Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A916C83B/E4E10B4A1D8811E2A012CBE108B02CD2/5A5435A64B5111F08EC01615C4F9AE02.roa
File: 5A5435A64B5111F08EC01615C4F9AE02.roa (raw, json)
Hash identifier: 02XPXsygTP8Sra8bsjEmLgeevpONlzkoOOF8Ygy0EEg=
Subject key identifier: 3B:BB:CC:01:1F:E3:67:9C:22:C0:3E:27:F3:21:0E:AC:FD:41:5F:B9
Certificate issuer: /CN=A916C83B/serialNumber=E76EB256C0FCB07E2907978343E9AD9DD21FE206
Certificate serial: 389A
Authority key identifier: E7:6E:B2:56:C0:FC:B0:7E:29:07:97:83:43:E9:AD:9D:D2:1F:E2:06
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/526yVsD8sH4pB5eDQ-mtndIf4gY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A916C83B/E4E10B4A1D8811E2A012CBE108B02CD2/5A5435A64B5111F08EC01615C4F9AE02.roa
Signing time: Tue 17 Jun 2025 08:02:03 +0000
ROA not before: Tue 17 Jun 2025 08:02:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 111.88.96.0/21 maxlen: 21
111.88.96.0/24 maxlen: 24
111.88.97.0/24 maxlen: 24
111.88.98.0/24 maxlen: 24
111.88.99.0/24 maxlen: 24
111.88.100.0/24 maxlen: 24
111.88.101.0/24 maxlen: 24
111.88.102.0/24 maxlen: 24
111.88.103.0/24 maxlen: 24
111.88.112.0/20 maxlen: 20
111.88.112.0/24 maxlen: 24
111.88.113.0/24 maxlen: 24
111.88.114.0/24 maxlen: 24
111.88.115.0/24 maxlen: 24
111.88.116.0/24 maxlen: 24
111.88.117.0/24 maxlen: 24
111.88.118.0/24 maxlen: 24
111.88.119.0/24 maxlen: 24
111.88.120.0/24 maxlen: 24
111.88.121.0/24 maxlen: 24
111.88.122.0/24 maxlen: 24
111.88.123.0/24 maxlen: 24
111.88.124.0/24 maxlen: 24
111.88.125.0/24 maxlen: 24
111.88.126.0/24 maxlen: 24
111.88.127.0/24 maxlen: 24
111.88.128.0/21 maxlen: 21
111.88.128.0/24 maxlen: 24
111.88.129.0/24 maxlen: 24
111.88.130.0/24 maxlen: 24
111.88.131.0/24 maxlen: 24
111.88.132.0/24 maxlen: 24
111.88.133.0/24 maxlen: 24
111.88.134.0/24 maxlen: 24
111.88.135.0/24 maxlen: 24
111.88.140.0/22 maxlen: 22
111.88.140.0/24 maxlen: 24
111.88.141.0/24 maxlen: 24
111.88.142.0/24 maxlen: 24
111.88.143.0/24 maxlen: 24
111.88.144.0/20 maxlen: 20
111.88.160.0/21 maxlen: 21
111.88.160.0/22 maxlen: 22
111.88.160.0/23 maxlen: 23
111.88.160.0/24 maxlen: 24
111.88.161.0/24 maxlen: 24
111.88.162.0/23 maxlen: 23
111.88.162.0/24 maxlen: 24
111.88.163.0/24 maxlen: 24
111.88.164.0/22 maxlen: 22
111.88.164.0/23 maxlen: 23
111.88.164.0/24 maxlen: 24
111.88.165.0/24 maxlen: 24
111.88.166.0/23 maxlen: 23
111.88.166.0/24 maxlen: 24
111.88.167.0/24 maxlen: 24
111.88.200.0/21 maxlen: 21
111.88.200.0/24 maxlen: 24
111.88.201.0/24 maxlen: 24
111.88.202.0/24 maxlen: 24
111.88.203.0/24 maxlen: 24
111.88.204.0/24 maxlen: 24
111.88.205.0/24 maxlen: 24
111.88.206.0/24 maxlen: 24
111.88.207.0/24 maxlen: 24
111.88.224.0/21 maxlen: 21
111.88.240.0/20 maxlen: 20
203.81.212.0/24 maxlen: 24
203.81.213.0/24 maxlen: 24
203.81.214.0/24 maxlen: 24
203.81.215.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14490 (0x389a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A916C83B, serialNumber=E76EB256C0FCB07E2907978343E9AD9DD21FE206
Validity
Not Before: Jun 17 08:02:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=685120fb-4352
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:3a:6d:d0:a5:ad:9c:c9:66:3f:47:f1:2b:8e:
74:58:e9:27:2e:7a:15:ec:e9:0a:25:65:35:f7:fc:
5d:9e:5d:55:a0:92:61:a8:89:10:31:a1:49:82:6b:
7f:63:69:79:1b:72:94:b4:d3:4c:96:bb:c0:42:9a:
c4:66:d1:88:c7:ae:f0:cf:f4:dd:2e:d8:38:15:02:
72:bd:99:23:9b:90:c4:a4:df:85:78:03:4c:cb:94:
fb:0f:80:b5:7a:1a:5c:25:84:5b:43:3b:07:ce:0d:
85:7f:d8:66:f9:68:52:29:48:60:41:db:fa:6e:bf:
66:28:9a:4e:dc:68:e5:b3:41:e5:f7:f7:6a:6f:96:
a7:3b:3d:f3:ed:e3:5c:30:f5:ef:14:d8:bc:60:22:
77:33:4c:df:a1:ea:2e:e2:47:83:28:94:98:fe:87:
9b:cb:7e:74:a2:a5:1d:d6:84:a6:03:2c:1e:b7:5b:
44:93:bd:ed:70:32:86:74:c7:84:95:dc:23:9b:07:
75:0e:1b:41:12:7d:b7:a8:10:e1:a5:f7:71:1b:84:
e7:46:7a:58:fd:cd:a9:51:19:ee:ca:ad:6c:e2:38:
f3:0d:3a:9c:31:22:fa:63:fd:61:83:4f:ef:64:9c:
28:e5:96:ec:5c:92:1d:24:00:b9:4b:87:12:ea:48:
94:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:BB:CC:01:1F:E3:67:9C:22:C0:3E:27:F3:21:0E:AC:FD:41:5F:B9
X509v3 Authority Key Identifier:
keyid:E7:6E:B2:56:C0:FC:B0:7E:29:07:97:83:43:E9:AD:9D:D2:1F:E2:06
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A916C83B/E4E10B4A1D8811E2A012CBE108B02CD2/526yVsD8sH4pB5eDQ-mtndIf4gY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/526yVsD8sH4pB5eDQ-mtndIf4gY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916C83B/E4E10B4A1D8811E2A012CBE108B02CD2/5A5435A64B5111F08EC01615C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
111.88.96.0/21
111.88.112.0-111.88.135.255
111.88.140.0-111.88.167.255
111.88.200.0/21
111.88.224.0/21
111.88.240.0/20
203.81.212.0/22
Signature Algorithm: sha256WithRSAEncryption
8c:a9:f6:49:68:31:35:bc:e7:e4:6a:9b:c1:26:7b:58:3b:29:
b9:cd:ee:b3:e2:b5:90:e6:d6:43:d0:2f:cd:17:18:2c:2c:32:
73:f8:85:fc:84:fc:44:53:48:da:3b:38:d7:26:0e:e7:b5:50:
76:1e:4f:7c:fe:4e:45:c9:9b:24:e2:58:13:c0:54:ec:e0:ac:
14:63:d0:3d:f1:49:5e:7e:e7:07:23:9d:1d:d8:48:35:06:67:
d0:e9:2f:f8:60:f9:69:bd:81:1b:d4:c0:0c:5e:03:be:a1:65:
fa:bb:97:e0:c3:06:3b:e9:ed:4f:97:56:37:4e:cc:38:9f:2b:
f2:ab:65:0a:98:89:e8:b7:7b:60:cf:a5:30:1a:f9:22:e8:80:
f1:d7:7a:8d:17:8d:78:72:15:7c:fe:be:18:52:3d:c7:bc:d1:
65:f0:41:82:6a:89:33:e6:03:b5:cc:a8:4a:fd:2f:74:b7:b4:
f3:ca:58:a5:73:6f:aa:14:60:c0:76:3f:0d:57:c8:11:ba:a6:
a3:cf:17:c4:5e:64:bc:a6:f6:5e:ea:62:d0:66:d8:ac:53:28:
a4:be:d6:ed:75:ed:1d:af:81:9b:0a:85:68:80:53:61:21:ec:
d3:6a:23:62:83:c5:3b:15:9e:d4:bf:22:f5:21:e7:8f:da:03:
0b:4e:b2:d9
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgICOJowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkM4M0IxMTAvBgNVBAUTKEU3NkVCMjU2QzBGQ0IwN0UyOTA3OTc4MzQzRTlBRDlE
RDIxRkUyMDYwHhcNMjUwNjE3MDgwMjAzWhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODUxMjBmYi00MzUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxjpt0KWtnMlmP0fxK450WOknLnoV7OkKJWU19/xdnl1VoJJhqIkQMaFJgmt/
Y2l5G3KUtNNMlrvAQprEZtGIx67wz/TdLtg4FQJyvZkjm5DEpN+FeANMy5T7D4C1
ehpcJYRbQzsHzg2Ff9hm+WhSKUhgQdv6br9mKJpO3Gjls0Hl9/dqb5anOz3z7eNc
MPXvFNi8YCJ3M0zfoeou4keDKJSY/oeby350oqUd1oSmAywet1tEk73tcDKGdMeE
ldwjmwd1DhtBEn23qBDhpfdxG4TnRnpY/c2pURnuyq1s4jjzDTqcMSL6Y/1hg0/v
ZJwo5ZbsXJIdJAC5S4cS6kiUcQIDAQABo4ICyTCCAsUwHQYDVR0OBBYEFDu7zAEf
42ecIsA+J/MhDqz9QV+5MB8GA1UdIwQYMBaAFOduslbA/LB+KQeXg0PprZ3SH+IG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QzgzQi9FNEUxMEI0QTFE
ODgxMUUyQTAxMkNCRTEwOEIwMkNEMi81MjZ5VnNEOHNINHBCNWVEUS1tdG5kSWY0
Z1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzUyNnlWc0Q4c0g0cEI1ZURRLW10bmRJZjRnWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkM4M0IvRTRFMTBCNEExRDg4MTFFMkEwMTJDQkUxMDhCMDJDRDIvNUE1NDM1QTY0
QjUxMTFGMDhFQzAxNjE1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUwYIKwYBBQUHAQcBAf8E
RDBCMEAEAgABMDoDBANvWGAwDAMEBG9YcAMEA29YgDAMAwQCb1iMAwQDb1igAwQD
b1jIAwQDb1jgAwQEb1jwAwQCy1HUMA0GCSqGSIb3DQEBCwUAA4IBAQCMqfZJaDE1
vOfkapvBJntYOym5ze6z4rWQ5tZD0C/NFxgsLDJz+IX8hPxEU0jaOzjXJg7ntVB2
Hk98/k5FyZsk4lgTwFTs4KwUY9A98UlefucHI50d2Eg1BmfQ6S/4YPlpvYEb1MAM
XgO+oWX6u5fgwwY76e1Pl1Y3Tsw4nyvyq2UKmInot3tgz6UwGvki6IDx13qNF414
chV8/r4YUj3HvNFl8EGCaokz5gO1zKhK/S90t7Tzylilc2+qFGDAdj8NV8gRuqaj
zxfEXmS8pvZe6mLQZtisUyikvtbtde0dr4GbCoVogFNhIezTaiNig8U7FZ7UvyL1
IeeP2gMLTrLZ
-----END CERTIFICATE-----
Generated at Mon Jul 21 06:51:41 2025 by rpki-client