Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B46B5/D186FE0A18D511EB81B6E441C4F9AE02/0163D17E18D711EB91812543C4F9AE02.roa
File: 0163D17E18D711EB91812543C4F9AE02.roa (raw, json)
Hash identifier: HbjYRyg/KOkO/ja/sDMgedX02BBQXxtcS+rFA9Gjyqs=
Subject key identifier: 9E:7A:B8:AB:17:25:FA:55:E6:D9:9F:22:74:A6:82:3A:41:27:C9:7B
Certificate issuer: /CN=A91B46B5/serialNumber=FC6E3BCA3C7DBB28979BB7822A69A4801B99AAE8
Certificate serial: 0612
Authority key identifier: FC:6E:3B:CA:3C:7D:BB:28:97:9B:B7:82:2A:69:A4:80:1B:99:AA:E8
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/_G47yjx9uyiXm7eCKmmkgBuZqug.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B46B5/D186FE0A18D511EB81B6E441C4F9AE02/0163D17E18D711EB91812543C4F9AE02.roa
Signing time: Wed 07 Jun 2023 00:36:59 +0000
ROA not before: Wed 07 Jun 2023 00:36:59 +0000
ROA not after: Tue 30 Jul 2024 00:00:00 +0000
asID: 9310
IP address blocks: 136.143.225.0/24 maxlen: 24
136.143.226.0/24 maxlen: 24
136.143.227.0/24 maxlen: 24
136.143.228.0/24 maxlen: 24
136.143.229.0/24 maxlen: 24
136.143.230.0/24 maxlen: 24
136.143.231.0/24 maxlen: 24
136.143.232.0/24 maxlen: 24
136.143.233.0/24 maxlen: 24
136.143.234.0/24 maxlen: 24
136.143.235.0/24 maxlen: 24
136.143.236.0/24 maxlen: 24
136.143.237.0/24 maxlen: 24
136.143.238.0/24 maxlen: 24
136.143.239.0/24 maxlen: 24
136.143.240.0/24 maxlen: 24
136.143.241.0/24 maxlen: 24
136.143.242.0/24 maxlen: 24
136.143.243.0/24 maxlen: 24
136.143.244.0/24 maxlen: 24
136.143.245.0/24 maxlen: 24
136.143.246.0/24 maxlen: 24
136.143.247.0/24 maxlen: 24
136.143.248.0/24 maxlen: 24
136.143.249.0/24 maxlen: 24
136.143.250.0/24 maxlen: 24
136.143.251.0/24 maxlen: 24
136.143.252.0/24 maxlen: 24
136.143.253.0/24 maxlen: 24
136.143.254.0/24 maxlen: 24
158.140.192.0/19 maxlen: 19
158.140.192.0/22 maxlen: 22
158.140.192.0/24 maxlen: 24
158.140.193.0/24 maxlen: 24
158.140.194.0/24 maxlen: 24
158.140.195.0/24 maxlen: 24
158.140.196.0/24 maxlen: 24
158.140.197.0/24 maxlen: 24
158.140.198.0/24 maxlen: 24
158.140.199.0/24 maxlen: 24
158.140.200.0/24 maxlen: 24
158.140.201.0/24 maxlen: 24
158.140.202.0/24 maxlen: 24
158.140.203.0/24 maxlen: 24
158.140.204.0/24 maxlen: 24
158.140.205.0/24 maxlen: 24
158.140.206.0/24 maxlen: 24
158.140.207.0/24 maxlen: 24
158.140.208.0/24 maxlen: 24
158.140.209.0/24 maxlen: 24
158.140.210.0/24 maxlen: 24
158.140.211.0/24 maxlen: 24
158.140.212.0/24 maxlen: 24
158.140.213.0/24 maxlen: 24
158.140.214.0/24 maxlen: 24
158.140.215.0/24 maxlen: 24
158.140.216.0/24 maxlen: 24
158.140.217.0/24 maxlen: 24
158.140.218.0/24 maxlen: 24
158.140.219.0/24 maxlen: 24
158.140.220.0/24 maxlen: 24
158.140.221.0/24 maxlen: 24
158.140.222.0/24 maxlen: 24
158.140.223.0/24 maxlen: 24
158.140.252.0/22 maxlen: 23
158.140.252.0/24 maxlen: 24
158.140.253.0/24 maxlen: 24
158.140.254.0/24 maxlen: 24
158.140.255.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1554 (0x612)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B46B5/serialNumber=FC6E3BCA3C7DBB28979BB7822A69A4801B99AAE8
Validity
Not Before: Jun 7 00:36:59 2023 GMT
Not After : Jul 30 00:00:00 2024 GMT
Subject: CN=647fd12b-8836
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:ab:25:c9:fc:f1:20:80:e9:76:64:76:f4:04:
0a:22:20:1b:aa:d2:1f:7c:cc:9c:6d:7b:1f:a5:4f:
1d:42:2b:34:48:f6:19:f6:0d:42:d5:31:34:3f:b0:
d6:18:70:82:fd:ab:11:65:41:38:1a:61:f7:e1:af:
64:c4:db:d6:55:7d:46:32:bc:7d:80:63:7f:3f:dc:
ec:b8:e6:32:72:53:06:7a:0a:9e:b0:77:af:50:55:
fd:ec:c1:62:aa:35:52:83:a3:2c:32:9f:cf:d1:2f:
3c:1f:be:f3:f6:94:10:80:cb:3d:74:d0:71:fe:fe:
63:33:f4:07:27:cc:d6:af:2d:97:3f:58:32:a2:be:
5c:61:bd:23:06:7f:fe:41:31:fd:89:40:1f:56:5f:
a2:b6:c7:66:3d:b4:f7:22:50:e4:50:fd:44:a6:ab:
83:3f:fb:3f:aa:ca:28:1f:40:ab:93:1e:d4:55:3a:
a3:ee:b0:5e:bb:db:2e:b4:46:2b:36:c8:5d:fd:b9:
12:1f:61:a2:d9:d6:bd:35:42:6c:14:ec:b8:a1:d0:
70:e7:ac:6c:c5:20:a4:48:84:7c:a5:46:9e:b8:15:
15:6c:40:92:81:45:fa:97:15:7d:5b:f3:79:7b:65:
cc:e4:1a:13:21:17:23:e6:18:83:a2:d4:4a:b2:4d:
09:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:7A:B8:AB:17:25:FA:55:E6:D9:9F:22:74:A6:82:3A:41:27:C9:7B
X509v3 Authority Key Identifier:
keyid:FC:6E:3B:CA:3C:7D:BB:28:97:9B:B7:82:2A:69:A4:80:1B:99:AA:E8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B46B5/D186FE0A18D511EB81B6E441C4F9AE02/_G47yjx9uyiXm7eCKmmkgBuZqug.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/_G47yjx9uyiXm7eCKmmkgBuZqug.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B46B5/D186FE0A18D511EB81B6E441C4F9AE02/0163D17E18D711EB91812543C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
136.143.225.0-136.143.254.255
158.140.192.0/19
158.140.252.0/22
Signature Algorithm: sha256WithRSAEncryption
ba:cf:f5:6c:f7:cf:5f:19:50:72:a0:3a:75:98:e8:24:d8:23:
90:4b:3a:8d:28:2a:e7:8e:d6:5f:0f:32:5f:bc:ce:92:e6:c9:
bc:5d:0a:7d:2d:e3:f1:f2:3d:59:77:e2:75:ef:df:09:1c:75:
a9:b8:c7:17:be:99:bd:aa:30:45:67:63:2d:e6:1c:55:91:d3:
dc:02:42:3a:51:6a:41:ae:08:23:07:d2:a2:b0:13:bf:e9:0f:
c8:3a:63:39:7c:d6:29:7d:3d:96:92:1c:fd:12:9d:50:05:1d:
af:2f:98:ca:00:5d:1a:e7:d7:3e:02:05:84:e4:81:83:92:9f:
b2:22:17:3a:68:d2:17:dd:18:52:bf:01:42:cc:29:15:54:d8:
c2:93:31:74:13:73:99:93:3d:b7:38:1e:c6:88:fb:20:c3:9d:
74:a0:2b:f7:a9:77:7a:f1:28:3d:00:64:57:c8:26:08:f6:73:
78:2f:cb:e5:a5:9c:03:d4:35:ce:76:eb:ee:81:7e:da:9d:3f:
d8:d4:50:aa:b3:94:ea:8d:a5:1a:3d:ff:68:5e:6b:bf:4c:b0:
e5:57:6b:3c:f4:c0:55:7c:53:99:e0:7c:76:37:70:bc:69:c0:
0f:12:a6:0f:9c:29:6f:92:6a:5e:d2:ab:55:70:17:22:d0:9a:
bf:3f:d2:b7
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICBhIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjQ2QjUxMTAvBgNVBAUTKEZDNkUzQkNBM0M3REJCMjg5NzlCQjc4MjJBNjlBNDgw
MUI5OUFBRTgwHhcNMjMwNjA3MDAzNjU5WhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDdmZDEyYi04ODM2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxqslyfzxIIDpdmR29AQKIiAbqtIffMycbXsfpU8dQis0SPYZ9g1C1TE0P7DW
GHCC/asRZUE4GmH34a9kxNvWVX1GMrx9gGN/P9zsuOYyclMGegqesHevUFX97MFi
qjVSg6MsMp/P0S88H77z9pQQgMs9dNBx/v5jM/QHJ8zWry2XP1gyor5cYb0jBn/+
QTH9iUAfVl+itsdmPbT3IlDkUP1EpquDP/s/qsooH0Crkx7UVTqj7rBeu9sutEYr
Nshd/bkSH2Gi2da9NUJsFOy4odBw56xsxSCkSIR8pUaeuBUVbECSgUX6lxV9W/N5
e2XM5BoTIRcj5hiDotRKsk0J9QIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFJ56uKsX
JfpV5tmfInSmgjpBJ8l7MB8GA1UdIwQYMBaAFPxuO8o8fbsol5u3gipppIAbmaro
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNDZCNS9EMTg2RkUwQTE4
RDUxMUVCODFCNkU0NDFDNEY5QUUwMi9fRzQ3eWp4OXV5aVhtN2VDS21ta2dCdVpx
dWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL19HNDd5ang5dXlpWG03ZUNLbW1rZ0J1WnF1Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjQ2QjUvRDE4NkZFMEExOEQ1MTFFQjgxQjZFNDQxQzRGOUFFMDIvMDE2M0QxN0Ux
OEQ3MTFFQjkxODEyNTQzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBowDAMEAIiP4QMEAIiP/gMEBZ6MwAMEAp6M/DANBgkqhkiG9w0B
AQsFAAOCAQEAus/1bPfPXxlQcqA6dZjoJNgjkEs6jSgq547WXw8yX7zOkubJvF0K
fS3j8fI9WXfide/fCRx1qbjHF76ZvaowRWdjLeYcVZHT3AJCOlFqQa4IIwfSorAT
v+kPyDpjOXzWKX09lpIc/RKdUAUdry+YygBdGufXPgIFhOSBg5KfsiIXOmjSF90Y
Ur8BQswpFVTYwpMxdBNzmZM9tzgexoj7IMOddKAr96l3evEoPQBkV8gmCPZzeC/L
5aWcA9Q1znbr7oF+2p0/2NRQqrOU6o2lGj3/aF5rv0yw5VdrPPTAVXxTmeB8djdw
vGnADxKmD5wpb5JqXtKrVXAXItCavz/Stw==
-----END CERTIFICATE-----
Generated at Tue Oct 17 20:59:02 2023 by rpki-client on console-ams.rpki-client.org