Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DD4A6/6A5969A87E9511EC82EE520AC4F9AE02/DDED5C74E2DA11EF9617EC0AC4F9AE02.roa
File: DDED5C74E2DA11EF9617EC0AC4F9AE02.roa (raw, json)
Hash identifier: nwMAKgDcxBIC7lnP/53UJBSirN6MwUATARmPL14psNw=
Subject key identifier: 8F:7B:0D:D6:00:06:84:95:D9:29:76:7B:4A:1E:FD:57:0F:3D:55:B8
Certificate issuer: /CN=A91DD4A6/serialNumber=17004AA33105B0A0E6D3EB4E47C513063D92CEC2
Certificate serial: 03CE
Authority key identifier: 17:00:4A:A3:31:05:B0:A0:E6:D3:EB:4E:47:C5:13:06:3D:92:CE:C2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FwBKozEFsKDm0-tOR8UTBj2SzsI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DD4A6/6A5969A87E9511EC82EE520AC4F9AE02/DDED5C74E2DA11EF9617EC0AC4F9AE02.roa
Signing time: Tue 04 Feb 2025 09:38:18 +0000
ROA not before: Tue 04 Feb 2025 09:38:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 56209
IP address blocks: 103.17.80.0/22 maxlen: 22
103.17.80.0/24 maxlen: 24
103.17.81.0/24 maxlen: 24
103.17.82.0/24 maxlen: 24
103.17.83.0/24 maxlen: 24
150.129.172.0/23 maxlen: 23
150.129.172.0/24 maxlen: 24
150.129.173.0/24 maxlen: 24
202.47.112.0/21 maxlen: 21
202.47.112.0/24 maxlen: 24
202.47.113.0/24 maxlen: 24
202.47.114.0/24 maxlen: 24
202.47.115.0/24 maxlen: 24
202.47.116.0/24 maxlen: 24
202.47.117.0/24 maxlen: 24
202.47.118.0/24 maxlen: 24
202.47.119.0/24 maxlen: 24
202.71.0.0/23 maxlen: 23
202.71.0.0/24 maxlen: 24
202.71.1.0/24 maxlen: 24
202.71.2.0/23 maxlen: 23
202.71.2.0/24 maxlen: 24
202.71.3.0/24 maxlen: 24
202.71.15.0/24 maxlen: 24
202.71.24.0/24 maxlen: 24
202.71.25.0/24 maxlen: 24
202.71.26.0/24 maxlen: 24
202.71.27.0/24 maxlen: 24
202.71.28.0/24 maxlen: 24
202.71.29.0/24 maxlen: 24
202.71.30.0/23 maxlen: 23
202.71.30.0/24 maxlen: 24
202.71.31.0/24 maxlen: 24
2406:2100::/32 maxlen: 32
2406:2100::/48 maxlen: 48
2406:2100:1::/48 maxlen: 48
2406:2100:2::/48 maxlen: 48
2406:2100:3::/48 maxlen: 48
2406:2100:4::/48 maxlen: 48
2406:2100:5::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 974 (0x3ce)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DD4A6, serialNumber=17004AA33105B0A0E6D3EB4E47C513063D92CEC2
Validity
Not Before: Feb 4 09:38:18 2025 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=67a1e00a-ca40
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:4e:15:4c:5e:d3:5d:18:59:bf:28:33:58:a1:
09:75:41:96:51:83:ce:83:a2:cd:21:a9:5c:af:03:
24:18:3e:c5:3c:c2:cf:a8:e3:4d:88:92:a8:d4:24:
9b:33:90:67:4e:84:67:c4:31:81:f5:f7:53:81:a2:
d7:2f:be:df:70:f9:03:04:02:e4:f4:eb:5b:f6:fb:
db:b0:e6:e1:c4:69:7d:c7:3c:cc:ea:a0:3e:37:87:
30:18:3b:34:7a:84:a9:9b:bb:6b:44:97:f2:24:e3:
e8:04:5b:b9:d0:1b:2c:80:27:b9:99:13:0c:a2:b5:
3d:c3:37:25:ea:38:42:f6:7e:b3:8d:59:e5:a6:9b:
bc:00:77:95:b3:fe:76:4b:35:79:9a:3b:9e:6e:f6:
36:1e:f4:55:9b:e8:24:72:4c:d2:44:33:4b:cf:36:
08:3d:f2:bb:57:c4:95:4f:09:5c:6d:1a:9f:88:fb:
87:b8:95:0a:45:db:39:6c:27:57:43:2f:07:ec:5e:
1c:a9:e7:df:86:b0:af:67:5c:74:6d:f7:e1:60:d1:
c9:b8:31:60:14:cb:f4:b4:dd:cd:b6:b4:e8:0d:7d:
d3:ec:28:36:fe:dd:02:35:d0:1a:74:59:50:3b:fc:
7a:d7:8e:b7:be:93:83:0a:5b:24:4b:de:3e:68:77:
72:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:7B:0D:D6:00:06:84:95:D9:29:76:7B:4A:1E:FD:57:0F:3D:55:B8
X509v3 Authority Key Identifier:
keyid:17:00:4A:A3:31:05:B0:A0:E6:D3:EB:4E:47:C5:13:06:3D:92:CE:C2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DD4A6/6A5969A87E9511EC82EE520AC4F9AE02/FwBKozEFsKDm0-tOR8UTBj2SzsI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FwBKozEFsKDm0-tOR8UTBj2SzsI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DD4A6/6A5969A87E9511EC82EE520AC4F9AE02/DDED5C74E2DA11EF9617EC0AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.17.80.0/22
150.129.172.0/23
202.47.112.0/21
202.71.0.0/22
202.71.15.0/24
202.71.24.0/21
IPv6:
2406:2100::/32
Signature Algorithm: sha256WithRSAEncryption
10:95:0b:d7:3b:9b:91:cb:af:2c:80:9d:3e:e5:b7:0e:1d:b4:
7c:90:e2:d0:70:d9:19:71:eb:29:2b:c5:31:85:08:7b:e6:3b:
e9:a0:ba:22:b2:46:48:91:52:34:4b:4e:7f:00:39:ad:87:69:
18:7b:58:f6:f8:6d:80:53:41:c8:e1:0d:bc:66:33:aa:f7:fe:
9c:c0:22:89:55:ec:c4:23:ff:7b:91:6e:46:16:89:cb:7d:5d:
e5:45:d6:d7:29:64:ce:d4:9d:e3:c8:43:e9:44:24:57:52:fe:
a2:d8:1e:0e:d5:90:f9:d6:85:8f:61:20:b1:c9:99:e0:86:7a:
37:96:78:0b:0f:b1:ba:71:69:4f:f6:de:72:e1:78:27:94:88:
df:8a:76:ce:7e:4e:a4:ca:c2:bf:cf:a0:9c:f8:8f:65:d7:f3:
5c:12:d5:81:75:88:17:4b:01:c0:87:88:39:86:aa:a6:f3:e4:
58:16:f5:5a:3b:87:ff:92:6d:fa:6f:ae:d6:9a:f4:f2:3f:d9:
da:a6:48:8a:a6:ff:2d:6c:8e:d1:5d:c8:49:64:81:bb:e0:7d:
18:2f:94:ff:ae:d2:34:ae:79:6d:ab:2b:e1:98:4a:9a:da:d0:
22:68:c5:fb:21:b9:f5:75:20:a5:88:d0:9b:c3:e7:ba:de:05:
ac:75:54:7c
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgICA84wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REQ0QTYxMTAvBgNVBAUTKDE3MDA0QUEzMzEwNUIwQTBFNkQzRUI0RTQ3QzUxMzA2
M0Q5MkNFQzIwHhcNMjUwMjA0MDkzODE4WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2ExZTAwYS1jYTQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsk4VTF7TXRhZvygzWKEJdUGWUYPOg6LNIalcrwMkGD7FPMLPqONNiJKo1CSb
M5BnToRnxDGB9fdTgaLXL77fcPkDBALk9Otb9vvbsObhxGl9xzzM6qA+N4cwGDs0
eoSpm7trRJfyJOPoBFu50BssgCe5mRMMorU9wzcl6jhC9n6zjVnlppu8AHeVs/52
SzV5mjuebvY2HvRVm+gkckzSRDNLzzYIPfK7V8SVTwlcbRqfiPuHuJUKRds5bCdX
Qy8H7F4cqeffhrCvZ1x0bffhYNHJuDFgFMv0tN3NtrToDX3T7Cg2/t0CNdAadFlQ
O/x61463vpODClskS94+aHdyOQIDAQABo4ICwjCCAr4wHQYDVR0OBBYEFI97DdYA
BoSV2Sl2e0oe/VcPPVW4MB8GA1UdIwQYMBaAFBcASqMxBbCg5tPrTkfFEwY9ks7C
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERDRBNi82QTU5NjlBODdF
OTUxMUVDODJFRTUyMEFDNEY5QUUwMi9Gd0JLb3pFRnNLRG0wLXRPUjhVVEJqMlN6
c0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0Z3QktvekVGc0tEbTAtdE9SOFVUQmoyU3pzSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REQ0QTYvNkE1OTY5QTg3RTk1MTFFQzgyRUU1MjBBQzRGOUFFMDIvRERFRDVDNzRF
MkRBMTFFRjk2MTdFQzBBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTAYIKwYBBQUHAQcBAf8E
PTA7MCoEAgABMCQDBAJnEVADBAGWgawDBAPKL3ADBALKRwADBADKRw8DBAPKRxgw
DQQCAAIwBwMFACQGIQAwDQYJKoZIhvcNAQELBQADggEBABCVC9c7m5HLryyAnT7l
tw4dtHyQ4tBw2Rlx6ykrxTGFCHvmO+mguiKyRkiRUjRLTn8AOa2HaRh7WPb4bYBT
QcjhDbxmM6r3/pzAIolV7MQj/3uRbkYWict9XeVF1tcpZM7UnePIQ+lEJFdS/qLY
Hg7VkPnWhY9hILHJmeCGejeWeAsPsbpxaU/23nLheCeUiN+Kds5+TqTKwr/PoJz4
j2XX81wS1YF1iBdLAcCHiDmGqqbz5FgW9Vo7h/+Sbfpvrtaa9PI/2dqmSIqm/y1s
jtFdyElkgbvgfRgvlP+u0jSueW2rK+GYSpra0CJoxfshufV1IKWI0JvD57reBax1
VHw=
-----END CERTIFICATE-----
Generated at Fri Apr 18 20:20:12 2025 by rpki-client