Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/73BF6BAA8BAD11EFB73CE951C4F9AE02.roa
File: 73BF6BAA8BAD11EFB73CE951C4F9AE02.roa (raw, json)
Hash identifier: J9fvYefTI/M9Jm3yHI55FL7CKfgoaRTGstbIg00fXy8=
Subject key identifier: AB:CC:F0:97:21:A7:CB:5A:09:76:8A:83:F8:A4:F9:42:F4:51:1E:24
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 9BBD
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/73BF6BAA8BAD11EFB73CE951C4F9AE02.roa
Signing time: Wed 16 Oct 2024 10:57:36 +0000
ROA not before: Wed 16 Oct 2024 10:57:36 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 133594
IP address blocks: 14.102.0.0/22 maxlen: 24
14.102.3.0/24 maxlen: 24
14.102.20.0/22 maxlen: 24
14.102.24.0/22 maxlen: 24
14.102.28.0/22 maxlen: 24
14.102.32.0/22 maxlen: 24
14.102.36.0/22 maxlen: 24
14.102.40.0/22 maxlen: 24
14.102.43.0/24 maxlen: 24
14.102.44.0/24 maxlen: 24
14.102.45.0/24 maxlen: 24
14.102.48.0/22 maxlen: 24
14.102.56.0/22 maxlen: 24
14.102.57.0/24 maxlen: 24
14.102.64.0/22 maxlen: 24
14.102.66.0/24 maxlen: 24
14.102.68.0/22 maxlen: 24
14.102.72.0/22 maxlen: 24
14.102.76.0/23 maxlen: 24
14.102.78.0/24 maxlen: 24
14.102.80.0/22 maxlen: 24
14.102.88.0/24 maxlen: 24
14.102.92.0/22 maxlen: 24
14.102.96.0/22 maxlen: 24
14.102.100.0/22 maxlen: 24
14.102.104.0/22 maxlen: 24
14.102.108.0/22 maxlen: 24
14.102.112.0/22 maxlen: 24
14.102.116.0/22 maxlen: 24
14.102.120.0/22 maxlen: 24
14.102.123.0/24 maxlen: 24
14.102.124.0/22 maxlen: 24
110.172.136.0/24 maxlen: 24
110.172.150.0/24 maxlen: 24
110.172.168.0/24 maxlen: 24
111.235.64.0/22 maxlen: 24
118.91.176.0/24 maxlen: 24
202.89.70.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 39869 (0x9bbd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Oct 16 10:57:36 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=670f9c20-0e4d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:ed:70:8b:b7:17:36:e1:0f:0f:e5:da:e8:f2:
a7:94:5a:13:c2:81:d8:05:df:04:d9:2c:9e:cc:3f:
56:53:5f:fe:4d:4a:a4:ba:d8:1f:3d:1a:46:6e:04:
1d:6c:8d:35:bd:a7:3a:90:11:10:b6:d1:37:ef:6b:
02:9c:e2:e5:13:1a:5b:24:05:4e:26:b2:be:bb:1d:
bc:e1:f7:fc:4d:f6:3b:c0:6c:74:5c:5f:6a:5c:65:
ce:24:fc:2a:d7:66:f5:eb:53:d1:18:a0:64:41:df:
c9:87:e3:ed:90:a5:ad:28:6a:2f:68:08:d9:18:be:
d3:15:8f:06:d5:38:47:a8:e0:13:d9:70:af:ef:02:
c9:5c:69:6d:86:fc:08:ad:fc:4f:42:19:b2:b2:02:
5e:e2:2b:8d:7e:aa:8e:f9:13:6a:b9:26:67:c1:12:
e3:00:48:4d:f0:48:32:eb:07:cb:a6:0b:de:84:ed:
3d:bf:c1:0d:5a:0e:d7:65:9f:d7:4f:df:62:6a:03:
ae:9b:ee:b1:2f:f6:73:ba:90:d2:5c:c7:43:6b:be:
fa:45:9c:48:3e:85:c7:62:74:18:cc:bf:d7:23:5a:
f4:3a:e1:ef:0a:1e:ba:31:05:56:88:c8:bd:f6:64:
68:9a:02:eb:cb:ec:b2:bf:a1:ac:be:a9:8b:c9:85:
b5:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:CC:F0:97:21:A7:CB:5A:09:76:8A:83:F8:A4:F9:42:F4:51:1E:24
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/73BF6BAA8BAD11EFB73CE951C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.102.0.0/22
14.102.20.0-14.102.45.255
14.102.48.0/22
14.102.56.0/22
14.102.64.0-14.102.78.255
14.102.80.0/22
14.102.88.0/24
14.102.92.0-14.102.127.255
110.172.136.0/24
110.172.150.0/24
110.172.168.0/24
111.235.64.0/22
118.91.176.0/24
202.89.70.0/24
Signature Algorithm: sha256WithRSAEncryption
a0:40:b7:c0:37:ff:ef:6b:f6:2e:dc:46:d8:31:aa:d1:d8:5a:
65:43:fd:13:9f:6f:5d:1b:25:4a:a6:d3:9e:1a:fb:bd:14:f7:
ba:01:92:16:4a:61:74:70:c1:b8:54:67:73:b8:43:74:e2:5e:
4c:0a:fe:b5:85:76:32:b1:f2:d0:6b:1e:28:4d:a8:50:ad:bc:
25:aa:1e:e1:44:2c:51:6f:a4:f5:db:0d:c4:90:88:8e:63:dd:
69:2f:f0:32:6d:20:35:aa:84:82:fe:14:4d:b4:59:ef:0e:60:
a9:f6:22:17:a8:4b:6e:df:76:83:15:66:33:7c:16:80:4d:2c:
55:84:d5:48:2c:14:fc:64:ef:36:5d:b9:7c:9c:91:27:57:ac:
f5:ea:0e:99:ab:55:6c:ea:fa:48:ad:05:e4:bd:58:ef:11:ff:
f7:90:3e:38:f4:89:cf:ac:25:91:51:a5:04:99:1b:1a:81:43:
c0:56:a4:5b:84:0a:12:08:75:9b:1e:ca:09:68:24:a7:b3:90:
49:79:53:a9:dd:ef:e2:40:bb:2a:05:69:59:d9:d3:a1:a1:a9:
e2:79:d7:aa:83:5b:f3:df:4c:b2:81:78:0b:c3:c1:a9:fd:84:
12:ea:be:42:04:40:3a:05:ba:4b:4d:52:d1:e5:8e:3b:80:90:
91:24:e6:31
-----BEGIN CERTIFICATE-----
MIIF2TCCBMGgAwIBAgIDAJu9MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MTAxNjEwNTczNloXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjcwZjljMjAtMGU0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKLtcIu3FzbhDw/l2ujyp5RaE8KB2AXfBNksnsw/VlNf/k1KpLrYHz0aRm4E
HWyNNb2nOpARELbRN+9rApzi5RMaWyQFTiayvrsdvOH3/E32O8BsdFxfalxlziT8
Ktdm9etT0RigZEHfyYfj7ZClrShqL2gI2Ri+0xWPBtU4R6jgE9lwr+8CyVxpbYb8
CK38T0IZsrICXuIrjX6qjvkTarkmZ8ES4wBITfBIMusHy6YL3oTtPb/BDVoO12Wf
10/fYmoDrpvusS/2c7qQ0lzHQ2u++kWcSD6Fx2J0GMy/1yNa9Drh7woeujEFVojI
vfZkaJoC68vssr+hrL6pi8mFtT8CAwEAAaOCAvwwggL4MB0GA1UdDgQWBBSrzPCX
IafLWgl2ioP4pPlC9FEeJDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzczQkY2QkFB
OEJBRDExRUZCNzNDRTk1MUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIGFBggrBgEFBQcBBwEB
/wR2MHQwcgQCAAEwbAMEAg5mADAMAwQCDmYUAwQBDmYsAwQCDmYwAwQCDmY4MAwD
BAYOZkADBAAOZk4DBAIOZlADBAAOZlgwDAMEAg5mXAMEBw5mAAMEAG6siAMEAG6s
lgMEAG6sqAMEAm/rQAMEAHZbsAMEAMpZRjANBgkqhkiG9w0BAQsFAAOCAQEAoEC3
wDf/72v2LtxG2DGq0dhaZUP9E59vXRslSqbTnhr7vRT3ugGSFkphdHDBuFRnc7hD
dOJeTAr+tYV2MrHy0GseKE2oUK28Jaoe4UQsUW+k9dsNxJCIjmPdaS/wMm0gNaqE
gv4UTbRZ7w5gqfYiF6hLbt92gxVmM3wWgE0sVYTVSCwU/GTvNl25fJyRJ1es9eoO
matVbOr6SK0F5L1Y7xH/95A+OPSJz6wlkVGlBJkbGoFDwFakW4QKEgh1mx7KCWgk
p7OQSXlTqd3v4kC7KgVpWdnToaGp4nnXqoNb899MsoF4C8PBqf2EEuq+QgRAOgW6
S01S0eWOO4CQkSTmMQ==
-----END CERTIFICATE-----
Generated at Fri Apr 11 05:32:20 2025 by rpki-client