Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2B2A94C4408111EDAC035510C4F9AE02.roa
File: 2B2A94C4408111EDAC035510C4F9AE02.roa (raw, json)
Hash identifier: l0sUdHE+XKKcWklTXP4EoH+NwVq0rDxlfHo6Ugv8CSo=
Subject key identifier: 85:B0:0B:6B:CC:FB:C3:39:5F:A4:83:6E:88:91:6E:27:24:C0:14:14
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 5E15
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2B2A94C4408111EDAC035510C4F9AE02.roa
Signing time: Tue 04 Oct 2022 11:01:47 +0000
ROA not before: Tue 04 Oct 2022 11:01:47 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 133001
IP address blocks: 43.225.160.0/22 maxlen: 24
43.251.216.0/22 maxlen: 24
45.117.220.0/22 maxlen: 24
45.119.44.0/24 maxlen: 24
45.119.45.0/24 maxlen: 24
45.119.46.0/24 maxlen: 24
45.119.47.0/24 maxlen: 24
103.38.36.0/22 maxlen: 24
103.51.132.0/24 maxlen: 24
103.51.133.0/24 maxlen: 24
103.51.134.0/24 maxlen: 24
103.51.135.0/24 maxlen: 24
103.58.8.0/22 maxlen: 24
103.114.0.0/22 maxlen: 24
103.116.147.0/24 maxlen: 24
103.133.116.0/24 maxlen: 24
103.140.26.0/24 maxlen: 24
103.140.27.0/24 maxlen: 24
103.165.68.0/24 maxlen: 24
103.165.69.0/24 maxlen: 24
103.176.210.0/24 maxlen: 24
103.176.211.0/24 maxlen: 24
103.187.123.0/24 maxlen: 24
103.196.76.0/22 maxlen: 24
103.201.148.0/22 maxlen: 24
103.239.168.0/24 maxlen: 24
103.239.169.0/24 maxlen: 24
103.239.170.0/24 maxlen: 24
103.239.171.0/24 maxlen: 24
111.125.225.0/24 maxlen: 24
157.119.202.0/24 maxlen: 24
183.87.251.0/24 maxlen: 24
183.87.252.0/22 maxlen: 24
202.94.160.0/22 maxlen: 24
2401:b240::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24085 (0x5e15)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Oct 4 11:01:47 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=633c129b-498a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:61:eb:e3:fc:07:9f:a1:0f:44:e9:48:e8:fc:
9d:97:b5:af:bb:68:cf:c2:6d:ba:0b:7c:d9:9d:7e:
08:8c:cb:f8:d6:af:3d:a4:00:4b:95:ca:67:ec:74:
28:14:cd:7c:aa:c4:94:7d:d7:cc:a7:83:9b:6f:95:
ee:36:df:40:d4:dd:4b:0c:de:40:5a:8a:f9:20:c7:
c4:d3:a3:38:a7:5d:1f:ba:e7:d0:b7:5b:d9:50:18:
50:66:87:d6:d7:ae:60:24:76:79:f6:cf:e0:5a:8e:
4e:b8:7f:58:73:dc:87:13:46:57:61:d4:72:b1:2b:
c5:74:62:94:4c:6f:98:d6:08:78:10:db:96:57:e1:
14:9b:b2:14:8f:26:45:7d:dc:4c:5c:01:ae:f5:1e:
07:1b:3a:2e:e6:97:41:14:fb:7e:6b:b6:1a:eb:47:
4d:49:bd:16:60:c7:be:59:64:45:f6:8a:b3:77:7e:
44:85:4b:7d:67:92:45:dd:5b:0c:e4:ce:ee:1b:28:
f9:11:4b:69:43:52:51:0e:e2:77:80:e3:49:d5:b0:
9c:ee:74:b0:a1:1b:f1:53:ff:56:24:2b:42:b6:5b:
a7:06:68:47:d7:69:f7:40:7d:96:3f:5c:08:b3:aa:
56:4d:00:e4:cf:6b:b3:5e:ca:56:e5:d5:9f:78:69:
1c:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:B0:0B:6B:CC:FB:C3:39:5F:A4:83:6E:88:91:6E:27:24:C0:14:14
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2B2A94C4408111EDAC035510C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.225.160.0/22
43.251.216.0/22
45.117.220.0/22
45.119.44.0/22
103.38.36.0/22
103.51.132.0/22
103.58.8.0/22
103.114.0.0/22
103.116.147.0/24
103.133.116.0/24
103.140.26.0/23
103.165.68.0/23
103.176.210.0/23
103.187.123.0/24
103.196.76.0/22
103.201.148.0/22
103.239.168.0/22
111.125.225.0/24
157.119.202.0/24
183.87.251.0-183.87.255.255
202.94.160.0/22
IPv6:
2401:b240::/32
Signature Algorithm: sha256WithRSAEncryption
ad:32:e6:a8:ec:31:62:57:5d:61:c4:e8:60:5b:ac:56:c5:83:
e7:de:0f:83:06:ee:34:0c:79:12:89:ec:f3:99:4c:4e:be:dc:
78:c1:24:80:cd:30:ca:c7:e2:57:c4:f0:1d:c1:93:60:f3:9e:
3f:9c:1d:60:56:8d:b8:5c:97:c9:2e:29:5d:5c:f4:ad:6e:8b:
77:0e:fe:e9:ba:fb:59:56:ed:6e:3e:91:07:1b:43:75:06:96:
d6:be:86:98:5e:db:cf:29:b6:01:1d:9e:96:d2:1d:6a:f3:8b:
9b:8a:04:97:be:2e:7f:4d:1d:b9:04:25:c9:45:38:83:a3:dc:
6d:f5:b9:2e:ca:50:f0:26:f5:ab:e7:ff:5f:c2:7e:42:bf:4d:
7e:46:a7:c3:78:36:df:f8:5f:2b:ad:40:39:ac:99:43:85:0c:
22:6e:eb:f0:b3:58:40:03:03:6d:0f:bb:d0:19:0c:3b:26:73:
2b:4a:43:1e:10:27:34:09:c2:dc:8b:fd:37:6c:22:7e:42:31:
b0:6f:fb:da:73:16:5c:0f:ec:96:f5:f7:4f:44:dd:8f:c3:1b:
72:bc:6f:65:ab:d2:0b:44:c0:d7:ba:08:7a:ce:3d:2d:76:cd:
f4:17:e9:b1:fc:a9:ef:42:3b:0c:c8:d0:ed:a2:cc:37:26:0f:
88:07:ed:ec
-----BEGIN CERTIFICATE-----
MIIGBDCCBOygAwIBAgICXhUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIxMDA0MTEwMTQ3WhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzNjMTI5Yi00OThhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwWHr4/wHn6EPROlI6Pydl7Wvu2jPwm26C3zZnX4IjMv41q89pABLlcpn7HQo
FM18qsSUfdfMp4Obb5XuNt9A1N1LDN5AWor5IMfE06M4p10fuufQt1vZUBhQZofW
165gJHZ59s/gWo5OuH9Yc9yHE0ZXYdRysSvFdGKUTG+Y1gh4ENuWV+EUm7IUjyZF
fdxMXAGu9R4HGzou5pdBFPt+a7Ya60dNSb0WYMe+WWRF9oqzd35EhUt9Z5JF3VsM
5M7uGyj5EUtpQ1JRDuJ3gONJ1bCc7nSwoRvxU/9WJCtCtlunBmhH12n3QH2WP1wI
s6pWTQDkz2uzXspW5dWfeGkc3wIDAQABo4IDKDCCAyQwHQYDVR0OBBYEFIWwC2vM
+8M5X6SDboiRbickwBQUMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvMkIyQTk0QzQ0
MDgxMTFFREFDMDM1NTEwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgbEGCCsGAQUFBwEHAQH/
BIGhMIGeMIGMBAIAATCBhQMEAivhoAMEAiv72AMEAi113AMEAi13LAMEAmcmJAME
AmczhAMEAmc6CAMEAmdyAAMEAGd0kwMEAGeFdAMEAWeMGgMEAWelRAMEAWew0gME
AGe7ewMEAmfETAMEAmfJlAMEAmfvqAMEAG994QMEAJ13yjALAwQAt1f7AwMDt1AD
BALKXqAwDQQCAAIwBwMFACQBskAwDQYJKoZIhvcNAQELBQADggEBAK0y5qjsMWJX
XWHE6GBbrFbFg+feD4MG7jQMeRKJ7POZTE6+3HjBJIDNMMrH4lfE8B3Bk2Dznj+c
HWBWjbhcl8kuKV1c9K1ui3cO/um6+1lW7W4+kQcbQ3UGlta+hphe288ptgEdnpbS
HWrzi5uKBJe+Ln9NHbkEJclFOIOj3G31uS7KUPAm9avn/1/CfkK/TX5Gp8N4Nt/4
XyutQDmsmUOFDCJu6/CzWEADA20Pu9AZDDsmcytKQx4QJzQJwtyL/TdsIn5CMbBv
+9pzFlwP7Jb1909E3Y/DG3K8b2Wr0gtEwNe6CHrOPS12zfQX6bH8qe9COwzI0O2i
zDcmD4gH7ew=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:51 2023 by rpki-client on console-fra.rpki-client.org