Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/AFAF44ACB12D11EDB6933A82C4F9AE02.roa
File: AFAF44ACB12D11EDB6933A82C4F9AE02.roa (raw, json)
Hash identifier: S0jK6kh1v4aN0bh5YYv7gkzre3lNeYpdKq33Rh0OzYs=
Subject key identifier: 58:0F:D0:79:AF:0C:C6:96:64:28:D8:EA:69:84:8B:C2:80:38:81:79
Certificate issuer: /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial: 0988
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/AFAF44ACB12D11EDB6933A82C4F9AE02.roa
Signing time: Mon 20 Feb 2023 14:48:50 +0000
ROA not before: Mon 20 Feb 2023 14:48:50 +0000
ROA not after: Fri 01 Dec 2023 00:00:00 +0000
asID: 9387
IP address blocks: 103.11.60.0/24 maxlen: 24
103.11.61.0/24 maxlen: 24
103.11.62.0/24 maxlen: 24
113.203.209.0/24 maxlen: 24
113.203.210.0/24 maxlen: 24
113.203.211.0/24 maxlen: 24
113.203.212.0/24 maxlen: 24
113.203.213.0/24 maxlen: 24
113.203.214.0/23 maxlen: 24
113.203.216.0/24 maxlen: 24
113.203.217.0/24 maxlen: 24
113.203.218.0/23 maxlen: 24
113.203.220.0/24 maxlen: 24
113.203.222.0/24 maxlen: 24
113.203.223.0/24 maxlen: 24
113.203.224.0/24 maxlen: 24
113.203.225.0/24 maxlen: 24
113.203.226.0/24 maxlen: 24
113.203.228.0/24 maxlen: 24
113.203.229.0/24 maxlen: 24
113.203.231.0/24 maxlen: 24
113.203.234.0/24 maxlen: 24
113.203.235.0/24 maxlen: 24
113.203.236.0/24 maxlen: 24
113.203.237.0/24 maxlen: 24
113.203.238.0/24 maxlen: 24
113.203.239.0/24 maxlen: 24
113.203.240.0/24 maxlen: 24
113.203.243.0/24 maxlen: 24
113.203.244.0/24 maxlen: 24
113.203.246.0/24 maxlen: 24
113.203.252.0/22 maxlen: 22
180.178.128.0/24 maxlen: 24
180.178.129.0/24 maxlen: 24
180.178.132.0/24 maxlen: 24
180.178.133.0/24 maxlen: 24
180.178.134.0/24 maxlen: 24
180.178.135.0/24 maxlen: 24
180.178.137.0/24 maxlen: 24
180.178.138.0/24 maxlen: 24
180.178.139.0/24 maxlen: 24
180.178.144.0/24 maxlen: 24
180.178.149.0/24 maxlen: 24
180.178.160.0/24 maxlen: 24
180.178.161.0/24 maxlen: 24
180.178.172.0/24 maxlen: 24
180.178.173.0/24 maxlen: 24
180.178.174.0/24 maxlen: 24
180.178.175.0/24 maxlen: 24
180.178.179.0/24 maxlen: 24
180.178.180.0/22 maxlen: 24
180.178.184.0/22 maxlen: 22
223.29.224.0/24 maxlen: 24
223.29.236.0/24 maxlen: 24
223.29.237.0/24 maxlen: 24
223.29.238.0/24 maxlen: 24
223.29.239.0/24 maxlen: 24
2401:4100::/33 maxlen: 33
2401:4100:8000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2440 (0x988)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F69E7, serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Validity
Not Before: Feb 20 14:48:50 2023 GMT
Not After : Dec 1 00:00:00 2023 GMT
Subject: CN=63f38852-2f99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:5f:29:6b:02:46:de:c6:ae:16:f1:ae:cd:be:
98:d1:c1:83:86:8c:bd:5b:6b:c7:f2:a5:76:58:ba:
9d:46:3a:82:08:4d:cc:72:a2:59:90:b0:f7:93:04:
46:1d:f0:cd:52:7c:31:4b:48:55:eb:21:ee:72:dd:
ee:5c:3d:86:01:66:41:d4:a3:fb:b2:b1:62:c7:82:
ec:4a:db:d0:7e:7c:54:99:ae:a4:20:79:8f:9c:eb:
34:1d:c6:77:7b:af:01:35:8c:ba:2d:ed:68:6a:5c:
53:0e:cb:a9:9b:1f:78:98:fe:94:53:62:b1:99:a3:
45:f6:dc:1f:e3:61:e8:8a:ab:d9:1e:bc:42:0d:c3:
27:2a:ae:1e:f8:76:00:e4:e5:df:a8:f8:98:85:1d:
db:88:b5:4b:ac:43:85:d3:13:a1:19:71:d8:d2:20:
ca:81:ed:6e:93:cc:12:47:6d:1d:b9:65:c5:a3:e9:
cb:89:9b:43:e9:8c:8b:ac:eb:80:7e:e5:e1:1b:0f:
6e:22:04:11:cc:80:3f:6d:b3:89:a7:d8:9e:fd:a3:
9c:26:e0:d9:9a:25:c2:92:f6:13:0c:5a:8a:40:68:
0c:89:12:06:88:1f:93:55:cf:d2:12:03:a9:72:d7:
dd:77:54:4f:96:51:87:37:e3:10:dc:a4:32:03:4f:
3c:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:0F:D0:79:AF:0C:C6:96:64:28:D8:EA:69:84:8B:C2:80:38:81:79
X509v3 Authority Key Identifier:
keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/AFAF44ACB12D11EDB6933A82C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.11.60.0-103.11.62.255
113.203.209.0-113.203.220.255
113.203.222.0-113.203.226.255
113.203.228.0/23
113.203.231.0/24
113.203.234.0-113.203.240.255
113.203.243.0-113.203.244.255
113.203.246.0/24
113.203.252.0/22
180.178.128.0/23
180.178.132.0/22
180.178.137.0-180.178.139.255
180.178.144.0/24
180.178.149.0/24
180.178.160.0/23
180.178.172.0/22
180.178.179.0-180.178.187.255
223.29.224.0/24
223.29.236.0/22
IPv6:
2401:4100::-2401:4100:8000:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
80:64:ce:61:dc:a5:d7:7c:85:30:ab:df:5f:09:79:33:28:5e:
e9:6c:70:f7:03:6c:5b:17:b9:ab:9c:a4:f7:a4:01:a4:e0:a8:
f0:66:27:5e:a8:11:74:22:36:32:49:92:c5:77:b2:66:c1:1b:
56:b0:95:e1:7e:1c:48:ab:cc:72:94:62:b4:a0:0a:f8:a6:d7:
f9:ec:de:dc:01:d4:57:a5:81:76:af:a9:c9:c0:99:df:2c:86:
71:51:e1:5c:39:23:c9:70:ea:68:f2:f0:03:74:f0:41:7e:4c:
4f:3e:2a:37:ad:3b:85:5d:b4:ed:d4:73:00:64:af:e6:a5:5e:
c0:66:9f:22:6a:08:b0:c4:86:f0:c9:22:a9:2a:68:04:85:69:
4e:67:28:77:6f:63:33:f9:56:79:38:05:08:e6:31:60:91:b1:
b0:17:42:31:b7:25:92:9a:ca:d4:69:0a:8a:d0:6c:28:a1:29:
26:5a:14:06:2b:a4:76:17:39:04:61:0d:69:79:69:73:f4:45:
fd:f6:ec:dd:9a:c6:41:80:7b:e3:71:45:fc:1c:5a:19:19:8b:
3c:b2:00:0b:e9:ae:05:7e:57:2d:c9:f7:fc:95:0c:99:78:df:
c2:19:e3:28:bd:a0:48:1a:cb:92:79:3a:6f:5d:57:d1:49:b2:
ce:24:b1:c5
-----BEGIN CERTIFICATE-----
MIIGMzCCBRugAwIBAgICCYgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwMjIwMTQ0ODUwWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2YzODg1Mi0yZjk5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzF8pawJG3sauFvGuzb6Y0cGDhoy9W2vH8qV2WLqdRjqCCE3McqJZkLD3kwRG
HfDNUnwxS0hV6yHuct3uXD2GAWZB1KP7srFix4LsStvQfnxUma6kIHmPnOs0HcZ3
e68BNYy6Le1oalxTDsupmx94mP6UU2KxmaNF9twf42HoiqvZHrxCDcMnKq4e+HYA
5OXfqPiYhR3biLVLrEOF0xOhGXHY0iDKge1uk8wSR20duWXFo+nLiZtD6YyLrOuA
fuXhGw9uIgQRzIA/bbOJp9ie/aOcJuDZmiXCkvYTDFqKQGgMiRIGiB+TVc/SEgOp
ctfdd1RPllGHN+MQ3KQyA088FwIDAQABo4IDVzCCA1MwHQYDVR0OBBYEFFgP0Hmv
DMaWZCjY6mmEi8KAOIF5MB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvQUZBRjQ0QUNC
MTJEMTFFREI2OTMzQTgyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgeAGCCsGAQUFBwEHAQH/
BIHQMIHNMIGxBAIAATCBqjAMAwQCZws8AwQAZws+MAwDBABxy9EDBABxy9wwDAME
AXHL3gMEAHHL4gMEAXHL5AMEAHHL5zAMAwQBccvqAwQAccvwMAwDBABxy/MDBABx
y/QDBABxy/YDBAJxy/wDBAG0soADBAK0soQwDAMEALSyiQMEArSyiAMEALSykAME
ALSylQMEAbSyoAMEArSyrDAMAwQAtLKzAwQCtLK4AwQA3x3gAwQC3x3sMBcEAgAC
MBEwDwMEACQBQQMHACQBQQCAADANBgkqhkiG9w0BAQsFAAOCAQEAgGTOYdyl13yF
MKvfXwl5Myhe6Wxw9wNsWxe5q5yk96QBpOCo8GYnXqgRdCI2MkmSxXeyZsEbVrCV
4X4cSKvMcpRitKAK+KbX+eze3AHUV6WBdq+pycCZ3yyGcVHhXDkjyXDqaPLwA3Tw
QX5MTz4qN607hV207dRzAGSv5qVewGafImoIsMSG8MkiqSpoBIVpTmcod29jM/lW
eTgFCOYxYJGxsBdCMbclkprK1GkKitBsKKEpJloUBiukdhc5BGENaXlpc/RF/fbs
3ZrGQYB743FF/BxaGRmLPLIAC+muBX5XLcn3/JUMmXjfwhnjKL2gSBrLknk6b11X
0UmyziSxxQ==
-----END CERTIFICATE-----
Generated at Sat Apr 26 14:21:19 2025 by rpki-client