Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914DA2D/72B5F292D27D11ECA73EF154C4F9AE02/B2F10206F3A311EC8804FE09C4F9AE02.roa
File: B2F10206F3A311EC8804FE09C4F9AE02.roa (raw, json)
Hash identifier: 2CkT8xra0lR8+0yBsxylc0bmnobPfPz61J3mqPKA43A=
Subject key identifier: 40:80:B2:D0:6A:7A:41:72:AE:FC:2D:FF:EB:5D:78:67:49:55:18:6A
Certificate issuer: /CN=A914DA2D/serialNumber=D7CB6D1DDCF934A1F59E4FFE4982F0B4C52C35F5
Certificate serial: 025D
Authority key identifier: D7:CB:6D:1D:DC:F9:34:A1:F5:9E:4F:FE:49:82:F0:B4:C5:2C:35:F5
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/18ttHdz5NKH1nk_-SYLwtMUsNfU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914DA2D/72B5F292D27D11ECA73EF154C4F9AE02/B2F10206F3A311EC8804FE09C4F9AE02.roa
Signing time: Wed 22 May 2024 16:54:57 +0000
ROA not before: Wed 22 May 2024 16:54:57 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 17882
IP address blocks: 64.119.16.0/24 maxlen: 24
64.119.17.0/24 maxlen: 24
64.119.18.0/24 maxlen: 24
64.119.19.0/24 maxlen: 24
64.119.20.0/24 maxlen: 24
64.119.21.0/24 maxlen: 24
64.119.22.0/24 maxlen: 24
64.119.23.0/24 maxlen: 24
64.119.24.0/24 maxlen: 24
64.119.25.0/24 maxlen: 24
64.119.26.0/24 maxlen: 24
64.119.27.0/24 maxlen: 24
64.119.28.0/24 maxlen: 24
64.119.29.0/24 maxlen: 24
64.119.30.0/24 maxlen: 24
64.119.31.0/24 maxlen: 24
66.181.160.0/24 maxlen: 24
66.181.161.0/24 maxlen: 24
66.181.162.0/24 maxlen: 24
66.181.163.0/24 maxlen: 24
66.181.164.0/24 maxlen: 24
66.181.165.0/24 maxlen: 24
66.181.166.0/24 maxlen: 24
66.181.167.0/24 maxlen: 24
66.181.168.0/24 maxlen: 24
66.181.169.0/24 maxlen: 24
66.181.170.0/24 maxlen: 24
66.181.171.0/24 maxlen: 24
66.181.172.0/24 maxlen: 24
66.181.173.0/24 maxlen: 24
66.181.174.0/24 maxlen: 24
66.181.175.0/24 maxlen: 24
66.181.176.0/24 maxlen: 24
66.181.177.0/24 maxlen: 24
66.181.178.0/24 maxlen: 24
66.181.179.0/24 maxlen: 24
66.181.180.0/24 maxlen: 24
66.181.181.0/24 maxlen: 24
66.181.182.0/24 maxlen: 24
66.181.183.0/24 maxlen: 24
66.181.184.0/24 maxlen: 24
66.181.185.0/24 maxlen: 24
66.181.186.0/24 maxlen: 24
66.181.187.0/24 maxlen: 24
66.181.188.0/24 maxlen: 24
66.181.189.0/24 maxlen: 24
66.181.190.0/24 maxlen: 24
66.181.191.0/24 maxlen: 24
192.82.64.0/19 maxlen: 19
192.82.64.0/24 maxlen: 24
192.82.65.0/24 maxlen: 24
192.82.66.0/24 maxlen: 24
192.82.67.0/24 maxlen: 24
192.82.68.0/24 maxlen: 24
192.82.69.0/24 maxlen: 24
192.82.70.0/24 maxlen: 24
192.82.71.0/24 maxlen: 24
192.82.72.0/24 maxlen: 24
192.82.73.0/24 maxlen: 24
192.82.74.0/24 maxlen: 24
192.82.75.0/24 maxlen: 24
192.82.76.0/24 maxlen: 24
192.82.77.0/24 maxlen: 24
192.82.78.0/24 maxlen: 24
192.82.79.0/24 maxlen: 24
192.82.80.0/24 maxlen: 24
192.82.81.0/24 maxlen: 24
192.82.82.0/24 maxlen: 24
192.82.83.0/24 maxlen: 24
192.82.84.0/24 maxlen: 24
192.82.85.0/24 maxlen: 24
192.82.86.0/24 maxlen: 24
192.82.87.0/24 maxlen: 24
192.82.88.0/24 maxlen: 24
192.82.89.0/24 maxlen: 24
192.82.90.0/24 maxlen: 24
192.82.91.0/24 maxlen: 24
192.82.92.0/24 maxlen: 24
192.82.93.0/24 maxlen: 24
192.82.94.0/24 maxlen: 24
192.82.95.0/24 maxlen: 24
192.82.100.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 605 (0x25d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914DA2D
Validity
Not Before: May 22 16:54:57 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=664e2361-8059
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:73:88:45:f5:f9:1b:ae:51:a2:2f:95:3f:20:
cb:47:ca:46:74:92:1a:1f:29:f7:c5:df:5e:15:b2:
b8:3a:05:19:7a:6b:29:4a:2b:19:34:8d:94:9d:ee:
1a:c2:13:ca:37:5c:71:95:8a:20:5a:f8:68:20:0b:
18:d7:e8:39:1d:e3:1d:dc:9f:6b:3b:e2:5d:3a:55:
7f:1e:b1:93:18:a9:14:ce:08:67:98:83:45:79:2e:
bf:7c:2c:78:21:3c:53:2e:21:17:fb:79:c2:b4:de:
24:f0:5e:22:ba:78:41:bb:3d:33:38:25:b0:23:4b:
51:45:fd:51:aa:74:37:9c:3d:44:fa:1e:43:dc:23:
8e:bd:0e:94:ad:a1:98:db:fd:a0:96:76:16:eb:d4:
00:34:49:e3:fd:46:dc:2a:1d:cf:93:68:00:0e:dd:
7b:40:1f:c6:8d:1e:01:ab:29:95:39:c5:47:2e:db:
48:09:ff:60:60:41:85:ec:b3:77:47:66:e8:e1:db:
52:f5:fe:7d:07:3a:30:fc:0d:49:dd:9d:a7:5c:9b:
ed:e1:2b:9f:18:73:b8:62:21:80:1a:08:9f:ec:71:
a5:ec:34:ed:26:98:0a:45:0b:6d:15:d3:8a:4b:b9:
3f:72:51:e6:8d:2b:46:35:1b:51:11:76:78:f1:fc:
8a:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:80:B2:D0:6A:7A:41:72:AE:FC:2D:FF:EB:5D:78:67:49:55:18:6A
X509v3 Authority Key Identifier:
keyid:D7:CB:6D:1D:DC:F9:34:A1:F5:9E:4F:FE:49:82:F0:B4:C5:2C:35:F5
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914DA2D/72B5F292D27D11ECA73EF154C4F9AE02/18ttHdz5NKH1nk_-SYLwtMUsNfU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/18ttHdz5NKH1nk_-SYLwtMUsNfU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914DA2D/72B5F292D27D11ECA73EF154C4F9AE02/B2F10206F3A311EC8804FE09C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
64.119.16.0/20
66.181.160.0/19
192.82.64.0/19
192.82.100.0/24
Signature Algorithm: sha256WithRSAEncryption
8b:09:76:bd:35:e2:47:c5:0e:f7:33:da:16:e7:cf:96:b5:32:
2c:60:4c:8d:3d:66:d8:bd:18:06:39:71:ae:2e:82:42:8a:b4:
72:8d:07:e5:f2:4d:25:f0:14:6e:f9:d8:2f:18:8e:d2:96:b1:
cd:80:64:80:02:65:25:88:f6:f1:f3:0f:19:ef:d3:ff:2a:27:
d8:a3:83:81:b6:32:f3:47:ee:c7:58:23:0d:0b:65:fc:95:06:
a3:9c:db:16:66:52:56:f2:68:5e:a8:52:ae:76:d4:ad:b2:1a:
ff:92:37:5f:f7:34:eb:7b:c5:21:a5:a6:1a:3a:4c:c7:48:81:
08:05:f2:b6:b2:aa:42:70:51:e7:49:42:e7:76:03:22:f3:ae:
1d:42:9f:78:29:04:ea:dc:5c:ef:c8:38:1b:66:30:95:65:be:
39:37:09:e7:51:9f:04:3f:2d:37:86:07:44:32:10:c4:b0:9a:
95:1c:5f:3c:67:50:cc:9c:4f:05:14:ca:53:0d:17:6d:1d:a2:
01:a4:c3:0a:a3:f3:39:3f:50:52:3d:d3:66:ce:48:0a:a3:99:
a4:37:d9:52:7a:2f:d4:4c:ff:f4:f6:36:f5:35:79:ce:01:c0:
11:d3:48:9d:79:95:61:aa:c9:1f:05:f2:0f:00:15:a9:17:eb:
ca:58:e5:3a
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICAl0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NERBMkQxMTAvBgNVBAUTKEQ3Q0I2RDFERENGOTM0QTFGNTlFNEZGRTQ5ODJGMEI0
QzUyQzM1RjUwHhcNMjQwNTIyMTY1NDU3WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjRlMjM2MS04MDU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArXOIRfX5G65Roi+VPyDLR8pGdJIaHyn3xd9eFbK4OgUZemspSisZNI2Une4a
whPKN1xxlYogWvhoIAsY1+g5HeMd3J9rO+JdOlV/HrGTGKkUzghnmINFeS6/fCx4
ITxTLiEX+3nCtN4k8F4iunhBuz0zOCWwI0tRRf1RqnQ3nD1E+h5D3COOvQ6UraGY
2/2glnYW69QANEnj/UbcKh3Pk2gADt17QB/GjR4BqymVOcVHLttICf9gYEGF7LN3
R2bo4dtS9f59Bzow/A1J3Z2nXJvt4SufGHO4YiGAGgif7HGl7DTtJpgKRQttFdOK
S7k/clHmjStGNRtREXZ48fyKhQIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFECAstBq
ekFyrvwt/+tdeGdJVRhqMB8GA1UdIwQYMBaAFNfLbR3c+TSh9Z5P/kmC8LTFLDX1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0REEyRC83MkI1RjI5MkQy
N0QxMUVDQTczRUYxNTRDNEY5QUUwMi8xOHR0SGR6NU5LSDFua18tU1lMd3RNVXNO
ZlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyLzE4dHRIZHo1TktIMW5rXy1TWUx3dE1Vc05mVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NERBMkQvNzJCNUYyOTJEMjdEMTFFQ0E3M0VGMTU0QzRGOUFFMDIvQjJGMTAyMDZG
M0EzMTFFQzg4MDRGRTA5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBARAdxADBAVCtaADBAXAUkADBADAUmQwDQYJKoZIhvcNAQEL
BQADggEBAIsJdr014kfFDvcz2hbnz5a1MixgTI09Zti9GAY5ca4ugkKKtHKNB+Xy
TSXwFG752C8YjtKWsc2AZIACZSWI9vHzDxnv0/8qJ9ijg4G2MvNH7sdYIw0LZfyV
BqOc2xZmUlbyaF6oUq521K2yGv+SN1/3NOt7xSGlpho6TMdIgQgF8rayqkJwUedJ
Qud2AyLzrh1Cn3gpBOrcXO/IOBtmMJVlvjk3CedRnwQ/LTeGB0QyEMSwmpUcXzxn
UMycTwUUylMNF20dogGkwwqj8zk/UFI902bOSAqjmaQ32VJ6L9RM//T2NvU1ec4B
wBHTSJ15lWGqyR8F8g8AFakX68pY5To=
-----END CERTIFICATE-----
Generated at Wed Feb 19 20:41:28 2025 by rpki-client