Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/A615DD3A956B11EDAE87EE10C4F9AE02.roa
File: A615DD3A956B11EDAE87EE10C4F9AE02.roa (raw, json)
Hash identifier: L8o6ho3f/LmxqddbsHgZZBs70MEx4i+N6zoV49LxJbg=
Subject key identifier: 2E:8F:ED:DA:EA:B5:4D:A6:B0:47:14:70:8F:68:04:6B:8B:D1:AF:5F
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 6321
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/A615DD3A956B11EDAE87EE10C4F9AE02.roa
Signing time: Mon 16 Jan 2023 07:01:50 +0000
ROA not before: Mon 16 Jan 2023 07:01:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 133647
IP address blocks: 14.102.17.0/24 maxlen: 24
14.102.18.0/24 maxlen: 24
14.102.19.0/24 maxlen: 24
14.102.20.0/24 maxlen: 24
14.102.21.0/24 maxlen: 24
14.102.46.0/24 maxlen: 24
14.102.47.0/24 maxlen: 24
14.102.49.0/24 maxlen: 24
14.102.51.0/24 maxlen: 24
14.102.58.0/24 maxlen: 24
14.102.61.0/24 maxlen: 24
14.102.94.0/24 maxlen: 24
14.102.102.0/24 maxlen: 24
43.230.156.0/22 maxlen: 24
45.115.252.0/22 maxlen: 24
45.116.68.0/24 maxlen: 24
45.116.106.0/24 maxlen: 24
45.116.107.0/24 maxlen: 24
45.250.65.0/24 maxlen: 24
45.250.66.0/24 maxlen: 24
45.250.67.0/24 maxlen: 24
103.38.70.0/24 maxlen: 24
103.43.4.0/22 maxlen: 24
103.50.4.0/22 maxlen: 24
103.55.6.0/23 maxlen: 23
103.55.7.0/24 maxlen: 24
103.61.101.0/24 maxlen: 24
103.61.102.0/24 maxlen: 24
103.61.103.0/24 maxlen: 24
103.69.216.0/22 maxlen: 24
103.70.144.0/22 maxlen: 24
103.79.112.0/22 maxlen: 24
103.87.48.0/24 maxlen: 24
103.87.49.0/24 maxlen: 24
103.91.68.0/22 maxlen: 24
103.93.176.0/22 maxlen: 24
103.122.85.0/24 maxlen: 24
103.156.168.0/23 maxlen: 24
103.157.160.0/23 maxlen: 24
103.159.154.0/23 maxlen: 24
103.161.230.0/23 maxlen: 24
103.161.232.0/24 maxlen: 24
103.161.233.0/24 maxlen: 24
103.174.105.0/24 maxlen: 24
103.175.76.0/23 maxlen: 24
103.209.204.0/24 maxlen: 24
103.209.205.0/24 maxlen: 24
103.209.206.0/24 maxlen: 24
103.209.207.0/24 maxlen: 24
103.220.28.0/24 maxlen: 24
103.220.29.0/24 maxlen: 24
103.220.30.0/24 maxlen: 24
103.220.31.0/24 maxlen: 24
103.237.172.0/24 maxlen: 24
103.237.173.0/24 maxlen: 24
103.237.174.0/24 maxlen: 24
103.237.175.0/24 maxlen: 24
110.172.137.0/24 maxlen: 24
110.172.141.0/24 maxlen: 24
110.172.142.0/24 maxlen: 24
110.172.144.0/24 maxlen: 24
110.172.163.0/24 maxlen: 24
110.172.172.0/24 maxlen: 24
110.172.188.0/24 maxlen: 24
118.91.184.0/24 maxlen: 24
118.91.190.0/24 maxlen: 24
175.111.180.0/24 maxlen: 24
175.111.182.0/24 maxlen: 24
175.111.183.0/24 maxlen: 24
202.89.73.0/24 maxlen: 24
202.89.79.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25377 (0x6321)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Jan 16 07:01:50 2023 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=63c4f65e-101f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:81:98:52:25:d8:cd:15:45:73:f7:8d:99:5a:
a4:7a:c6:51:5a:79:ff:46:05:99:e5:5c:6d:b3:7b:
51:6c:1c:9e:d3:1e:0f:32:b2:70:0f:04:f7:be:8d:
5e:0b:2a:91:16:a0:17:ca:4c:5c:fb:7e:9b:0c:58:
be:09:30:d4:b3:72:2d:4b:69:6d:dd:99:a2:4a:c7:
52:36:17:e0:e8:33:ac:99:80:12:09:73:55:23:28:
a0:8b:04:7d:84:6e:4d:e7:02:d0:bd:29:e4:79:4c:
1a:a4:65:da:fb:fb:d3:61:41:02:0b:05:18:8e:85:
d1:77:b8:73:61:0d:e1:93:27:50:ec:da:8f:64:76:
a0:8a:1c:24:b9:0c:11:c5:90:c1:1e:b8:53:1f:21:
61:eb:5b:12:2d:11:63:96:a2:be:5a:f2:c2:40:29:
ba:f5:ac:80:cf:97:1b:8c:25:14:c3:58:a3:2f:c5:
c5:ea:a0:ec:30:15:bb:a7:d7:31:1f:4d:68:a6:f9:
ef:16:98:4b:49:a9:e3:65:f6:6f:01:21:dd:b9:82:
56:f1:72:fe:da:ca:37:ce:ba:b8:c1:70:28:f2:10:
0e:ab:fa:ee:a7:ab:89:38:92:4a:4b:2c:2e:4b:3d:
63:13:96:c9:9d:35:95:8d:44:f6:3c:96:7d:97:c5:
72:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:8F:ED:DA:EA:B5:4D:A6:B0:47:14:70:8F:68:04:6B:8B:D1:AF:5F
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/A615DD3A956B11EDAE87EE10C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.102.17.0-14.102.21.255
14.102.46.0/23
14.102.49.0/24
14.102.51.0/24
14.102.58.0/24
14.102.61.0/24
14.102.94.0/24
14.102.102.0/24
43.230.156.0/22
45.115.252.0/22
45.116.68.0/24
45.116.106.0/23
45.250.65.0-45.250.67.255
103.38.70.0/24
103.43.4.0/22
103.50.4.0/22
103.55.6.0/23
103.61.101.0-103.61.103.255
103.69.216.0/22
103.70.144.0/22
103.79.112.0/22
103.87.48.0/23
103.91.68.0/22
103.93.176.0/22
103.122.85.0/24
103.156.168.0/23
103.157.160.0/23
103.159.154.0/23
103.161.230.0-103.161.233.255
103.174.105.0/24
103.175.76.0/23
103.209.204.0/22
103.220.28.0/22
103.237.172.0/22
110.172.137.0/24
110.172.141.0-110.172.142.255
110.172.144.0/24
110.172.163.0/24
110.172.172.0/24
110.172.188.0/24
118.91.184.0/24
118.91.190.0/24
175.111.180.0/24
175.111.182.0/23
202.89.73.0/24
202.89.79.0/24
Signature Algorithm: sha256WithRSAEncryption
13:c6:66:7d:ed:bb:38:90:50:57:b5:65:4d:6a:79:88:a5:43:
b1:ab:6e:fa:99:1c:bf:00:07:b2:53:aa:58:b5:b3:9d:32:38:
e9:6c:2a:47:8c:8d:4a:a4:4e:79:54:0a:d5:ed:31:b5:f3:fe:
2e:63:22:2e:6b:7c:ef:70:42:ed:a3:e9:88:aa:d1:90:97:a6:
ef:b4:7f:f7:91:62:d2:33:aa:c4:09:fb:a4:c2:3e:ff:12:6d:
f8:97:17:ef:c8:fc:03:85:4a:d6:90:a9:85:11:1a:40:ef:57:
3c:c0:0b:ec:b2:09:3b:aa:44:85:df:fb:a9:fa:e5:c7:fd:62:
95:6f:19:f2:0c:e2:89:ad:37:c5:06:a5:88:cb:e0:a5:96:7d:
03:c8:bb:ff:4a:44:98:5f:61:6e:b5:30:e9:87:a2:fd:96:f5:
4c:39:58:63:d7:3b:f8:db:8d:d0:95:f2:de:b5:41:c4:dc:db:
ec:5e:82:d4:d5:39:90:1d:39:1b:6f:5a:02:3f:50:cc:90:af:
33:0e:52:db:93:12:f9:1a:9d:d0:5d:c7:b3:20:60:83:e0:33:
5e:68:e6:d2:2c:0c:88:ea:14:77:e3:7c:bd:29:3e:3a:40:6a:
c3:9b:d0:73:0c:c1:1b:46:5f:41:39:bc:62:7d:f0:5d:bc:d3:
a4:5b:c6:c0
-----BEGIN CERTIFICATE-----
MIIGsTCCBZmgAwIBAgICYyEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwMTE2MDcwMTUwWhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2M0ZjY1ZS0xMDFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3IGYUiXYzRVFc/eNmVqkesZRWnn/RgWZ5Vxts3tRbBye0x4PMrJwDwT3vo1e
CyqRFqAXykxc+36bDFi+CTDUs3ItS2lt3ZmiSsdSNhfg6DOsmYASCXNVIyigiwR9
hG5N5wLQvSnkeUwapGXa+/vTYUECCwUYjoXRd7hzYQ3hkydQ7NqPZHagihwkuQwR
xZDBHrhTHyFh61sSLRFjlqK+WvLCQCm69ayAz5cbjCUUw1ijL8XF6qDsMBW7p9cx
H01opvnvFphLSanjZfZvASHduYJW8XL+2so3zrq4wXAo8hAOq/rup6uJOJJKSywu
Sz1jE5bJnTWVjUT2PJZ9l8VyDwIDAQABo4ID1TCCA9EwHQYDVR0OBBYEFC6P7drq
tU2msEcUcI9oBGuL0a9fMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvQTYxNUREM0E5
NTZCMTFFREFFODdFRTEwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwggFdBggrBgEFBQcBBwEB
/wSCAUwwggFIMIIBRAQCAAEwggE8MAwDBAAOZhEDBAEOZhQDBAEOZi4DBAAOZjED
BAAOZjMDBAAOZjoDBAAOZj0DBAAOZl4DBAAOZmYDBAIr5pwDBAItc/wDBAAtdEQD
BAEtdGowDAMEAC36QQMEAi36QAMEAGcmRgMEAmcrBAMEAmcyBAMEAWc3BjAMAwQA
Zz1lAwQDZz1gAwQCZ0XYAwQCZ0aQAwQCZ09wAwQBZ1cwAwQCZ1tEAwQCZ12wAwQA
Z3pVAwQBZ5yoAwQBZ52gAwQBZ5+aMAwDBAFnoeYDBAFnoegDBABnrmkDBAFnr0wD
BAJn0cwDBAJn3BwDBAJn7awDBABurIkwDAMEAG6sjQMEAG6sjgMEAG6skAMEAG6s
owMEAG6srAMEAG6svAMEAHZbuAMEAHZbvgMEAK9vtAMEAa9vtgMEAMpZSQMEAMpZ
TzANBgkqhkiG9w0BAQsFAAOCAQEAE8Zmfe27OJBQV7VlTWp5iKVDsatu+pkcvwAH
slOqWLWznTI46WwqR4yNSqROeVQK1e0xtfP+LmMiLmt873BC7aPpiKrRkJem77R/
95Fi0jOqxAn7pMI+/xJt+JcX78j8A4VK1pCphREaQO9XPMAL7LIJO6pEhd/7qfrl
x/1ilW8Z8gziia03xQaliMvgpZZ9A8i7/0pEmF9hbrUw6Yei/Zb1TDlYY9c7+NuN
0JXy3rVBxNzb7F6C1NU5kB05G29aAj9QzJCvMw5S25MS+Rqd0F3HsyBgg+AzXmjm
0iwMiOoUd+N8vSk+OkBqw5vQcwzBG0ZfQTm8Yn3wXbzTpFvGwA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:54 2023 by rpki-client on console-ams.rpki-client.org