Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9D2F495C75B311EFA9B8BD78C4F9AE02.roa
File: 9D2F495C75B311EFA9B8BD78C4F9AE02.roa (raw, json)
Hash identifier: YaBexbdf3bMXWFisIPKDARAH/SRU/9UIwczBGyd7RFk=
Subject key identifier: 87:95:8E:02:45:3E:C2:B5:C8:EB:2C:8B:13:82:BC:6D:87:E5:45:A4
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 9BCB
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9D2F495C75B311EFA9B8BD78C4F9AE02.roa
Signing time: Thu 17 Oct 2024 06:02:07 +0000
ROA not before: Thu 17 Oct 2024 06:02:07 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 43.225.0.0/22 maxlen: 24
103.14.197.0/24 maxlen: 24
103.27.168.0/24 maxlen: 24
103.27.170.0/23 maxlen: 23
103.47.152.0/24 maxlen: 24
103.51.92.0/22 maxlen: 24
103.52.48.0/22 maxlen: 24
103.55.84.0/22 maxlen: 24
103.86.20.0/22 maxlen: 24
103.108.76.0/22 maxlen: 24
103.118.8.0/22 maxlen: 24
103.142.64.0/23 maxlen: 24
103.171.236.0/23 maxlen: 24
103.180.216.0/23 maxlen: 24
103.198.96.0/22 maxlen: 24
103.199.184.0/22 maxlen: 24
103.200.48.0/22 maxlen: 24
103.206.64.0/22 maxlen: 24
103.209.220.0/22 maxlen: 24
103.212.132.0/22 maxlen: 24
103.226.224.0/22 maxlen: 24
103.228.172.0/24 maxlen: 24
103.228.173.0/24 maxlen: 24
103.228.174.0/24 maxlen: 24
103.228.175.0/24 maxlen: 24
203.191.56.0/22 maxlen: 24
2400:d180:66::/48 maxlen: 48
2400:d180:67::/48 maxlen: 48
2400:d180:68::/48 maxlen: 48
2400:d180:69::/48 maxlen: 48
2400:d180:70::/48 maxlen: 48
2400:d180:71::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 39883 (0x9bcb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Oct 17 06:02:07 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6710a85e-9ad8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:f2:2e:bc:35:f2:a6:c1:71:4e:ab:16:47:c4:
ad:ba:c1:26:67:91:c1:7d:48:c8:a0:0d:88:ac:b6:
bd:8e:6c:82:c1:72:c7:4f:0f:e9:84:e3:df:5d:83:
a2:37:fe:31:9d:c9:c9:6e:80:0e:83:b3:87:17:48:
f0:c5:7e:6f:b7:2c:98:29:aa:7f:ba:5a:1d:bf:cb:
63:cf:c5:d3:c0:0c:e7:7f:b2:2d:08:c6:9c:49:0e:
f3:32:be:e2:60:d5:33:6d:bd:34:b1:4e:a9:83:0c:
9d:de:24:bf:36:5b:be:1d:fd:78:1c:4f:5b:fb:89:
25:32:bd:f5:d7:66:14:eb:af:3a:ac:20:d4:40:e2:
cc:1d:95:e9:cd:8f:fe:ff:e5:dd:3f:30:90:cc:9d:
0a:02:79:b7:cd:df:b3:df:28:81:8a:77:49:9b:fd:
aa:2d:b5:4c:52:02:af:68:7c:79:98:db:6f:8b:68:
bc:6c:41:a2:0b:94:2c:a5:b5:e2:90:72:e6:63:c8:
8c:d9:79:aa:5e:6e:f0:00:67:42:bb:40:50:e1:a8:
48:fb:b7:b9:12:84:49:39:45:f7:42:b4:d2:1c:3a:
d0:7f:1b:61:be:71:91:14:54:89:17:71:64:29:c9:
42:71:13:ea:fb:79:a3:25:e5:76:35:90:7d:d7:3c:
49:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:95:8E:02:45:3E:C2:B5:C8:EB:2C:8B:13:82:BC:6D:87:E5:45:A4
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/9D2F495C75B311EFA9B8BD78C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.225.0.0/22
103.14.197.0/24
103.27.168.0/24
103.27.170.0/23
103.47.152.0/24
103.51.92.0/22
103.52.48.0/22
103.55.84.0/22
103.86.20.0/22
103.108.76.0/22
103.118.8.0/22
103.142.64.0/23
103.171.236.0/23
103.180.216.0/23
103.198.96.0/22
103.199.184.0/22
103.200.48.0/22
103.206.64.0/22
103.209.220.0/22
103.212.132.0/22
103.226.224.0/22
103.228.172.0/22
203.191.56.0/22
IPv6:
2400:d180:66::-2400:d180:69:ffff:ffff:ffff:ffff:ffff
2400:d180:70::/47
Signature Algorithm: sha256WithRSAEncryption
18:e2:ed:a8:b4:31:ab:ab:25:c7:9e:0c:4d:d1:57:22:74:7d:
08:c4:85:00:7c:29:27:3d:d5:bb:64:30:d3:cb:ed:5a:8d:4e:
c3:db:5d:94:bd:06:2e:19:46:25:e8:4f:41:72:f8:07:8f:77:
a6:ab:a5:82:f0:27:07:d4:43:44:de:2d:11:4e:84:18:57:28:
30:68:87:0b:24:b2:bb:03:b8:a7:40:45:06:06:57:b6:2b:89:
86:d3:6b:84:fd:8c:6a:0c:7e:14:3a:b6:8d:2a:4e:cd:f6:c7:
51:da:ad:e5:99:74:bb:d1:d2:81:ee:30:4d:69:b7:0f:2b:af:
72:d6:42:47:26:a4:72:56:bf:ae:1c:7c:10:c2:78:02:2c:ba:
de:78:f3:1b:9e:ec:99:22:b7:a4:b5:17:9a:df:ff:15:d2:61:
79:c5:c6:2c:12:8d:bf:18:d5:b8:59:2a:8d:9c:c5:cc:e0:f6:
f3:34:5b:20:29:5d:d4:a3:36:4e:25:73:06:e8:6f:18:12:9f:
06:72:0a:d9:6e:fe:39:da:e9:4a:b8:6e:28:17:72:c2:b8:9d:
77:9a:3d:e8:9e:71:87:3e:70:d8:96:4d:59:81:c6:71:ce:89:
bd:4c:6b:69:fb:84:58:35:d9:b7:53:c0:21:e0:51:0f:b2:ba:
32:9d:5b:39
-----BEGIN CERTIFICATE-----
MIIGIDCCBQigAwIBAgIDAJvLMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MTAxNzA2MDIwN1oXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjcxMGE4NWUtOWFkODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ3yLrw18qbBcU6rFkfErbrBJmeRwX1IyKANiKy2vY5sgsFyx08P6YTj312D
ojf+MZ3JyW6ADoOzhxdI8MV+b7csmCmqf7paHb/LY8/F08AM53+yLQjGnEkO8zK+
4mDVM229NLFOqYMMnd4kvzZbvh39eBxPW/uJJTK99ddmFOuvOqwg1EDizB2V6c2P
/v/l3T8wkMydCgJ5t83fs98ogYp3SZv9qi21TFICr2h8eZjbb4tovGxBoguULKW1
4pBy5mPIjNl5ql5u8ABnQrtAUOGoSPu3uRKESTlF90K00hw60H8bYb5xkRRUiRdx
ZCnJQnET6vt5oyXldjWQfdc8SZcCAwEAAaOCA0MwggM/MB0GA1UdDgQWBBSHlY4C
RT7CtcjrLIsTgrxth+VFpDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzlEMkY0OTVD
NzVCMzExRUZBOUI4QkQ3OEM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIHMBggrBgEFBQcBBwEB
/wSBvDCBuTCBkQQCAAEwgYoDBAIr4QADBABnDsUDBABnG6gDBAFnG6oDBABnL5gD
BAJnM1wDBAJnNDADBAJnN1QDBAJnVhQDBAJnbEwDBAJndggDBAFnjkADBAFnq+wD
BAFntNgDBAJnxmADBAJnx7gDBAJnyDADBAJnzkADBAJn0dwDBAJn1IQDBAJn4uAD
BAJn5KwDBALLvzgwIwQCAAIwHTASAwcBJADRgABmAwcBJADRgABoAwcBJADRgABw
MA0GCSqGSIb3DQEBCwUAA4IBAQAY4u2otDGrqyXHngxN0VcidH0IxIUAfCknPdW7
ZDDTy+1ajU7D212UvQYuGUYl6E9BcvgHj3emq6WC8CcH1ENE3i0RToQYVygwaIcL
JLK7A7inQEUGBle2K4mG02uE/YxqDH4UOraNKk7N9sdR2q3lmXS70dKB7jBNabcP
K69y1kJHJqRyVr+uHHwQwngCLLreePMbnuyZIrektRea3/8V0mF5xcYsEo2/GNW4
WSqNnMXM4PbzNFsgKV3UozZOJXMG6G8YEp8GcgrZbv452ulKuG4oF3LCuJ13mj3o
nnGHPnDYlk1ZgcZxzom9TGtp+4RYNdm3U8Ah4FEPsroynVs5
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:19:55 2025 by rpki-client