Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3C929AA074E011EF8634461DC4F9AE02.roa
File: 3C929AA074E011EF8634461DC4F9AE02.roa (raw, json)
Hash identifier: WsMGxEysHkJwEiDd5rmXHLEFO25CPSvjbdRzpPAFObU=
Subject key identifier: B8:F3:7E:49:62:C2:54:BC:7D:74:AE:26:F0:BE:EE:76:2F:88:DE:A5
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 98C2
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3C929AA074E011EF8634461DC4F9AE02.roa
Signing time: Tue 17 Sep 2024 10:33:11 +0000
ROA not before: Tue 17 Sep 2024 10:33:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 133661
IP address blocks: 101.0.32.0/22 maxlen: 24
101.0.37.0/24 maxlen: 24
103.73.148.0/24 maxlen: 24
103.73.149.0/24 maxlen: 24
103.73.150.0/24 maxlen: 24
103.114.64.0/22 maxlen: 24
103.142.198.0/24 maxlen: 24
103.163.14.0/24 maxlen: 24
103.165.72.0/23 maxlen: 24
103.165.76.0/23 maxlen: 24
103.166.214.0/23 maxlen: 24
103.167.154.0/23 maxlen: 24
103.167.182.0/23 maxlen: 24
103.167.212.0/23 maxlen: 24
103.167.238.0/23 maxlen: 24
103.168.0.0/23 maxlen: 24
103.168.22.0/24 maxlen: 24
103.168.32.0/23 maxlen: 24
103.168.60.0/23 maxlen: 24
103.169.242.0/23 maxlen: 24
103.170.36.0/23 maxlen: 24
103.170.38.0/23 maxlen: 24
103.170.84.0/23 maxlen: 24
103.171.108.0/24 maxlen: 24
103.171.110.0/23 maxlen: 24
103.171.174.0/23 maxlen: 24
103.173.98.0/23 maxlen: 24
103.174.92.0/23 maxlen: 24
103.177.226.0/23 maxlen: 24
103.178.64.0/23 maxlen: 24
103.178.160.0/23 maxlen: 24
103.178.166.0/23 maxlen: 24
103.178.202.0/23 maxlen: 24
103.179.10.0/23 maxlen: 24
103.179.94.0/23 maxlen: 24
103.179.96.0/23 maxlen: 24
103.179.100.0/23 maxlen: 24
103.179.102.0/23 maxlen: 24
103.179.118.0/23 maxlen: 24
103.179.120.0/23 maxlen: 24
103.179.224.0/23 maxlen: 24
103.179.226.0/23 maxlen: 24
103.180.110.0/23 maxlen: 24
103.180.168.0/23 maxlen: 24
103.180.172.0/23 maxlen: 24
103.180.174.0/23 maxlen: 24
103.180.176.0/23 maxlen: 24
103.180.212.0/23 maxlen: 24
103.180.214.0/23 maxlen: 24
103.180.236.0/23 maxlen: 24
103.180.238.0/23 maxlen: 24
103.181.4.0/23 maxlen: 24
103.181.56.0/23 maxlen: 24
103.181.64.0/23 maxlen: 24
103.181.84.0/23 maxlen: 24
103.181.86.0/23 maxlen: 24
103.181.110.0/23 maxlen: 24
103.181.114.0/23 maxlen: 24
103.181.150.0/23 maxlen: 24
103.181.152.0/23 maxlen: 24
103.181.154.0/23 maxlen: 24
103.181.174.0/23 maxlen: 24
103.181.198.0/23 maxlen: 24
103.181.212.0/24 maxlen: 24
103.183.30.0/23 maxlen: 24
103.183.32.0/23 maxlen: 24
103.183.34.0/23 maxlen: 24
103.183.216.0/23 maxlen: 24
103.187.84.0/23 maxlen: 24
103.187.92.0/23 maxlen: 24
103.187.96.0/23 maxlen: 24
103.187.102.0/23 maxlen: 24
103.187.130.0/23 maxlen: 24
103.187.158.0/23 maxlen: 24
103.187.170.0/23 maxlen: 24
103.189.82.0/23 maxlen: 24
103.199.184.0/22 maxlen: 24
103.212.132.0/22 maxlen: 24
203.76.178.0/24 maxlen: 24
203.76.180.0/24 maxlen: 24
203.76.181.0/24 maxlen: 24
203.76.188.0/24 maxlen: 24
203.76.190.0/24 maxlen: 24
203.76.191.0/24 maxlen: 24
2001:df0:e400::/48 maxlen: 48
2001:df2:e200::/48 maxlen: 48
2001:df2:e600::/48 maxlen: 48
2400:7b20::/32 maxlen: 32
2404:7c80::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 39106 (0x98c2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Sep 17 10:33:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=66e95ae7-1385
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:0e:a7:d3:6f:d6:dd:8b:5e:f0:08:fb:75:6f:
00:38:36:05:04:bd:2e:d2:94:eb:a4:c2:c3:1a:aa:
1f:7b:6d:5c:af:f2:6b:3f:50:85:4f:e1:b7:96:9a:
58:2f:83:63:2f:bc:f4:1f:05:75:46:6f:c2:a5:ac:
8a:d0:8b:b3:2d:ab:15:6b:c1:71:df:46:79:89:4c:
2e:21:72:21:d5:71:f4:7e:eb:8d:84:c8:92:85:e3:
4a:86:df:33:6e:65:58:51:9a:77:a0:b8:aa:58:94:
bd:da:40:6a:6f:97:cf:04:5d:df:fd:55:89:74:77:
7b:d2:01:b8:d2:58:20:2e:ef:d1:5b:cd:e9:98:17:
1a:f3:d8:93:1a:87:ed:e3:01:d0:62:0a:19:40:c6:
07:7a:62:d9:e3:eb:3c:30:55:2c:d3:06:6a:4c:84:
a7:ef:ad:85:72:51:44:95:d0:49:e2:88:47:72:72:
41:29:b8:41:64:82:b9:55:e7:2b:dd:7c:ae:b1:2b:
be:ad:37:0c:c2:2f:15:90:3b:83:60:24:12:c5:f2:
fc:7f:cb:a4:69:18:a9:b4:97:46:0e:24:a3:66:5d:
ef:08:a8:e6:39:c4:11:9c:12:93:2e:9f:e8:9c:fa:
d0:18:b7:16:7a:b2:e6:df:27:1b:1e:a8:a5:10:55:
22:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:F3:7E:49:62:C2:54:BC:7D:74:AE:26:F0:BE:EE:76:2F:88:DE:A5
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3C929AA074E011EF8634461DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
101.0.32.0/22
101.0.37.0/24
103.73.148.0-103.73.150.255
103.114.64.0/22
103.142.198.0/24
103.163.14.0/24
103.165.72.0/23
103.165.76.0/23
103.166.214.0/23
103.167.154.0/23
103.167.182.0/23
103.167.212.0/23
103.167.238.0/23
103.168.0.0/23
103.168.22.0/24
103.168.32.0/23
103.168.60.0/23
103.169.242.0/23
103.170.36.0/22
103.170.84.0/23
103.171.108.0/24
103.171.110.0/23
103.171.174.0/23
103.173.98.0/23
103.174.92.0/23
103.177.226.0/23
103.178.64.0/23
103.178.160.0/23
103.178.166.0/23
103.178.202.0/23
103.179.10.0/23
103.179.94.0-103.179.97.255
103.179.100.0/22
103.179.118.0-103.179.121.255
103.179.224.0/22
103.180.110.0/23
103.180.168.0/23
103.180.172.0-103.180.177.255
103.180.212.0/22
103.180.236.0/22
103.181.4.0/23
103.181.56.0/23
103.181.64.0/23
103.181.84.0/22
103.181.110.0/23
103.181.114.0/23
103.181.150.0-103.181.155.255
103.181.174.0/23
103.181.198.0/23
103.181.212.0/24
103.183.30.0-103.183.35.255
103.183.216.0/23
103.187.84.0/23
103.187.92.0/23
103.187.96.0/23
103.187.102.0/23
103.187.130.0/23
103.187.158.0/23
103.187.170.0/23
103.189.82.0/23
103.199.184.0/22
103.212.132.0/22
203.76.178.0/24
203.76.180.0/23
203.76.188.0/24
203.76.190.0/23
IPv6:
2001:df0:e400::/48
2001:df2:e200::/48
2001:df2:e600::/48
2400:7b20::/32
2404:7c80::/32
Signature Algorithm: sha256WithRSAEncryption
78:56:72:16:58:6f:33:81:c7:63:c4:99:dd:fe:d3:da:3b:a2:
ca:25:cc:9e:10:92:b9:d7:9d:4d:dc:84:af:7e:b7:2a:cf:a3:
ce:3a:ca:74:dd:bd:79:a1:55:ae:df:88:48:0b:df:29:4a:3c:
bc:00:30:53:fe:8e:bc:82:f9:6f:c1:00:7b:02:3e:e7:0f:1b:
fe:88:35:1c:b4:7c:54:55:dd:ca:12:d3:19:3d:84:16:2f:c5:
6a:fd:23:af:0a:6d:92:5b:c7:43:7b:b6:f7:33:59:74:28:f3:
3e:c8:0f:e2:5e:c8:d2:31:02:35:e6:b7:52:df:72:70:4c:25:
37:1d:cc:42:d0:3c:ac:73:a4:c5:5e:94:6e:ac:e3:65:5e:e0:
62:3c:dd:1b:24:f6:4c:40:c2:71:02:2a:2c:1c:15:a1:71:89:
c8:cb:e0:ff:34:47:8f:64:c5:19:b2:3c:95:49:c2:8f:f9:93:
84:4d:72:ec:76:32:d2:c8:ba:24:65:40:c7:b6:3b:fa:f8:0c:
b0:f2:21:a9:0c:ad:e3:4b:18:76:07:57:ca:5e:80:8f:20:2a:
9c:72:fa:da:9b:f7:c2:58:a9:1a:dc:96:da:96:f8:1d:38:6b:
c6:a4:d8:41:fa:02:be:0f:ce:c1:24:75:3b:69:91:e5:04:6c:
62:f5:67:e3
-----BEGIN CERTIFICATE-----
MIIHYzCCBkugAwIBAgIDAJjCMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDkxNzEwMzMxMVoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjZlOTVhZTctMTM4NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALYOp9Nv1t2LXvAI+3VvADg2BQS9LtKU66TCwxqqH3ttXK/yaz9QhU/ht5aa
WC+DYy+89B8FdUZvwqWsitCLsy2rFWvBcd9GeYlMLiFyIdVx9H7rjYTIkoXjSobf
M25lWFGad6C4qliUvdpAam+XzwRd3/1ViXR3e9IBuNJYIC7v0VvN6ZgXGvPYkxqH
7eMB0GIKGUDGB3pi2ePrPDBVLNMGakyEp++thXJRRJXQSeKIR3JyQSm4QWSCuVXn
K918rrErvq03DMIvFZA7g2AkEsXy/H/LpGkYqbSXRg4ko2Zd7wio5jnEEZwSky6f
6Jz60Bi3Fnqy5t8nGx6opRBVIsUCAwEAAaOCBIYwggSCMB0GA1UdDgQWBBS4835J
YsJUvH10ribwvu52L4jepTAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzNDOTI5QUEw
NzRFMDExRUY4NjM0NDYxREM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIICDgYIKwYBBQUHAQcB
Af8EggH9MIIB+TCCAcQEAgABMIIBvAMEAmUAIAMEAGUAJTAMAwQCZ0mUAwQAZ0mW
AwQCZ3JAAwQAZ47GAwQAZ6MOAwQBZ6VIAwQBZ6VMAwQBZ6bWAwQBZ6eaAwQBZ6e2
AwQBZ6fUAwQBZ6fuAwQBZ6gAAwQAZ6gWAwQBZ6ggAwQBZ6g8AwQBZ6nyAwQCZ6ok
AwQBZ6pUAwQAZ6tsAwQBZ6tuAwQBZ6uuAwQBZ61iAwQBZ65cAwQBZ7HiAwQBZ7JA
AwQBZ7KgAwQBZ7KmAwQBZ7LKAwQBZ7MKMAwDBAFns14DBAFns2ADBAJns2QwDAME
AWezdgMEAWezeAMEAmez4AMEAWe0bgMEAWe0qDAMAwQCZ7SsAwQBZ7SwAwQCZ7TU
AwQCZ7TsAwQBZ7UEAwQBZ7U4AwQBZ7VAAwQCZ7VUAwQBZ7VuAwQBZ7VyMAwDBAFn
tZYDBAJntZgDBAFnta4DBAFntcYDBABntdQwDAMEAWe3HgMEAme3IAMEAWe32AME
AWe7VAMEAWe7XAMEAWe7YAMEAWe7ZgMEAWe7ggMEAWe7ngMEAWe7qgMEAWe9UgME
AmfHuAMEAmfUhAMEAMtMsgMEActMtAMEAMtMvAMEActMvjAvBAIAAjApAwcAIAEN
8OQAAwcAIAEN8uIAAwcAIAEN8uYAAwUAJAB7IAMFACQEfIAwDQYJKoZIhvcNAQEL
BQADggEBAHhWchZYbzOBx2PEmd3+09o7osolzJ4QkrnXnU3chK9+tyrPo846ynTd
vXmhVa7fiEgL3ylKPLwAMFP+jryC+W/BAHsCPucPG/6INRy0fFRV3coS0xk9hBYv
xWr9I68KbZJbx0N7tvczWXQo8z7ID+JeyNIxAjXmt1LfcnBMJTcdzELQPKxzpMVe
lG6s42Ve4GI83Rsk9kxAwnECKiwcFaFxicjL4P80R49kxRmyPJVJwo/5k4RNcux2
MtLIuiRlQMe2O/r4DLDyIakMreNLGHYHV8pegI8gKpxy+tqb98JYqRrcltqW+B04
a8ak2EH6Ar4PzsEkdTtpkeUEbGL1Z+M=
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:02:04 2025 by rpki-client