Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/20E8C570C34D11EFB094AB15C4F9AE02.roa
File: 20E8C570C34D11EFB094AB15C4F9AE02.roa (raw, json)
Hash identifier: FWKqsN3V05x1X5AK3iED3ONJniBQNFc0qBpPFbGsLt8=
Subject key identifier: 19:C0:3F:2C:5F:BF:A4:02:84:0E:BD:30:3A:44:E1:E4:16:87:70:52
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: A00D
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/20E8C570C34D11EFB094AB15C4F9AE02.roa
Signing time: Thu 26 Dec 2024 05:49:10 +0000
ROA not before: Thu 26 Dec 2024 05:49:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 135177
IP address blocks: 103.141.216.0/23 maxlen: 24
2400:5460::/48 maxlen: 48
2400:5460:1::/48 maxlen: 48
2400:5460:2::/48 maxlen: 48
2400:5460:3::/48 maxlen: 48
2400:5460:4::/48 maxlen: 48
2400:5460:5::/48 maxlen: 48
2400:5460:6::/48 maxlen: 48
2400:5460:7::/48 maxlen: 48
2400:5460:8::/48 maxlen: 48
2400:5460:9::/48 maxlen: 48
2400:5460:a::/48 maxlen: 48
2400:5460:b::/48 maxlen: 48
2400:5460:c::/48 maxlen: 48
2400:5460:d::/48 maxlen: 48
2400:5460:e::/48 maxlen: 48
2400:5460:f::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 40973 (0xa00d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Dec 26 05:49:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=676cee56-f3f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:d4:0b:b0:c3:e6:88:47:f8:50:02:18:69:e7:
38:c2:a0:74:d6:51:f5:b8:55:8c:3b:0b:d6:6a:d7:
4b:09:58:54:d3:2d:1e:56:21:ae:ed:9f:e3:fa:6d:
43:cf:5a:dd:97:4d:40:49:c7:32:11:9d:b2:50:2b:
f1:01:31:bd:98:b0:96:14:0c:ac:c6:22:ab:50:bc:
2c:5e:a4:15:a1:44:98:2b:0d:38:31:b8:44:3b:69:
db:ca:45:5e:60:3b:5b:11:6b:20:e2:bf:5d:81:4c:
53:e5:52:3d:b5:2d:7f:ec:38:d2:40:95:b6:e5:bc:
6c:23:48:0e:e7:31:ae:f2:9c:7d:c6:d4:48:03:c2:
50:85:b6:92:32:e4:b0:23:b6:1b:49:73:77:c2:ae:
94:97:11:80:72:66:e8:fc:21:fe:dc:90:dd:c4:17:
ab:0e:de:38:03:04:32:eb:a3:22:12:e9:34:18:a3:
fa:4c:79:a7:3d:bb:dc:b6:ad:03:5e:33:fb:b2:ab:
4d:ca:09:e8:d2:98:5b:34:70:b9:f7:26:49:24:d3:
8f:50:29:c6:c2:bf:53:6c:cd:98:9c:49:0a:90:3f:
92:60:6a:93:cb:9d:1e:56:22:74:24:11:7a:24:77:
fa:e9:c0:68:4e:51:98:cb:80:c7:33:59:5b:de:05:
d6:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:C0:3F:2C:5F:BF:A4:02:84:0E:BD:30:3A:44:E1:E4:16:87:70:52
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/20E8C570C34D11EFB094AB15C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.141.216.0/23
IPv6:
2400:5460::/44
Signature Algorithm: sha256WithRSAEncryption
73:0a:ac:9e:c5:97:01:e9:cf:c3:0d:39:a5:fa:10:28:d8:4b:
b0:b8:a0:50:0c:3b:ef:d0:b8:ba:3c:7a:44:1f:cd:db:80:da:
c0:50:19:3d:d0:71:f6:d8:89:71:44:f4:53:4d:a8:a5:16:85:
78:4a:f6:4e:f6:32:a7:a1:28:5d:69:b2:4d:e7:3e:b8:30:70:
b4:e3:0a:08:02:bc:82:cb:15:4c:18:34:4f:d0:ea:2b:14:28:
4f:6d:26:50:62:8f:e1:73:3f:a1:2e:e1:25:a1:55:34:d3:17:
84:0c:21:a8:ae:28:d9:f2:48:15:c0:41:79:74:df:15:b0:6b:
83:a2:6a:7e:d6:70:a1:4e:c7:03:3a:83:63:3b:1f:cf:aa:65:
94:1e:80:d6:90:23:c9:a3:90:69:01:76:88:2d:22:0c:ea:dd:
5d:98:57:8f:64:22:1a:7a:1d:e3:ae:80:47:26:a3:10:eb:28:
2f:54:45:2c:b3:3d:2f:64:42:52:61:f6:b5:7f:59:3a:89:44:
fa:97:e5:12:08:5f:82:1b:64:9a:f8:10:e8:08:cd:34:44:48:
3f:c8:ca:2e:05:1c:74:47:fd:11:68:6a:e0:67:51:59:79:21:
b7:58:b4:3f:c4:2e:0b:96:b6:40:b2:40:86:e4:43:bb:ed:dc:
58:37:6a:39
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgIDAKANMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MTIyNjA1NDkxMFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjc2Y2VlNTYtZjNmNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM7UC7DD5ohH+FACGGnnOMKgdNZR9bhVjDsL1mrXSwlYVNMtHlYhru2f4/pt
Q89a3ZdNQEnHMhGdslAr8QExvZiwlhQMrMYiq1C8LF6kFaFEmCsNODG4RDtp28pF
XmA7WxFrIOK/XYFMU+VSPbUtf+w40kCVtuW8bCNIDucxrvKcfcbUSAPCUIW2kjLk
sCO2G0lzd8KulJcRgHJm6Pwh/tyQ3cQXqw7eOAMEMuujIhLpNBij+kx5pz273Lat
A14z+7KrTcoJ6NKYWzRwufcmSSTTj1ApxsK/U2zNmJxJCpA/kmBqk8udHlYidCQR
eiR3+unAaE5RmMuAxzNZW94F1h0CAwEAAaOCAqYwggKiMB0GA1UdDgQWBBQZwD8s
X7+kAoQOvTA6ROHkFodwUjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzIwRThDNTcw
QzM0RDExRUZCMDk0QUIxNUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDAGCCsGAQUFBwEHAQH/
BCEwHzAMBAIAATAGAwQBZ43YMA8EAgACMAkDBwQkAFRgAAAwDQYJKoZIhvcNAQEL
BQADggEBAHMKrJ7FlwHpz8MNOaX6ECjYS7C4oFAMO+/QuLo8ekQfzduA2sBQGT3Q
cfbYiXFE9FNNqKUWhXhK9k72MqehKF1psk3nPrgwcLTjCggCvILLFUwYNE/Q6isU
KE9tJlBij+FzP6Eu4SWhVTTTF4QMIaiuKNnySBXAQXl03xWwa4Oian7WcKFOxwM6
g2M7H8+qZZQegNaQI8mjkGkBdogtIgzq3V2YV49kIhp6HeOugEcmoxDrKC9URSyz
PS9kQlJh9rV/WTqJRPqX5RIIX4IbZJr4EOgIzTRESD/Iyi4FHHRH/RFoauBnUVl5
IbdYtD/ELguWtkCyQIbkQ7vt3Fg3ajk=
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:09:07 2025 by rpki-client