Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2CA00F0A3F4E11EFB315D30AC4F9AE02.roa
File: 2CA00F0A3F4E11EFB315D30AC4F9AE02.roa (raw, json)
Hash identifier: QWdNzgpOT3i3DC3HPXXkKOglexI7pnu/6nfZ0rIj9zY=
Subject key identifier: E0:4B:66:5B:8C:8A:1C:C6:57:FB:4E:EB:AD:ED:82:3D:97:E4:5A:E5
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 9613
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2CA00F0A3F4E11EFB315D30AC4F9AE02.roa
Signing time: Fri 02 Aug 2024 08:29:49 +0000
ROA not before: Fri 02 Aug 2024 08:29:49 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 133661
IP address blocks: 101.0.32.0/22 maxlen: 24
101.0.37.0/24 maxlen: 24
103.73.148.0/24 maxlen: 24
103.73.149.0/24 maxlen: 24
103.73.150.0/24 maxlen: 24
103.110.248.0/22 maxlen: 24
103.114.64.0/22 maxlen: 24
103.118.8.0/22 maxlen: 24
103.142.198.0/24 maxlen: 24
103.163.14.0/24 maxlen: 24
103.165.72.0/23 maxlen: 24
103.165.76.0/23 maxlen: 24
103.165.88.0/23 maxlen: 24
103.166.214.0/23 maxlen: 24
103.167.154.0/23 maxlen: 24
103.167.182.0/23 maxlen: 24
103.167.212.0/23 maxlen: 24
103.167.224.0/23 maxlen: 24
103.167.238.0/23 maxlen: 24
103.168.0.0/23 maxlen: 24
103.168.22.0/23 maxlen: 24
103.168.32.0/23 maxlen: 24
103.168.60.0/23 maxlen: 24
103.169.242.0/23 maxlen: 24
103.170.36.0/23 maxlen: 24
103.170.38.0/23 maxlen: 24
103.170.84.0/23 maxlen: 24
103.171.108.0/24 maxlen: 24
103.171.110.0/23 maxlen: 24
103.171.174.0/23 maxlen: 24
103.173.98.0/23 maxlen: 24
103.174.92.0/23 maxlen: 24
103.177.226.0/23 maxlen: 24
103.178.64.0/23 maxlen: 24
103.178.160.0/23 maxlen: 24
103.178.166.0/23 maxlen: 24
103.178.202.0/23 maxlen: 24
103.179.10.0/23 maxlen: 24
103.179.94.0/23 maxlen: 24
103.179.96.0/23 maxlen: 24
103.179.100.0/23 maxlen: 24
103.179.102.0/23 maxlen: 24
103.179.118.0/23 maxlen: 24
103.179.120.0/23 maxlen: 24
103.179.224.0/23 maxlen: 24
103.179.226.0/23 maxlen: 24
103.180.110.0/23 maxlen: 24
103.180.168.0/23 maxlen: 24
103.180.172.0/23 maxlen: 24
103.180.174.0/23 maxlen: 24
103.180.176.0/23 maxlen: 24
103.180.212.0/23 maxlen: 24
103.180.214.0/23 maxlen: 24
103.180.236.0/23 maxlen: 24
103.180.238.0/23 maxlen: 24
103.181.4.0/23 maxlen: 24
103.181.56.0/23 maxlen: 24
103.181.64.0/23 maxlen: 24
103.181.84.0/23 maxlen: 24
103.181.86.0/23 maxlen: 24
103.181.110.0/23 maxlen: 24
103.181.114.0/23 maxlen: 24
103.181.150.0/23 maxlen: 24
103.181.152.0/23 maxlen: 24
103.181.154.0/23 maxlen: 24
103.181.174.0/23 maxlen: 24
103.181.198.0/23 maxlen: 24
103.181.212.0/24 maxlen: 24
103.183.30.0/23 maxlen: 24
103.183.32.0/23 maxlen: 24
103.183.34.0/23 maxlen: 24
103.183.216.0/23 maxlen: 24
103.187.84.0/23 maxlen: 24
103.187.92.0/23 maxlen: 24
103.187.96.0/23 maxlen: 24
103.187.102.0/23 maxlen: 24
103.187.130.0/23 maxlen: 24
103.187.158.0/23 maxlen: 24
103.187.170.0/23 maxlen: 24
103.189.82.0/23 maxlen: 24
103.199.184.0/22 maxlen: 24
103.212.132.0/22 maxlen: 24
203.76.178.0/24 maxlen: 24
203.76.180.0/24 maxlen: 24
203.76.181.0/24 maxlen: 24
203.76.188.0/24 maxlen: 24
203.76.190.0/24 maxlen: 24
203.76.191.0/24 maxlen: 24
2001:df0:e400::/48 maxlen: 48
2001:df2:e200::/48 maxlen: 48
2001:df2:e600::/48 maxlen: 48
2400:7b20::/32 maxlen: 32
2404:7c80::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 38419 (0x9613)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Aug 2 08:29:49 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=66ac98fd-6114
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:21:1b:38:96:6c:7f:58:73:c2:65:4a:87:e7:
f1:d0:95:1d:fc:a8:07:2d:ac:47:28:d0:78:80:98:
73:2a:f5:88:6b:9e:81:f9:4a:d5:05:f4:5a:52:29:
78:51:11:95:89:b5:77:fd:66:45:77:d1:1f:8f:63:
75:a4:71:1e:8b:00:cc:27:5e:eb:67:05:ca:d5:51:
ae:bb:fa:aa:02:1c:1f:b0:ff:43:d1:ba:d6:06:6a:
18:78:eb:c4:01:a1:6a:b9:8d:88:56:2a:d8:e0:fd:
0c:38:ba:90:4d:63:c0:3c:78:6f:7a:41:3e:b9:59:
69:71:44:43:13:23:e0:22:d8:81:1e:8f:1a:ed:a1:
02:14:44:b2:68:d3:12:01:bc:99:08:92:49:4c:f4:
62:62:bf:d6:5a:9c:6e:13:2f:7a:27:9c:b3:fd:69:
7d:61:7a:a4:1f:6e:fa:1d:82:59:fd:18:fb:29:2e:
59:94:b0:51:fa:99:ed:e8:ae:ab:e3:29:36:82:08:
42:ec:22:7f:c3:23:8d:8f:3e:05:72:07:b8:bc:f2:
49:1a:90:84:63:36:ea:da:4d:7c:40:78:2e:f1:dc:
14:43:b4:f7:b7:1b:a3:8c:f6:f2:6a:b1:36:28:5a:
f8:7e:aa:bb:54:5d:0c:d9:91:88:3e:9e:89:df:47:
ef:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:4B:66:5B:8C:8A:1C:C6:57:FB:4E:EB:AD:ED:82:3D:97:E4:5A:E5
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2CA00F0A3F4E11EFB315D30AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
101.0.32.0/22
101.0.37.0/24
103.73.148.0-103.73.150.255
103.110.248.0/22
103.114.64.0/22
103.118.8.0/22
103.142.198.0/24
103.163.14.0/24
103.165.72.0/23
103.165.76.0/23
103.165.88.0/23
103.166.214.0/23
103.167.154.0/23
103.167.182.0/23
103.167.212.0/23
103.167.224.0/23
103.167.238.0/23
103.168.0.0/23
103.168.22.0/23
103.168.32.0/23
103.168.60.0/23
103.169.242.0/23
103.170.36.0/22
103.170.84.0/23
103.171.108.0/24
103.171.110.0/23
103.171.174.0/23
103.173.98.0/23
103.174.92.0/23
103.177.226.0/23
103.178.64.0/23
103.178.160.0/23
103.178.166.0/23
103.178.202.0/23
103.179.10.0/23
103.179.94.0-103.179.97.255
103.179.100.0/22
103.179.118.0-103.179.121.255
103.179.224.0/22
103.180.110.0/23
103.180.168.0/23
103.180.172.0-103.180.177.255
103.180.212.0/22
103.180.236.0/22
103.181.4.0/23
103.181.56.0/23
103.181.64.0/23
103.181.84.0/22
103.181.110.0/23
103.181.114.0/23
103.181.150.0-103.181.155.255
103.181.174.0/23
103.181.198.0/23
103.181.212.0/24
103.183.30.0-103.183.35.255
103.183.216.0/23
103.187.84.0/23
103.187.92.0/23
103.187.96.0/23
103.187.102.0/23
103.187.130.0/23
103.187.158.0/23
103.187.170.0/23
103.189.82.0/23
103.199.184.0/22
103.212.132.0/22
203.76.178.0/24
203.76.180.0/23
203.76.188.0/24
203.76.190.0/23
IPv6:
2001:df0:e400::/48
2001:df2:e200::/48
2001:df2:e600::/48
2400:7b20::/32
2404:7c80::/32
Signature Algorithm: sha256WithRSAEncryption
0b:2c:f8:54:bc:fa:6e:bf:49:96:37:64:ae:2f:17:a9:e7:f0:
72:be:d8:5c:1f:94:a7:ff:04:4c:fc:bd:e6:6c:91:60:d6:0a:
60:7c:8c:60:0c:5d:41:dc:4e:b4:db:9c:81:50:2d:63:be:4c:
76:68:aa:48:b4:e0:af:5b:e0:21:9e:25:5d:56:2e:63:1b:68:
48:54:7f:17:01:fb:52:a4:22:e4:4a:d0:20:90:c3:0e:8b:0b:
18:29:d6:2d:31:1f:ab:0b:89:26:be:ca:24:72:91:ad:34:5f:
75:83:8c:0d:23:77:29:f8:f7:91:de:12:b4:e7:50:07:24:5c:
d7:d7:6d:0d:e2:4f:6a:23:14:27:c4:4e:5e:47:49:e7:62:67:
9c:35:0b:d7:28:5d:b1:6a:73:b7:56:c7:5f:45:b4:f5:57:3f:
14:7b:7d:b5:42:1c:94:b1:28:e9:ac:ab:23:52:81:0f:f4:3a:
3c:a0:39:b6:16:c6:32:f2:2f:43:c9:28:b1:2a:73:a2:3a:c8:
8f:fe:8d:cf:ce:69:39:0f:62:07:5a:ea:27:56:8f:37:91:3d:
e2:a0:ec:0a:fe:d6:65:1b:aa:d8:ce:e8:e6:e1:82:6f:d1:5c:
e9:e4:08:e6:fc:c8:c2:64:30:ff:eb:5a:50:ea:06:96:ad:fa:
f9:57:13:19
-----BEGIN CERTIFICATE-----
MIIHezCCBmOgAwIBAgIDAJYTMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDgwMjA4Mjk0OVoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjZhYzk4ZmQtNjExNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM0hGziWbH9Yc8JlSofn8dCVHfyoBy2sRyjQeICYcyr1iGuegflK1QX0WlIp
eFERlYm1d/1mRXfRH49jdaRxHosAzCde62cFytVRrrv6qgIcH7D/Q9G61gZqGHjr
xAGharmNiFYq2OD9DDi6kE1jwDx4b3pBPrlZaXFEQxMj4CLYgR6PGu2hAhREsmjT
EgG8mQiSSUz0YmK/1lqcbhMveiecs/1pfWF6pB9u+h2CWf0Y+ykuWZSwUfqZ7eiu
q+MpNoIIQuwif8MjjY8+BXIHuLzySRqQhGM26tpNfEB4LvHcFEO097cbo4z28mqx
Niha+H6qu1RdDNmRiD6eid9H74ECAwEAAaOCBJ4wggSaMB0GA1UdDgQWBBTgS2Zb
jIocxlf7Tuut7YI9l+Ra5TAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzJDQTAwRjBB
M0Y0RTExRUZCMzE1RDMwQUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIICJgYIKwYBBQUHAQcB
Af8EggIVMIICETCCAdwEAgABMIIB1AMEAmUAIAMEAGUAJTAMAwQCZ0mUAwQAZ0mW
AwQCZ274AwQCZ3JAAwQCZ3YIAwQAZ47GAwQAZ6MOAwQBZ6VIAwQBZ6VMAwQBZ6VY
AwQBZ6bWAwQBZ6eaAwQBZ6e2AwQBZ6fUAwQBZ6fgAwQBZ6fuAwQBZ6gAAwQBZ6gW
AwQBZ6ggAwQBZ6g8AwQBZ6nyAwQCZ6okAwQBZ6pUAwQAZ6tsAwQBZ6tuAwQBZ6uu
AwQBZ61iAwQBZ65cAwQBZ7HiAwQBZ7JAAwQBZ7KgAwQBZ7KmAwQBZ7LKAwQBZ7MK
MAwDBAFns14DBAFns2ADBAJns2QwDAMEAWezdgMEAWezeAMEAmez4AMEAWe0bgME
AWe0qDAMAwQCZ7SsAwQBZ7SwAwQCZ7TUAwQCZ7TsAwQBZ7UEAwQBZ7U4AwQBZ7VA
AwQCZ7VUAwQBZ7VuAwQBZ7VyMAwDBAFntZYDBAJntZgDBAFnta4DBAFntcYDBABn
tdQwDAMEAWe3HgMEAme3IAMEAWe32AMEAWe7VAMEAWe7XAMEAWe7YAMEAWe7ZgME
AWe7ggMEAWe7ngMEAWe7qgMEAWe9UgMEAmfHuAMEAmfUhAMEAMtMsgMEActMtAME
AMtMvAMEActMvjAvBAIAAjApAwcAIAEN8OQAAwcAIAEN8uIAAwcAIAEN8uYAAwUA
JAB7IAMFACQEfIAwDQYJKoZIhvcNAQELBQADggEBAAss+FS8+m6/SZY3ZK4vF6nn
8HK+2FwflKf/BEz8veZskWDWCmB8jGAMXUHcTrTbnIFQLWO+THZoqki04K9b4CGe
JV1WLmMbaEhUfxcB+1KkIuRK0CCQww6LCxgp1i0xH6sLiSa+yiRyka00X3WDjA0j
dyn495HeErTnUAckXNfXbQ3iT2ojFCfETl5HSediZ5w1C9coXbFqc7dWx19FtPVX
PxR7fbVCHJSxKOmsqyNSgQ/0OjygObYWxjLyL0PJKLEqc6I6yI/+jc/OaTkPYgda
6idWjzeRPeKg7Ar+1mUbqtjO6Obhgm/RXOnkCOb8yMJkMP/rWlDqBpat+vlXExk=
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:34:46 2025 by rpki-client