Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/BF6C684EC06911ECB1C8AA2BC4F9AE02.roa
File: BF6C684EC06911ECB1C8AA2BC4F9AE02.roa (raw, json)
Hash identifier: ZWdMNV1e7mVUrFsIwFEEte3GDXQUBHpcvkEcSYzjKrI=
Subject key identifier: C4:68:A0:23:D0:DE:C1:10:A6:E5:C0:4E:9A:D7:F5:F9:C6:D9:D9:B1
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 4ED0
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/BF6C684EC06911ECB1C8AA2BC4F9AE02.roa
Signing time: Mon 16 May 2022 04:03:00 +0000
ROA not before: Mon 16 May 2022 04:03:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 132770
IP address blocks: 43.227.20.0/22 maxlen: 24
43.228.72.0/22 maxlen: 24
43.241.24.0/22 maxlen: 24
45.119.57.0/24 maxlen: 24
45.119.58.0/24 maxlen: 24
45.119.59.0/24 maxlen: 24
45.252.72.0/22 maxlen: 24
103.59.104.0/24 maxlen: 24
103.81.36.0/22 maxlen: 24
103.93.240.0/24 maxlen: 24
103.93.241.0/24 maxlen: 24
103.93.242.0/24 maxlen: 24
103.93.243.0/24 maxlen: 24
103.94.56.0/22 maxlen: 23
103.94.57.0/24 maxlen: 24
103.94.58.0/23 maxlen: 24
103.178.206.0/24 maxlen: 24
103.178.207.0/24 maxlen: 24
103.184.86.0/24 maxlen: 24
103.184.87.0/24 maxlen: 24
103.204.36.0/22 maxlen: 24
103.211.60.0/24 maxlen: 24
103.211.61.0/24 maxlen: 24
103.211.62.0/24 maxlen: 24
103.211.63.0/24 maxlen: 24
103.221.72.0/22 maxlen: 24
103.229.244.0/22 maxlen: 24
103.239.84.0/22 maxlen: 24
103.241.80.0/22 maxlen: 24
103.243.112.0/22 maxlen: 24
103.249.240.0/22 maxlen: 24
103.251.208.0/22 maxlen: 24
103.254.52.0/22 maxlen: 24
150.129.128.0/22 maxlen: 24
150.129.156.0/22 maxlen: 24
163.53.200.0/22 maxlen: 24
202.136.68.0/22 maxlen: 24
2404:4980::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20176 (0x4ed0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 16 04:03:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6281ccf4-914e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:50:f2:1b:51:64:c9:a9:96:d0:15:94:a4:3e:
b1:e2:ae:6c:1b:21:c7:12:a9:10:d3:fb:e4:8e:22:
e5:a4:ad:b3:67:cb:2f:f1:99:4b:a0:0f:98:4b:42:
6a:0d:e7:f6:14:7a:a8:41:b9:2f:f5:b5:40:a4:05:
d0:28:6f:35:1d:41:f9:03:33:c2:9e:d6:18:21:f8:
a7:24:5e:4a:58:40:a4:98:d7:08:fa:37:96:76:a1:
05:d2:cd:af:0a:62:b8:d6:a9:5f:e8:6e:76:6b:d3:
f6:32:96:1c:64:49:b0:4d:7e:2c:b2:88:7f:b2:82:
63:71:2f:7f:10:84:ee:0a:ff:ce:2b:1e:27:65:5a:
d9:fe:1b:d2:1e:29:84:e8:28:5f:66:05:f9:41:f0:
b7:11:ff:ab:23:77:1a:8e:19:88:f7:49:2b:c4:f2:
02:92:79:ae:fd:d6:9e:9f:e7:3e:41:c2:a7:ed:d6:
5e:df:b8:c7:71:82:fc:62:f4:ee:61:14:d0:48:18:
46:6f:9b:8d:07:9c:f6:e6:3c:94:24:74:88:91:83:
c1:48:4c:e1:96:47:9f:64:86:74:72:fd:40:c2:89:
ef:c0:e3:92:1e:a4:5c:eb:6e:a9:4e:af:19:00:d7:
58:df:e6:98:9d:ca:7a:1d:a9:5c:ec:25:ad:cb:26:
35:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:68:A0:23:D0:DE:C1:10:A6:E5:C0:4E:9A:D7:F5:F9:C6:D9:D9:B1
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/BF6C684EC06911ECB1C8AA2BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.227.20.0/22
43.228.72.0/22
43.241.24.0/22
45.119.57.0-45.119.59.255
45.252.72.0/22
103.59.104.0/24
103.81.36.0/22
103.93.240.0/22
103.94.56.0/22
103.178.206.0/23
103.184.86.0/23
103.204.36.0/22
103.211.60.0/22
103.221.72.0/22
103.229.244.0/22
103.239.84.0/22
103.241.80.0/22
103.243.112.0/22
103.249.240.0/22
103.251.208.0/22
103.254.52.0/22
150.129.128.0/22
150.129.156.0/22
163.53.200.0/22
202.136.68.0/22
IPv6:
2404:4980::/32
Signature Algorithm: sha256WithRSAEncryption
7a:c6:18:63:87:62:4f:21:ac:77:dd:21:75:8c:9c:6e:73:56:
6b:d5:98:3d:0e:e8:0a:9f:3d:b6:b7:d9:99:3a:e9:d6:60:93:
c1:6b:c6:8d:12:ae:41:e6:e1:fa:bb:8d:31:5e:34:1c:07:84:
ed:af:14:d8:58:04:d7:51:a3:9f:d2:39:f1:aa:9a:9b:8c:7d:
a2:97:c2:6f:44:71:2c:60:fd:4f:c3:b0:3c:57:17:51:f6:a3:
58:54:a3:bc:86:d5:f0:50:95:74:68:11:31:c9:01:7d:a2:8b:
39:c9:8d:c7:52:18:fa:a7:67:2e:4a:0f:e9:44:ed:a4:c9:f8:
b6:93:01:e6:7c:2c:7d:71:28:98:f4:b5:6d:ae:6c:42:f6:cb:
6b:b2:6e:46:49:c0:26:6e:bd:b2:29:e0:67:1d:4d:c3:93:32:
09:d1:6e:ae:8d:2d:ad:72:d7:90:0d:a9:dc:f6:15:2f:eb:e2:
4b:cc:8f:97:63:9b:25:44:5b:18:ec:43:1f:84:04:2d:83:17:
8e:e4:ff:48:79:d4:82:b8:0f:90:47:a5:14:e6:2c:1a:2e:21:
59:bd:c8:ea:76:22:57:9a:e1:f8:08:8f:88:62:ba:c9:78:73:
d2:4f:95:06:60:c7:45:67:d9:49:03:2c:40:93:4f:86:6b:26:
e5:20:be:0e
-----BEGIN CERTIFICATE-----
MIIGHTCCBQWgAwIBAgICTtAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjIwNTE2MDQwMzAwWhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjgxY2NmNC05MTRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxVDyG1FkyamW0BWUpD6x4q5sGyHHEqkQ0/vkjiLlpK2zZ8sv8ZlLoA+YS0Jq
Def2FHqoQbkv9bVApAXQKG81HUH5AzPCntYYIfinJF5KWECkmNcI+jeWdqEF0s2v
CmK41qlf6G52a9P2MpYcZEmwTX4ssoh/soJjcS9/EITuCv/OKx4nZVrZ/hvSHimE
6ChfZgX5QfC3Ef+rI3cajhmI90krxPICknmu/daen+c+QcKn7dZe37jHcYL8YvTu
YRTQSBhGb5uNB5z25jyUJHSIkYPBSEzhlkefZIZ0cv1AwonvwOOSHqRc626pTq8Z
ANdY3+aYncp6Halc7CWtyyY1PwIDAQABo4IDQTCCAz0wHQYDVR0OBBYEFMRooCPQ
3sEQpuXATprX9fnG2dmxMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvQkY2QzY4NEVD
MDY5MTFFQ0IxQzhBQTJCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgcoGCCsGAQUFBwEHAQH/
BIG6MIG3MIGlBAIAATCBngMEAivjFAMEAivkSAMEAivxGDAMAwQALXc5AwQCLXc4
AwQCLfxIAwQAZztoAwQCZ1EkAwQCZ13wAwQCZ144AwQBZ7LOAwQBZ7hWAwQCZ8wk
AwQCZ9M8AwQCZ91IAwQCZ+X0AwQCZ+9UAwQCZ/FQAwQCZ/NwAwQCZ/nwAwQCZ/vQ
AwQCZ/40AwQCloGAAwQCloGcAwQCozXIAwQCyohEMA0EAgACMAcDBQAkBEmAMA0G
CSqGSIb3DQEBCwUAA4IBAQB6xhhjh2JPIax33SF1jJxuc1Zr1Zg9DugKnz22t9mZ
OunWYJPBa8aNEq5B5uH6u40xXjQcB4TtrxTYWATXUaOf0jnxqpqbjH2il8JvRHEs
YP1Pw7A8VxdR9qNYVKO8htXwUJV0aBExyQF9oos5yY3HUhj6p2cuSg/pRO2kyfi2
kwHmfCx9cSiY9LVtrmxC9strsm5GScAmbr2yKeBnHU3DkzIJ0W6ujS2tcteQDanc
9hUv6+JLzI+XY5slRFsY7EMfhAQtgxeO5P9IedSCuA+QR6UU5iwaLiFZvcjqdiJX
muH4CI+IYrrJeHPST5UGYMdFZ9lJAyxAk0+GayblIL4O
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:54 2023 by rpki-client on console-ams.rpki-client.org