Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/72F570528DC611EDB7564377C4F9AE02.roa
File: 72F570528DC611EDB7564377C4F9AE02.roa (raw, json)
Hash identifier: Cqwz459Xlf440OeUJJYifw6yIqxVy5D93QqZcqvKr/w=
Subject key identifier: AE:01:90:25:24:DB:DF:FD:C6:18:E1:7E:FF:58:D8:3A:A9:97:B2:62
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 62BB
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/72F570528DC611EDB7564377C4F9AE02.roa
Signing time: Fri 06 Jan 2023 13:31:39 +0000
ROA not before: Fri 06 Jan 2023 13:31:39 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 103.27.168.0/24 maxlen: 24
103.27.170.0/23 maxlen: 23
103.181.88.0/23 maxlen: 24
103.181.202.0/23 maxlen: 24
103.182.12.0/23 maxlen: 24
103.182.158.0/23 maxlen: 24
103.185.102.0/23 maxlen: 24
103.186.44.0/23 maxlen: 24
103.186.124.0/23 maxlen: 24
103.228.172.0/24 maxlen: 24
103.228.173.0/24 maxlen: 24
103.228.174.0/24 maxlen: 24
103.228.175.0/24 maxlen: 24
2400:d180:66::/48 maxlen: 48
2400:d180:67::/48 maxlen: 48
2400:d180:68::/48 maxlen: 48
2400:d180:69::/48 maxlen: 48
2400:d180:70::/48 maxlen: 48
2400:d180:71::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25275 (0x62bb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Jan 6 13:31:39 2023 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=63b822bb-f949
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:a0:34:50:64:84:a7:5e:7f:e4:79:40:d5:92:
62:73:a1:0a:7f:bd:a7:2b:e5:ea:ca:33:cc:d3:4b:
c7:02:90:b1:61:e6:4a:06:64:2c:6c:41:7c:9c:1e:
66:21:bc:bf:a1:3f:6a:77:b9:54:19:1c:58:2f:34:
a8:68:55:49:df:87:63:c5:2c:95:9e:0d:5b:66:fa:
b8:9d:d6:41:35:79:12:81:68:db:c0:85:d7:55:d0:
3f:54:b0:76:8d:45:2f:d1:82:72:fc:ca:4a:59:14:
a4:15:57:05:f2:65:fb:64:5d:61:3a:9e:c7:36:57:
6b:4a:de:d5:bf:b5:9c:0c:1e:25:93:e7:0f:1f:d8:
3f:69:cc:83:6b:80:56:cf:f4:94:ca:98:81:ab:92:
cc:59:d4:47:74:c5:a2:84:12:ee:b4:6c:8a:07:32:
ca:77:de:b5:0a:8d:c2:b9:97:8a:bd:06:05:2a:24:
1a:42:ca:e7:93:90:f6:d7:cc:48:ac:f9:53:22:53:
96:c2:78:ce:0c:fe:17:9a:6a:a9:12:f8:78:fd:c2:
72:3b:9e:66:d9:ab:74:24:93:e7:ba:d7:be:40:b7:
e7:ae:42:28:5d:e6:7e:76:58:06:ee:e4:5e:34:0c:
2a:ba:ba:e0:a7:49:55:47:f9:49:a8:b8:d5:83:b9:
07:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:01:90:25:24:DB:DF:FD:C6:18:E1:7E:FF:58:D8:3A:A9:97:B2:62
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/72F570528DC611EDB7564377C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.27.168.0/24
103.27.170.0/23
103.181.88.0/23
103.181.202.0/23
103.182.12.0/23
103.182.158.0/23
103.185.102.0/23
103.186.44.0/23
103.186.124.0/23
103.228.172.0/22
IPv6:
2400:d180:66::-2400:d180:69:ffff:ffff:ffff:ffff:ffff
2400:d180:70::/47
Signature Algorithm: sha256WithRSAEncryption
20:f5:87:22:06:dd:84:0c:7f:bf:44:07:f8:9a:ff:3f:31:b0:
65:aa:99:b0:d4:20:39:d3:77:2c:b5:93:9e:5b:b2:73:63:ec:
d4:6b:41:58:5e:6d:e1:34:cc:df:d5:3d:05:4e:d0:34:3d:72:
f5:02:a9:2e:e7:c1:04:bc:37:92:5d:96:23:7a:27:e3:f9:d9:
73:83:06:03:76:6a:bb:2d:22:38:33:03:20:9d:f1:bc:db:10:
de:6d:f7:c4:a0:c0:68:ab:95:19:0d:f5:9c:15:21:c1:4b:d3:
f8:ed:c9:52:2b:a4:4e:bd:01:3e:a6:4a:0f:af:ff:db:47:95:
3f:dc:e0:5f:8d:ff:75:3e:69:1c:38:db:41:41:0e:17:18:c6:
00:d0:08:32:8c:41:2a:b1:ea:43:26:22:eb:29:08:a3:7f:1a:
34:37:a5:54:06:2d:4e:c9:fb:d4:8c:2e:08:cf:31:3e:ed:44:
17:45:00:1b:fa:8e:f1:ad:09:0b:f3:ed:55:c3:51:7b:7e:0d:
81:fd:d7:8f:40:98:23:aa:7e:b7:76:ba:bb:c0:8a:45:5a:86:
d7:e5:20:85:ce:27:79:1b:cd:02:66:b8:f5:d5:06:b0:c9:c8:
c2:c3:e0:41:52:2c:22:1f:c8:af:89:e7:44:48:aa:05:3f:fc:
7d:b6:54:17
-----BEGIN CERTIFICATE-----
MIIFzDCCBLSgAwIBAgICYrswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwMTA2MTMzMTM5WhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2I4MjJiYi1mOTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAw6A0UGSEp15/5HlA1ZJic6EKf72nK+XqyjPM00vHApCxYeZKBmQsbEF8nB5m
Iby/oT9qd7lUGRxYLzSoaFVJ34djxSyVng1bZvq4ndZBNXkSgWjbwIXXVdA/VLB2
jUUv0YJy/MpKWRSkFVcF8mX7ZF1hOp7HNldrSt7Vv7WcDB4lk+cPH9g/acyDa4BW
z/SUypiBq5LMWdRHdMWihBLutGyKBzLKd961Co3CuZeKvQYFKiQaQsrnk5D218xI
rPlTIlOWwnjODP4XmmqpEvh4/cJyO55m2at0JJPnute+QLfnrkIoXeZ+dlgG7uRe
NAwqurrgp0lVR/lJqLjVg7kHOwIDAQABo4IC8DCCAuwwHQYDVR0OBBYEFK4BkCUk
29/9xhjhfv9Y2Dqpl7JiMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvNzJGNTcwNTI4
REM2MTFFREI3NTY0Mzc3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwegYIKwYBBQUHAQcBAf8E
azBpMEIEAgABMDwDBABnG6gDBAFnG6oDBAFntVgDBAFntcoDBAFntgwDBAFntp4D
BAFnuWYDBAFnuiwDBAFnunwDBAJn5KwwIwQCAAIwHTASAwcBJADRgABmAwcBJADR
gABoAwcBJADRgABwMA0GCSqGSIb3DQEBCwUAA4IBAQAg9YciBt2EDH+/RAf4mv8/
MbBlqpmw1CA503cstZOeW7JzY+zUa0FYXm3hNMzf1T0FTtA0PXL1Aqku58EEvDeS
XZYjeifj+dlzgwYDdmq7LSI4MwMgnfG82xDebffEoMBoq5UZDfWcFSHBS9P47clS
K6ROvQE+pkoPr//bR5U/3OBfjf91PmkcONtBQQ4XGMYA0AgyjEEqsepDJiLrKQij
fxo0N6VUBi1OyfvUjC4IzzE+7UQXRQAb+o7xrQkL8+1Vw1F7fg2B/dePQJgjqn63
drq7wIpFWobX5SCFzid5G80CZrj11QawycjCw+BBUiwiH8iviedESKoFP/x9tlQX
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:09:15 2025 by rpki-client