Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/CD32E9BA70D611EFAA82E02FC4F9AE02.roa
File: CD32E9BA70D611EFAA82E02FC4F9AE02.roa (raw, json)
Hash identifier: eZfU4G89JOjbcNATsK+gM5E+koDXtd5hE3EY78cRgME=
Subject key identifier: 79:85:AF:52:C4:8C:05:BA:E8:5C:D6:15:56:46:D9:37:D6:29:10:EA
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 9873
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/CD32E9BA70D611EFAA82E02FC4F9AE02.roa
Signing time: Thu 12 Sep 2024 07:15:34 +0000
ROA not before: Thu 12 Sep 2024 07:15:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 133661
IP address blocks: 101.0.32.0/22 maxlen: 24
101.0.37.0/24 maxlen: 24
103.73.148.0/24 maxlen: 24
103.73.149.0/24 maxlen: 24
103.73.150.0/24 maxlen: 24
103.114.64.0/22 maxlen: 24
103.142.198.0/24 maxlen: 24
103.163.14.0/24 maxlen: 24
103.165.72.0/23 maxlen: 24
103.165.76.0/23 maxlen: 24
103.165.88.0/23 maxlen: 24
103.166.214.0/23 maxlen: 24
103.167.154.0/23 maxlen: 24
103.167.182.0/23 maxlen: 24
103.167.212.0/23 maxlen: 24
103.167.224.0/23 maxlen: 24
103.167.238.0/23 maxlen: 24
103.168.0.0/23 maxlen: 24
103.168.22.0/24 maxlen: 24
103.168.32.0/23 maxlen: 24
103.168.60.0/23 maxlen: 24
103.169.242.0/23 maxlen: 24
103.170.36.0/23 maxlen: 24
103.170.38.0/23 maxlen: 24
103.170.84.0/23 maxlen: 24
103.171.108.0/24 maxlen: 24
103.171.110.0/23 maxlen: 24
103.171.174.0/23 maxlen: 24
103.173.98.0/23 maxlen: 24
103.174.92.0/23 maxlen: 24
103.177.226.0/23 maxlen: 24
103.178.64.0/23 maxlen: 24
103.178.160.0/23 maxlen: 24
103.178.166.0/23 maxlen: 24
103.178.202.0/23 maxlen: 24
103.179.10.0/23 maxlen: 24
103.179.94.0/23 maxlen: 24
103.179.96.0/23 maxlen: 24
103.179.100.0/23 maxlen: 24
103.179.102.0/23 maxlen: 24
103.179.118.0/23 maxlen: 24
103.179.120.0/23 maxlen: 24
103.179.224.0/23 maxlen: 24
103.179.226.0/23 maxlen: 24
103.180.110.0/23 maxlen: 24
103.180.168.0/23 maxlen: 24
103.180.172.0/23 maxlen: 24
103.180.174.0/23 maxlen: 24
103.180.176.0/23 maxlen: 24
103.180.212.0/23 maxlen: 24
103.180.214.0/23 maxlen: 24
103.180.236.0/23 maxlen: 24
103.180.238.0/23 maxlen: 24
103.181.4.0/23 maxlen: 24
103.181.56.0/23 maxlen: 24
103.181.64.0/23 maxlen: 24
103.181.84.0/23 maxlen: 24
103.181.86.0/23 maxlen: 24
103.181.110.0/23 maxlen: 24
103.181.114.0/23 maxlen: 24
103.181.150.0/23 maxlen: 24
103.181.152.0/23 maxlen: 24
103.181.154.0/23 maxlen: 24
103.181.174.0/23 maxlen: 24
103.181.198.0/23 maxlen: 24
103.181.212.0/24 maxlen: 24
103.183.30.0/23 maxlen: 24
103.183.32.0/23 maxlen: 24
103.183.34.0/23 maxlen: 24
103.183.216.0/23 maxlen: 24
103.187.84.0/23 maxlen: 24
103.187.92.0/23 maxlen: 24
103.187.96.0/23 maxlen: 24
103.187.102.0/23 maxlen: 24
103.187.130.0/23 maxlen: 24
103.187.158.0/23 maxlen: 24
103.187.170.0/23 maxlen: 24
103.189.82.0/23 maxlen: 24
103.199.184.0/22 maxlen: 24
103.212.132.0/22 maxlen: 24
203.76.178.0/24 maxlen: 24
203.76.180.0/24 maxlen: 24
203.76.181.0/24 maxlen: 24
203.76.188.0/24 maxlen: 24
203.76.190.0/24 maxlen: 24
203.76.191.0/24 maxlen: 24
2001:df0:e400::/48 maxlen: 48
2001:df2:e200::/48 maxlen: 48
2001:df2:e600::/48 maxlen: 48
2400:7b20::/32 maxlen: 32
2404:7c80::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 39027 (0x9873)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Sep 12 07:15:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=66e29516-8265
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:04:37:42:32:dc:c4:49:05:e7:10:43:b0:e3:
28:8a:7b:4b:f8:aa:4f:40:dc:57:e9:86:e9:23:80:
1a:67:e0:cb:f9:ed:74:f0:af:60:a4:cb:2c:5d:1b:
a3:0c:b4:fa:7f:75:2a:bd:5d:0b:ef:48:1c:d7:19:
39:3f:b5:20:69:62:95:f9:01:0e:3a:b7:c5:62:db:
22:bd:54:b4:73:a5:f7:15:c0:f2:a0:ae:5e:af:44:
99:97:3d:4b:7c:9c:42:82:c0:eb:83:22:92:74:01:
6c:b5:61:1f:9f:d7:6c:2d:12:f9:2e:f7:f3:fa:55:
5b:ff:40:1b:5c:5e:2f:9a:75:34:d7:a8:a0:d8:f4:
cc:67:1f:6b:90:e0:41:a2:9d:6f:e2:d7:36:be:8b:
19:54:f4:e8:1a:a9:14:31:3d:97:a4:86:94:e3:fb:
42:5c:de:ac:a8:70:6c:cb:5f:36:55:91:24:b2:6f:
ce:24:2f:36:6b:f1:00:53:fa:aa:d2:5c:00:69:b3:
66:18:35:41:a5:a1:c7:cc:07:2a:82:9d:e0:11:af:
fa:ee:e6:93:2a:56:ba:12:81:c9:57:39:ec:26:8e:
ea:5d:cf:e5:63:26:66:e4:e0:cc:14:ca:d7:2f:f1:
d7:ee:b9:e2:fd:f8:af:ff:fe:4a:88:93:ae:24:a1:
36:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:85:AF:52:C4:8C:05:BA:E8:5C:D6:15:56:46:D9:37:D6:29:10:EA
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/CD32E9BA70D611EFAA82E02FC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
101.0.32.0/22
101.0.37.0/24
103.73.148.0-103.73.150.255
103.114.64.0/22
103.142.198.0/24
103.163.14.0/24
103.165.72.0/23
103.165.76.0/23
103.165.88.0/23
103.166.214.0/23
103.167.154.0/23
103.167.182.0/23
103.167.212.0/23
103.167.224.0/23
103.167.238.0/23
103.168.0.0/23
103.168.22.0/24
103.168.32.0/23
103.168.60.0/23
103.169.242.0/23
103.170.36.0/22
103.170.84.0/23
103.171.108.0/24
103.171.110.0/23
103.171.174.0/23
103.173.98.0/23
103.174.92.0/23
103.177.226.0/23
103.178.64.0/23
103.178.160.0/23
103.178.166.0/23
103.178.202.0/23
103.179.10.0/23
103.179.94.0-103.179.97.255
103.179.100.0/22
103.179.118.0-103.179.121.255
103.179.224.0/22
103.180.110.0/23
103.180.168.0/23
103.180.172.0-103.180.177.255
103.180.212.0/22
103.180.236.0/22
103.181.4.0/23
103.181.56.0/23
103.181.64.0/23
103.181.84.0/22
103.181.110.0/23
103.181.114.0/23
103.181.150.0-103.181.155.255
103.181.174.0/23
103.181.198.0/23
103.181.212.0/24
103.183.30.0-103.183.35.255
103.183.216.0/23
103.187.84.0/23
103.187.92.0/23
103.187.96.0/23
103.187.102.0/23
103.187.130.0/23
103.187.158.0/23
103.187.170.0/23
103.189.82.0/23
103.199.184.0/22
103.212.132.0/22
203.76.178.0/24
203.76.180.0/23
203.76.188.0/24
203.76.190.0/23
IPv6:
2001:df0:e400::/48
2001:df2:e200::/48
2001:df2:e600::/48
2400:7b20::/32
2404:7c80::/32
Signature Algorithm: sha256WithRSAEncryption
1f:6b:a7:3c:19:17:ca:d3:8d:64:37:42:41:5c:ab:c5:ae:77:
64:c0:57:b7:c1:46:9f:c3:41:81:aa:bd:e6:c5:af:9a:7a:16:
e2:e5:39:6b:60:35:c5:d4:fa:cb:3f:a7:51:b7:5f:f5:7b:1a:
34:dd:7c:10:4a:fd:a4:ae:52:fb:03:fa:9e:29:5a:98:09:8e:
81:6f:c5:54:c6:88:37:6d:34:68:8f:7a:a0:0d:be:01:ba:32:
fb:50:42:33:3e:8c:e6:02:83:69:02:f2:f1:d9:36:60:cc:90:
be:d3:c0:38:f0:71:8e:1a:28:b0:b6:4d:4d:83:bd:a3:13:fc:
4c:fb:2f:a3:77:51:1e:fe:0f:33:09:4d:7f:e5:1e:43:7f:40:
ed:c4:11:1e:5c:41:19:a1:d3:ab:ae:fe:d9:29:b8:8b:19:14:
82:fa:78:3c:08:a1:0b:52:cc:90:6f:15:8a:ee:7b:c5:4e:7e:
9b:ec:27:fd:7c:3d:8f:dc:5a:5c:e9:c1:d2:bd:c7:c0:7d:36:
e2:94:cc:4f:29:8f:58:d1:c9:1b:83:07:3d:5a:72:82:2c:47:
ba:98:15:6a:88:1b:af:5c:a9:a1:3a:16:f0:36:53:42:33:c5:
51:4d:ff:13:69:57:38:56:10:53:f1:be:c5:2c:86:fa:52:25:
66:07:05:c6
-----BEGIN CERTIFICATE-----
MIIHbzCCBlegAwIBAgIDAJhzMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MDkxMjA3MTUzNFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjZlMjk1MTYtODI2NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKMEN0Iy3MRJBecQQ7DjKIp7S/iqT0DcV+mG6SOAGmfgy/ntdPCvYKTLLF0b
owy0+n91Kr1dC+9IHNcZOT+1IGlilfkBDjq3xWLbIr1UtHOl9xXA8qCuXq9EmZc9
S3ycQoLA64MiknQBbLVhH5/XbC0S+S738/pVW/9AG1xeL5p1NNeooNj0zGcfa5Dg
QaKdb+LXNr6LGVT06BqpFDE9l6SGlOP7QlzerKhwbMtfNlWRJLJvziQvNmvxAFP6
qtJcAGmzZhg1QaWhx8wHKoKd4BGv+u7mkypWuhKByVc57CaO6l3P5WMmZuTgzBTK
1y/x1+654v34r//+SoiTriShNp8CAwEAAaOCBJIwggSOMB0GA1UdDgQWBBR5ha9S
xIwFuuhc1hVWRtk31ikQ6jAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0NEMzJFOUJB
NzBENjExRUZBQTgyRTAyRkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIICGgYIKwYBBQUHAQcB
Af8EggIJMIICBTCCAdAEAgABMIIByAMEAmUAIAMEAGUAJTAMAwQCZ0mUAwQAZ0mW
AwQCZ3JAAwQAZ47GAwQAZ6MOAwQBZ6VIAwQBZ6VMAwQBZ6VYAwQBZ6bWAwQBZ6ea
AwQBZ6e2AwQBZ6fUAwQBZ6fgAwQBZ6fuAwQBZ6gAAwQAZ6gWAwQBZ6ggAwQBZ6g8
AwQBZ6nyAwQCZ6okAwQBZ6pUAwQAZ6tsAwQBZ6tuAwQBZ6uuAwQBZ61iAwQBZ65c
AwQBZ7HiAwQBZ7JAAwQBZ7KgAwQBZ7KmAwQBZ7LKAwQBZ7MKMAwDBAFns14DBAFn
s2ADBAJns2QwDAMEAWezdgMEAWezeAMEAmez4AMEAWe0bgMEAWe0qDAMAwQCZ7Ss
AwQBZ7SwAwQCZ7TUAwQCZ7TsAwQBZ7UEAwQBZ7U4AwQBZ7VAAwQCZ7VUAwQBZ7Vu
AwQBZ7VyMAwDBAFntZYDBAJntZgDBAFnta4DBAFntcYDBABntdQwDAMEAWe3HgME
Ame3IAMEAWe32AMEAWe7VAMEAWe7XAMEAWe7YAMEAWe7ZgMEAWe7ggMEAWe7ngME
AWe7qgMEAWe9UgMEAmfHuAMEAmfUhAMEAMtMsgMEActMtAMEAMtMvAMEActMvjAv
BAIAAjApAwcAIAEN8OQAAwcAIAEN8uIAAwcAIAEN8uYAAwUAJAB7IAMFACQEfIAw
DQYJKoZIhvcNAQELBQADggEBAB9rpzwZF8rTjWQ3QkFcq8Wud2TAV7fBRp/DQYGq
vebFr5p6FuLlOWtgNcXU+ss/p1G3X/V7GjTdfBBK/aSuUvsD+p4pWpgJjoFvxVTG
iDdtNGiPeqANvgG6MvtQQjM+jOYCg2kC8vHZNmDMkL7TwDjwcY4aKLC2TU2DvaMT
/Ez7L6N3UR7+DzMJTX/lHkN/QO3EER5cQRmh06uu/tkpuIsZFIL6eDwIoQtSzJBv
FYrue8VOfpvsJ/18PY/cWlzpwdK9x8B9NuKUzE8pj1jRyRuDBz1acoIsR7qYFWqI
G69cqaE6FvA2U0IzxVFN/xNpVzhWEFPxvsUshvpSJWYHBcY=
-----END CERTIFICATE-----
Generated at Fri Apr 4 21:58:34 2025 by rpki-client