Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/102817AC006811EFA1FD1E67C4F9AE02.roa
File: 102817AC006811EFA1FD1E67C4F9AE02.roa (raw, json)
Hash identifier: 9I4wekuxKronEhIB5lyo/3Vezh3fMFwWHF3jjJfzeN0=
Subject key identifier: D7:5A:3A:ED:83:6D:41:D4:BA:62:46:23:E2:7D:59:E8:17:09:A7:C8
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 8671
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/102817AC006811EFA1FD1E67C4F9AE02.roa
Signing time: Mon 22 Apr 2024 05:20:42 +0000
ROA not before: Mon 22 Apr 2024 05:20:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 45.112.192.0/22 maxlen: 24
45.115.92.0/22 maxlen: 24
103.14.197.0/24 maxlen: 24
103.27.168.0/24 maxlen: 24
103.27.170.0/23 maxlen: 23
103.47.152.0/24 maxlen: 24
103.51.92.0/22 maxlen: 24
103.52.48.0/22 maxlen: 24
103.55.84.0/22 maxlen: 24
103.108.76.0/22 maxlen: 24
103.142.64.0/23 maxlen: 24
103.171.236.0/23 maxlen: 24
103.180.216.0/23 maxlen: 24
103.181.88.0/23 maxlen: 24
103.181.202.0/23 maxlen: 24
103.182.12.0/23 maxlen: 24
103.186.44.0/23 maxlen: 24
103.186.124.0/23 maxlen: 24
103.200.48.0/22 maxlen: 24
103.228.172.0/24 maxlen: 24
103.228.173.0/24 maxlen: 24
103.228.174.0/24 maxlen: 24
103.228.175.0/24 maxlen: 24
203.191.56.0/22 maxlen: 24
2400:d180:66::/48 maxlen: 48
2400:d180:67::/48 maxlen: 48
2400:d180:68::/48 maxlen: 48
2400:d180:69::/48 maxlen: 48
2400:d180:70::/48 maxlen: 48
2400:d180:71::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 34417 (0x8671)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Apr 22 05:20:42 2024 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6625f3aa-c831
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:bb:2d:1b:f3:58:b0:19:7f:11:ee:89:37:3b:
65:75:d4:26:45:93:21:8e:3d:d2:b6:fa:75:d9:da:
48:ce:9e:c9:d4:c3:78:2a:66:15:8f:5c:cb:d5:19:
54:8c:ee:5a:df:13:a5:58:13:dc:13:44:a4:7d:ac:
0e:8c:77:33:c6:5f:fd:6e:b3:39:7a:c8:a3:72:89:
8f:b5:15:a8:2d:e5:e5:7a:d0:25:68:e9:fd:bc:f6:
76:03:cd:83:a6:97:61:34:0b:49:75:ff:03:dc:62:
16:3c:34:e1:90:25:30:82:1d:77:4d:90:9e:a3:db:
06:81:0a:f5:7b:4d:9c:ab:4d:52:bc:d4:a0:12:62:
f2:3e:0f:90:8c:e1:ef:84:d5:25:01:05:14:bc:a6:
0a:f3:94:95:00:59:85:61:7d:6b:5e:b3:9b:d1:1e:
bd:32:54:44:10:4f:c5:30:15:a8:bb:04:11:94:c7:
17:17:30:59:b8:24:40:f1:66:38:42:8f:1a:a0:c8:
c3:ed:9a:75:15:a2:98:f2:be:35:7e:d9:12:c3:7f:
4c:6b:3e:fb:50:d5:a0:b5:b9:72:c4:d7:fb:2e:18:
a2:c8:87:9b:3d:d9:46:b7:a5:9e:2f:56:93:8a:fd:
84:00:8e:aa:f5:80:71:c3:19:b8:52:0b:26:e9:e5:
8e:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:5A:3A:ED:83:6D:41:D4:BA:62:46:23:E2:7D:59:E8:17:09:A7:C8
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/102817AC006811EFA1FD1E67C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.112.192.0/22
45.115.92.0/22
103.14.197.0/24
103.27.168.0/24
103.27.170.0/23
103.47.152.0/24
103.51.92.0/22
103.52.48.0/22
103.55.84.0/22
103.108.76.0/22
103.142.64.0/23
103.171.236.0/23
103.180.216.0/23
103.181.88.0/23
103.181.202.0/23
103.182.12.0/23
103.186.44.0/23
103.186.124.0/23
103.200.48.0/22
103.228.172.0/22
203.191.56.0/22
IPv6:
2400:d180:66::-2400:d180:69:ffff:ffff:ffff:ffff:ffff
2400:d180:70::/47
Signature Algorithm: sha256WithRSAEncryption
59:91:ae:26:18:d0:2e:e5:93:92:50:7f:3b:8d:4e:77:2b:a3:
42:5b:f0:2b:c7:31:fe:3a:32:47:5f:fa:14:80:fd:de:ab:67:
2f:b1:d6:9c:56:80:8e:49:10:8f:ae:22:ae:dd:5b:aa:09:ed:
50:47:a5:61:44:f0:c6:b6:9c:f1:b1:0c:df:77:57:76:fa:98:
b8:61:a1:23:5e:52:69:08:e8:bd:35:57:6b:67:23:eb:33:42:
7b:91:74:78:c5:59:90:9a:7c:4e:e7:5b:03:23:b1:9b:a8:05:
00:85:0b:22:f2:23:e4:18:e0:b8:f0:ab:71:6f:25:0d:2b:d7:
aa:25:30:e3:c9:8e:21:70:a6:87:b0:3e:50:80:55:71:df:f1:
6f:ee:58:36:e5:ad:2a:54:92:88:ad:bb:2c:f0:9b:f8:6e:8f:
75:a9:0e:2a:7f:a6:a7:8c:02:c2:98:d1:87:88:a8:9f:d8:1c:
69:4e:4f:2e:ea:96:1b:d9:3a:4b:67:7a:d7:00:ca:56:6d:2c:
38:dc:02:a9:57:16:94:c2:45:0f:3a:64:2f:35:1f:52:3f:09:
1d:f5:63:33:70:a7:99:52:0c:f8:33:38:43:5b:c4:61:d2:e7:
eb:9b:72:6a:e1:af:ad:c4:1d:75:e7:6e:eb:f0:a0:53:cc:32:
1f:05:c3:b3
-----BEGIN CERTIFICATE-----
MIIGEzCCBPugAwIBAgIDAIZxMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDQyMjA1MjA0MloXDTI0MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjYyNWYzYWEtYzgzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOi7LRvzWLAZfxHuiTc7ZXXUJkWTIY490rb6ddnaSM6eydTDeCpmFY9cy9UZ
VIzuWt8TpVgT3BNEpH2sDox3M8Zf/W6zOXrIo3KJj7UVqC3l5XrQJWjp/bz2dgPN
g6aXYTQLSXX/A9xiFjw04ZAlMIIdd02QnqPbBoEK9XtNnKtNUrzUoBJi8j4PkIzh
74TVJQEFFLymCvOUlQBZhWF9a16zm9EevTJURBBPxTAVqLsEEZTHFxcwWbgkQPFm
OEKPGqDIw+2adRWimPK+NX7ZEsN/TGs++1DVoLW5csTX+y4YosiHmz3ZRrelni9W
k4r9hACOqvWAccMZuFILJunljv0CAwEAAaOCAzYwggMyMB0GA1UdDgQWBBTXWjrt
g21B1LpiRiPifVnoFwmnyDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzEwMjgxN0FD
MDA2ODExRUZBMUZEMUU2N0M0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIG/BggrBgEFBQcBBwEB
/wSBrzCBrDCBhAQCAAEwfgMEAi1wwAMEAi1zXAMEAGcOxQMEAGcbqAMEAWcbqgME
AGcvmAMEAmczXAMEAmc0MAMEAmc3VAMEAmdsTAMEAWeOQAMEAWer7AMEAWe02AME
AWe1WAMEAWe1ygMEAWe2DAMEAWe6LAMEAWe6fAMEAmfIMAMEAmfkrAMEAsu/ODAj
BAIAAjAdMBIDBwEkANGAAGYDBwEkANGAAGgDBwEkANGAAHAwDQYJKoZIhvcNAQEL
BQADggEBAFmRriYY0C7lk5JQfzuNTncro0Jb8CvHMf46Mkdf+hSA/d6rZy+x1pxW
gI5JEI+uIq7dW6oJ7VBHpWFE8Ma2nPGxDN93V3b6mLhhoSNeUmkI6L01V2tnI+sz
QnuRdHjFWZCafE7nWwMjsZuoBQCFCyLyI+QY4Ljwq3FvJQ0r16olMOPJjiFwpoew
PlCAVXHf8W/uWDblrSpUkoituyzwm/huj3WpDip/pqeMAsKY0YeIqJ/YHGlOTy7q
lhvZOktnetcAylZtLDjcAqlXFpTCRQ86ZC81H1I/CR31YzNwp5lSDPgzOENbxGHS
5+ubcmrhr63EHXXnbuvwoFPMMh8Fw7M=
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:00:39 2025 by rpki-client