ThzzcoPcuO1AkIciHt4PdOwt80DVjg45xKjr83APc6
MNmuAIfpm3Din0+XeTqIiZOyaeQz
-----END CERTIFICATE-----
Generated at Sat Apr 26 14:12:43 2025 by rpki-client