Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914DA2D/72B5F292D27D11ECA73EF154C4F9AE02/5F38F490548911EFBFA6F41BC4F9AE02.roa
File: 5F38F490548911EFBFA6F41BC4F9AE02.roa (raw, json)
Hash identifier: OOdBi3/O2G0OmDSmk5Pr8hAZWmXFgbHOYCrnSUcGc08=
Subject key identifier: 13:7D:B6:0D:F2:12:8E:65:D8:CD:31:AF:EE:36:E3:11:0B:F9:ED:FD
Certificate issuer: /CN=A914DA2D/serialNumber=D7CB6D1DDCF934A1F59E4FFE4982F0B4C52C35F5
Certificate serial: 0287
Authority key identifier: D7:CB:6D:1D:DC:F9:34:A1:F5:9E:4F:FE:49:82:F0:B4:C5:2C:35:F5
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/18ttHdz5NKH1nk_-SYLwtMUsNfU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914DA2D/72B5F292D27D11ECA73EF154C4F9AE02/5F38F490548911EFBFA6F41BC4F9AE02.roa
Signing time: Wed 07 Aug 2024 06:50:46 +0000
ROA not before: Wed 07 Aug 2024 06:50:46 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 17882
IP address blocks: 64.119.16.0/24 maxlen: 24
64.119.17.0/24 maxlen: 24
64.119.18.0/24 maxlen: 24
64.119.19.0/24 maxlen: 24
64.119.20.0/24 maxlen: 24
64.119.21.0/24 maxlen: 24
64.119.22.0/24 maxlen: 24
64.119.23.0/24 maxlen: 24
64.119.24.0/24 maxlen: 24
64.119.25.0/24 maxlen: 24
64.119.26.0/24 maxlen: 24
64.119.27.0/24 maxlen: 24
64.119.28.0/24 maxlen: 24
64.119.29.0/24 maxlen: 24
64.119.30.0/24 maxlen: 24
64.119.31.0/24 maxlen: 24
66.181.160.0/24 maxlen: 24
66.181.161.0/24 maxlen: 24
66.181.162.0/24 maxlen: 24
66.181.163.0/24 maxlen: 24
66.181.164.0/24 maxlen: 24
66.181.165.0/24 maxlen: 24
66.181.166.0/24 maxlen: 24
66.181.167.0/24 maxlen: 24
66.181.168.0/24 maxlen: 24
66.181.169.0/24 maxlen: 24
66.181.170.0/24 maxlen: 24
66.181.171.0/24 maxlen: 24
66.181.172.0/24 maxlen: 24
66.181.173.0/24 maxlen: 24
66.181.174.0/24 maxlen: 24
66.181.175.0/24 maxlen: 24
66.181.176.0/24 maxlen: 24
66.181.177.0/24 maxlen: 24
66.181.178.0/24 maxlen: 24
66.181.179.0/24 maxlen: 24
66.181.180.0/24 maxlen: 24
66.181.181.0/24 maxlen: 24
66.181.182.0/24 maxlen: 24
66.181.183.0/24 maxlen: 24
66.181.184.0/24 maxlen: 24
66.181.185.0/24 maxlen: 24
66.181.186.0/24 maxlen: 24
66.181.187.0/24 maxlen: 24
66.181.188.0/24 maxlen: 24
66.181.189.0/24 maxlen: 24
66.181.190.0/24 maxlen: 24
66.181.191.0/24 maxlen: 24
192.82.64.0/19 maxlen: 19
192.82.64.0/24 maxlen: 24
192.82.65.0/24 maxlen: 24
192.82.66.0/24 maxlen: 24
192.82.67.0/24 maxlen: 24
192.82.68.0/24 maxlen: 24
192.82.69.0/24 maxlen: 24
192.82.70.0/24 maxlen: 24
192.82.71.0/24 maxlen: 24
192.82.72.0/24 maxlen: 24
192.82.73.0/24 maxlen: 24
192.82.74.0/24 maxlen: 24
192.82.75.0/24 maxlen: 24
192.82.76.0/24 maxlen: 24
192.82.77.0/24 maxlen: 24
192.82.78.0/24 maxlen: 24
192.82.79.0/24 maxlen: 24
192.82.80.0/24 maxlen: 24
192.82.81.0/24 maxlen: 24
192.82.82.0/24 maxlen: 24
192.82.83.0/24 maxlen: 24
192.82.84.0/24 maxlen: 24
192.82.85.0/24 maxlen: 24
192.82.86.0/24 maxlen: 24
192.82.87.0/24 maxlen: 24
192.82.89.0/24 maxlen: 24
192.82.90.0/24 maxlen: 24
192.82.91.0/24 maxlen: 24
192.82.92.0/24 maxlen: 24
192.82.93.0/24 maxlen: 24
192.82.94.0/24 maxlen: 24
192.82.95.0/24 maxlen: 24
192.82.100.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 647 (0x287)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914DA2D
Validity
Not Before: Aug 7 06:50:46 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=66b31945-62a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:95:c8:3a:0f:e8:fe:52:9d:3d:45:45:64:53:
79:0d:7c:5c:ba:c5:56:3f:95:7d:c3:a0:82:c7:d0:
1d:05:c0:de:80:ba:73:f9:e7:fc:41:d4:c3:39:9a:
ed:6a:ec:81:f2:d6:52:e4:6e:7a:1f:61:83:c4:05:
58:26:b8:3e:2f:5e:ca:5d:97:35:68:60:da:1d:b8:
82:d2:1d:b2:5e:51:d5:c3:95:3d:51:1d:8e:93:78:
35:64:1d:0d:ff:d3:76:29:c2:d1:9d:c7:e5:cc:60:
64:23:63:f5:22:04:b9:84:fc:ea:cf:cb:f3:56:a7:
0c:d9:6a:ec:8e:c6:4a:2f:3c:c2:a4:aa:89:d8:55:
d7:0b:53:dd:58:1d:4d:9f:1e:50:22:72:c6:ec:d5:
14:03:fe:f0:76:15:ca:bc:f5:1c:68:4d:e7:5e:4e:
d9:16:e0:8d:df:5e:56:78:b0:23:aa:7b:64:2c:39:
71:78:13:e7:b2:33:47:65:52:38:f5:e7:fb:3e:f4:
ee:57:9b:be:96:a0:fa:60:b6:d2:f7:fc:44:19:81:
9c:ad:4b:0b:ed:8a:3c:19:e3:8c:47:52:c0:73:67:
1d:4c:21:dc:2e:cf:85:72:b3:8b:63:2c:9f:27:1a:
77:07:ea:ac:9a:63:08:5c:4f:c9:e5:37:d0:b3:e9:
2e:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:7D:B6:0D:F2:12:8E:65:D8:CD:31:AF:EE:36:E3:11:0B:F9:ED:FD
X509v3 Authority Key Identifier:
keyid:D7:CB:6D:1D:DC:F9:34:A1:F5:9E:4F:FE:49:82:F0:B4:C5:2C:35:F5
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914DA2D/72B5F292D27D11ECA73EF154C4F9AE02/18ttHdz5NKH1nk_-SYLwtMUsNfU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/18ttHdz5NKH1nk_-SYLwtMUsNfU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914DA2D/72B5F292D27D11ECA73EF154C4F9AE02/5F38F490548911EFBFA6F41BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
64.119.16.0/20
66.181.160.0/19
192.82.64.0/19
192.82.100.0/24
Signature Algorithm: sha256WithRSAEncryption
98:27:21:8a:37:ad:11:59:69:d5:4c:f3:d1:8f:f8:60:7e:ed:
6f:c3:38:ad:2b:e1:20:ea:8d:0b:09:92:f1:6c:3f:9b:88:90:
07:48:f7:ed:b2:98:77:ea:cf:2e:51:de:88:2c:95:de:a9:ab:
c2:da:bf:05:30:96:e8:09:17:f2:67:37:18:40:f4:70:ef:44:
90:9b:60:a2:36:b9:55:5f:eb:f7:2d:51:fc:0c:b2:bb:9e:9e:
71:39:66:03:6b:fd:c6:d2:3b:3f:b8:eb:fe:79:a8:2a:d6:5b:
ad:1e:08:99:8d:b2:61:d5:24:a8:3e:42:be:2c:8e:4d:06:7c:
4d:16:52:f2:60:36:49:93:95:5f:92:e6:4a:f9:9f:82:f2:85:
f2:7e:38:7e:d5:53:aa:51:3c:99:9d:8e:36:cf:9e:32:87:73:
0d:4e:84:6a:90:37:60:f2:ba:e2:68:b4:50:17:5d:1c:a0:ba:
a1:13:12:41:1d:3e:8d:c3:91:82:c1:59:15:1b:41:4c:b4:7d:
d4:c7:0e:cf:7e:4b:12:46:ec:7a:9a:37:4e:2f:a4:1a:77:a9:
f4:d7:d9:0d:f1:db:1f:39:2f:06:20:86:99:de:65:dc:e7:fd:
8d:6a:78:5f:ff:b0:10:3c:4b:35:e4:8a:95:41:c6:fe:df:da:
09:cd:34:8e
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICAocwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NERBMkQxMTAvBgNVBAUTKEQ3Q0I2RDFERENGOTM0QTFGNTlFNEZGRTQ5ODJGMEI0
QzUyQzM1RjUwHhcNMjQwODA3MDY1MDQ2WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmIzMTk0NS02MmEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2ZXIOg/o/lKdPUVFZFN5DXxcusVWP5V9w6CCx9AdBcDegLpz+ef8QdTDOZrt
auyB8tZS5G56H2GDxAVYJrg+L17KXZc1aGDaHbiC0h2yXlHVw5U9UR2Ok3g1ZB0N
/9N2KcLRncflzGBkI2P1IgS5hPzqz8vzVqcM2WrsjsZKLzzCpKqJ2FXXC1PdWB1N
nx5QInLG7NUUA/7wdhXKvPUcaE3nXk7ZFuCN315WeLAjqntkLDlxeBPnsjNHZVI4
9ef7PvTuV5u+lqD6YLbS9/xEGYGcrUsL7Yo8GeOMR1LAc2cdTCHcLs+FcrOLYyyf
Jxp3B+qsmmMIXE/J5TfQs+ku4wIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFBN9tg3y
Eo5l2M0xr+424xEL+e39MB8GA1UdIwQYMBaAFNfLbR3c+TSh9Z5P/kmC8LTFLDX1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0REEyRC83MkI1RjI5MkQy
N0QxMUVDQTczRUYxNTRDNEY5QUUwMi8xOHR0SGR6NU5LSDFua18tU1lMd3RNVXNO
ZlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyLzE4dHRIZHo1TktIMW5rXy1TWUx3dE1Vc05mVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NERBMkQvNzJCNUYyOTJEMjdEMTFFQ0E3M0VGMTU0QzRGOUFFMDIvNUYzOEY0OTA1
NDg5MTFFRkJGQTZGNDFCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBARAdxADBAVCtaADBAXAUkADBADAUmQwDQYJKoZIhvcNAQEL
BQADggEBAJgnIYo3rRFZadVM89GP+GB+7W/DOK0r4SDqjQsJkvFsP5uIkAdI9+2y
mHfqzy5R3ogsld6pq8LavwUwlugJF/JnNxhA9HDvRJCbYKI2uVVf6/ctUfwMsrue
nnE5ZgNr/cbSOz+46/55qCrWW60eCJmNsmHVJKg+Qr4sjk0GfE0WUvJgNkmTlV+S
5kr5n4LyhfJ+OH7VU6pRPJmdjjbPnjKHcw1OhGqQN2DyuuJotFAXXRyguqETEkEd
Po3DkYLBWRUbQUy0fdTHDs9+SxJG7HqaN04vpBp3qfTX2Q3x2x85LwYghpneZdzn
/Y1qeF//sBA8SzXkipVBxv7f2gnNNI4=
-----END CERTIFICATE-----
Generated at Wed Feb 19 20:38:32 2025 by rpki-client