Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/98B131BC2F1311EDBD1DF869C4F9AE02.roa
File: 98B131BC2F1311EDBD1DF869C4F9AE02.roa (raw, json)
Hash identifier: fNbGY780wT1+A84lAqRbwkZvXlRzMgRylErop8rugI4=
Subject key identifier: BC:B5:08:1C:F3:6F:10:77:76:7A:09:DC:56:7C:03:DC:40:8F:30:57
Certificate issuer: /CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Certificate serial: 159D
Authority key identifier: C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/98B131BC2F1311EDBD1DF869C4F9AE02.roa
Signing time: Thu 08 Sep 2022 01:14:33 +0000
ROA not before: Thu 08 Sep 2022 01:14:33 +0000
ROA not after: Mon 01 May 2023 00:00:00 +0000
asID: 9443
IP address blocks: 14.137.64.0/18 maxlen: 18
14.137.192.0/19 maxlen: 19
58.178.0.0/16 maxlen: 16
58.179.0.0/16 maxlen: 16
111.220.0.0/16 maxlen: 16
112.141.0.0/16 maxlen: 16
112.213.128.0/18 maxlen: 18
116.240.0.0/16 maxlen: 16
121.79.126.0/23 maxlen: 23
122.148.0.0/16 maxlen: 16
122.149.0.0/16 maxlen: 16
122.150.0.0/16 maxlen: 16
122.151.0.0/16 maxlen: 16
123.3.0.0/16 maxlen: 16
125.168.0.0/16 maxlen: 16
202.4.64.0/19 maxlen: 19
202.7.224.0/19 maxlen: 19
202.14.191.0/24 maxlen: 24
202.14.192.0/22 maxlen: 22
202.61.12.0/24 maxlen: 24
202.61.13.0/24 maxlen: 24
202.62.128.0/19 maxlen: 21
202.67.64.0/18 maxlen: 18
202.76.128.0/18 maxlen: 18
202.86.113.0/24 maxlen: 24
202.86.114.0/23 maxlen: 23
202.86.116.0/23 maxlen: 23
202.86.118.0/24 maxlen: 24
202.128.112.0/20 maxlen: 20
202.128.114.0/23 maxlen: 23
202.130.195.0/24 maxlen: 24
202.130.203.0/24 maxlen: 24
202.130.205.0/24 maxlen: 24
202.130.206.0/24 maxlen: 24
202.130.214.0/24 maxlen: 24
202.130.217.0/24 maxlen: 24
202.138.0.0/18 maxlen: 18
202.154.64.0/18 maxlen: 18
203.16.9.0/24 maxlen: 24
203.16.170.0/24 maxlen: 24
203.21.47.0/24 maxlen: 24
203.21.104.0/24 maxlen: 24
203.23.116.0/24 maxlen: 24
203.24.100.0/23 maxlen: 23
203.28.168.0/24 maxlen: 24
203.30.143.0/24 maxlen: 24
203.30.211.0/24 maxlen: 24
203.34.15.0/24 maxlen: 24
203.56.5.0/24 maxlen: 24
203.57.110.0/24 maxlen: 24
203.62.135.0/24 maxlen: 24
203.91.224.0/19 maxlen: 19
203.91.224.0/20 maxlen: 20
203.91.240.0/21 maxlen: 21
203.123.64.0/20 maxlen: 20
203.132.224.0/19 maxlen: 19
203.134.0.0/17 maxlen: 17
203.134.128.0/18 maxlen: 18
203.142.128.0/19 maxlen: 19
203.161.160.0/20 maxlen: 20
203.190.192.0/20 maxlen: 20
203.191.160.0/19 maxlen: 19
203.212.128.0/19 maxlen: 19
210.50.0.0/16 maxlen: 16
210.86.240.0/20 maxlen: 20
211.26.0.0/16 maxlen: 16
211.27.0.0/16 maxlen: 16
218.214.0.0/16 maxlen: 16
218.215.0.0/16 maxlen: 16
2403:4800::/32 maxlen: 32
2403:9e00::/32 maxlen: 32
2403:fc00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5533 (0x159d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Validity
Not Before: Sep 8 01:14:33 2022 GMT
Not After : May 1 00:00:00 2023 GMT
Subject: CN=631941f9-9e04
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:9e:96:1d:e1:7d:9e:9f:bb:8a:79:c3:f0:cd:
38:15:55:ac:44:18:12:53:14:dd:88:2e:01:41:9a:
b0:7b:83:95:7e:9d:6f:51:1f:69:b3:d9:f8:2b:6f:
d9:3a:02:14:5d:18:5d:b5:1a:4c:93:db:d9:c3:60:
8a:2f:54:41:84:0f:a7:6a:3f:d1:1f:bd:2d:ab:e2:
b2:79:69:30:1a:2e:d2:7b:49:fa:2e:4f:88:7b:1d:
03:f6:86:fe:65:3d:22:44:0c:c7:07:9b:de:a3:da:
7d:7c:54:ac:18:eb:e4:c9:5d:d5:40:73:bb:7c:91:
7c:37:22:99:2b:db:78:75:16:2a:8c:29:72:5e:b7:
36:8d:56:5a:c0:ba:4c:f0:99:d3:d9:e5:5e:1b:2c:
69:71:1c:fc:a9:b3:61:5e:7f:6e:96:3b:13:dd:dc:
18:34:76:d9:e2:49:65:a7:dd:b8:c6:d9:00:c0:dc:
e6:08:f7:ab:5a:94:1a:83:96:7e:d3:9e:c2:9f:91:
ac:2e:f5:cd:b1:d7:f4:fa:e8:70:d7:49:c2:a5:0f:
c7:b7:41:60:f2:ca:8c:19:a1:0c:44:38:4d:76:39:
8b:0b:10:5c:ea:a2:36:f5:67:07:ac:47:2d:f8:a6:
f3:f3:31:d8:7e:16:99:cf:a3:2e:d6:65:c9:06:f7:
58:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:B5:08:1C:F3:6F:10:77:76:7A:09:DC:56:7C:03:DC:40:8F:30:57
X509v3 Authority Key Identifier:
keyid:C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/98B131BC2F1311EDBD1DF869C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.137.64.0/18
14.137.192.0/19
58.178.0.0/15
111.220.0.0/16
112.141.0.0/16
112.213.128.0/18
116.240.0.0/16
121.79.126.0/23
122.148.0.0/14
123.3.0.0/16
125.168.0.0/16
202.4.64.0/19
202.7.224.0/19
202.14.191.0-202.14.195.255
202.61.12.0/23
202.62.128.0/19
202.67.64.0/18
202.76.128.0/18
202.86.113.0-202.86.118.255
202.128.112.0/20
202.130.195.0/24
202.130.203.0/24
202.130.205.0-202.130.206.255
202.130.214.0/24
202.130.217.0/24
202.138.0.0/18
202.154.64.0/18
203.16.9.0/24
203.16.170.0/24
203.21.47.0/24
203.21.104.0/24
203.23.116.0/24
203.24.100.0/23
203.28.168.0/24
203.30.143.0/24
203.30.211.0/24
203.34.15.0/24
203.56.5.0/24
203.57.110.0/24
203.62.135.0/24
203.91.224.0/19
203.123.64.0/20
203.132.224.0/19
203.134.0.0-203.134.191.255
203.142.128.0/19
203.161.160.0/20
203.190.192.0/20
203.191.160.0/19
203.212.128.0/19
210.50.0.0/16
210.86.240.0/20
211.26.0.0/15
218.214.0.0/15
IPv6:
2403:4800::/32
2403:9e00::/32
2403:fc00::/32
Signature Algorithm: sha256WithRSAEncryption
2c:ae:6c:df:3d:77:ad:7b:d3:c0:35:fb:5e:4c:3f:24:0d:e5:
97:d7:8d:32:d1:d5:1a:fd:ed:e8:48:1a:a9:88:7e:c0:d4:a7:
3a:e4:bb:46:fc:85:4c:3f:5e:66:72:6d:54:68:87:24:9a:ae:
8b:9d:37:fb:38:2f:72:69:1f:9f:99:36:16:63:f5:9c:f5:f8:
6b:10:7b:28:8a:2c:eb:98:d8:51:3b:08:8e:cb:e3:5f:59:9d:
5f:c1:4c:1f:84:e1:22:4d:72:37:9c:ef:3c:db:36:77:2d:f7:
6b:ed:24:2e:a6:a4:a3:b6:6e:d5:55:5c:b1:9f:31:e9:2e:5c:
02:9a:1d:e7:cf:bf:64:bb:7e:50:56:ae:ae:a3:88:34:c5:da:
0d:59:5f:df:8d:37:da:d7:2b:3c:9a:6c:ff:2b:74:e1:bf:c7:
5f:85:0d:28:7f:da:0f:02:f5:ec:46:70:17:c9:b6:87:ff:64:
ac:00:86:f3:d2:ab:c1:fd:08:da:ed:6c:23:fd:ee:ca:47:0b:
bb:b3:9f:26:a1:9a:74:7c:5d:18:27:e3:4b:4f:df:b4:34:6a:
b5:c7:95:28:25:34:d5:4c:f3:a2:61:7d:fe:44:22:47:d4:0c:
51:a5:ac:f5:49:58:bd:93:0f:2e:58:ed:d5:f6:e9:83:42:0b:
0c:8a:c3:6d
-----BEGIN CERTIFICATE-----
MIIG5TCCBc2gAwIBAgICFZ0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUFFM0QxMTAvBgNVBAUTKEM3MjY5QjEyNEM0MjBDNTVFMjlGQjUxRDNDMUIwRDlE
NDc2Q0JEMDAwHhcNMjIwOTA4MDExNDMzWhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzE5NDFmOS05ZTA0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx56WHeF9np+7innD8M04FVWsRBgSUxTdiC4BQZqwe4OVfp1vUR9ps9n4K2/Z
OgIUXRhdtRpMk9vZw2CKL1RBhA+naj/RH70tq+KyeWkwGi7Se0n6Lk+Iex0D9ob+
ZT0iRAzHB5veo9p9fFSsGOvkyV3VQHO7fJF8NyKZK9t4dRYqjClyXrc2jVZawLpM
8JnT2eVeGyxpcRz8qbNhXn9uljsT3dwYNHbZ4kllp924xtkAwNzmCPerWpQag5Z+
057Cn5GsLvXNsdf0+uhw10nCpQ/Ht0Fg8sqMGaEMRDhNdjmLCxBc6qI29WcHrEct
+Kbz8zHYfhaZz6Mu1mXJBvdYHQIDAQABo4IECTCCBAUwHQYDVR0OBBYEFLy1CBzz
bxB3dnoJ3FZ8A9xAjzBXMB8GA1UdIwQYMBaAFMcmmxJMQgxV4p+1HTwbDZ1HbL0A
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQUUzRC85N0I2RTBDRTc1
REUxMUU4QjcwNEEyNDZDNEY5QUUwMi94eWFiRWt4Q0RGWGluN1VkUEJzTm5VZHN2
UUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3h5YWJFa3hDREZYaW43VWRQQnNOblVkc3ZRQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUFFM0QvOTdCNkUwQ0U3NURFMTFFOEI3MDRBMjQ2QzRGOUFFMDIvOThCMTMxQkMy
RjEzMTFFREJEMURGODY5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwggGRBggrBgEFBQcBBwEB
/wSCAYAwggF8MIIBWwQCAAEwggFTAwQGDolAAwQFDonAAwMBOrIDAwBv3AMDAHCN
AwQGcNWAAwMAdPADBAF5T34DAwJ6lAMDAHsDAwMAfagDBAXKBEADBAXKB+AwDAME
AMoOvwMEAsoOwAMEAco9DAMEBco+gAMEBspDQAMEBspMgDAMAwQAylZxAwQAylZ2
AwQEyoBwAwQAyoLDAwQAyoLLMAwDBADKgs0DBADKgs4DBADKgtYDBADKgtkDBAbK
igADBAbKmkADBADLEAkDBADLEKoDBADLFS8DBADLFWgDBADLF3QDBAHLGGQDBADL
HKgDBADLHo8DBADLHtMDBADLIg8DBADLOAUDBADLOW4DBADLPocDBAXLW+ADBATL
e0ADBAXLhOAwCwMDAcuGAwQGy4aAAwQFy46AAwQEy6GgAwQEy77AAwQFy7+gAwQF
y9SAAwMA0jIDBATSVvADAwHTGgMDAdrWMBsEAgACMBUDBQAkA0gAAwUAJAOeAAMF
ACQD/AAwDQYJKoZIhvcNAQELBQADggEBACyubN89d61708A1+15MPyQN5ZfXjTLR
1Rr97ehIGqmIfsDUpzrku0b8hUw/XmZybVRohySaroudN/s4L3JpH5+ZNhZj9Zz1
+GsQeyiKLOuY2FE7CI7L419ZnV/BTB+E4SJNcjec7zzbNnct92vtJC6mpKO2btVV
XLGfMekuXAKaHefPv2S7flBWrq6jiDTF2g1ZX9+NN9rXKzyabP8rdOG/x1+FDSh/
2g8C9exGcBfJtof/ZKwAhvPSq8H9CNrtbCP97spHC7uznyahmnR8XRgn40tP37Q0
arXHlSglNNVM86Jhff5EIkfUDFGlrPVJWL2TDy5Y7dX26YNCCwyKw20=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:23:13 2023 by rpki-client on console-fra.rpki-client.org