Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/959380C45F8711EFBC16781DC4F9AE02.roa
File: 959380C45F8711EFBC16781DC4F9AE02.roa (raw, json)
Hash identifier: PqeyXj8YPJrzw158w2jWiKs6dWjYp/EehZQkOmqCCB0=
Subject key identifier: C4:DA:F8:26:91:31:59:BE:3F:39:83:DD:B6:C0:56:3F:22:B7:F9:39
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 973D
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/959380C45F8711EFBC16781DC4F9AE02.roa
Signing time: Wed 21 Aug 2024 06:51:28 +0000
ROA not before: Wed 21 Aug 2024 06:51:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 18002
IP address blocks: 14.102.0.0/24 maxlen: 24
14.102.1.0/24 maxlen: 24
14.102.2.0/24 maxlen: 24
14.102.3.0/24 maxlen: 24
14.102.4.0/24 maxlen: 24
14.102.5.0/24 maxlen: 24
14.102.6.0/24 maxlen: 24
14.102.7.0/24 maxlen: 24
14.102.8.0/24 maxlen: 24
14.102.9.0/24 maxlen: 24
14.102.10.0/24 maxlen: 24
14.102.11.0/24 maxlen: 24
14.102.12.0/24 maxlen: 24
14.102.13.0/24 maxlen: 24
14.102.14.0/24 maxlen: 24
14.102.15.0/24 maxlen: 24
14.102.22.0/24 maxlen: 24
14.102.23.0/24 maxlen: 24
14.102.24.0/24 maxlen: 24
14.102.25.0/24 maxlen: 24
14.102.26.0/24 maxlen: 24
14.102.27.0/24 maxlen: 24
14.102.28.0/24 maxlen: 24
14.102.29.0/24 maxlen: 24
14.102.30.0/24 maxlen: 24
14.102.31.0/24 maxlen: 24
14.102.32.0/24 maxlen: 24
14.102.33.0/24 maxlen: 24
14.102.34.0/24 maxlen: 24
14.102.35.0/24 maxlen: 24
14.102.36.0/24 maxlen: 24
14.102.37.0/24 maxlen: 24
14.102.38.0/24 maxlen: 24
14.102.40.0/24 maxlen: 24
14.102.41.0/24 maxlen: 24
14.102.42.0/24 maxlen: 24
14.102.43.0/24 maxlen: 24
14.102.44.0/24 maxlen: 24
14.102.45.0/24 maxlen: 24
14.102.46.0/24 maxlen: 24
14.102.47.0/24 maxlen: 24
14.102.48.0/24 maxlen: 24
14.102.49.0/24 maxlen: 24
14.102.50.0/24 maxlen: 24
14.102.56.0/24 maxlen: 24
14.102.57.0/24 maxlen: 24
14.102.58.0/24 maxlen: 24
14.102.59.0/24 maxlen: 24
14.102.64.0/24 maxlen: 24
14.102.65.0/24 maxlen: 24
14.102.66.0/24 maxlen: 24
14.102.67.0/24 maxlen: 24
14.102.68.0/24 maxlen: 24
14.102.69.0/24 maxlen: 24
14.102.70.0/24 maxlen: 24
14.102.71.0/24 maxlen: 24
14.102.72.0/24 maxlen: 24
14.102.73.0/24 maxlen: 24
14.102.74.0/24 maxlen: 24
14.102.75.0/24 maxlen: 24
14.102.76.0/24 maxlen: 24
14.102.77.0/24 maxlen: 24
14.102.78.0/24 maxlen: 24
14.102.80.0/24 maxlen: 24
14.102.81.0/24 maxlen: 24
14.102.82.0/24 maxlen: 24
14.102.83.0/24 maxlen: 24
14.102.88.0/24 maxlen: 24
14.102.91.0/24 maxlen: 24
14.102.92.0/24 maxlen: 24
14.102.93.0/24 maxlen: 24
14.102.95.0/24 maxlen: 24
14.102.96.0/24 maxlen: 24
14.102.97.0/24 maxlen: 24
14.102.100.0/24 maxlen: 24
14.102.101.0/24 maxlen: 24
14.102.103.0/24 maxlen: 24
14.102.104.0/24 maxlen: 24
14.102.105.0/24 maxlen: 24
14.102.106.0/23 maxlen: 24
14.102.108.0/24 maxlen: 24
14.102.109.0/24 maxlen: 24
14.102.110.0/24 maxlen: 24
14.102.111.0/24 maxlen: 24
14.102.112.0/24 maxlen: 24
14.102.113.0/24 maxlen: 24
14.102.114.0/24 maxlen: 24
14.102.115.0/24 maxlen: 24
14.102.116.0/24 maxlen: 24
14.102.117.0/24 maxlen: 24
14.102.118.0/24 maxlen: 24
14.102.119.0/24 maxlen: 24
14.102.120.0/24 maxlen: 24
14.102.121.0/24 maxlen: 24
14.102.122.0/24 maxlen: 24
14.102.123.0/24 maxlen: 24
14.102.124.0/24 maxlen: 24
14.102.125.0/24 maxlen: 24
14.102.126.0/24 maxlen: 24
14.102.127.0/24 maxlen: 24
43.245.136.0/22 maxlen: 24
43.251.212.0/22 maxlen: 24
61.14.228.0/22 maxlen: 24
103.5.200.0/22 maxlen: 24
103.59.189.0/24 maxlen: 24
103.87.100.0/22 maxlen: 24
103.122.84.0/24 maxlen: 24
103.158.131.0/24 maxlen: 24
103.160.24.0/24 maxlen: 24
103.175.72.0/24 maxlen: 24
103.175.73.0/24 maxlen: 24
103.176.8.0/23 maxlen: 24
110.172.128.0/22 maxlen: 24
110.172.132.0/22 maxlen: 24
110.172.136.0/22 maxlen: 24
110.172.140.0/22 maxlen: 24
110.172.144.0/22 maxlen: 24
110.172.148.0/22 maxlen: 24
110.172.152.0/22 maxlen: 24
110.172.156.0/22 maxlen: 24
110.172.160.0/22 maxlen: 24
110.172.164.0/22 maxlen: 24
110.172.168.0/22 maxlen: 24
110.172.172.0/22 maxlen: 24
110.172.176.0/22 maxlen: 24
110.172.184.0/22 maxlen: 24
110.172.188.0/22 maxlen: 24
111.235.64.0/22 maxlen: 24
114.69.224.0/24 maxlen: 24
114.69.225.0/24 maxlen: 24
114.69.226.0/24 maxlen: 24
114.69.228.0/22 maxlen: 24
114.69.232.0/24 maxlen: 24
114.69.234.0/24 maxlen: 24
114.69.235.0/24 maxlen: 24
114.69.240.0/22 maxlen: 24
114.69.244.0/22 maxlen: 24
114.69.248.0/24 maxlen: 24
114.69.249.0/24 maxlen: 24
114.69.252.0/22 maxlen: 24
118.91.176.0/22 maxlen: 24
118.91.188.0/22 maxlen: 24
150.107.192.0/22 maxlen: 24
202.89.64.0/20 maxlen: 20
202.89.64.0/24 maxlen: 24
202.89.65.0/24 maxlen: 24
202.89.66.0/24 maxlen: 24
202.89.67.0/24 maxlen: 24
202.89.68.0/24 maxlen: 24
202.89.69.0/24 maxlen: 24
202.89.70.0/24 maxlen: 24
202.89.71.0/24 maxlen: 24
202.89.72.0/24 maxlen: 24
202.89.73.0/24 maxlen: 24
202.89.74.0/24 maxlen: 24
202.89.75.0/24 maxlen: 24
202.89.76.0/24 maxlen: 24
202.89.77.0/24 maxlen: 24
202.89.78.0/24 maxlen: 24
202.89.79.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 38717 (0x973d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Aug 21 06:51:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=66c58e70-70ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:5e:1e:31:a1:f4:65:56:50:4e:36:ef:f9:c5:
fb:01:11:44:d2:f3:cb:01:6d:41:02:39:a7:17:81:
0b:01:89:68:39:5c:dc:8a:46:24:25:f6:5a:65:32:
a8:78:4c:f3:3a:55:82:a1:54:59:c3:e0:9d:21:a7:
68:7b:c7:60:42:79:a3:b2:26:c3:16:71:66:73:ff:
fd:a7:b9:bf:8b:8c:78:c9:59:ea:8f:ae:a2:6b:4c:
0b:3d:3f:63:8e:ff:cb:50:17:5a:43:42:01:dd:7a:
0b:4e:11:c9:be:51:58:48:25:c7:65:6a:5b:f6:c6:
e4:80:4b:4b:56:85:d4:ca:6c:81:6e:fb:39:95:39:
3f:68:9e:a7:73:49:5c:8b:00:34:6c:c3:07:9f:a3:
51:dc:0d:9c:59:58:d7:04:d4:5d:63:ad:f6:a5:dd:
e3:ed:bf:e6:aa:b4:29:cb:cd:c4:9b:bc:2e:55:4c:
3f:2b:95:af:98:a3:20:86:16:0a:39:84:de:f1:81:
03:59:52:56:72:c0:e6:98:a4:9e:47:cb:aa:ad:92:
ef:64:07:54:b4:5e:f4:92:64:b9:d8:44:5b:aa:2b:
e0:0d:b7:92:fc:a1:f9:7f:95:2d:bd:ef:11:8a:a5:
7a:f3:09:2f:66:58:fa:da:05:11:5e:e2:53:28:64:
c0:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:DA:F8:26:91:31:59:BE:3F:39:83:DD:B6:C0:56:3F:22:B7:F9:39
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/959380C45F8711EFBC16781DC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.102.0.0/20
14.102.22.0-14.102.38.255
14.102.40.0-14.102.50.255
14.102.56.0/22
14.102.64.0-14.102.78.255
14.102.80.0/22
14.102.88.0/24
14.102.91.0-14.102.93.255
14.102.95.0-14.102.97.255
14.102.100.0/23
14.102.103.0-14.102.127.255
43.245.136.0/22
43.251.212.0/22
61.14.228.0/22
103.5.200.0/22
103.59.189.0/24
103.87.100.0/22
103.122.84.0/24
103.158.131.0/24
103.160.24.0/24
103.175.72.0/23
103.176.8.0/23
110.172.128.0-110.172.179.255
110.172.184.0/21
111.235.64.0/22
114.69.224.0-114.69.226.255
114.69.228.0-114.69.232.255
114.69.234.0/23
114.69.240.0-114.69.249.255
114.69.252.0/22
118.91.176.0/22
118.91.188.0/22
150.107.192.0/22
202.89.64.0/20
Signature Algorithm: sha256WithRSAEncryption
31:5e:6f:01:45:f4:01:14:50:00:9b:0f:2f:b9:94:9d:ad:8d:
63:3b:cd:7a:4a:91:3c:24:f4:c5:01:8c:db:75:2d:7f:a6:00:
47:aa:d5:26:de:4f:e4:4f:84:7f:28:a7:87:95:f5:8b:70:8c:
8b:48:98:e2:7d:e5:5d:72:6a:60:6f:e5:a6:dc:e6:ef:3e:de:
00:5d:cd:a7:a9:8e:26:bc:57:ad:8b:07:a1:05:97:1b:9b:0f:
ec:11:9d:80:05:eb:f6:49:fe:b1:b2:17:55:88:97:16:73:33:
91:a5:c9:5c:fa:e0:9e:82:d5:d6:62:6c:b6:17:00:2d:4e:49:
1e:6c:c8:5b:d6:4f:3d:ab:0f:31:6e:6c:48:40:02:5b:a0:e3:
e1:78:28:07:cc:26:33:09:d3:16:30:19:aa:5e:de:3a:a5:71:
d8:40:dd:2b:94:2c:20:47:9c:8a:1a:a0:63:d3:95:8c:60:a0:
d7:a3:63:26:18:58:b9:d4:b1:06:c1:7e:51:e1:1b:46:0f:dc:
bc:24:0d:39:a4:54:e5:6f:e1:51:1b:c4:b3:98:8e:d2:4a:5e:
97:95:d3:87:51:50:f7:41:69:03:9f:59:22:cc:5f:21:09:c7:
ec:bd:9b:23:a8:6d:d5:b8:e2:4f:2b:ea:06:e0:20:f2:77:d1:
af:f6:11:f8
-----BEGIN CERTIFICATE-----
MIIGkjCCBXqgAwIBAgIDAJc9MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDgyMTA2NTEyOFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjZjNThlNzAtNzBiYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMReHjGh9GVWUE427/nF+wERRNLzywFtQQI5pxeBCwGJaDlc3IpGJCX2WmUy
qHhM8zpVgqFUWcPgnSGnaHvHYEJ5o7ImwxZxZnP//ae5v4uMeMlZ6o+uomtMCz0/
Y47/y1AXWkNCAd16C04Ryb5RWEglx2VqW/bG5IBLS1aF1MpsgW77OZU5P2iep3NJ
XIsANGzDB5+jUdwNnFlY1wTUXWOt9qXd4+2/5qq0KcvNxJu8LlVMPyuVr5ijIIYW
CjmE3vGBA1lSVnLA5piknkfLqq2S72QHVLRe9JJkudhEW6or4A23kvyh+X+VLb3v
EYqlevMJL2ZY+toFEV7iUyhkwHMCAwEAAaOCA7UwggOxMB0GA1UdDgQWBBTE2vgm
kTFZvj85g922wFY/Irf5OTAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzk1OTM4MEM0
NUY4NzExRUZCQzE2NzgxREM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIIBPQYIKwYBBQUHAQcB
Af8EggEsMIIBKDCCASQEAgABMIIBHAMEBA5mADAMAwQBDmYWAwQADmYmMAwDBAMO
ZigDBAAOZjIDBAIOZjgwDAMEBg5mQAMEAA5mTgMEAg5mUAMEAA5mWDAMAwQADmZb
AwQBDmZcMAwDBAAOZl8DBAEOZmADBAEOZmQwDAMEAA5mZwMEBw5mAAMEAiv1iAME
Aiv71AMEAj0O5AMEAmcFyAMEAGc7vQMEAmdXZAMEAGd6VAMEAGeegwMEAGegGAME
AWevSAMEAWewCDAMAwQHbqyAAwQCbqywAwQDbqy4AwQCb+tAMAwDBAVyReADBABy
ReIwDAMEAnJF5AMEAHJF6AMEAXJF6jAMAwQEckXwAwQBckX4AwQCckX8AwQCdluw
AwQCdlu8AwQClmvAAwQEyllAMA0GCSqGSIb3DQEBCwUAA4IBAQAxXm8BRfQBFFAA
mw8vuZSdrY1jO816SpE8JPTFAYzbdS1/pgBHqtUm3k/kT4R/KKeHlfWLcIyLSJji
feVdcmpgb+Wm3ObvPt4AXc2nqY4mvFetiwehBZcbmw/sEZ2ABev2Sf6xshdViJcW
czORpclc+uCegtXWYmy2FwAtTkkebMhb1k89qw8xbmxIQAJboOPheCgHzCYzCdMW
MBmqXt46pXHYQN0rlCwgR5yKGqBj05WMYKDXo2MmGFi51LEGwX5R4RtGD9y8JA05
pFTlb+FRG8SzmI7SSl6XldOHUVD3QWkDn1kizF8hCcfsvZsjqG3VuOJPK+oG4CDy
d9Gv9hH4
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:09:07 2025 by rpki-client