Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/8D6F910A362A11EC83C5EB19C4F9AE02.roa
File: 8D6F910A362A11EC83C5EB19C4F9AE02.roa (raw, json)
Hash identifier: jhS/jKf1rdUQKGU73SX6XXTQvncnsxSL2ms4e2dPZoE=
Subject key identifier: 2B:F7:40:20:0D:85:CA:84:E1:A3:8D:D3:45:31:72:3B:C2:8E:A4:7B
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 47BC
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/8D6F910A362A11EC83C5EB19C4F9AE02.roa
Signing time: Mon 07 Feb 2022 05:01:37 +0000
ROA not before: Mon 07 Feb 2022 05:01:37 +0000
ROA not after: Fri 01 Jul 2022 00:00:00 +0000
asID: 133001
IP address blocks: 43.225.160.0/22 maxlen: 24
43.251.216.0/22 maxlen: 24
45.117.220.0/22 maxlen: 24
45.119.44.0/24 maxlen: 24
45.119.45.0/24 maxlen: 24
45.119.46.0/24 maxlen: 24
45.119.47.0/24 maxlen: 24
103.38.36.0/22 maxlen: 24
103.51.132.0/24 maxlen: 24
103.51.133.0/24 maxlen: 24
103.51.134.0/24 maxlen: 24
103.51.135.0/24 maxlen: 24
103.58.8.0/22 maxlen: 24
103.114.0.0/22 maxlen: 24
103.140.26.0/24 maxlen: 24
103.140.27.0/24 maxlen: 24
103.145.228.0/23 maxlen: 24
103.165.68.0/24 maxlen: 24
103.165.69.0/24 maxlen: 24
103.176.210.0/24 maxlen: 24
103.196.76.0/22 maxlen: 24
103.201.148.0/22 maxlen: 24
103.239.168.0/24 maxlen: 24
103.239.169.0/24 maxlen: 24
103.239.170.0/24 maxlen: 24
103.239.171.0/24 maxlen: 24
111.125.225.0/24 maxlen: 24
157.119.202.0/24 maxlen: 24
183.87.251.0/24 maxlen: 24
183.87.252.0/22 maxlen: 24
202.94.160.0/22 maxlen: 24
2401:b240::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18364 (0x47bc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Feb 7 05:01:37 2022 GMT
Not After : Jul 1 00:00:00 2022 GMT
Subject: CN=6200a7b0-cdb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:fc:1b:d3:f5:e4:d5:78:fd:4e:c1:f3:64:9e:
89:8c:40:8d:5b:27:ab:e7:03:d5:49:46:ff:26:30:
e0:4a:31:3f:c3:bd:f7:50:7b:a6:d3:f9:3e:7e:21:
aa:4b:c8:d0:3c:1d:6b:83:61:8b:c1:6e:d6:f8:03:
0e:17:88:0d:e0:f5:18:bf:dc:e3:15:f5:fb:be:e7:
77:47:23:bf:23:1f:19:fb:b3:28:71:82:c7:7f:ba:
c4:2e:c6:ed:a4:c6:b4:26:d2:d6:53:98:8b:cf:5f:
04:13:2a:d2:e6:09:f7:3a:ae:74:59:f9:7b:a8:ff:
ee:30:e1:88:80:74:90:54:38:c1:f6:36:17:f8:82:
b2:74:f4:20:4d:7a:1a:2d:e4:64:87:a1:19:74:91:
18:67:e6:96:b8:00:b6:f6:c1:35:5f:8e:08:0d:a7:
79:6f:f3:c2:b6:71:59:d5:8f:e6:ea:47:32:32:ad:
4f:5a:df:20:1c:51:6f:f8:de:39:bc:a9:f7:99:b1:
e3:2e:dd:d1:15:4b:be:a1:a8:7f:0f:d8:79:e2:87:
9b:83:d6:32:b5:1f:95:b7:92:f1:7d:c9:eb:0f:2c:
be:a8:13:33:b7:20:68:4f:b8:90:7d:09:8a:4a:20:
7f:4e:d9:bd:cb:14:b5:75:82:c5:a3:d0:ff:5a:29:
1e:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:F7:40:20:0D:85:CA:84:E1:A3:8D:D3:45:31:72:3B:C2:8E:A4:7B
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/8D6F910A362A11EC83C5EB19C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.225.160.0/22
43.251.216.0/22
45.117.220.0/22
45.119.44.0/22
103.38.36.0/22
103.51.132.0/22
103.58.8.0/22
103.114.0.0/22
103.140.26.0/23
103.145.228.0/23
103.165.68.0/23
103.176.210.0/24
103.196.76.0/22
103.201.148.0/22
103.239.168.0/22
111.125.225.0/24
157.119.202.0/24
183.87.251.0-183.87.255.255
202.94.160.0/22
IPv6:
2401:b240::/32
Signature Algorithm: sha256WithRSAEncryption
97:a2:f2:10:4e:16:38:8f:ea:71:3e:2d:b0:81:42:70:62:23:
40:f5:7e:03:2b:31:4b:b3:2a:88:e3:c6:ae:2f:91:f6:19:a8:
8d:2e:fb:81:22:58:1d:5e:d7:b5:cd:8e:22:f1:24:11:6e:04:
87:9a:9d:fb:c9:8e:94:c9:9b:7a:d9:1b:2d:42:b3:c6:ae:ea:
2c:01:a0:35:61:fb:b3:40:9b:93:dd:54:2a:d2:9a:dd:dd:75:
8a:dc:de:47:81:44:42:49:e5:d6:c2:5e:45:ed:f5:01:2a:05:
5d:93:ae:e1:75:79:5d:d3:5a:ea:40:ce:5d:1f:4d:b1:3a:7b:
bf:39:af:81:ea:b1:ef:f5:a2:ef:c2:67:87:00:25:ac:ce:ad:
52:71:98:c8:48:40:d2:bc:3b:41:1d:da:37:a9:69:71:dc:ef:
ef:6f:46:5f:c4:6e:ba:dc:77:a9:7c:75:7a:26:4e:25:82:60:
5e:08:85:8a:8b:ba:30:52:70:5e:89:b4:ae:b0:83:e0:8b:9c:
d3:1f:93:e0:f9:a3:d2:cf:56:6a:ad:99:60:b1:5b:f1:20:49:
1f:b4:9d:49:5c:65:10:cb:eb:1e:a3:0a:19:e2:12:c9:fa:aa:
65:f9:32:b9:e2:cf:e2:ab:64:15:98:04:0d:1e:54:37:1d:8a:
da:91:6a:1f
-----BEGIN CERTIFICATE-----
MIIF9jCCBN6gAwIBAgICR7wwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwMjA3MDUwMTM3WhcNMjIwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjAwYTdiMC1jZGI3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0vwb0/Xk1Xj9TsHzZJ6JjECNWyer5wPVSUb/JjDgSjE/w733UHum0/k+fiGq
S8jQPB1rg2GLwW7W+AMOF4gN4PUYv9zjFfX7vud3RyO/Ix8Z+7MocYLHf7rELsbt
pMa0JtLWU5iLz18EEyrS5gn3Oq50Wfl7qP/uMOGIgHSQVDjB9jYX+IKydPQgTXoa
LeRkh6EZdJEYZ+aWuAC29sE1X44IDad5b/PCtnFZ1Y/m6kcyMq1PWt8gHFFv+N45
vKn3mbHjLt3RFUu+oah/D9h54oebg9YytR+Vt5LxfcnrDyy+qBMztyBoT7iQfQmK
SiB/Ttm9yxS1dYLFo9D/Wike3QIDAQABo4IDGjCCAxYwHQYDVR0OBBYEFCv3QCAN
hcqE4aON00UxcjvCjqR7MB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvOEQ2RjkxMEEz
NjJBMTFFQzgzQzVFQjE5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgaMGCCsGAQUFBwEHAQH/
BIGTMIGQMH8EAgABMHkDBAIr4aADBAIr+9gDBAItddwDBAItdywDBAJnJiQDBAJn
M4QDBAJnOggDBAJncgADBAFnjBoDBAFnkeQDBAFnpUQDBABnsNIDBAJnxEwDBAJn
yZQDBAJn76gDBABvfeEDBACdd8owCwMEALdX+wMDA7dQAwQCyl6gMA0EAgACMAcD
BQAkAbJAMA0GCSqGSIb3DQEBCwUAA4IBAQCXovIQThY4j+pxPi2wgUJwYiNA9X4D
KzFLsyqI48auL5H2GaiNLvuBIlgdXte1zY4i8SQRbgSHmp37yY6UyZt62RstQrPG
ruosAaA1YfuzQJuT3VQq0prd3XWK3N5HgURCSeXWwl5F7fUBKgVdk67hdXld01rq
QM5dH02xOnu/Oa+B6rHv9aLvwmeHACWszq1ScZjISEDSvDtBHdo3qWlx3O/vb0Zf
xG663HepfHV6Jk4lgmBeCIWKi7owUnBeibSusIPgi5zTH5Pg+aPSz1ZqrZlgsVvx
IEkftJ1JXGUQy+seowoZ4hLJ+qpl+TK54s/iq2QVmAQNHlQ3HYrakWof
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:53 2023 by rpki-client on console-ams.rpki-client.org