Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/38DB84E8DDE311EDB8855563C4F9AE02.roa
File: 38DB84E8DDE311EDB8855563C4F9AE02.roa (raw, json)
Hash identifier: iIuqxCZKqqBvcEt8nGqDoxAwNsWQZOlGpfM0vOp+WHM=
Subject key identifier: 2E:6F:46:AA:6A:AC:62:12:F7:6D:1A:B3:D0:E8:29:A0:E0:3E:4D:61
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 0A1E
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/38DB84E8DDE311EDB8855563C4F9AE02.roa
Signing time: Tue 18 Apr 2023 12:19:10 +0000
ROA not before: Tue 18 Apr 2023 12:19:10 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 9387
IP address blocks: 113.203.209.0/24 maxlen: 24
113.203.211.0/24 maxlen: 24
113.203.212.0/24 maxlen: 24
113.203.213.0/24 maxlen: 24
113.203.214.0/23 maxlen: 24
113.203.216.0/24 maxlen: 24
113.203.219.0/24 maxlen: 24
113.203.226.0/24 maxlen: 24
113.203.234.0/24 maxlen: 24
113.203.235.0/24 maxlen: 24
113.203.236.0/24 maxlen: 24
113.203.237.0/24 maxlen: 24
113.203.238.0/24 maxlen: 24
113.203.239.0/24 maxlen: 24
113.203.240.0/24 maxlen: 24
113.203.244.0/24 maxlen: 24
180.178.133.0/24 maxlen: 24
180.178.134.0/24 maxlen: 24
180.178.135.0/24 maxlen: 24
180.178.136.0/21 maxlen: 21
180.178.137.0/24 maxlen: 24
180.178.138.0/24 maxlen: 24
180.178.139.0/24 maxlen: 24
180.178.144.0/24 maxlen: 24
180.178.149.0/24 maxlen: 24
180.178.160.0/20 maxlen: 20
180.178.160.0/24 maxlen: 24
180.178.161.0/24 maxlen: 24
180.178.164.0/22 maxlen: 24
180.178.168.0/24 maxlen: 24
180.178.172.0/24 maxlen: 24
180.178.174.0/24 maxlen: 24
180.178.175.0/24 maxlen: 24
180.178.178.0/24 maxlen: 24
180.178.180.0/22 maxlen: 24
223.29.224.0/20 maxlen: 20
2401:4100::/32 maxlen: 32
2401:4100::/33 maxlen: 33
2401:4100:8000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2590 (0xa1e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7, serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Validity
Not Before: Apr 18 12:19:10 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=643e8abe-d468
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:f2:b0:ee:d5:0d:48:2f:ef:5f:96:64:bf:ba:
6b:5d:7c:7a:8f:63:4b:6a:d2:cc:66:84:5a:60:9e:
f2:de:72:5d:cf:2d:cf:35:da:d0:34:84:cd:31:7b:
bc:fc:fc:90:7a:25:f1:05:55:01:26:af:61:f0:f5:
c5:8b:61:e3:92:6f:0b:8f:23:b1:ea:c3:ee:8e:46:
3d:fc:30:31:43:82:81:d4:03:2b:83:5e:e9:c3:26:
37:06:2d:82:f2:90:e7:d8:76:2c:f2:de:ac:81:c6:
f6:69:8f:0e:f4:5d:db:59:ff:40:7a:5c:78:22:04:
08:6f:64:01:9d:1c:40:88:7d:b4:86:a2:ec:cd:60:
b6:45:ba:5f:4a:d2:d4:1f:8e:36:a7:85:ef:86:e5:
73:4f:b0:b5:e0:dc:db:0e:a5:2a:ac:c6:38:f6:39:
51:79:9f:a3:d6:70:80:cb:d8:9f:74:bd:99:f5:88:
c1:07:b9:f3:8f:39:d1:2a:ec:26:f6:d3:3b:dd:e2:
b8:b1:fe:98:57:ff:18:2e:93:22:fd:ca:10:93:a2:
6c:a8:df:c0:b2:f2:1a:1b:f7:a0:92:5b:6c:92:fe:
76:a0:09:1a:3b:1a:5e:aa:f3:36:43:be:20:86:50:
41:77:9b:4f:96:98:96:d4:f6:d1:0b:04:6f:d9:a1:
53:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:6F:46:AA:6A:AC:62:12:F7:6D:1A:B3:D0:E8:29:A0:E0:3E:4D:61
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/38DB84E8DDE311EDB8855563C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
113.203.209.0/24
113.203.211.0-113.203.216.255
113.203.219.0/24
113.203.226.0/24
113.203.234.0-113.203.240.255
113.203.244.0/24
180.178.133.0-180.178.144.255
180.178.149.0/24
180.178.160.0/20
180.178.178.0/24
180.178.180.0/22
223.29.224.0/20
IPv6:
2401:4100::/32
Signature Algorithm: sha256WithRSAEncryption
39:10:c4:b3:1e:66:01:05:f2:c4:9a:9f:ed:76:1d:af:fc:4b:
86:4a:01:5f:31:7a:5c:33:c5:2a:7d:98:d9:80:21:f6:07:ce:
ad:a7:d0:83:71:f2:9d:3d:4c:e9:91:2d:03:a7:38:25:03:89:
b5:81:10:3c:e9:00:cc:95:4e:18:79:f0:52:29:0d:9c:eb:d5:
9a:40:9c:b2:20:4a:b2:04:81:cf:7d:97:52:38:92:54:24:a2:
c8:74:a7:37:de:d8:22:cc:90:7c:69:61:3e:85:6e:40:73:c7:
32:52:4f:0a:d8:7f:10:74:8c:db:36:11:67:86:43:dd:d8:ce:
03:37:9f:4d:47:bd:7f:9c:64:f4:9b:51:31:7b:61:b9:7d:ef:
4b:83:3d:ca:7f:e9:e8:75:10:f7:34:22:1b:a8:5d:48:fb:4a:
37:b3:dc:6b:82:f0:ff:b0:e5:f5:02:db:63:21:24:96:54:ef:
57:a5:ee:b4:35:5b:dc:a2:2b:88:22:6d:6c:7a:63:b4:25:96:
77:3c:a5:a0:36:29:c1:11:c5:63:17:fe:36:85:c8:d6:dd:33:
87:ff:06:e8:e1:80:5f:5f:2d:e5:1a:65:a3:62:05:31:f0:36:
cf:81:1b:83:95:b7:9b:a9:aa:8a:b1:7f:95:22:1b:c9:a2:2d:
73:d1:4d:84
-----BEGIN CERTIFICATE-----
MIIF2zCCBMOgAwIBAgICCh4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwNDE4MTIxOTEwWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDNlOGFiZS1kNDY4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsPKw7tUNSC/vX5Zkv7prXXx6j2NLatLMZoRaYJ7y3nJdzy3PNdrQNITNMXu8
/PyQeiXxBVUBJq9h8PXFi2Hjkm8LjyOx6sPujkY9/DAxQ4KB1AMrg17pwyY3Bi2C
8pDn2HYs8t6sgcb2aY8O9F3bWf9Aelx4IgQIb2QBnRxAiH20hqLszWC2RbpfStLU
H442p4XvhuVzT7C14NzbDqUqrMY49jlReZ+j1nCAy9ifdL2Z9YjBB7nzjznRKuwm
9tM73eK4sf6YV/8YLpMi/coQk6JsqN/AsvIaG/egkltskv52oAkaOxpeqvM2Q74g
hlBBd5tPlpiW1PbRCwRv2aFTXQIDAQABo4IC/zCCAvswHQYDVR0OBBYEFC5vRqpq
rGIS920as9DoKaDgPk1hMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvMzhEQjg0RThE
REUzMTFFREI4ODU1NTYzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgYgGCCsGAQUFBwEHAQH/
BHkwdzBmBAIAATBgAwQAccvRMAwDBABxy9MDBABxy9gDBABxy9sDBABxy+IwDAME
AXHL6gMEAHHL8AMEAHHL9DAMAwQAtLKFAwQAtLKQAwQAtLKVAwQEtLKgAwQAtLKy
AwQCtLK0AwQE3x3gMA0EAgACMAcDBQAkAUEAMA0GCSqGSIb3DQEBCwUAA4IBAQA5
EMSzHmYBBfLEmp/tdh2v/EuGSgFfMXpcM8UqfZjZgCH2B86tp9CDcfKdPUzpkS0D
pzglA4m1gRA86QDMlU4YefBSKQ2c69WaQJyyIEqyBIHPfZdSOJJUJKLIdKc33tgi
zJB8aWE+hW5Ac8cyUk8K2H8QdIzbNhFnhkPd2M4DN59NR71/nGT0m1Exe2G5fe9L
gz3Kf+nodRD3NCIbqF1I+0o3s9xrgvD/sOX1AttjISSWVO9Xpe60NVvcoiuIIm1s
emO0JZZ3PKWgNinBEcVjF/42hcjW3TOH/wbo4YBfXy3lGmWjYgUx8DbPgRuDlbeb
qaqKsX+VIhvJoi1z0U2E
-----END CERTIFICATE-----
Generated at Sat Apr 26 12:33:39 2025 by rpki-client