Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/94DBEE9874BB11EF90E49C30C4F9AE02.roa
File: 94DBEE9874BB11EF90E49C30C4F9AE02.roa (raw, json)
Hash identifier: jV/t9qMtPLp947RyVFjoccZ+w5zC6FaHmjZuaaZ1gm0=
Subject key identifier: 40:E1:C9:19:F7:A3:97:3F:3E:E4:69:4A:0C:FA:C8:F3:1C:0D:7C:CE
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 99EE
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/94DBEE9874BB11EF90E49C30C4F9AE02.roa
Signing time: Mon 23 Sep 2024 06:11:08 +0000
ROA not before: Mon 23 Sep 2024 06:11:08 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 134932
IP address blocks: 103.79.100.0/24 maxlen: 24
103.79.102.0/24 maxlen: 24
103.83.86.0/23 maxlen: 24
103.141.116.0/23 maxlen: 24
103.164.240.0/24 maxlen: 24
103.164.241.0/24 maxlen: 24
103.174.140.0/23 maxlen: 24
103.186.132.0/23 maxlen: 24
203.145.49.0/24 maxlen: 24
2400:7e60::/32 maxlen: 32
2407:35c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 39406 (0x99ee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Sep 23 06:11:08 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=66f1067c-364b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:3f:15:63:b7:b9:99:de:20:6b:3c:25:19:55:
7c:99:86:70:83:38:e2:74:3a:f5:44:b2:fd:d5:5b:
c5:db:b5:ec:0e:5b:39:42:df:db:db:b9:0d:d1:ec:
65:39:27:21:02:ce:15:7f:d4:22:38:6c:e3:a7:ed:
36:7c:11:1c:04:87:f7:9a:84:da:0d:b2:df:ad:33:
4f:b6:17:2f:ae:3f:2c:b9:5a:d1:da:fb:2e:f3:08:
98:dd:90:c5:e1:41:70:3f:35:e6:75:a7:2f:21:25:
ef:b6:df:ff:34:24:d8:aa:46:f4:22:c0:8e:83:2c:
6f:5d:0f:18:45:9c:01:9f:a1:60:f2:d9:a9:f8:ed:
43:73:2e:c5:cd:63:08:f2:c2:b5:38:1f:22:0b:e8:
1f:41:8f:71:55:80:75:54:92:30:92:90:a8:71:27:
ce:6b:45:19:56:28:87:21:6b:50:ed:58:a3:8f:bf:
d0:e9:ab:d3:95:47:4d:22:ce:5f:a9:4d:59:df:ff:
f6:0c:20:46:88:41:22:45:6b:95:5b:94:76:4f:9e:
f6:82:64:1d:85:c2:4f:f6:53:9d:ac:70:c8:2c:36:
cd:fd:d7:9a:35:57:35:b9:2a:4c:ba:23:35:39:3c:
cc:93:9c:fc:2b:77:42:7c:30:68:42:f3:d4:99:2a:
0c:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:E1:C9:19:F7:A3:97:3F:3E:E4:69:4A:0C:FA:C8:F3:1C:0D:7C:CE
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/94DBEE9874BB11EF90E49C30C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.79.100.0/24
103.79.102.0/24
103.83.86.0/23
103.141.116.0/23
103.164.240.0/23
103.174.140.0/23
103.186.132.0/23
203.145.49.0/24
IPv6:
2400:7e60::/32
2407:35c0::/32
Signature Algorithm: sha256WithRSAEncryption
62:6c:a9:a1:75:73:ca:4c:98:9d:96:31:52:65:f4:ef:db:35:
7a:aa:f8:f6:95:c7:34:f5:b1:b9:c5:68:9f:cb:ce:64:73:4c:
5c:19:5e:d5:74:f7:7f:ce:12:59:c4:f6:ad:8d:46:93:4e:e3:
ae:b0:bb:5a:39:48:cf:17:0e:87:b0:49:64:7c:f1:66:1a:89:
5a:9f:68:23:5c:f6:c4:1b:a9:31:f1:b1:22:16:17:f1:ce:b7:
d0:95:e0:d3:55:b2:0d:04:9e:ee:4e:69:7f:7b:5e:8c:ea:ee:
f8:1c:b9:0d:e8:57:0a:83:04:92:20:a6:e5:0a:02:0e:84:c0:
e4:b1:67:a5:c9:50:62:4f:66:67:7c:bf:2e:65:c8:da:aa:50:
59:2e:ac:7c:56:a6:ea:4f:ee:fb:00:32:e0:9b:8b:37:4d:fe:
9c:d3:9a:b2:02:e0:bb:20:89:31:42:c4:ef:de:85:c3:c0:b5:
26:c8:5e:66:a7:f7:9d:7b:0c:8a:5e:c5:20:b1:f8:d7:d5:52:
97:97:b2:9b:ad:c7:7d:f7:87:a7:e5:f3:c2:54:eb:26:39:90:
ce:c3:42:79:b5:a2:86:f7:8e:bc:77:85:79:f6:3d:72:61:a8:
40:7b:00:6c:1f:7f:c6:c6:33:ba:0b:d4:07:c7:f1:5c:ed:0f:
6f:58:30:c1
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgIDAJnuMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDkyMzA2MTEwOFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjZmMTA2N2MtMzY0YjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKI/FWO3uZneIGs8JRlVfJmGcIM44nQ69USy/dVbxdu17A5bOULf29u5DdHs
ZTknIQLOFX/UIjhs46ftNnwRHASH95qE2g2y360zT7YXL64/LLla0dr7LvMImN2Q
xeFBcD815nWnLyEl77bf/zQk2KpG9CLAjoMsb10PGEWcAZ+hYPLZqfjtQ3Muxc1j
CPLCtTgfIgvoH0GPcVWAdVSSMJKQqHEnzmtFGVYohyFrUO1Yo4+/0Omr05VHTSLO
X6lNWd//9gwgRohBIkVrlVuUdk+e9oJkHYXCT/ZTnaxwyCw2zf3XmjVXNbkqTLoj
NTk8zJOc/Ct3QnwwaELz1JkqDDECAwEAAaOCAtUwggLRMB0GA1UdDgQWBBRA4ckZ
96OXPz7kaUoM+sjzHA18zjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzk0REJFRTk4
NzRCQjExRUY5MEU0OUMzMEM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMF8GCCsGAQUFBwEHAQH/
BFAwTjA2BAIAATAwAwQAZ09kAwQAZ09mAwQBZ1NWAwQBZ410AwQBZ6TwAwQBZ66M
AwQBZ7qEAwQAy5ExMBQEAgACMA4DBQAkAH5gAwUAJAc1wDANBgkqhkiG9w0BAQsF
AAOCAQEAYmypoXVzykyYnZYxUmX079s1eqr49pXHNPWxucVon8vOZHNMXBle1XT3
f84SWcT2rY1Gk07jrrC7WjlIzxcOh7BJZHzxZhqJWp9oI1z2xBupMfGxIhYX8c63
0JXg01WyDQSe7k5pf3tejOru+By5DehXCoMEkiCm5QoCDoTA5LFnpclQYk9mZ3y/
LmXI2qpQWS6sfFam6k/u+wAy4JuLN03+nNOasgLguyCJMULE796Fw8C1JsheZqf3
nXsMil7FILH419VSl5eym63HffeHp+XzwlTrJjmQzsNCebWihveOvHeFefY9cmGo
QHsAbB9/xsYzugvUB8fxXO0Pb1gwwQ==
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:06:45 2025 by rpki-client