Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/EC2AFEE4690111EE989B7A70C4F9AE02.roa
File: EC2AFEE4690111EE989B7A70C4F9AE02.roa (raw, json)
Hash identifier: Ho7NegmBDsWUkWg8id33LleObP0rJ+weIXLs3hAXad0=
Subject key identifier: DD:09:C2:5E:E8:4A:44:37:B4:31:FC:BB:A1:76:34:BE:8D:FD:DF:BC
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 7C6C
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/EC2AFEE4690111EE989B7A70C4F9AE02.roa
Signing time: Mon 23 Oct 2023 04:17:48 +0000
ROA not before: Mon 23 Oct 2023 04:17:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 58678
IP address blocks: 43.241.28.0/22 maxlen: 24
43.241.128.0/22 maxlen: 24
43.241.132.0/22 maxlen: 24
43.242.208.0/24 maxlen: 24
43.242.209.0/24 maxlen: 24
43.242.210.0/24 maxlen: 24
43.242.211.0/24 maxlen: 24
43.242.224.0/22 maxlen: 24
43.242.228.0/22 maxlen: 24
45.64.84.0/22 maxlen: 24
45.114.192.0/22 maxlen: 24
45.117.0.0/22 maxlen: 23
45.117.0.0/23 maxlen: 24
45.117.3.0/24 maxlen: 24
45.127.120.0/22 maxlen: 24
45.250.248.0/24 maxlen: 24
45.250.249.0/24 maxlen: 24
45.250.250.0/24 maxlen: 24
103.14.232.0/22 maxlen: 24
103.17.12.0/23 maxlen: 24
103.26.52.0/22 maxlen: 22
103.26.52.0/24 maxlen: 24
103.26.53.0/24 maxlen: 24
103.26.54.0/24 maxlen: 24
103.26.55.0/24 maxlen: 24
103.26.56.0/22 maxlen: 24
103.42.160.0/22 maxlen: 24
103.48.56.0/23 maxlen: 24
103.48.58.0/24 maxlen: 24
103.48.59.0/24 maxlen: 24
103.48.100.0/22 maxlen: 24
103.57.96.0/23 maxlen: 24
103.59.188.0/22 maxlen: 24
103.59.212.0/22 maxlen: 24
103.66.80.0/22 maxlen: 22
103.66.80.0/24 maxlen: 24
103.66.81.0/24 maxlen: 24
103.66.82.0/24 maxlen: 24
103.66.83.0/24 maxlen: 24
103.69.238.0/24 maxlen: 24
103.74.236.0/22 maxlen: 24
103.77.152.0/22 maxlen: 23
103.77.152.0/23 maxlen: 24
103.77.154.0/24 maxlen: 24
103.89.40.0/22 maxlen: 24
103.111.132.0/22 maxlen: 24
103.112.32.0/24 maxlen: 24
103.112.33.0/24 maxlen: 24
103.112.34.0/24 maxlen: 24
103.112.35.0/24 maxlen: 24
103.117.184.0/24 maxlen: 24
103.117.187.0/24 maxlen: 24
103.132.228.0/23 maxlen: 24
103.137.152.0/22 maxlen: 24
103.148.207.0/24 maxlen: 24
103.153.151.0/24 maxlen: 24
103.155.170.0/24 maxlen: 24
103.162.190.0/23 maxlen: 24
103.163.188.0/24 maxlen: 24
103.163.189.0/24 maxlen: 24
103.168.62.0/24 maxlen: 24
103.168.63.0/24 maxlen: 24
103.173.208.0/23 maxlen: 24
103.174.30.0/24 maxlen: 24
103.174.38.0/24 maxlen: 24
103.178.212.0/23 maxlen: 24
103.181.209.0/24 maxlen: 24
103.185.11.0/24 maxlen: 24
103.185.174.0/23 maxlen: 24
103.204.119.0/24 maxlen: 24
103.209.18.0/24 maxlen: 24
103.209.19.0/24 maxlen: 24
103.215.114.0/23 maxlen: 24
103.216.144.0/22 maxlen: 24
103.218.100.0/22 maxlen: 24
103.219.164.0/24 maxlen: 24
103.219.165.0/24 maxlen: 24
103.219.166.0/24 maxlen: 24
103.219.167.0/24 maxlen: 24
103.220.80.0/22 maxlen: 24
103.220.212.0/22 maxlen: 24
103.226.0.0/22 maxlen: 24
103.226.4.0/22 maxlen: 24
103.226.28.0/22 maxlen: 24
103.232.24.0/22 maxlen: 24
124.108.16.0/22 maxlen: 24
2001:df6:f180::/48 maxlen: 48
2404:bd00::/48 maxlen: 48
2404:bd00:1::/48 maxlen: 48
2404:bd00:2::/48 maxlen: 48
2404:bd00:3::/48 maxlen: 48
2404:bd00:4::/48 maxlen: 48
2404:bd00:5::/48 maxlen: 48
2404:bd00:6::/48 maxlen: 48
2404:bd00:7::/48 maxlen: 48
2404:bd00:8::/48 maxlen: 48
2404:bd00:a::/48 maxlen: 48
2404:bd00:b::/48 maxlen: 48
2404:bd00:c::/48 maxlen: 48
2404:bd00:d::/48 maxlen: 48
2404:bd00:e::/48 maxlen: 48
2404:bd00:f::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 31852 (0x7c6c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2
Validity
Not Before: Oct 23 04:17:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6535f3eb-9c2e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:24:07:28:a2:d6:af:3f:74:cb:3c:ec:04:94:
7e:15:19:11:78:58:ce:75:b1:77:4f:54:6f:d3:28:
4a:30:47:a8:eb:81:c8:63:e0:b0:33:37:94:23:a4:
eb:d1:26:6b:24:37:33:6d:af:fe:f2:b0:c0:29:c9:
46:ee:aa:10:d3:b2:20:c9:e7:c6:e0:90:ce:e1:9f:
0f:e8:86:8b:b3:ad:95:42:0e:54:c8:70:62:06:ca:
04:ca:8b:0b:20:74:de:27:75:7f:e5:0c:36:75:28:
e7:48:00:50:92:55:2e:8a:e4:8e:7e:7d:f4:3b:d7:
9a:ec:35:66:30:10:1c:91:2f:c4:33:f5:7c:f0:8b:
15:2b:3b:9a:bd:60:34:22:93:dc:52:0b:a8:34:b7:
37:1f:07:d0:38:89:2f:34:6f:e7:15:bb:30:3e:87:
8b:6e:97:3a:6f:d4:e3:a9:59:be:f5:bb:f8:e3:44:
47:b4:2a:90:ce:73:56:06:4e:63:75:b2:30:8d:da:
50:30:34:3c:b5:2d:53:07:3f:f6:cf:ab:cb:ed:ee:
d8:0e:3f:3d:be:09:c3:de:8b:3a:70:e1:11:ec:1b:
f1:40:b7:7e:d5:c8:2e:fb:8d:6d:b2:b0:66:22:83:
40:cb:7f:59:7e:c5:7a:ed:fb:9b:39:8e:7b:b5:8e:
eb:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:09:C2:5E:E8:4A:44:37:B4:31:FC:BB:A1:76:34:BE:8D:FD:DF:BC
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/EC2AFEE4690111EE989B7A70C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.241.28.0/22
43.241.128.0/21
43.242.208.0/22
43.242.224.0/21
45.64.84.0/22
45.114.192.0/22
45.117.0.0/22
45.127.120.0/22
45.250.248.0-45.250.250.255
103.14.232.0/22
103.17.12.0/23
103.26.52.0-103.26.59.255
103.42.160.0/22
103.48.56.0/22
103.48.100.0/22
103.57.96.0/23
103.59.188.0/22
103.59.212.0/22
103.66.80.0/22
103.69.238.0/24
103.74.236.0/22
103.77.152.0/22
103.89.40.0/22
103.111.132.0/22
103.112.32.0/22
103.117.184.0/24
103.117.187.0/24
103.132.228.0/23
103.137.152.0/22
103.148.207.0/24
103.153.151.0/24
103.155.170.0/24
103.162.190.0/23
103.163.188.0/23
103.168.62.0/23
103.173.208.0/23
103.174.30.0/24
103.174.38.0/24
103.178.212.0/23
103.181.209.0/24
103.185.11.0/24
103.185.174.0/23
103.204.119.0/24
103.209.18.0/23
103.215.114.0/23
103.216.144.0/22
103.218.100.0/22
103.219.164.0/22
103.220.80.0/22
103.220.212.0/22
103.226.0.0/21
103.226.28.0/22
103.232.24.0/22
124.108.16.0/22
IPv6:
2001:df6:f180::/48
2404:bd00::-2404:bd00:8:ffff:ffff:ffff:ffff:ffff
2404:bd00:a::-2404:bd00:f:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
a8:a2:aa:1e:35:60:40:df:67:9b:54:8c:99:f1:82:c3:0c:95:
08:de:a6:fb:f7:2f:85:1f:6b:43:38:40:4f:c4:10:d3:8d:c7:
6d:76:81:2e:19:9e:86:b0:e0:33:8f:2a:f6:fd:4a:1c:39:54:
cf:28:f7:71:3f:00:50:d1:5d:ed:9d:01:dd:9b:b2:64:2c:05:
b5:b7:a4:21:e9:7f:5d:52:b9:8a:4b:eb:36:10:6b:7c:c0:5b:
52:1d:a2:83:68:a4:0c:9f:af:00:44:b1:bc:c6:b3:11:84:c7:
64:0d:38:fa:48:03:97:a2:46:a1:54:a1:3b:ce:ed:72:ac:48:
f0:6b:6e:0a:3e:be:9c:7a:35:65:7c:44:ee:ea:51:5a:8e:37:
e0:05:d6:6a:4c:1e:e9:b7:fc:3a:a2:67:9e:31:77:74:cd:04:
9a:36:a9:71:3e:6b:05:2d:9e:d7:ee:95:29:f1:65:0b:42:c7:
69:05:8a:2b:fe:d8:b1:26:c1:1a:84:7d:de:2c:8f:1b:6f:3c:
7f:99:96:96:f4:3f:aa:cf:6d:51:03:26:a9:ab:1d:15:d2:c8:
1c:c7:dc:2c:f5:bc:2e:c2:93:0f:0d:25:69:98:41:cc:4a:2f:
8b:c9:24:dc:9a:0d:7b:cf:37:c1:0b:af:44:e8:4c:c5:27:4a:
37:f6:95:cc
-----BEGIN CERTIFICATE-----
MIIG/zCCBeegAwIBAgICfGwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMxMDIzMDQxNzQ4WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTM1ZjNlYi05YzJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyyQHKKLWrz90yzzsBJR+FRkReFjOdbF3T1Rv0yhKMEeo64HIY+CwMzeUI6Tr
0SZrJDczba/+8rDAKclG7qoQ07IgyefG4JDO4Z8P6IaLs62VQg5UyHBiBsoEyosL
IHTeJ3V/5Qw2dSjnSABQklUuiuSOfn30O9ea7DVmMBAckS/EM/V88IsVKzuavWA0
IpPcUguoNLc3HwfQOIkvNG/nFbswPoeLbpc6b9TjqVm+9bv440RHtCqQznNWBk5j
dbIwjdpQMDQ8tS1TBz/2z6vL7e7YDj89vgnD3os6cOER7BvxQLd+1cgu+41tsrBm
IoNAy39ZfsV67fubOY57tY7rcQIDAQABo4IEIzCCBB8wHQYDVR0OBBYEFN0Jwl7o
SkQ3tDH8u6F2NL6N/d+8MB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvRUMyQUZFRTQ2
OTAxMTFFRTk4OUI3QTcwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwggGrBggrBgEFBQcBBwEB
/wSCAZowggGWMIIBXAQCAAEwggFUAwQCK/EcAwQDK/GAAwQCK/LQAwQDK/LgAwQC
LUBUAwQCLXLAAwQCLXUAAwQCLX94MAwDBAMt+vgDBAAt+voDBAJnDugDBAFnEQww
DAMEAmcaNAMEAmcaOAMEAmcqoAMEAmcwOAMEAmcwZAMEAWc5YAMEAmc7vAMEAmc7
1AMEAmdCUAMEAGdF7gMEAmdK7AMEAmdNmAMEAmdZKAMEAmdvhAMEAmdwIAMEAGd1
uAMEAGd1uwMEAWeE5AMEAmeJmAMEAGeUzwMEAGeZlwMEAGebqgMEAWeivgMEAWej
vAMEAWeoPgMEAWet0AMEAGeuHgMEAGeuJgMEAWey1AMEAGe10QMEAGe5CwMEAWe5
rgMEAGfMdwMEAWfREgMEAWfXcgMEAmfYkAMEAmfaZAMEAmfbpAMEAmfcUAMEAmfc
1AMEA2fiAAMEAmfiHAMEAmfoGAMEAnxsEDA0BAIAAjAuAwcAIAEN9vGAMA8DBAAk
BL0DBwAkBL0AAAgwEgMHASQEvQAACgMHBCQEvQAAADANBgkqhkiG9w0BAQsFAAOC
AQEAqKKqHjVgQN9nm1SMmfGCwwyVCN6m+/cvhR9rQzhAT8QQ043HbXaBLhmehrDg
M48q9v1KHDlUzyj3cT8AUNFd7Z0B3ZuyZCwFtbekIel/XVK5ikvrNhBrfMBbUh2i
g2ikDJ+vAESxvMazEYTHZA04+kgDl6JGoVShO87tcqxI8GtuCj6+nHo1ZXxE7upR
Wo434AXWakwe6bf8OqJnnjF3dM0EmjapcT5rBS2e1+6VKfFlC0LHaQWKK/7YsSbB
GoR93iyPG288f5mWlvQ/qs9tUQMmqasdFdLIHMfcLPW8LsKTDw0laZhBzEovi8kk
3JoNe883wQuvROhMxSdKN/aVzA==
-----END CERTIFICATE-----
Generated at Fri Apr 4 18:11:05 2025 by rpki-client