Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/248771F20D1011EFBE440D13C4F9AE02.roa
File: 248771F20D1011EFBE440D13C4F9AE02.roa (raw, json)
Hash identifier: gWwKfcjAc24CoNlTFXt0GDHI8Hp4DuTXIqirkiPvbNo=
Subject key identifier: 54:3B:1C:4B:4B:83:89:23:D6:80:40:50:DE:C9:08:FF:E8:D4:C2:1A
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 8721
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/248771F20D1011EFBE440D13C4F9AE02.roa
Signing time: Wed 08 May 2024 07:54:06 +0000
ROA not before: Wed 08 May 2024 07:54:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 45.112.192.0/22 maxlen: 24
45.115.92.0/22 maxlen: 24
103.14.197.0/24 maxlen: 24
103.27.168.0/24 maxlen: 24
103.27.170.0/23 maxlen: 23
103.47.152.0/24 maxlen: 24
103.51.92.0/22 maxlen: 24
103.52.48.0/22 maxlen: 24
103.55.84.0/22 maxlen: 24
103.108.76.0/22 maxlen: 24
103.109.220.0/22 maxlen: 24
103.142.64.0/23 maxlen: 24
103.171.236.0/23 maxlen: 24
103.180.38.0/23 maxlen: 24
103.180.216.0/23 maxlen: 24
103.181.88.0/23 maxlen: 24
103.181.202.0/23 maxlen: 24
103.182.12.0/23 maxlen: 24
103.200.48.0/22 maxlen: 24
103.228.172.0/24 maxlen: 24
103.228.173.0/24 maxlen: 24
103.228.174.0/24 maxlen: 24
103.228.175.0/24 maxlen: 24
203.191.56.0/22 maxlen: 24
2400:d180:66::/48 maxlen: 48
2400:d180:67::/48 maxlen: 48
2400:d180:68::/48 maxlen: 48
2400:d180:69::/48 maxlen: 48
2400:d180:70::/48 maxlen: 48
2400:d180:71::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 34593 (0x8721)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 8 07:54:06 2024 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=663b2f9d-ad81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:e9:bd:7f:18:25:7b:39:58:f5:85:f3:65:b1:
25:70:07:92:6c:80:ac:e5:50:c6:d7:7c:ef:f7:97:
e0:8a:90:8d:25:0d:bd:87:1d:f4:2b:27:6c:7e:5d:
93:e0:e7:02:c3:ff:9c:a1:b8:a0:33:9b:b6:b2:28:
f9:fb:b9:69:55:59:97:c5:17:6e:2d:06:53:f8:8a:
6e:f4:2a:32:55:7f:91:34:a5:d5:77:90:72:f2:cf:
84:11:5e:42:eb:4d:bd:62:12:39:98:09:2d:37:8f:
e3:c6:2a:1b:6a:ac:04:60:1d:ee:fb:07:14:f6:f8:
05:4c:7b:24:7c:25:f4:fc:a7:fd:56:c8:94:ff:1a:
7e:a0:e5:58:84:7e:85:5f:97:1c:58:d0:f9:62:96:
90:e1:9f:a4:4f:8d:23:10:b3:0c:d3:d2:6e:46:6c:
12:f0:89:73:cd:cb:16:7b:98:07:96:e4:ff:01:0f:
0e:ec:9d:a7:2b:99:7c:80:e8:4c:15:e5:02:fa:69:
26:33:62:b9:9f:90:6e:20:0c:1f:f4:97:f6:45:25:
9e:09:82:e5:70:98:7a:1c:be:25:03:d7:91:4e:6e:
3a:72:dd:b3:f0:41:c9:66:98:6e:81:17:33:ac:94:
a2:ab:f0:75:e3:61:ba:a3:7f:6b:6a:16:3e:ae:2d:
7e:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:3B:1C:4B:4B:83:89:23:D6:80:40:50:DE:C9:08:FF:E8:D4:C2:1A
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/248771F20D1011EFBE440D13C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.112.192.0/22
45.115.92.0/22
103.14.197.0/24
103.27.168.0/24
103.27.170.0/23
103.47.152.0/24
103.51.92.0/22
103.52.48.0/22
103.55.84.0/22
103.108.76.0/22
103.109.220.0/22
103.142.64.0/23
103.171.236.0/23
103.180.38.0/23
103.180.216.0/23
103.181.88.0/23
103.181.202.0/23
103.182.12.0/23
103.200.48.0/22
103.228.172.0/22
203.191.56.0/22
IPv6:
2400:d180:66::-2400:d180:69:ffff:ffff:ffff:ffff:ffff
2400:d180:70::/47
Signature Algorithm: sha256WithRSAEncryption
7a:30:1e:0d:75:97:5f:4f:39:02:a5:8c:63:7d:14:2b:d4:a0:
9c:82:f3:bf:96:c8:1f:78:98:13:ea:5b:2c:80:00:f5:63:47:
47:5b:ef:e3:04:11:6b:7c:6c:94:dd:cf:24:5d:54:16:0b:91:
27:00:13:c1:34:82:c4:09:6a:2f:a6:5b:78:8c:41:63:57:24:
67:16:53:ca:94:9b:3a:52:b8:15:07:77:6b:e0:9d:54:e4:cf:
1d:05:ba:7d:10:27:a0:a6:02:67:40:07:49:96:48:d2:e7:f2:
7e:34:a9:ea:e4:c0:f9:9f:83:73:95:e4:0e:ea:97:08:c1:e8:
84:70:cf:a8:86:e7:30:03:97:15:3b:74:3f:ce:9f:ab:b9:0b:
51:8d:ca:d6:e5:d6:69:69:f1:9d:1d:57:bf:ff:d8:3c:fb:1b:
64:5f:a5:7f:b2:9e:ca:78:8e:67:52:54:a3:ca:c0:0c:ef:05:
29:84:04:5b:9d:4a:f4:36:1e:88:13:b2:2f:7a:95:a1:d9:cd:
c7:51:57:de:bf:78:f6:5b:07:56:70:e0:62:3a:60:fc:24:a5:
d7:52:32:a4:82:6c:2f:7a:f8:2d:78:2d:b1:ff:69:81:35:80:
08:15:f6:c3:59:c9:b0:a0:bd:e2:39:70:60:3d:af:c8:1d:58:
f7:5f:d4:99
-----BEGIN CERTIFICATE-----
MIIGEzCCBPugAwIBAgIDAIchMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDUwODA3NTQwNloXDTI0MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjYzYjJmOWQtYWQ4MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANjpvX8YJXs5WPWF82WxJXAHkmyArOVQxtd87/eX4IqQjSUNvYcd9CsnbH5d
k+DnAsP/nKG4oDObtrIo+fu5aVVZl8UXbi0GU/iKbvQqMlV/kTSl1XeQcvLPhBFe
QutNvWISOZgJLTeP48YqG2qsBGAd7vsHFPb4BUx7JHwl9Pyn/VbIlP8afqDlWIR+
hV+XHFjQ+WKWkOGfpE+NIxCzDNPSbkZsEvCJc83LFnuYB5bk/wEPDuydpyuZfIDo
TBXlAvppJjNiuZ+QbiAMH/SX9kUlngmC5XCYehy+JQPXkU5uOnLds/BByWaYboEX
M6yUoqvwdeNhuqN/a2oWPq4tflUCAwEAAaOCAzYwggMyMB0GA1UdDgQWBBRUOxxL
S4OJI9aAQFDeyQj/6NTCGjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzI0ODc3MUYy
MEQxMDExRUZCRTQ0MEQxM0M0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIG/BggrBgEFBQcBBwEB
/wSBrzCBrDCBhAQCAAEwfgMEAi1wwAMEAi1zXAMEAGcOxQMEAGcbqAMEAWcbqgME
AGcvmAMEAmczXAMEAmc0MAMEAmc3VAMEAmdsTAMEAmdt3AMEAWeOQAMEAWer7AME
AWe0JgMEAWe02AMEAWe1WAMEAWe1ygMEAWe2DAMEAmfIMAMEAmfkrAMEAsu/ODAj
BAIAAjAdMBIDBwEkANGAAGYDBwEkANGAAGgDBwEkANGAAHAwDQYJKoZIhvcNAQEL
BQADggEBAHowHg11l19POQKljGN9FCvUoJyC87+WyB94mBPqWyyAAPVjR0db7+ME
EWt8bJTdzyRdVBYLkScAE8E0gsQJai+mW3iMQWNXJGcWU8qUmzpSuBUHd2vgnVTk
zx0Fun0QJ6CmAmdAB0mWSNLn8n40qerkwPmfg3OV5A7qlwjB6IRwz6iG5zADlxU7
dD/On6u5C1GNytbl1mlp8Z0dV7//2Dz7G2RfpX+ynsp4jmdSVKPKwAzvBSmEBFud
SvQ2HogTsi96laHZzcdRV96/ePZbB1Zw4GI6YPwkpddSMqSCbC96+C14LbH/aYE1
gAgV9sNZybCgveI5cGA9r8gdWPdf1Jk=
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:17:47 2025 by rpki-client