Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B1856ED0136211EFA1113C47C4F9AE02.roa
File: B1856ED0136211EFA1113C47C4F9AE02.roa (raw, json)
Hash identifier: Co74PXgW0nLOrvbXMOABwEYJhAINKNjQtELzcPtDc/g=
Subject key identifier: 1F:9C:09:94:35:1D:D7:7A:DA:59:9D:0F:7C:71:48:A2:B7:B1:50:22
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 8843
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B1856ED0136211EFA1113C47C4F9AE02.roa
Signing time: Thu 30 May 2024 15:53:45 +0000
ROA not before: Thu 30 May 2024 15:53:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.112.192.0/22 maxlen: 24
45.115.92.0/22 maxlen: 24
103.14.197.0/24 maxlen: 24
103.27.168.0/24 maxlen: 24
103.27.170.0/23 maxlen: 23
103.47.152.0/24 maxlen: 24
103.51.92.0/22 maxlen: 24
103.52.48.0/22 maxlen: 24
103.55.84.0/22 maxlen: 24
103.108.76.0/22 maxlen: 24
103.142.64.0/23 maxlen: 24
103.171.236.0/23 maxlen: 24
103.180.38.0/23 maxlen: 24
103.180.216.0/23 maxlen: 24
103.181.88.0/23 maxlen: 24
103.181.202.0/23 maxlen: 24
103.182.12.0/23 maxlen: 24
103.200.48.0/22 maxlen: 24
103.228.172.0/24 maxlen: 24
103.228.173.0/24 maxlen: 24
103.228.174.0/24 maxlen: 24
103.228.175.0/24 maxlen: 24
203.191.56.0/22 maxlen: 24
2400:d180:66::/48 maxlen: 48
2400:d180:67::/48 maxlen: 48
2400:d180:68::/48 maxlen: 48
2400:d180:69::/48 maxlen: 48
2400:d180:70::/48 maxlen: 48
2400:d180:71::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 34883 (0x8843)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: May 30 15:53:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6658a108-bb78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:57:39:77:56:09:06:a8:91:18:5a:b1:12:0b:
c0:fa:22:60:7a:76:d5:82:03:38:d5:81:8f:f1:5e:
10:0a:f7:9e:b6:25:14:0d:60:75:1e:66:82:62:ec:
63:41:20:bf:e4:ab:e4:3d:60:7d:b1:96:cd:64:8e:
e2:9c:82:30:53:df:a4:0f:0d:be:e1:3a:0e:91:8d:
15:9b:f2:4b:40:b1:5f:45:e9:74:f7:d4:c3:e9:5d:
a5:3f:03:af:dc:21:5a:cf:ea:bf:d8:35:7a:31:ee:
19:96:55:7b:a3:79:3c:e7:87:70:04:6c:f8:f7:f2:
70:b0:d4:6e:0e:83:07:1a:f0:fa:8e:1d:4d:cb:4f:
0c:e9:42:fb:ed:b5:04:5e:73:f7:84:ea:ac:59:6b:
73:83:4e:9f:d4:3d:aa:c7:8a:53:0e:a0:d0:24:ba:
2f:3f:96:20:c5:0d:06:c9:6c:e8:01:e2:d0:26:fc:
db:5e:a1:9b:8f:b8:fa:29:ef:14:b3:05:4c:85:a4:
8b:31:19:f4:82:24:26:73:7b:be:67:cb:c9:c9:e6:
1a:75:e8:54:e6:38:b2:93:98:62:e6:4c:04:3e:34:
ed:5f:51:ae:a7:9f:11:05:e4:7e:d9:d1:cd:06:38:
b7:8b:2d:f7:13:58:f3:6a:d2:d7:a2:5d:3d:be:ac:
7f:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:9C:09:94:35:1D:D7:7A:DA:59:9D:0F:7C:71:48:A2:B7:B1:50:22
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B1856ED0136211EFA1113C47C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.112.192.0/22
45.115.92.0/22
103.14.197.0/24
103.27.168.0/24
103.27.170.0/23
103.47.152.0/24
103.51.92.0/22
103.52.48.0/22
103.55.84.0/22
103.108.76.0/22
103.142.64.0/23
103.171.236.0/23
103.180.38.0/23
103.180.216.0/23
103.181.88.0/23
103.181.202.0/23
103.182.12.0/23
103.200.48.0/22
103.228.172.0/22
203.191.56.0/22
IPv6:
2400:d180:66::-2400:d180:69:ffff:ffff:ffff:ffff:ffff
2400:d180:70::/47
Signature Algorithm: sha256WithRSAEncryption
82:a9:ed:1a:f9:eb:6e:1f:06:d8:cb:d9:4f:32:88:57:29:19:
f5:7a:99:3b:29:0c:2e:e3:75:f3:c5:8b:0e:89:15:17:68:a1:
de:ae:23:44:09:9f:b6:52:a5:69:e0:0f:d9:08:2f:ea:3d:83:
51:3a:36:50:b8:3a:5d:bf:28:8a:7d:f5:02:1f:cf:56:0d:83:
f0:8d:41:9b:62:ca:2b:67:dd:46:f4:5c:05:31:5d:6e:d1:bf:
9e:f9:3e:22:12:24:fb:e9:0e:89:c8:ea:50:46:63:ae:70:d9:
d4:9b:8f:dd:c6:a3:6e:8d:83:77:86:ad:eb:34:89:30:bd:6d:
42:f5:15:05:a4:34:10:0c:93:07:f2:68:5b:4e:44:09:8b:ae:
5b:d5:79:bb:8d:66:b9:e2:88:0c:c0:1d:14:6d:6f:ad:70:dd:
fe:1a:9d:f2:0d:1c:d1:e7:78:bf:15:3d:66:ce:4f:69:fe:61:
3e:68:ac:9c:2a:93:30:af:60:d5:65:e4:0f:45:3c:84:f9:d5:
71:b8:9a:09:25:c7:04:71:09:de:e5:34:ce:c7:d7:5f:10:f8:
3d:26:8c:64:68:b0:7c:1f:6a:cc:ed:fc:ea:76:93:00:c6:d0:
8a:15:77:ec:48:41:cd:6a:2d:e2:29:3f:01:90:f2:68:e2:51:
70:01:cb:20
-----BEGIN CERTIFICATE-----
MIIGDDCCBPSgAwIBAgIDAIhDMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDUzMDE1NTM0NVoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjY1OGExMDgtYmI3ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM5XOXdWCQaokRhasRILwPoiYHp21YIDONWBj/FeEAr3nrYlFA1gdR5mgmLs
Y0Egv+Sr5D1gfbGWzWSO4pyCMFPfpA8NvuE6DpGNFZvyS0CxX0XpdPfUw+ldpT8D
r9whWs/qv9g1ejHuGZZVe6N5POeHcARs+PfycLDUbg6DBxrw+o4dTctPDOlC++21
BF5z94TqrFlrc4NOn9Q9qseKUw6g0CS6Lz+WIMUNBsls6AHi0Cb8216hm4+4+inv
FLMFTIWkizEZ9IIkJnN7vmfLycnmGnXoVOY4spOYYuZMBD407V9RrqefEQXkftnR
zQY4t4st9xNY82rS16JdPb6sfy8CAwEAAaOCAy8wggMrMB0GA1UdDgQWBBQfnAmU
NR3XetpZnQ98cUiit7FQIjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0IxODU2RUQw
MTM2MjExRUZBMTExM0M0N0M0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIG4BggrBgEFBQcBBwEB
/wSBqDCBpTB+BAIAATB4AwQCLXDAAwQCLXNcAwQAZw7FAwQAZxuoAwQBZxuqAwQA
Zy+YAwQCZzNcAwQCZzQwAwQCZzdUAwQCZ2xMAwQBZ45AAwQBZ6vsAwQBZ7QmAwQB
Z7TYAwQBZ7VYAwQBZ7XKAwQBZ7YMAwQCZ8gwAwQCZ+SsAwQCy784MCMEAgACMB0w
EgMHASQA0YAAZgMHASQA0YAAaAMHASQA0YAAcDANBgkqhkiG9w0BAQsFAAOCAQEA
gqntGvnrbh8G2MvZTzKIVykZ9XqZOykMLuN188WLDokVF2ih3q4jRAmftlKlaeAP
2Qgv6j2DUTo2ULg6Xb8oin31Ah/PVg2D8I1Bm2LKK2fdRvRcBTFdbtG/nvk+IhIk
++kOicjqUEZjrnDZ1JuP3cajbo2Dd4at6zSJML1tQvUVBaQ0EAyTB/JoW05ECYuu
W9V5u41mueKIDMAdFG1vrXDd/hqd8g0c0ed4vxU9Zs5Paf5hPmisnCqTMK9g1WXk
D0U8hPnVcbiaCSXHBHEJ3uU0zsfXXxD4PSaMZGiwfB9qzO386naTAMbQihV37EhB
zWot4ik/AZDyaOJRcAHLIA==
-----END CERTIFICATE-----
Generated at Fri Apr 11 07:54:11 2025 by rpki-client