Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3EFF0D789BAC11ED94132273C4F9AE02.roa
File: 3EFF0D789BAC11ED94132273C4F9AE02.roa (raw, json)
Hash identifier: e/QMJ4XxxtMPS+IIiERIYd0xUuQ1ZSV6fo1E/spT9XY=
Subject key identifier: B4:65:45:B2:8D:C0:F4:4A:3E:92:9F:3F:D3:7D:1A:13:01:C9:A5:32
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 6608
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3EFF0D789BAC11ED94132273C4F9AE02.roa
Signing time: Fri 03 Mar 2023 04:21:40 +0000
ROA not before: Fri 03 Mar 2023 04:21:40 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 133647
IP address blocks: 14.102.17.0/24 maxlen: 24
14.102.18.0/24 maxlen: 24
14.102.19.0/24 maxlen: 24
14.102.20.0/24 maxlen: 24
14.102.21.0/24 maxlen: 24
14.102.46.0/24 maxlen: 24
14.102.47.0/24 maxlen: 24
14.102.49.0/24 maxlen: 24
14.102.51.0/24 maxlen: 24
14.102.58.0/24 maxlen: 24
14.102.61.0/24 maxlen: 24
14.102.94.0/24 maxlen: 24
14.102.102.0/24 maxlen: 24
43.230.156.0/22 maxlen: 24
45.115.252.0/22 maxlen: 24
45.116.68.0/24 maxlen: 24
45.116.106.0/24 maxlen: 24
45.116.107.0/24 maxlen: 24
103.38.70.0/24 maxlen: 24
103.43.4.0/22 maxlen: 24
103.50.4.0/22 maxlen: 24
103.55.6.0/23 maxlen: 23
103.55.7.0/24 maxlen: 24
103.61.101.0/24 maxlen: 24
103.61.102.0/24 maxlen: 24
103.61.103.0/24 maxlen: 24
103.61.242.0/23 maxlen: 24
103.69.216.0/22 maxlen: 24
103.70.144.0/22 maxlen: 24
103.70.176.0/23 maxlen: 24
103.79.112.0/22 maxlen: 24
103.87.48.0/24 maxlen: 24
103.87.49.0/24 maxlen: 24
103.91.68.0/22 maxlen: 24
103.93.176.0/22 maxlen: 24
103.122.85.0/24 maxlen: 24
103.156.168.0/23 maxlen: 24
103.157.160.0/23 maxlen: 24
103.159.154.0/23 maxlen: 24
103.161.230.0/23 maxlen: 24
103.161.232.0/24 maxlen: 24
103.161.233.0/24 maxlen: 24
103.174.105.0/24 maxlen: 24
103.175.76.0/23 maxlen: 24
103.220.28.0/24 maxlen: 24
103.220.29.0/24 maxlen: 24
103.220.30.0/24 maxlen: 24
103.220.31.0/24 maxlen: 24
103.237.172.0/24 maxlen: 24
103.237.173.0/24 maxlen: 24
103.237.174.0/24 maxlen: 24
103.237.175.0/24 maxlen: 24
110.172.137.0/24 maxlen: 24
110.172.141.0/24 maxlen: 24
110.172.142.0/24 maxlen: 24
110.172.144.0/24 maxlen: 24
110.172.163.0/24 maxlen: 24
110.172.172.0/24 maxlen: 24
110.172.188.0/24 maxlen: 24
118.91.184.0/24 maxlen: 24
118.91.190.0/24 maxlen: 24
175.111.180.0/24 maxlen: 24
175.111.182.0/24 maxlen: 24
175.111.183.0/24 maxlen: 24
202.89.73.0/24 maxlen: 24
202.89.79.0/24 maxlen: 24
2001:df1:f440::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26120 (0x6608)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Mar 3 04:21:40 2023 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=640175d4-8c3b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:ce:ac:20:45:cd:d5:55:59:10:24:c2:34:ed:
10:79:fa:fe:c2:e0:49:d1:02:62:ef:a2:06:2d:8f:
57:4a:5b:5e:e1:f4:f7:3c:e2:1f:c7:d4:e0:48:75:
b9:2b:e5:1b:57:e4:f2:c4:1f:7a:67:d1:c7:cf:1c:
61:3e:d4:ec:f4:78:5c:a6:92:a4:37:9a:50:75:c9:
c2:49:cf:73:78:72:40:fd:2a:d4:d9:ff:99:87:f5:
08:cd:13:7d:67:3b:02:5a:eb:ad:99:fd:cd:5f:f7:
66:08:75:44:85:76:b4:71:ab:63:a3:3a:ec:ba:d7:
9a:14:b1:b4:8d:d2:13:95:42:4b:2d:5d:12:3e:c5:
45:de:57:12:bc:05:19:a6:34:66:50:22:cb:b2:73:
72:b6:53:95:2a:bf:03:da:17:f3:ed:bb:83:58:de:
70:e5:34:67:96:94:b1:7a:eb:ce:28:e0:d6:d9:2b:
1e:ec:66:d3:d5:62:45:a1:39:1c:e8:b4:00:32:52:
44:2f:d0:a0:c7:80:8c:66:b2:ab:aa:4d:70:f9:15:
f4:4c:a2:94:00:5b:35:08:6b:c2:7f:16:53:ff:f6:
40:29:11:08:03:0d:09:09:1f:5a:da:a8:7a:0a:8b:
ae:0d:b6:ee:1d:68:1d:e8:49:9e:57:4f:4f:cf:16:
8b:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:65:45:B2:8D:C0:F4:4A:3E:92:9F:3F:D3:7D:1A:13:01:C9:A5:32
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/3EFF0D789BAC11ED94132273C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.102.17.0-14.102.21.255
14.102.46.0/23
14.102.49.0/24
14.102.51.0/24
14.102.58.0/24
14.102.61.0/24
14.102.94.0/24
14.102.102.0/24
43.230.156.0/22
45.115.252.0/22
45.116.68.0/24
45.116.106.0/23
103.38.70.0/24
103.43.4.0/22
103.50.4.0/22
103.55.6.0/23
103.61.101.0-103.61.103.255
103.61.242.0/23
103.69.216.0/22
103.70.144.0/22
103.70.176.0/23
103.79.112.0/22
103.87.48.0/23
103.91.68.0/22
103.93.176.0/22
103.122.85.0/24
103.156.168.0/23
103.157.160.0/23
103.159.154.0/23
103.161.230.0-103.161.233.255
103.174.105.0/24
103.175.76.0/23
103.220.28.0/22
103.237.172.0/22
110.172.137.0/24
110.172.141.0-110.172.142.255
110.172.144.0/24
110.172.163.0/24
110.172.172.0/24
110.172.188.0/24
118.91.184.0/24
118.91.190.0/24
175.111.180.0/24
175.111.182.0/23
202.89.73.0/24
202.89.79.0/24
IPv6:
2001:df1:f440::/48
Signature Algorithm: sha256WithRSAEncryption
6f:73:69:95:34:18:65:20:10:11:7a:83:45:fd:79:2b:fe:d0:
44:ae:a0:75:b3:c9:c2:ea:66:75:e7:57:7f:55:68:8e:25:f3:
31:08:82:74:50:c2:ed:1f:19:c7:68:64:db:ec:0b:d6:e7:a4:
25:f7:b1:a1:bd:cb:e3:b9:cb:eb:ea:c3:0a:6b:e7:a5:c2:04:
b5:d6:8d:f7:2d:7b:a4:11:f6:3a:c3:42:47:ab:df:bd:51:2c:
0f:36:84:3e:49:ca:1c:52:b6:89:55:35:e4:2d:17:a4:70:a6:
49:c9:78:6d:75:03:4d:cd:bd:9e:f9:77:47:3b:d1:06:f7:31:
58:54:e7:cb:ae:05:a7:e3:74:cb:a7:77:2e:06:28:86:d6:0d:
25:d8:2c:55:c4:31:37:9e:15:bb:14:0d:1f:da:3c:30:c9:fa:
97:5d:ee:c5:5e:17:96:09:92:80:cb:54:5d:2b:2e:de:02:cb:
01:fa:49:60:06:87:39:ce:79:fd:2f:02:e3:4b:cb:bc:fe:1e:
17:99:01:79:c7:d8:26:fc:01:c2:77:a4:e1:89:d6:60:0a:10:
d5:8a:a9:fd:90:0c:12:1d:44:f4:4c:ed:fa:fa:4f:ca:41:b4:
26:e2:fa:ba:a3:4b:e3:77:5b:3a:c2:fa:5b:08:aa:78:8b:82:
2a:f1:99:68
-----BEGIN CERTIFICATE-----
MIIGujCCBaKgAwIBAgICZggwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwMzAzMDQyMTQwWhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDAxNzVkNC04YzNiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAq86sIEXN1VVZECTCNO0Qefr+wuBJ0QJi76IGLY9XSlte4fT3POIfx9TgSHW5
K+UbV+TyxB96Z9HHzxxhPtTs9HhcppKkN5pQdcnCSc9zeHJA/SrU2f+Zh/UIzRN9
ZzsCWuutmf3NX/dmCHVEhXa0catjozrsuteaFLG0jdITlUJLLV0SPsVF3lcSvAUZ
pjRmUCLLsnNytlOVKr8D2hfz7buDWN5w5TRnlpSxeuvOKODW2Sse7GbT1WJFoTkc
6LQAMlJEL9Cgx4CMZrKrqk1w+RX0TKKUAFs1CGvCfxZT//ZAKREIAw0JCR9a2qh6
CouuDbbuHWgd6EmeV09PzxaLSQIDAQABo4ID3jCCA9owHQYDVR0OBBYEFLRlRbKN
wPRKPpKfP9N9GhMByaUyMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvM0VGRjBENzg5
QkFDMTFFRDk0MTMyMjczQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwggFmBggrBgEFBQcBBwEB
/wSCAVUwggFRMIIBPAQCAAEwggE0MAwDBAAOZhEDBAEOZhQDBAEOZi4DBAAOZjED
BAAOZjMDBAAOZjoDBAAOZj0DBAAOZl4DBAAOZmYDBAIr5pwDBAItc/wDBAAtdEQD
BAEtdGoDBABnJkYDBAJnKwQDBAJnMgQDBAFnNwYwDAMEAGc9ZQMEA2c9YAMEAWc9
8gMEAmdF2AMEAmdGkAMEAWdGsAMEAmdPcAMEAWdXMAMEAmdbRAMEAmddsAMEAGd6
VQMEAWecqAMEAWedoAMEAWefmjAMAwQBZ6HmAwQBZ6HoAwQAZ65pAwQBZ69MAwQC
Z9wcAwQCZ+2sAwQAbqyJMAwDBABurI0DBABurI4DBABurJADBABurKMDBABurKwD
BABurLwDBAB2W7gDBAB2W74DBACvb7QDBAGvb7YDBADKWUkDBADKWU8wDwQCAAIw
CQMHACABDfH0QDANBgkqhkiG9w0BAQsFAAOCAQEAb3NplTQYZSAQEXqDRf15K/7Q
RK6gdbPJwupmdedXf1VojiXzMQiCdFDC7R8Zx2hk2+wL1uekJfexob3L47nL6+rD
CmvnpcIEtdaN9y17pBH2OsNCR6vfvVEsDzaEPknKHFK2iVU15C0XpHCmScl4bXUD
Tc29nvl3RzvRBvcxWFTny64Fp+N0y6d3LgYohtYNJdgsVcQxN54VuxQNH9o8MMn6
l13uxV4XlgmSgMtUXSsu3gLLAfpJYAaHOc55/S8C40vLvP4eF5kBecfYJvwBwnek
4YnWYAoQ1Yqp/ZAMEh1E9Ezt+vpPykG0JuL6uqNL43dbOsL6WwiqeIuCKvGZaA==
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:00:39 2025 by rpki-client