Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/5AE7486ACF0011EEA96E3E4EC4F9AE02.roa
File: 5AE7486ACF0011EEA96E3E4EC4F9AE02.roa (raw, json)
Hash identifier: sQn0oHEdQM+uPyZf6CUFfUADN3D6nuIwzmz+fPnq2Uk=
Subject key identifier: B0:CE:EC:2F:11:7D:B7:71:95:90:52:2D:03:8C:2C:8F:8F:0F:25:72
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 9115
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/5AE7486ACF0011EEA96E3E4EC4F9AE02.roa
Signing time: Thu 30 May 2024 16:30:40 +0000
ROA not before: Thu 30 May 2024 16:30:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 58640
IP address blocks: 43.239.68.0/22 maxlen: 24
103.14.124.0/22 maxlen: 24
103.30.140.0/22 maxlen: 24
103.35.52.0/23 maxlen: 24
103.35.54.0/24 maxlen: 24
103.80.64.0/22 maxlen: 24
103.110.200.0/22 maxlen: 24
103.198.28.0/22 maxlen: 24
103.225.40.0/22 maxlen: 24
144.48.76.0/22 maxlen: 24
163.47.140.0/22 maxlen: 24
163.47.152.0/22 maxlen: 22
163.47.152.0/24 maxlen: 24
163.47.153.0/24 maxlen: 24
163.47.154.0/24 maxlen: 24
163.47.155.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 37141 (0x9115)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 30 16:30:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6658a9b0-0b35
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:b7:ff:90:11:d7:2b:1a:21:94:0a:57:d1:84:
02:a3:3d:e0:e6:26:e1:46:d7:72:dd:20:31:6e:88:
eb:5c:9a:ca:9f:df:0f:4b:7b:a0:b3:31:18:b3:d1:
7b:d7:3d:6f:59:e4:8c:05:00:d7:dc:2f:d2:45:13:
73:b8:da:b0:71:e4:7f:6b:ae:41:a4:0b:d6:10:90:
53:41:0b:68:06:73:d1:41:cc:8e:65:2e:03:73:15:
c7:48:e1:8b:e8:63:41:07:b0:60:85:8d:29:1e:42:
56:0b:70:9d:3e:9c:e5:f8:57:3b:b7:1e:19:81:51:
54:39:5e:15:43:e0:fa:a8:50:2f:e9:21:ed:b6:ef:
ae:80:58:cc:c3:2a:09:46:6e:8a:50:90:5d:a3:8d:
5d:91:ec:48:57:27:7c:ae:af:db:59:9e:d7:4d:47:
ab:a0:82:a3:c0:d5:02:9c:f9:73:04:ef:67:02:0b:
17:fb:c9:0d:f4:8f:3e:79:04:ea:07:1c:ab:e1:76:
be:fa:e8:8b:d4:07:95:cb:e2:2c:3d:9d:28:65:29:
f0:bd:92:18:cf:35:b0:64:4e:be:68:6a:a1:49:c5:
b4:ec:a0:a2:8d:b9:01:c5:70:e2:31:dd:89:b6:7a:
24:52:6d:58:c7:71:55:98:11:9f:d4:fd:54:ef:b5:
0f:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:CE:EC:2F:11:7D:B7:71:95:90:52:2D:03:8C:2C:8F:8F:0F:25:72
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/5AE7486ACF0011EEA96E3E4EC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.68.0/22
103.14.124.0/22
103.30.140.0/22
103.35.52.0-103.35.54.255
103.80.64.0/22
103.110.200.0/22
103.198.28.0/22
103.225.40.0/22
144.48.76.0/22
163.47.140.0/22
163.47.152.0/22
Signature Algorithm: sha256WithRSAEncryption
64:76:62:b0:ee:ee:55:f7:0b:f4:f3:e7:cd:bf:98:79:30:f7:
ba:e4:9e:e0:e1:c7:27:41:ea:21:24:3d:6e:cf:fb:08:ae:2b:
d3:e5:6d:5b:af:da:84:3e:d0:a7:57:32:45:d7:a2:36:c2:b8:
39:f8:76:f9:ba:3a:b7:d0:39:30:60:71:33:e4:93:c8:65:d1:
26:5b:2a:70:97:6f:f7:83:3d:ad:b2:98:9a:5e:66:7e:76:c2:
e7:3e:58:62:78:f0:84:70:fd:3c:02:76:60:91:48:85:19:32:
54:bd:3c:11:66:dc:b1:17:f5:d8:28:89:66:c1:26:e8:bc:82:
e9:35:89:1c:a4:18:87:3d:3d:d6:0d:eb:f2:5c:a1:4e:93:94:
47:57:80:26:a8:12:12:0a:e3:41:5f:d2:4c:fc:f4:2c:cd:88:
c8:ea:52:9e:c4:b3:3e:53:17:65:6d:1a:ed:27:f4:cb:84:63:
b7:c6:b1:91:85:36:a9:dd:1d:9a:c2:34:0c:f3:dd:00:63:8b:
bb:34:c2:a7:4c:80:29:7c:0a:93:f2:bb:b2:77:a6:06:44:81:
9d:ad:69:ad:34:f5:bd:28:9b:0e:9d:6a:27:31:65:57:a4:31:
aa:9c:62:86:b3:6d:8d:8a:39:90:7a:3d:60:87:2d:ea:43:ca:
d8:59:4f:d0
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgIDAJEVMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDUzMDE2MzA0MFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjY1OGE5YjAtMGIzNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKu3/5AR1ysaIZQKV9GEAqM94OYm4UbXct0gMW6I61yayp/fD0t7oLMxGLPR
e9c9b1nkjAUA19wv0kUTc7jasHHkf2uuQaQL1hCQU0ELaAZz0UHMjmUuA3MVx0jh
i+hjQQewYIWNKR5CVgtwnT6c5fhXO7ceGYFRVDleFUPg+qhQL+kh7bbvroBYzMMq
CUZuilCQXaONXZHsSFcnfK6v21me101Hq6CCo8DVApz5cwTvZwILF/vJDfSPPnkE
6gccq+F2vvroi9QHlcviLD2dKGUp8L2SGM81sGROvmhqoUnFtOygoo25AcVw4jHd
ibZ6JFJtWMdxVZgRn9T9VO+1D4sCAwEAAaOCAtkwggLVMB0GA1UdDgQWBBSwzuwv
EX23cZWQUi0DjCyPjw8lcjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzVBRTc0ODZB
Q0YwMDExRUVBOTZFM0U0RUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMGMGCCsGAQUFBwEHAQH/
BFQwUjBQBAIAATBKAwQCK+9EAwQCZw58AwQCZx6MMAwDBAJnIzQDBABnIzYDBAJn
UEADBAJnbsgDBAJnxhwDBAJn4SgDBAKQMEwDBAKjL4wDBAKjL5gwDQYJKoZIhvcN
AQELBQADggEBAGR2YrDu7lX3C/Tz582/mHkw97rknuDhxydB6iEkPW7P+wiuK9Pl
bVuv2oQ+0KdXMkXXojbCuDn4dvm6OrfQOTBgcTPkk8hl0SZbKnCXb/eDPa2ymJpe
Zn52wuc+WGJ48IRw/TwCdmCRSIUZMlS9PBFm3LEX9dgoiWbBJui8guk1iRykGIc9
PdYN6/JcoU6TlEdXgCaoEhIK40Ff0kz89CzNiMjqUp7Esz5TF2VtGu0n9MuEY7fG
sZGFNqndHZrCNAzz3QBji7s0wqdMgCl8CpPyu7J3pgZEgZ2taa009b0omw6daicx
ZVekMaqcYoazbY2KOZB6PWCHLepDythZT9A=
-----END CERTIFICATE-----
Generated at Fri Apr 4 21:49:13 2025 by rpki-client