Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/31700350920511EFBF575351C4F9AE02.roa
File: 31700350920511EFBF575351C4F9AE02.roa (raw, json)
Hash identifier: p+rTxrQUDlZQ22kLgn2wYjk8VOXKK1alHpxzb1iLRaA=
Subject key identifier: D7:B9:37:FE:20:DC:E9:42:2B:D7:A6:7E:A6:CB:96:96:BD:B0:15:4A
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 9C0F
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/31700350920511EFBF575351C4F9AE02.roa
Signing time: Thu 24 Oct 2024 12:40:47 +0000
ROA not before: Thu 24 Oct 2024 12:40:47 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 43.225.0.0/22 maxlen: 24
103.14.197.0/24 maxlen: 24
103.27.168.0/24 maxlen: 24
103.27.170.0/23 maxlen: 23
103.47.152.0/24 maxlen: 24
103.51.92.0/22 maxlen: 24
103.52.48.0/22 maxlen: 24
103.55.84.0/22 maxlen: 24
103.86.20.0/22 maxlen: 24
103.108.76.0/22 maxlen: 24
103.118.8.0/22 maxlen: 24
103.142.64.0/23 maxlen: 24
103.171.236.0/23 maxlen: 24
103.180.216.0/23 maxlen: 24
103.199.184.0/22 maxlen: 24
103.200.48.0/22 maxlen: 24
103.206.64.0/22 maxlen: 24
103.212.132.0/22 maxlen: 24
103.226.224.0/22 maxlen: 24
103.228.172.0/24 maxlen: 24
103.228.173.0/24 maxlen: 24
103.228.174.0/24 maxlen: 24
103.228.175.0/24 maxlen: 24
203.191.56.0/22 maxlen: 24
2400:d180:66::/48 maxlen: 48
2400:d180:67::/48 maxlen: 48
2400:d180:68::/48 maxlen: 48
2400:d180:69::/48 maxlen: 48
2400:d180:70::/48 maxlen: 48
2400:d180:71::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 39951 (0x9c0f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Oct 24 12:40:47 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=671a404f-f5b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:6d:95:ba:fa:95:89:61:3b:7e:75:e3:36:ca:
69:0d:18:d1:99:a8:66:4f:5b:60:7a:35:4d:02:f2:
5e:67:5a:31:50:ab:9c:58:f1:97:25:41:8b:a8:59:
40:33:ac:53:25:22:a5:bc:e5:8a:73:18:7f:25:93:
d7:b4:09:f1:20:7d:00:94:ec:d5:be:92:95:5a:4e:
ae:ea:24:6c:7a:35:53:c8:c5:9c:d9:77:45:16:0f:
c6:0f:ee:c4:39:81:f3:59:8d:3f:1a:ff:4d:50:1f:
2a:a7:9b:03:40:3f:ba:7c:f4:51:9d:fd:d4:da:9c:
03:79:a8:f1:6a:aa:9d:51:21:46:b3:bb:e4:bc:0c:
54:1b:7d:ed:65:f5:70:63:7f:7e:87:12:ee:c3:9b:
a2:85:dd:ca:a8:1d:48:7a:c3:e1:c7:fd:f5:76:16:
63:c5:7d:4c:e6:42:68:dc:61:29:37:1e:cc:6b:4c:
e1:6e:1c:81:b1:84:f1:00:c0:02:2c:ed:43:3e:e5:
86:3c:ff:e8:31:85:f9:70:53:1b:b2:b1:1d:53:25:
e0:f9:57:01:87:02:6d:75:2f:e8:2d:47:a8:c8:84:
7c:24:3d:03:92:3c:db:2a:31:fa:58:19:8f:c6:26:
40:e7:08:d4:34:45:6e:e4:f0:1d:a2:2b:e2:ae:0d:
f2:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:B9:37:FE:20:DC:E9:42:2B:D7:A6:7E:A6:CB:96:96:BD:B0:15:4A
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/31700350920511EFBF575351C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.225.0.0/22
103.14.197.0/24
103.27.168.0/24
103.27.170.0/23
103.47.152.0/24
103.51.92.0/22
103.52.48.0/22
103.55.84.0/22
103.86.20.0/22
103.108.76.0/22
103.118.8.0/22
103.142.64.0/23
103.171.236.0/23
103.180.216.0/23
103.199.184.0/22
103.200.48.0/22
103.206.64.0/22
103.212.132.0/22
103.226.224.0/22
103.228.172.0/22
203.191.56.0/22
IPv6:
2400:d180:66::-2400:d180:69:ffff:ffff:ffff:ffff:ffff
2400:d180:70::/47
Signature Algorithm: sha256WithRSAEncryption
2a:3f:fb:1e:46:f8:14:44:92:95:e3:1d:e1:0c:e8:d4:a1:fa:
b8:98:39:d6:9a:b0:b0:6a:36:95:29:12:6f:6c:ae:b5:46:10:
93:2e:8e:77:4b:5f:f4:b1:98:8e:a8:5f:3b:81:24:54:7e:bc:
ca:53:43:ce:7d:a6:f1:50:3a:c6:ee:3f:b9:4f:10:ff:77:5d:
fa:91:42:b4:4c:70:e7:54:c3:e9:d9:90:ef:c0:85:6b:db:1f:
cf:ee:45:5f:1f:4f:bf:85:bf:5c:d6:83:4b:ac:df:95:1e:8f:
23:bc:ec:33:fb:f1:a2:65:64:9f:45:ca:d4:cc:5d:3a:9d:fc:
47:eb:c7:26:e8:41:22:a0:86:af:5d:07:b1:33:eb:79:57:56:
5d:cb:00:60:23:4e:d3:47:de:ab:d2:e5:c2:a0:a7:5b:a2:70:
e4:a9:3d:84:fd:64:68:5c:98:9d:48:fa:c6:97:7f:97:6b:68:
77:66:aa:8f:31:4b:cd:ae:87:7e:7c:ce:92:cd:7f:f4:ce:3a:
75:f0:ee:3b:f6:23:c8:a7:54:f6:ae:a1:f4:d4:8f:09:f0:df:
ca:4c:0a:53:fe:b0:11:12:ba:83:fb:44:1b:75:d6:9f:99:b2:
91:00:ab:4b:08:e4:67:e6:ad:eb:c6:6a:ca:fa:6f:f5:8d:62:
da:7b:51:bc
-----BEGIN CERTIFICATE-----
MIIGEzCCBPugAwIBAgIDAJwPMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MTAyNDEyNDA0N1oXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjcxYTQwNGYtZjViMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANJtlbr6lYlhO3514zbKaQ0Y0ZmoZk9bYHo1TQLyXmdaMVCrnFjxlyVBi6hZ
QDOsUyUipbzlinMYfyWT17QJ8SB9AJTs1b6SlVpOruokbHo1U8jFnNl3RRYPxg/u
xDmB81mNPxr/TVAfKqebA0A/unz0UZ391NqcA3mo8WqqnVEhRrO75LwMVBt97WX1
cGN/focS7sObooXdyqgdSHrD4cf99XYWY8V9TOZCaNxhKTcezGtM4W4cgbGE8QDA
AiztQz7lhjz/6DGF+XBTG7KxHVMl4PlXAYcCbXUv6C1HqMiEfCQ9A5I82yox+lgZ
j8YmQOcI1DRFbuTwHaIr4q4N8oUCAwEAAaOCAzYwggMyMB0GA1UdDgQWBBTXuTf+
INzpQivXpn6my5aWvbAVSjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzMxNzAwMzUw
OTIwNTExRUZCRjU3NTM1MUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIG/BggrBgEFBQcBBwEB
/wSBrzCBrDCBhAQCAAEwfgMEAivhAAMEAGcOxQMEAGcbqAMEAWcbqgMEAGcvmAME
AmczXAMEAmc0MAMEAmc3VAMEAmdWFAMEAmdsTAMEAmd2CAMEAWeOQAMEAWer7AME
AWe02AMEAmfHuAMEAmfIMAMEAmfOQAMEAmfUhAMEAmfi4AMEAmfkrAMEAsu/ODAj
BAIAAjAdMBIDBwEkANGAAGYDBwEkANGAAGgDBwEkANGAAHAwDQYJKoZIhvcNAQEL
BQADggEBACo/+x5G+BREkpXjHeEM6NSh+riYOdaasLBqNpUpEm9srrVGEJMujndL
X/SxmI6oXzuBJFR+vMpTQ859pvFQOsbuP7lPEP93XfqRQrRMcOdUw+nZkO/AhWvb
H8/uRV8fT7+Fv1zWg0us35UejyO87DP78aJlZJ9FytTMXTqd/EfrxyboQSKghq9d
B7Ez63lXVl3LAGAjTtNH3qvS5cKgp1uicOSpPYT9ZGhcmJ1I+saXf5draHdmqo8x
S82uh358zpLNf/TOOnXw7jv2I8inVPauofTUjwnw38pMClP+sBESuoP7RBt11p+Z
spEAq0sI5GfmrevGasr6b/WNYtp7Ubw=
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:27:01 2025 by rpki-client