Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/A08E9FF0EB0211ECBCDE9812C4F9AE02.roa
File: A08E9FF0EB0211ECBCDE9812C4F9AE02.roa (raw, json)
Hash identifier: rnbqeFnSM36uGI80PCFrqIRMjw33Ldp22s7e3GWtyPs=
Subject key identifier: 09:FA:10:6D:66:87:63:84:6D:D0:00:2D:5A:F9:61:88:43:96:3C:BE
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 571F
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/A08E9FF0EB0211ECBCDE9812C4F9AE02.roa
Signing time: Mon 13 Jun 2022 10:21:46 +0000
ROA not before: Mon 13 Jun 2022 10:21:46 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 135718
IP address blocks: 36.255.156.0/24 maxlen: 24
36.255.157.0/24 maxlen: 24
36.255.158.0/24 maxlen: 24
36.255.159.0/24 maxlen: 24
103.66.112.0/24 maxlen: 24
103.66.114.0/24 maxlen: 24
103.66.115.0/24 maxlen: 24
103.68.46.0/24 maxlen: 24
103.92.120.0/22 maxlen: 24
103.101.56.0/23 maxlen: 24
103.101.58.0/24 maxlen: 24
103.103.132.0/23 maxlen: 24
103.113.35.0/24 maxlen: 24
103.119.245.0/24 maxlen: 24
103.119.246.0/24 maxlen: 24
103.119.247.0/24 maxlen: 24
103.145.8.0/23 maxlen: 24
103.148.164.0/24 maxlen: 24
103.159.201.0/24 maxlen: 24
103.165.87.0/24 maxlen: 24
103.172.10.0/24 maxlen: 24
103.174.144.0/23 maxlen: 24
103.182.110.0/23 maxlen: 24
103.204.188.0/24 maxlen: 24
103.204.189.0/24 maxlen: 24
103.204.190.0/24 maxlen: 24
103.204.191.0/24 maxlen: 24
2001:df5:f680::/48 maxlen: 48
2402:6a40::/48 maxlen: 48
2402:6a40:1::/48 maxlen: 48
2402:6a40:2::/48 maxlen: 48
2402:6a40:3::/48 maxlen: 48
2402:6a40:4::/48 maxlen: 48
2402:6a40:5::/48 maxlen: 48
2402:6a40:6::/48 maxlen: 48
2402:6a40:7::/48 maxlen: 48
2402:6a40:8::/48 maxlen: 48
2402:6a40:9::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22303 (0x571f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Jun 13 10:21:46 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=62a70fba-cf8f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:01:c7:5a:53:12:f7:0e:37:a7:e0:75:82:03:
e1:64:ce:ef:03:85:76:89:1d:4c:c4:37:8e:d9:5a:
40:cd:63:9b:a8:30:15:c7:f5:26:11:ce:da:c7:fa:
2a:71:26:0b:c9:bb:a4:73:97:39:ab:aa:9f:ab:74:
03:10:35:ed:d1:18:88:db:e7:41:ab:9e:f6:1d:a9:
b1:5d:cf:b7:e4:f4:60:c9:ca:c8:ad:16:08:50:7b:
08:6e:f1:46:50:2b:49:53:94:34:ca:cd:ec:20:75:
36:19:5b:0b:4f:2f:57:fe:76:ae:b3:d0:e1:04:02:
4c:e7:0d:9e:53:34:ae:60:2d:07:81:48:b2:b3:06:
3d:6d:e0:c0:24:9a:97:1f:f3:3b:73:08:50:5f:57:
42:6c:73:54:1b:7c:e0:bc:04:e0:4a:bb:b0:e2:39:
34:f9:bd:31:dc:8a:1f:69:44:43:c5:31:25:6a:03:
a0:78:7c:aa:30:6c:a7:51:ad:d2:70:9a:97:dc:a9:
96:82:c3:30:ed:c0:80:63:c1:81:f5:bf:ab:90:88:
82:04:86:90:52:1b:49:a4:35:aa:e0:71:05:c0:80:
4f:ee:5a:8d:3e:30:05:75:78:1f:d1:97:f4:da:e2:
ba:55:0c:4f:ce:af:30:25:53:d4:20:fc:3a:40:a4:
d7:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:FA:10:6D:66:87:63:84:6D:D0:00:2D:5A:F9:61:88:43:96:3C:BE
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/A08E9FF0EB0211ECBCDE9812C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
36.255.156.0/22
103.66.112.0/24
103.66.114.0/23
103.68.46.0/24
103.92.120.0/22
103.101.56.0-103.101.58.255
103.103.132.0/23
103.113.35.0/24
103.119.245.0-103.119.247.255
103.145.8.0/23
103.148.164.0/24
103.159.201.0/24
103.165.87.0/24
103.172.10.0/24
103.174.144.0/23
103.182.110.0/23
103.204.188.0/22
IPv6:
2001:df5:f680::/48
2402:6a40::-2402:6a40:9:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
84:b9:2b:3f:7f:59:94:75:4a:c0:4e:9e:0b:19:83:5a:19:37:
fa:a0:f3:d8:29:7a:24:95:34:87:4b:d9:43:80:d4:c5:80:80:
f6:53:04:42:dc:fb:6c:85:5c:ad:8f:60:4b:4b:21:fa:0c:f4:
15:13:a9:af:56:88:49:6b:41:77:52:a9:43:a2:11:d0:c4:15:
94:a0:d3:77:f7:fc:c0:b3:d7:0a:c5:0b:b2:49:4a:85:68:90:
ef:e5:de:67:9d:e6:b1:67:2f:5f:8c:8e:af:77:61:ef:a6:15:
94:cb:9f:d6:d6:8b:6e:86:1e:98:da:13:92:07:9a:53:cb:59:
6e:0a:33:3b:b5:97:3e:9b:4e:1a:47:31:7f:49:65:8e:e1:9a:
e3:a3:6d:9e:67:fc:ec:c4:12:81:fc:88:0c:4a:09:c1:1a:c3:
68:10:d0:43:41:f1:62:9a:ed:f9:6c:11:5a:7d:a8:aa:60:eb:
fd:d9:33:57:fa:09:27:24:94:0c:2d:8c:34:77:df:05:0b:00:
2c:62:f9:a8:50:54:69:32:6f:aa:a3:f5:95:33:58:f6:c7:f0:
bb:a0:bf:39:71:77:26:21:19:b9:64:10:22:e4:32:c8:71:d9:
b2:a7:bd:0b:c4:19:e8:6f:07:af:6d:13:ef:4c:42:ff:c3:94:
4e:21:2a:d4
-----BEGIN CERTIFICATE-----
MIIGBzCCBO+gAwIBAgICVx8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwNjEzMTAyMTQ2WhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmE3MGZiYS1jZjhmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2wHHWlMS9w43p+B1ggPhZM7vA4V2iR1MxDeO2VpAzWObqDAVx/UmEc7ax/oq
cSYLybukc5c5q6qfq3QDEDXt0RiI2+dBq572HamxXc+35PRgycrIrRYIUHsIbvFG
UCtJU5Q0ys3sIHU2GVsLTy9X/naus9DhBAJM5w2eUzSuYC0HgUiyswY9beDAJJqX
H/M7cwhQX1dCbHNUG3zgvATgSruw4jk0+b0x3IofaURDxTElagOgeHyqMGynUa3S
cJqX3KmWgsMw7cCAY8GB9b+rkIiCBIaQUhtJpDWq4HEFwIBP7lqNPjAFdXgf0Zf0
2uK6VQxPzq8wJVPUIPw6QKTXuwIDAQABo4IDKzCCAycwHQYDVR0OBBYEFAn6EG1m
h2OEbdAALVr5YYhDljy+MB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvQTA4RTlGRjBF
QjAyMTFFQ0JDREU5ODEyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgbQGCCsGAQUFBwEHAQH/
BIGkMIGhMHwEAgABMHYDBAIk/5wDBABnQnADBAFnQnIDBABnRC4DBAJnXHgwDAME
A2dlOAMEAGdlOgMEAWdnhAMEAGdxIzAMAwQAZ3f1AwQDZ3fwAwQBZ5EIAwQAZ5Sk
AwQAZ5/JAwQAZ6VXAwQAZ6wKAwQBZ66QAwQBZ7ZuAwQCZ8y8MCEEAgACMBsDBwAg
AQ319oAwEAMFBiQCakADBwEkAmpAAAgwDQYJKoZIhvcNAQELBQADggEBAIS5Kz9/
WZR1SsBOngsZg1oZN/qg89gpeiSVNIdL2UOA1MWAgPZTBELc+2yFXK2PYEtLIfoM
9BUTqa9WiElrQXdSqUOiEdDEFZSg03f3/MCz1wrFC7JJSoVokO/l3med5rFnL1+M
jq93Ye+mFZTLn9bWi26GHpjaE5IHmlPLWW4KMzu1lz6bThpHMX9JZY7hmuOjbZ5n
/OzEEoH8iAxKCcEaw2gQ0ENB8WKa7flsEVp9qKpg6/3ZM1f6CScklAwtjDR33wUL
ACxi+ahQVGkyb6qj9ZUzWPbH8LugvzlxdyYhGblkECLkMshx2bKnvQvEGehvB69t
E+9MQv/DlE4hKtQ=
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:01:50 2025 by rpki-client