Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3938E19C4E8A11EFBA0CDD60C4F9AE02.roa
File: 3938E19C4E8A11EFBA0CDD60C4F9AE02.roa (raw, json)
Hash identifier: 8UojL1cpmGj9WTgGNjTqnusZM2/v4jtsZdc5twSieVk=
Subject key identifier: 4A:A3:76:A3:A0:9E:BB:2C:68:92:E4:0D:01:63:37:F9:62:E2:DA:0D
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 95B3
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3938E19C4E8A11EFBA0CDD60C4F9AE02.roa
Signing time: Tue 30 Jul 2024 15:41:44 +0000
ROA not before: Tue 30 Jul 2024 15:41:44 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 43.225.0.0/22 maxlen: 24
45.112.192.0/22 maxlen: 24
45.115.92.0/22 maxlen: 24
103.14.197.0/24 maxlen: 24
103.27.168.0/24 maxlen: 24
103.27.170.0/23 maxlen: 23
103.47.152.0/24 maxlen: 24
103.51.92.0/22 maxlen: 24
103.52.48.0/22 maxlen: 24
103.55.84.0/22 maxlen: 24
103.68.206.0/23 maxlen: 24
103.108.76.0/22 maxlen: 24
103.142.64.0/23 maxlen: 24
103.171.236.0/23 maxlen: 24
103.180.216.0/23 maxlen: 24
103.182.214.0/23 maxlen: 24
103.183.132.0/23 maxlen: 24
103.183.134.0/23 maxlen: 24
103.183.136.0/23 maxlen: 24
103.183.162.0/23 maxlen: 24
103.183.164.0/23 maxlen: 24
103.183.166.0/23 maxlen: 24
103.183.168.0/23 maxlen: 24
103.183.170.0/23 maxlen: 24
103.183.172.0/23 maxlen: 24
103.183.174.0/23 maxlen: 24
103.183.176.0/23 maxlen: 24
103.183.196.0/23 maxlen: 24
103.183.200.0/23 maxlen: 24
103.183.206.0/23 maxlen: 24
103.183.210.0/23 maxlen: 24
103.183.222.0/23 maxlen: 24
103.183.224.0/23 maxlen: 24
103.183.234.0/23 maxlen: 24
103.184.4.0/23 maxlen: 24
103.184.6.0/23 maxlen: 24
103.184.34.0/23 maxlen: 24
103.184.38.0/23 maxlen: 24
103.184.116.0/23 maxlen: 24
103.184.140.0/23 maxlen: 24
103.184.142.0/23 maxlen: 24
103.184.158.0/23 maxlen: 24
103.184.160.0/23 maxlen: 24
103.184.198.0/23 maxlen: 24
103.184.200.0/23 maxlen: 24
103.184.202.0/23 maxlen: 24
103.184.226.0/23 maxlen: 24
103.185.180.0/23 maxlen: 24
103.186.38.0/23 maxlen: 24
103.187.50.0/23 maxlen: 24
103.187.60.0/23 maxlen: 24
103.187.72.0/23 maxlen: 24
103.190.56.0/23 maxlen: 24
103.200.48.0/22 maxlen: 24
103.226.224.0/22 maxlen: 24
103.228.172.0/24 maxlen: 24
103.228.173.0/24 maxlen: 24
103.228.174.0/24 maxlen: 24
103.228.175.0/24 maxlen: 24
203.191.56.0/22 maxlen: 24
2400:d180:66::/48 maxlen: 48
2400:d180:67::/48 maxlen: 48
2400:d180:68::/48 maxlen: 48
2400:d180:69::/48 maxlen: 48
2400:d180:70::/48 maxlen: 48
2400:d180:71::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 38323 (0x95b3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Jul 30 15:41:44 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=66a909b8-1c40
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:1e:df:6b:ce:4d:5a:1c:98:e9:7d:f3:e2:e5:
7d:b2:ec:5e:3e:97:dc:94:b3:82:bb:f0:6d:d1:c5:
f9:43:8a:af:51:a1:b5:f7:db:c6:8c:9f:a8:70:17:
86:f7:46:f2:2e:83:8e:10:27:ca:af:5d:11:77:d7:
98:cc:c2:bd:13:88:fa:43:e1:2d:c5:8c:38:aa:ce:
9b:95:8c:6e:0a:ad:70:72:31:78:19:a7:cd:98:fb:
0a:99:0f:4b:2b:0b:56:0d:3e:98:ec:f3:06:33:be:
4e:a5:c8:a8:36:aa:23:db:15:80:8a:c0:e3:d8:f8:
86:d5:89:d9:94:ad:a6:4e:81:05:2d:9e:43:f7:d2:
50:e6:e2:c4:5c:5c:4f:c3:41:b0:b5:f7:92:f2:d3:
9d:aa:d6:aa:31:ec:72:36:d3:f9:5b:fd:74:8b:bb:
07:77:37:1e:74:0c:0f:dd:7b:e9:46:44:b6:21:c9:
94:d5:7f:8d:ca:bd:17:20:d0:f6:61:0a:3f:ed:20:
20:9d:7c:13:67:90:a9:9d:c7:e5:cd:77:99:b7:9e:
70:b0:39:d4:5d:9a:27:28:84:7f:4e:ac:df:85:0e:
c4:ba:27:19:fb:2b:39:55:64:71:5a:21:79:a4:21:
af:75:cd:3b:44:d1:7f:b8:0a:93:3f:d3:0d:5e:ec:
24:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:A3:76:A3:A0:9E:BB:2C:68:92:E4:0D:01:63:37:F9:62:E2:DA:0D
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3938E19C4E8A11EFBA0CDD60C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.225.0.0/22
45.112.192.0/22
45.115.92.0/22
103.14.197.0/24
103.27.168.0/24
103.27.170.0/23
103.47.152.0/24
103.51.92.0/22
103.52.48.0/22
103.55.84.0/22
103.68.206.0/23
103.108.76.0/22
103.142.64.0/23
103.171.236.0/23
103.180.216.0/23
103.182.214.0/23
103.183.132.0-103.183.137.255
103.183.162.0-103.183.177.255
103.183.196.0/23
103.183.200.0/23
103.183.206.0/23
103.183.210.0/23
103.183.222.0-103.183.225.255
103.183.234.0/23
103.184.4.0/22
103.184.34.0/23
103.184.38.0/23
103.184.116.0/23
103.184.140.0/22
103.184.158.0-103.184.161.255
103.184.198.0-103.184.203.255
103.184.226.0/23
103.185.180.0/23
103.186.38.0/23
103.187.50.0/23
103.187.60.0/23
103.187.72.0/23
103.190.56.0/23
103.200.48.0/22
103.226.224.0/22
103.228.172.0/22
203.191.56.0/22
IPv6:
2400:d180:66::-2400:d180:69:ffff:ffff:ffff:ffff:ffff
2400:d180:70::/47
Signature Algorithm: sha256WithRSAEncryption
25:63:04:97:eb:c3:f5:a7:4f:54:6e:a7:66:2b:23:ee:0e:fb:
5f:a1:fb:99:52:d8:25:7f:d5:1f:3c:de:69:bc:44:38:4b:c3:
74:ee:72:f8:55:9c:b0:8f:4e:ac:54:66:1b:02:a1:e2:9b:8d:
8e:32:7b:29:a2:7c:25:d0:60:35:74:3a:3e:56:81:1d:ed:f0:
92:32:42:08:57:1b:1c:c2:b2:58:b3:e8:3b:30:65:7e:54:3f:
34:b2:d8:48:b7:7a:1e:f1:fd:c7:92:e0:8b:ae:c2:bb:23:ab:
1c:06:c7:e6:36:82:2c:21:e9:bf:49:62:26:a3:c2:ba:62:38:
e9:97:3c:03:ee:e1:d8:42:a2:76:f7:e5:e6:f0:e1:64:8d:fe:
0f:7b:0c:83:0e:9e:ca:41:f9:54:01:e8:d8:f2:58:63:1a:ba:
fc:4a:0b:3a:9a:ad:8c:f7:f6:2c:44:d7:a7:e2:4d:8f:c9:d5:
c0:0d:32:00:ec:d4:f0:23:04:4e:76:35:99:d8:4c:89:68:e8:
96:87:ff:e6:cc:52:fd:ab:29:44:f7:f3:25:5c:bf:4f:09:21:
53:d8:80:77:0e:0f:e1:d9:8d:83:de:15:50:2b:66:c5:74:0a:
43:17:cd:7b:cb:4e:3c:51:6e:af:f2:7d:c3:00:b1:ab:c2:51:
e0:68:96:01
-----BEGIN CERTIFICATE-----
MIIGvzCCBaegAwIBAgIDAJWzMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDczMDE1NDE0NFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjZhOTA5YjgtMWM0MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKIe32vOTVocmOl98+LlfbLsXj6X3JSzgrvwbdHF+UOKr1GhtffbxoyfqHAX
hvdG8i6DjhAnyq9dEXfXmMzCvROI+kPhLcWMOKrOm5WMbgqtcHIxeBmnzZj7CpkP
SysLVg0+mOzzBjO+TqXIqDaqI9sVgIrA49j4htWJ2ZStpk6BBS2eQ/fSUObixFxc
T8NBsLX3kvLTnarWqjHscjbT+Vv9dIu7B3c3HnQMD9176UZEtiHJlNV/jcq9FyDQ
9mEKP+0gIJ18E2eQqZ3H5c13mbeecLA51F2aJyiEf06s34UOxLonGfsrOVVkcVoh
eaQhr3XNO0TRf7gKkz/TDV7sJPECAwEAAaOCA+IwggPeMB0GA1UdDgQWBBRKo3aj
oJ67LGiS5A0BYzf5YuLaDTAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzM5MzhFMTlD
NEU4QTExRUZCQTBDREQ2MEM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIIBagYIKwYBBQUHAQcB
Af8EggFZMIIBVTCCASwEAgABMIIBJAMEAivhAAMEAi1wwAMEAi1zXAMEAGcOxQME
AGcbqAMEAWcbqgMEAGcvmAMEAmczXAMEAmc0MAMEAmc3VAMEAWdEzgMEAmdsTAME
AWeOQAMEAWer7AMEAWe02AMEAWe21jAMAwQCZ7eEAwQBZ7eIMAwDBAFnt6IDBAFn
t7ADBAFnt8QDBAFnt8gDBAFnt84DBAFnt9IwDAMEAWe33gMEAWe34AMEAWe36gME
Ame4BAMEAWe4IgMEAWe4JgMEAWe4dAMEAme4jDAMAwQBZ7ieAwQBZ7igMAwDBAFn
uMYDBAJnuMgDBAFnuOIDBAFnubQDBAFnuiYDBAFnuzIDBAFnuzwDBAFnu0gDBAFn
vjgDBAJnyDADBAJn4uADBAJn5KwDBALLvzgwIwQCAAIwHTASAwcBJADRgABmAwcB
JADRgABoAwcBJADRgABwMA0GCSqGSIb3DQEBCwUAA4IBAQAlYwSX68P1p09Ubqdm
KyPuDvtfofuZUtglf9UfPN5pvEQ4S8N07nL4VZywj06sVGYbAqHim42OMnsponwl
0GA1dDo+VoEd7fCSMkIIVxscwrJYs+g7MGV+VD80sthIt3oe8f3HkuCLrsK7I6sc
BsfmNoIsIem/SWImo8K6YjjplzwD7uHYQqJ29+Xm8OFkjf4PewyDDp7KQflUAejY
8lhjGrr8Sgs6mq2M9/YsRNen4k2PydXADTIA7NTwIwROdjWZ2EyJaOiWh//mzFL9
qylE9/MlXL9PCSFT2IB3Dg/h2Y2D3hVQK2bFdApDF817y048UW6v8n3DALGrwlHg
aJYB
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:09:29 2025 by rpki-client