Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B649B7B2EF8711EF86BB1534C4F9AE02.roa
File: B649B7B2EF8711EF86BB1534C4F9AE02.roa (raw, json)
Hash identifier: sBZbMFGM8Re7TErp1gvWXcQeKRUXWUiFxhJzzBKJcLo=
Subject key identifier: EE:FC:73:53:BD:2F:9A:37:28:CC:56:07:95:E1:CA:F6:EE:63:BF:56
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: A72A
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B649B7B2EF8711EF86BB1534C4F9AE02.roa
Signing time: Thu 20 Feb 2025 12:43:48 +0000
ROA not before: Thu 20 Feb 2025 12:43:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 135031
IP address blocks: 45.65.40.0/22 maxlen: 24
103.82.148.0/22 maxlen: 24
103.82.220.0/22 maxlen: 24
103.97.136.0/22 maxlen: 24
103.206.12.0/23 maxlen: 24
103.210.252.0/22 maxlen: 24
103.211.128.0/22 maxlen: 24
103.235.166.0/23 maxlen: 24
111.223.28.0/22 maxlen: 24
160.202.48.0/22 maxlen: 24
160.238.88.0/22 maxlen: 24
223.26.28.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 42794 (0xa72a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Feb 20 12:43:48 2025 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=67b72384-63ab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:aa:1f:fa:6c:c7:52:59:3b:23:12:f3:ce:fa:
03:40:85:95:19:f8:d0:2b:70:b7:a5:bf:36:41:92:
15:0a:b3:51:4e:4b:4d:3e:70:e1:61:46:d8:11:d1:
0a:60:d8:4d:3e:97:cc:ed:43:3b:68:82:c3:fb:27:
9f:3d:24:d3:c3:b4:88:82:d1:b6:d1:5a:91:32:f5:
de:7a:89:cc:38:63:24:7b:37:1d:c9:f7:99:9c:7d:
94:54:39:b6:0d:8d:28:e7:66:a6:0d:5a:99:00:f3:
5c:62:f4:a9:fa:37:f7:42:d5:41:4a:69:cf:99:fb:
e4:89:12:d1:62:e3:87:28:f4:64:e1:05:cc:99:71:
f4:3f:6d:f2:8e:47:c3:6f:2d:5c:7d:9e:14:43:42:
6f:31:3e:f9:18:92:4f:be:7b:ea:3f:11:f7:5c:3c:
60:a5:b9:30:50:76:6b:ee:35:39:27:44:cf:c7:0c:
dd:ac:35:58:2f:9b:a3:5a:23:40:2f:36:47:95:e0:
04:1c:57:be:66:e9:ee:1d:c4:34:ea:a4:24:39:f1:
37:05:50:73:c2:fc:43:16:64:5d:10:4b:11:ea:ba:
51:48:0b:14:fa:fd:87:04:48:0a:b4:63:39:a5:a4:
bb:66:2f:69:25:12:76:57:64:74:17:a9:8c:f9:24:
ed:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:FC:73:53:BD:2F:9A:37:28:CC:56:07:95:E1:CA:F6:EE:63:BF:56
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B649B7B2EF8711EF86BB1534C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
45.65.40.0/22
103.82.148.0/22
103.82.220.0/22
103.97.136.0/22
103.206.12.0/23
103.210.252.0/22
103.211.128.0/22
103.235.166.0/23
111.223.28.0/22
160.202.48.0/22
160.238.88.0/22
223.26.28.0/22
Signature Algorithm: sha256WithRSAEncryption
a9:9e:b0:1d:67:9b:ad:b5:dd:c7:62:58:85:ea:9a:1e:af:22:
d7:91:50:2e:f8:d3:e8:62:da:ad:13:5c:17:fd:1b:1e:96:30:
38:1d:ce:45:f9:44:f1:59:4b:01:3c:26:7d:ce:29:56:d5:a8:
6e:6b:4d:ae:4c:3c:dc:c0:29:4c:ef:ba:dd:e3:f6:e8:25:74:
8a:05:92:7f:81:e3:90:a7:7a:0d:17:55:1f:97:7b:52:e9:ee:
3b:64:79:f5:42:ce:d8:2a:64:ff:f8:c8:e7:cd:e4:8d:54:6a:
78:50:87:fa:4c:7d:0b:bc:0c:26:a5:46:45:7e:a2:91:43:21:
5a:91:82:f8:ae:db:ba:85:8b:38:fc:62:87:45:bc:cb:88:2d:
04:09:52:c4:81:f8:e7:3a:19:63:db:fd:16:9f:40:56:19:3a:
9d:db:94:e4:aa:40:2f:89:07:61:48:b6:cf:66:8d:d3:29:17:
d0:3d:ec:88:9b:7f:30:5c:38:3a:e6:28:ba:e1:0e:06:b1:2f:
cd:7e:b5:a0:f4:e5:3b:c1:22:0d:ec:87:a6:e8:b5:cb:d2:d8:
cf:45:05:b7:f9:0e:f8:80:96:ea:55:d3:c5:05:67:1a:87:63:
24:8f:f9:5e:90:ae:f8:7d:bb:6e:56:ff:ce:25:10:ed:3a:85:
10:bc:e2:e1
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgIDAKcqMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDIyMDEyNDM0OFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjdiNzIzODQtNjNhYjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALmqH/psx1JZOyMS8876A0CFlRn40Ctwt6W/NkGSFQqzUU5LTT5w4WFG2BHR
CmDYTT6XzO1DO2iCw/snnz0k08O0iILRttFakTL13nqJzDhjJHs3Hcn3mZx9lFQ5
tg2NKOdmpg1amQDzXGL0qfo390LVQUppz5n75IkS0WLjhyj0ZOEFzJlx9D9t8o5H
w28tXH2eFENCbzE++RiST7576j8R91w8YKW5MFB2a+41OSdEz8cM3aw1WC+bo1oj
QC82R5XgBBxXvmbp7h3ENOqkJDnxNwVQc8L8QxZkXRBLEeq6UUgLFPr9hwRICrRj
OaWku2YvaSUSdldkdBepjPkk7bcCAwEAAaOCAtcwggLTMB0GA1UdDgQWBBTu/HNT
vS+aNyjMVgeV4cr27mO/VjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0I2NDlCN0Iy
RUY4NzExRUY4NkJCMTUzNEM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMGEGCCsGAQUFBwEHAQH/
BFIwUDBOBAIAATBIAwQCLUEoAwQCZ1KUAwQCZ1LcAwQCZ2GIAwQBZ84MAwQCZ9L8
AwQCZ9OAAwQBZ+umAwQCb98cAwQCoMowAwQCoO5YAwQC3xocMA0GCSqGSIb3DQEB
CwUAA4IBAQCpnrAdZ5uttd3HYliF6poeryLXkVAu+NPoYtqtE1wX/RseljA4Hc5F
+UTxWUsBPCZ9zilW1ahua02uTDzcwClM77rd4/boJXSKBZJ/geOQp3oNF1Ufl3tS
6e47ZHn1Qs7YKmT/+MjnzeSNVGp4UIf6TH0LvAwmpUZFfqKRQyFakYL4rtu6hYs4
/GKHRbzLiC0ECVLEgfjnOhlj2/0Wn0BWGTqd25TkqkAviQdhSLbPZo3TKRfQPeyI
m38wXDg65ii64Q4GsS/NfrWg9OU7wSIN7Iem6LXL0tjPRQW3+Q74gJbqVdPFBWca
h2Mkj/lekK74fbtuVv/OJRDtOoUQvOLh
-----END CERTIFICATE-----
Generated at Fri Apr 4 22:10:40 2025 by rpki-client