Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/3827B7F443AD11EDAD491729C4F9AE02.roa
File: 3827B7F443AD11EDAD491729C4F9AE02.roa (raw, json)
Hash identifier: nnZGan4nKiIOL1hkZqWSxbocojerEQP1NtRjCw6CGU8=
Subject key identifier: 67:8B:5E:78:41:A9:E3:CE:4C:07:F9:BF:A4:D6:14:08:AA:B9:4A:35
Certificate issuer: /CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Certificate serial: 15E2
Authority key identifier: C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/3827B7F443AD11EDAD491729C4F9AE02.roa
Signing time: Wed 26 Oct 2022 02:24:30 +0000
ROA not before: Wed 26 Oct 2022 02:24:29 +0000
ROA not after: Mon 01 May 2023 00:00:00 +0000
asID: 9443
IP address blocks: 14.137.64.0/18 maxlen: 18
14.137.192.0/19 maxlen: 19
58.178.0.0/16 maxlen: 16
58.179.0.0/16 maxlen: 16
111.220.0.0/16 maxlen: 16
112.141.0.0/16 maxlen: 16
112.213.128.0/18 maxlen: 18
116.240.0.0/16 maxlen: 16
121.79.126.0/23 maxlen: 23
122.148.0.0/16 maxlen: 16
122.149.0.0/16 maxlen: 16
122.150.0.0/16 maxlen: 16
122.151.0.0/16 maxlen: 16
123.3.0.0/16 maxlen: 16
125.168.0.0/16 maxlen: 16
202.4.64.0/19 maxlen: 19
202.14.191.0/24 maxlen: 24
202.14.192.0/22 maxlen: 22
202.61.12.0/24 maxlen: 24
202.61.13.0/24 maxlen: 24
202.62.128.0/19 maxlen: 21
202.67.64.0/18 maxlen: 18
202.76.128.0/18 maxlen: 18
202.86.113.0/24 maxlen: 24
202.86.114.0/23 maxlen: 23
202.86.116.0/23 maxlen: 23
202.86.118.0/24 maxlen: 24
202.128.112.0/20 maxlen: 20
202.128.114.0/23 maxlen: 23
202.130.195.0/24 maxlen: 24
202.130.203.0/24 maxlen: 24
202.130.205.0/24 maxlen: 24
202.130.206.0/24 maxlen: 24
202.130.214.0/24 maxlen: 24
202.130.217.0/24 maxlen: 24
202.138.0.0/18 maxlen: 18
202.147.128.0/20 maxlen: 20
202.154.64.0/18 maxlen: 18
203.16.9.0/24 maxlen: 24
203.16.170.0/24 maxlen: 24
203.21.47.0/24 maxlen: 24
203.21.104.0/24 maxlen: 24
203.23.116.0/24 maxlen: 24
203.24.100.0/23 maxlen: 23
203.28.168.0/24 maxlen: 24
203.30.143.0/24 maxlen: 24
203.30.211.0/24 maxlen: 24
203.34.15.0/24 maxlen: 24
203.56.5.0/24 maxlen: 24
203.57.110.0/24 maxlen: 24
203.62.135.0/24 maxlen: 24
203.91.224.0/19 maxlen: 19
203.91.224.0/20 maxlen: 20
203.91.240.0/21 maxlen: 21
203.123.64.0/20 maxlen: 20
203.132.224.0/19 maxlen: 19
203.134.0.0/17 maxlen: 17
203.134.128.0/18 maxlen: 18
203.142.128.0/19 maxlen: 19
203.161.160.0/20 maxlen: 20
203.190.192.0/20 maxlen: 20
203.191.160.0/19 maxlen: 19
203.212.128.0/19 maxlen: 19
210.50.0.0/16 maxlen: 16
210.86.240.0/20 maxlen: 20
211.26.0.0/16 maxlen: 16
211.27.0.0/16 maxlen: 16
218.214.0.0/16 maxlen: 16
218.215.0.0/16 maxlen: 16
2403:4800::/32 maxlen: 32
2403:9e00::/32 maxlen: 32
2403:fc00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5602 (0x15e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Validity
Not Before: Oct 26 02:24:29 2022 GMT
Not After : May 1 00:00:00 2023 GMT
Subject: CN=63589a5d-1b52
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:ac:83:73:ce:0c:1d:a9:a6:6f:5b:26:14:68:
56:c6:6a:11:bb:25:1e:60:fa:bc:b7:05:ad:cd:79:
f6:2c:17:ff:e6:f2:8c:27:82:67:ba:df:f3:e7:07:
b0:97:ae:cd:76:d6:51:63:a4:04:33:d7:61:b0:c9:
cb:6e:67:ac:16:91:9c:c3:88:93:fe:4b:cc:4b:5a:
49:fe:c9:11:2d:e2:6f:14:d0:14:89:bf:49:7a:90:
2e:b3:ae:e6:46:4d:bf:7a:b0:2b:df:84:ab:b9:2b:
58:46:33:ba:a1:f6:fc:e2:c5:c3:db:b0:6d:4c:6e:
f5:e8:95:d4:8d:b4:7c:aa:d8:dd:e9:c8:9d:6a:7c:
9c:46:89:42:95:ce:03:a3:24:6c:7c:77:27:84:9d:
4e:be:f4:ed:b3:87:07:52:59:86:98:53:5b:e9:c9:
83:b1:6f:60:6f:d1:a7:c4:0b:42:9e:ab:84:e8:8b:
8c:4a:53:55:e2:e2:44:54:9a:33:98:6c:89:c1:fe:
7f:65:bd:e5:d8:1e:a1:28:d0:d2:9b:07:c1:8e:d7:
e9:23:1f:27:6c:16:04:3e:5e:62:0d:1e:cf:ca:be:
8e:77:4e:ee:08:5b:2d:e7:bd:a9:ad:c0:ea:bd:e5:
3b:46:64:25:f2:c0:8a:25:7e:b7:99:bf:ac:2f:4a:
1a:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:8B:5E:78:41:A9:E3:CE:4C:07:F9:BF:A4:D6:14:08:AA:B9:4A:35
X509v3 Authority Key Identifier:
keyid:C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/3827B7F443AD11EDAD491729C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.137.64.0/18
14.137.192.0/19
58.178.0.0/15
111.220.0.0/16
112.141.0.0/16
112.213.128.0/18
116.240.0.0/16
121.79.126.0/23
122.148.0.0/14
123.3.0.0/16
125.168.0.0/16
202.4.64.0/19
202.14.191.0-202.14.195.255
202.61.12.0/23
202.62.128.0/19
202.67.64.0/18
202.76.128.0/18
202.86.113.0-202.86.118.255
202.128.112.0/20
202.130.195.0/24
202.130.203.0/24
202.130.205.0-202.130.206.255
202.130.214.0/24
202.130.217.0/24
202.138.0.0/18
202.147.128.0/20
202.154.64.0/18
203.16.9.0/24
203.16.170.0/24
203.21.47.0/24
203.21.104.0/24
203.23.116.0/24
203.24.100.0/23
203.28.168.0/24
203.30.143.0/24
203.30.211.0/24
203.34.15.0/24
203.56.5.0/24
203.57.110.0/24
203.62.135.0/24
203.91.224.0/19
203.123.64.0/20
203.132.224.0/19
203.134.0.0-203.134.191.255
203.142.128.0/19
203.161.160.0/20
203.190.192.0/20
203.191.160.0/19
203.212.128.0/19
210.50.0.0/16
210.86.240.0/20
211.26.0.0/15
218.214.0.0/15
IPv6:
2403:4800::/32
2403:9e00::/32
2403:fc00::/32
Signature Algorithm: sha256WithRSAEncryption
7a:5e:1c:82:9c:c0:1b:71:e1:02:30:7d:75:9f:17:7c:75:e6:
11:2c:3a:9c:57:63:3b:40:d1:6a:92:e8:f7:7a:3f:24:84:78:
69:64:7e:91:7f:c0:6e:cf:2f:36:1c:8e:6e:cb:53:73:89:cf:
5e:cd:ba:b2:7a:09:d4:b6:e8:1a:6a:73:53:6b:fa:12:a6:c1:
4f:6c:0a:ad:44:98:5b:2c:2e:da:9d:69:45:8e:7c:0b:f9:d5:
e6:cb:92:8d:c5:c1:ff:ac:87:a0:57:ac:bb:77:13:27:b4:c0:
af:cf:ea:4d:ff:e8:3a:f5:31:af:79:5c:18:8d:ce:b3:e6:ea:
77:6d:54:38:e0:4b:52:75:b0:6b:c4:77:d7:85:67:19:3e:c0:
44:6e:60:44:28:5c:0c:47:3a:96:4d:4f:d7:bf:5b:be:6f:63:
09:1e:0c:90:35:8b:17:88:5e:b0:de:30:95:58:ad:65:6a:53:
c1:d1:96:fa:ce:19:38:5d:d7:2b:32:64:84:95:67:c1:86:59:
f9:0f:49:fc:8d:1b:89:9b:af:ce:09:1d:bb:b1:af:07:0e:5d:
a2:d2:e2:c4:44:72:84:70:b9:57:e4:73:ae:88:e6:bc:67:cc:
7d:1c:14:e5:ab:99:e3:b1:3f:55:65:f1:b6:44:df:66:5f:f1:
b6:2a:59:f0
-----BEGIN CERTIFICATE-----
MIIG5TCCBc2gAwIBAgICFeIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUFFM0QxMTAvBgNVBAUTKEM3MjY5QjEyNEM0MjBDNTVFMjlGQjUxRDNDMUIwRDlE
NDc2Q0JEMDAwHhcNMjIxMDI2MDIyNDI5WhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzU4OWE1ZC0xYjUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApKyDc84MHammb1smFGhWxmoRuyUeYPq8twWtzXn2LBf/5vKMJ4Jnut/z5wew
l67NdtZRY6QEM9dhsMnLbmesFpGcw4iT/kvMS1pJ/skRLeJvFNAUib9JepAus67m
Rk2/erAr34SruStYRjO6ofb84sXD27BtTG716JXUjbR8qtjd6cidanycRolClc4D
oyRsfHcnhJ1OvvTts4cHUlmGmFNb6cmDsW9gb9GnxAtCnquE6IuMSlNV4uJEVJoz
mGyJwf5/Zb3l2B6hKNDSmwfBjtfpIx8nbBYEPl5iDR7Pyr6Od07uCFst572prcDq
veU7RmQl8sCKJX63mb+sL0oaFQIDAQABo4IECTCCBAUwHQYDVR0OBBYEFGeLXnhB
qePOTAf5v6TWFAiquUo1MB8GA1UdIwQYMBaAFMcmmxJMQgxV4p+1HTwbDZ1HbL0A
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQUUzRC85N0I2RTBDRTc1
REUxMUU4QjcwNEEyNDZDNEY5QUUwMi94eWFiRWt4Q0RGWGluN1VkUEJzTm5VZHN2
UUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3h5YWJFa3hDREZYaW43VWRQQnNOblVkc3ZRQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUFFM0QvOTdCNkUwQ0U3NURFMTFFOEI3MDRBMjQ2QzRGOUFFMDIvMzgyN0I3RjQ0
M0FEMTFFREFENDkxNzI5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwggGRBggrBgEFBQcBBwEB
/wSCAYAwggF8MIIBWwQCAAEwggFTAwQGDolAAwQFDonAAwMBOrIDAwBv3AMDAHCN
AwQGcNWAAwMAdPADBAF5T34DAwJ6lAMDAHsDAwMAfagDBAXKBEAwDAMEAMoOvwME
AsoOwAMEAco9DAMEBco+gAMEBspDQAMEBspMgDAMAwQAylZxAwQAylZ2AwQEyoBw
AwQAyoLDAwQAyoLLMAwDBADKgs0DBADKgs4DBADKgtYDBADKgtkDBAbKigADBATK
k4ADBAbKmkADBADLEAkDBADLEKoDBADLFS8DBADLFWgDBADLF3QDBAHLGGQDBADL
HKgDBADLHo8DBADLHtMDBADLIg8DBADLOAUDBADLOW4DBADLPocDBAXLW+ADBATL
e0ADBAXLhOAwCwMDAcuGAwQGy4aAAwQFy46AAwQEy6GgAwQEy77AAwQFy7+gAwQF
y9SAAwMA0jIDBATSVvADAwHTGgMDAdrWMBsEAgACMBUDBQAkA0gAAwUAJAOeAAMF
ACQD/AAwDQYJKoZIhvcNAQELBQADggEBAHpeHIKcwBtx4QIwfXWfF3x15hEsOpxX
YztA0WqS6Pd6PySEeGlkfpF/wG7PLzYcjm7LU3OJz17NurJ6CdS26Bpqc1Nr+hKm
wU9sCq1EmFssLtqdaUWOfAv51ebLko3Fwf+sh6BXrLt3Eye0wK/P6k3/6Dr1Ma95
XBiNzrPm6ndtVDjgS1J1sGvEd9eFZxk+wERuYEQoXAxHOpZNT9e/W75vYwkeDJA1
ixeIXrDeMJVYrWVqU8HRlvrOGThd1ysyZISVZ8GGWfkPSfyNG4mbr84JHbuxrwcO
XaLS4sREcoRwuVfkc66I5rxnzH0cFOWrmeOxP1Vl8bZE32Zf8bYqWfA=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:13 2023 by rpki-client on console-fra.rpki-client.org