Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9120B99/D3F9051C1D8311E2B4ED5CD908B02CD2/5BBBEF3C76EB11EF8C7F6F5CC4F9AE02.roa
File: 5BBBEF3C76EB11EF8C7F6F5CC4F9AE02.roa (raw, json)
Hash identifier: XFtJz0xjEbMY8jx/89z//iATkWTexr1oiYxdh0BLzZ8=
Subject key identifier: F3:E2:48:73:ED:6C:5E:EA:DF:71:C2:F1:A0:33:95:74:CE:B0:B1:C6
Certificate issuer: /CN=A9120B99/serialNumber=86C7946946B2A57B056F02B279340D30C2CE49B4
Certificate serial: 3461
Authority key identifier: 86:C7:94:69:46:B2:A5:7B:05:6F:02:B2:79:34:0D:30:C2:CE:49:B4
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hseUaUaypXsFbwKyeTQNMMLOSbQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9120B99/D3F9051C1D8311E2B4ED5CD908B02CD2/5BBBEF3C76EB11EF8C7F6F5CC4F9AE02.roa
Signing time: Fri 20 Sep 2024 00:57:50 +0000
ROA not before: Fri 20 Sep 2024 00:57:50 +0000
ROA not after: Wed 30 Jul 2025 00:00:00 +0000
asID: 7540
IP address blocks: 117.18.96.0/24 maxlen: 24
117.18.98.0/24 maxlen: 24
117.18.105.0/24 maxlen: 24
117.18.106.0/24 maxlen: 24
117.18.107.0/24 maxlen: 24
117.18.108.0/24 maxlen: 24
117.18.112.0/24 maxlen: 24
117.18.113.0/24 maxlen: 24
117.18.114.0/24 maxlen: 24
117.18.115.0/24 maxlen: 24
117.18.116.0/24 maxlen: 24
117.18.119.0/24 maxlen: 24
117.18.120.0/24 maxlen: 24
117.18.121.0/24 maxlen: 24
202.4.26.0/23 maxlen: 24
202.181.137.0/24 maxlen: 24
202.181.138.0/24 maxlen: 24
202.181.140.0/24 maxlen: 24
202.181.141.0/24 maxlen: 24
202.181.142.0/24 maxlen: 24
202.181.150.0/24 maxlen: 24
202.181.152.0/24 maxlen: 24
202.181.154.0/24 maxlen: 24
202.181.160.0/24 maxlen: 24
202.181.161.0/24 maxlen: 24
202.181.162.0/24 maxlen: 24
202.181.163.0/24 maxlen: 24
202.181.164.0/24 maxlen: 24
202.181.165.0/24 maxlen: 24
202.181.166.0/24 maxlen: 24
202.181.167.0/24 maxlen: 24
202.181.168.0/24 maxlen: 24
202.181.169.0/24 maxlen: 24
202.181.170.0/24 maxlen: 24
202.181.171.0/24 maxlen: 24
202.181.172.0/24 maxlen: 24
202.181.173.0/24 maxlen: 24
202.181.174.0/24 maxlen: 24
202.181.175.0/24 maxlen: 24
202.181.176.0/24 maxlen: 24
202.181.178.0/24 maxlen: 24
202.181.179.0/24 maxlen: 24
202.181.180.0/24 maxlen: 24
202.181.181.0/24 maxlen: 24
202.181.182.0/24 maxlen: 24
202.181.183.0/24 maxlen: 24
202.181.184.0/24 maxlen: 24
202.181.185.0/24 maxlen: 24
202.181.186.0/24 maxlen: 24
202.181.187.0/24 maxlen: 24
202.181.189.0/24 maxlen: 24
202.181.192.0/24 maxlen: 24
202.181.193.0/24 maxlen: 24
202.181.194.0/24 maxlen: 24
202.181.195.0/24 maxlen: 24
202.181.196.0/24 maxlen: 24
202.181.197.0/24 maxlen: 24
202.181.198.0/24 maxlen: 24
202.181.199.0/24 maxlen: 24
202.181.200.0/24 maxlen: 24
202.181.201.0/24 maxlen: 24
202.181.202.0/24 maxlen: 24
202.181.203.0/24 maxlen: 24
202.181.205.0/24 maxlen: 24
202.181.206.0/24 maxlen: 24
202.181.207.0/24 maxlen: 24
202.181.208.0/24 maxlen: 24
202.181.209.0/24 maxlen: 24
202.181.210.0/24 maxlen: 24
202.181.211.0/24 maxlen: 24
202.181.212.0/24 maxlen: 24
202.181.213.0/24 maxlen: 24
202.181.214.0/24 maxlen: 24
202.181.215.0/24 maxlen: 24
202.181.216.0/24 maxlen: 24
202.181.217.0/24 maxlen: 24
202.181.220.0/24 maxlen: 24
202.181.221.0/24 maxlen: 24
202.181.222.0/24 maxlen: 24
202.181.223.0/24 maxlen: 24
202.181.224.0/24 maxlen: 24
202.181.225.0/24 maxlen: 24
202.181.226.0/24 maxlen: 24
202.181.227.0/24 maxlen: 24
202.181.228.0/24 maxlen: 24
202.181.229.0/24 maxlen: 24
202.181.230.0/24 maxlen: 24
202.181.231.0/24 maxlen: 24
202.181.233.0/24 maxlen: 24
202.181.234.0/24 maxlen: 24
202.181.235.0/24 maxlen: 24
202.181.236.0/24 maxlen: 24
202.181.237.0/24 maxlen: 24
202.181.238.0/24 maxlen: 24
202.181.239.0/24 maxlen: 24
202.181.240.0/24 maxlen: 24
202.181.241.0/24 maxlen: 24
202.181.242.0/24 maxlen: 24
202.181.243.0/24 maxlen: 24
202.181.244.0/24 maxlen: 24
202.181.245.0/24 maxlen: 24
202.181.246.0/24 maxlen: 24
202.181.247.0/24 maxlen: 24
2405:5d00::/64 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13409 (0x3461)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9120B99
Validity
Not Before: Sep 20 00:57:50 2024 GMT
Not After : Jul 30 00:00:00 2025 GMT
Subject: CN=66ecc88e-67a5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:bf:fd:d9:ea:1f:ee:06:5e:89:21:f1:1b:fe:
3b:76:53:dc:ba:65:6d:d4:9a:31:8a:23:1c:51:77:
28:49:1a:be:5b:9a:dc:62:83:81:a9:b2:26:08:f3:
41:a7:3c:02:49:f8:a2:d5:ec:a9:3a:6a:d4:b1:a2:
e8:fc:0f:e6:66:17:07:05:8d:6d:d7:5a:8b:78:2a:
d9:ba:7e:7a:91:3e:b1:ee:04:ec:ec:87:07:c2:7d:
c8:95:7f:e1:67:bf:a0:1f:ed:1d:e0:32:cc:a4:10:
9c:94:5b:57:93:d2:5a:fd:eb:8d:d6:c4:92:e1:02:
3e:31:9e:10:ff:2f:b8:81:b8:06:9b:39:dc:da:7c:
fd:55:17:7c:72:9c:b1:26:3d:21:88:a1:f7:f1:79:
c7:70:6b:b3:2a:50:10:1f:a5:8c:e7:f6:9a:a6:d0:
c1:f1:f1:d7:b1:de:1a:1c:ad:6b:ba:34:c1:c4:62:
78:fa:fa:85:5b:d6:77:e0:fd:56:13:3a:0a:2b:98:
43:ce:1b:43:14:8e:95:a0:98:55:5d:7a:c4:df:7e:
1b:57:4b:ff:1e:dc:93:ef:34:07:bd:6a:65:b5:f9:
fe:be:c5:d3:30:3e:e4:2c:b9:b3:af:35:c0:f1:b0:
2a:20:ed:1a:78:f6:a4:66:f4:56:1a:20:e8:11:c9:
d9:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:E2:48:73:ED:6C:5E:EA:DF:71:C2:F1:A0:33:95:74:CE:B0:B1:C6
X509v3 Authority Key Identifier:
keyid:86:C7:94:69:46:B2:A5:7B:05:6F:02:B2:79:34:0D:30:C2:CE:49:B4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9120B99/D3F9051C1D8311E2B4ED5CD908B02CD2/hseUaUaypXsFbwKyeTQNMMLOSbQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hseUaUaypXsFbwKyeTQNMMLOSbQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9120B99/D3F9051C1D8311E2B4ED5CD908B02CD2/5BBBEF3C76EB11EF8C7F6F5CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
117.18.96.0/24
117.18.98.0/24
117.18.105.0-117.18.108.255
117.18.112.0-117.18.116.255
117.18.119.0-117.18.121.255
202.4.26.0/23
202.181.137.0-202.181.138.255
202.181.140.0-202.181.142.255
202.181.150.0/24
202.181.152.0/24
202.181.154.0/24
202.181.160.0-202.181.176.255
202.181.178.0-202.181.187.255
202.181.189.0/24
202.181.192.0-202.181.203.255
202.181.205.0-202.181.217.255
202.181.220.0-202.181.231.255
202.181.233.0-202.181.247.255
IPv6:
2405:5d00::/64
Signature Algorithm: sha256WithRSAEncryption
7e:81:41:0d:19:5d:25:c7:dd:9d:3a:c6:9d:bb:60:aa:67:02:
70:03:8c:4e:ef:43:e9:d1:a6:b5:61:68:dd:34:d2:74:89:8f:
17:e2:54:86:4f:8c:b9:54:29:b5:c0:f7:fb:37:93:8f:20:d0:
4e:da:42:59:3b:9a:8d:95:45:67:85:0f:b4:1f:6a:00:b5:66:
6f:c8:47:fa:12:01:2e:c3:31:0b:0f:94:45:12:50:ac:47:d8:
d9:ba:4f:9a:37:23:22:bf:90:73:8d:dd:f7:1d:05:ad:6a:ef:
b0:e3:be:6a:d0:1f:7e:73:e9:9d:93:d9:5e:4d:b3:88:e8:5f:
cc:75:96:a7:b5:34:8e:14:7d:5d:16:92:09:f9:6c:76:33:9a:
15:d0:f7:b0:dc:7f:71:3f:ac:e9:e8:a8:93:77:c6:a7:8f:2b:
63:e2:a0:7f:e6:84:fd:25:50:22:56:5d:7b:00:1b:e0:f4:a5:
1f:49:2c:d9:e5:b2:d4:a6:51:a3:11:b9:a9:db:f5:07:e5:e1:
0b:f6:d0:d4:2f:bb:49:d8:fe:56:b3:63:69:ff:f3:5d:ee:d7:
a4:7b:6c:55:49:7d:94:23:95:40:ae:73:63:4d:ad:59:4d:24:
04:97:27:5e:04:c8:10:43:b4:d0:28:81:7f:51:43:4a:fd:eb:
bd:53:1a:e9
-----BEGIN CERTIFICATE-----
MIIGRzCCBS+gAwIBAgICNGEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjBCOTkxMTAvBgNVBAUTKDg2Qzc5NDY5NDZCMkE1N0IwNTZGMDJCMjc5MzQwRDMw
QzJDRTQ5QjQwHhcNMjQwOTIwMDA1NzUwWhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmVjYzg4ZS02N2E1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0L/92eof7gZeiSHxG/47dlPcumVt1JoxiiMcUXcoSRq+W5rcYoOBqbImCPNB
pzwCSfii1eypOmrUsaLo/A/mZhcHBY1t11qLeCrZun56kT6x7gTs7IcHwn3IlX/h
Z7+gH+0d4DLMpBCclFtXk9Ja/euN1sSS4QI+MZ4Q/y+4gbgGmznc2nz9VRd8cpyx
Jj0hiKH38XnHcGuzKlAQH6WM5/aaptDB8fHXsd4aHK1rujTBxGJ4+vqFW9Z34P1W
EzoKK5hDzhtDFI6VoJhVXXrE334bV0v/HtyT7zQHvWpltfn+vsXTMD7kLLmzrzXA
8bAqIO0aePakZvRWGiDoEcnZoQIDAQABo4IDazCCA2cwHQYDVR0OBBYEFPPiSHPt
bF7q33HC8aAzlXTOsLHGMB8GA1UdIwQYMBaAFIbHlGlGsqV7BW8Csnk0DTDCzkm0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyMEI5OS9EM0Y5MDUxQzFE
ODMxMUUyQjRFRDVDRDkwOEIwMkNEMi9oc2VVYVVheXBYc0Zid0t5ZVRRTk1NTE9T
YlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2hzZVVhVWF5cFhzRmJ3S3llVFFOTU1MT1NiUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjBCOTkvRDNGOTA1MUMxRDgzMTFFMkI0RUQ1Q0Q5MDhCMDJDRDIvNUJCQkVGM0M3
NkVCMTFFRjhDN0Y2RjVDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgfQGCCsGAQUFBwEHAQH/
BIHkMIHhMIHLBAIAATCBxAMEAHUSYAMEAHUSYjAMAwQAdRJpAwQAdRJsMAwDBAR1
EnADBAB1EnQwDAMEAHUSdwMEAXUSeAMEAcoEGjAMAwQAyrWJAwQAyrWKMAwDBALK
tYwDBADKtY4DBADKtZYDBADKtZgDBADKtZowDAMEBcq1oAMEAMq1sDAMAwQByrWy
AwQCyrW4AwQAyrW9MAwDBAbKtcADBALKtcgwDAMEAMq1zQMEAcq12DAMAwQCyrXc
AwQDyrXgMAwDBADKtekDBAPKtfAwEQQCAAIwCwMJACQFXQAAAAAAMA0GCSqGSIb3
DQEBCwUAA4IBAQB+gUENGV0lx92dOsadu2CqZwJwA4xO70Pp0aa1YWjdNNJ0iY8X
4lSGT4y5VCm1wPf7N5OPINBO2kJZO5qNlUVnhQ+0H2oAtWZvyEf6EgEuwzELD5RF
ElCsR9jZuk+aNyMiv5Bzjd33HQWtau+w475q0B9+c+mdk9leTbOI6F/MdZantTSO
FH1dFpIJ+Wx2M5oV0Pew3H9xP6zp6KiTd8anjytj4qB/5oT9JVAiVl17ABvg9KUf
SSzZ5bLUplGjEbmp2/UH5eEL9tDUL7tJ2P5Ws2Np//Nd7teke2xVSX2UI5VArnNj
Ta1ZTSQElydeBMgQQ7TQKIF/UUNK/eu9Uxrp
-----END CERTIFICATE-----
Generated at Thu Mar 13 21:46:46 2025 by rpki-client