Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/D10EFB929CEF11EFBC7DBF10C4F9AE02.roa
File: D10EFB929CEF11EFBC7DBF10C4F9AE02.roa (raw, json)
Hash identifier: 7vdZWBHLzW0yiWO3Ww0M7l1Vt2KA09jKFBiV6IGbmv0=
Subject key identifier: 72:C6:0F:F6:E1:C6:79:78:7D:63:F7:4E:73:FA:E2:D3:9B:D4:95:15
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: 9CCF
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/D10EFB929CEF11EFBC7DBF10C4F9AE02.roa
Signing time: Thu 07 Nov 2024 10:13:20 +0000
ROA not before: Thu 07 Nov 2024 10:13:20 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 133594
IP address blocks: 14.102.0.0/22 maxlen: 24
14.102.3.0/24 maxlen: 24
14.102.22.0/23 maxlen: 24
14.102.24.0/22 maxlen: 24
14.102.28.0/22 maxlen: 24
14.102.32.0/22 maxlen: 24
14.102.36.0/23 maxlen: 24
14.102.38.0/24 maxlen: 24
14.102.40.0/22 maxlen: 24
14.102.43.0/24 maxlen: 24
14.102.44.0/24 maxlen: 24
14.102.45.0/24 maxlen: 24
14.102.48.0/24 maxlen: 24
14.102.50.0/24 maxlen: 24
14.102.56.0/23 maxlen: 24
14.102.57.0/24 maxlen: 24
14.102.64.0/22 maxlen: 24
14.102.66.0/24 maxlen: 24
14.102.68.0/22 maxlen: 24
14.102.72.0/22 maxlen: 24
14.102.76.0/23 maxlen: 24
14.102.78.0/24 maxlen: 24
14.102.80.0/22 maxlen: 24
14.102.88.0/24 maxlen: 24
14.102.92.0/22 maxlen: 24
14.102.96.0/22 maxlen: 24
14.102.100.0/22 maxlen: 24
14.102.104.0/22 maxlen: 24
14.102.108.0/22 maxlen: 24
14.102.112.0/22 maxlen: 24
14.102.116.0/22 maxlen: 24
14.102.120.0/22 maxlen: 24
14.102.123.0/24 maxlen: 24
14.102.124.0/22 maxlen: 24
110.172.136.0/24 maxlen: 24
110.172.150.0/24 maxlen: 24
110.172.168.0/24 maxlen: 24
111.235.64.0/22 maxlen: 24
118.91.176.0/24 maxlen: 24
202.89.70.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 40143 (0x9ccf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Nov 7 10:13:20 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=672c92bf-d00d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:c1:5a:95:18:a9:47:12:00:de:2c:62:21:aa:
14:08:78:b9:5e:b4:d8:42:43:23:62:8f:5f:f9:d1:
9c:b8:03:f2:c0:92:d4:76:9b:24:c6:b9:d0:68:59:
4c:8c:10:03:e5:f0:e7:3b:e1:18:77:5a:11:bd:06:
5f:d7:0a:ad:a5:9b:d5:29:6e:42:f9:c0:59:4b:1d:
76:d3:97:ff:80:cc:5f:f2:4c:89:eb:b7:0e:1c:03:
ab:3a:45:10:36:fb:8d:98:cd:84:00:a8:03:97:49:
63:30:8f:de:a6:67:23:ae:1a:4f:21:5a:26:42:8e:
6e:aa:40:1a:fd:f8:6c:56:65:af:b4:ec:0b:2b:70:
4e:c5:9e:6b:0b:50:31:f7:cc:e0:d3:af:7f:e1:fe:
2a:f8:17:8b:7e:70:8f:8d:29:4e:22:3c:13:09:8e:
87:3a:82:e6:f1:7d:4a:9f:65:7e:ca:6b:d3:4e:8d:
5b:c7:55:c1:68:73:fe:f9:78:92:e3:89:3f:92:ef:
ac:46:b9:84:5c:05:c1:91:41:33:91:6c:ab:0f:6f:
d1:a1:3b:b9:43:8c:04:da:bc:a4:6d:73:a2:c2:7f:
a3:a2:61:2e:49:ac:3c:e8:6a:5a:74:fb:a3:86:46:
79:d2:6a:4a:ea:8c:33:39:a2:62:3b:9c:66:dd:e2:
3a:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:C6:0F:F6:E1:C6:79:78:7D:63:F7:4E:73:FA:E2:D3:9B:D4:95:15
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/D10EFB929CEF11EFBC7DBF10C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.102.0.0/22
14.102.22.0-14.102.38.255
14.102.40.0-14.102.45.255
14.102.48.0/24
14.102.50.0/24
14.102.56.0/23
14.102.64.0-14.102.78.255
14.102.80.0/22
14.102.88.0/24
14.102.92.0-14.102.127.255
110.172.136.0/24
110.172.150.0/24
110.172.168.0/24
111.235.64.0/22
118.91.176.0/24
202.89.70.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:a5:f4:13:f8:06:40:20:78:2c:53:6b:f0:85:11:c1:b7:4f:
5f:5e:8d:ca:2f:42:6f:fa:c3:a0:b2:b1:a1:4f:58:06:c9:5e:
77:72:d8:6b:ed:0a:54:a2:dd:b4:6d:d4:e3:a2:6b:9a:20:96:
8a:6f:cf:bc:92:1a:d4:32:86:c0:06:1a:18:3b:17:be:0b:c8:
95:fb:3d:4b:03:55:0d:10:90:bd:21:ef:7c:1a:00:c8:85:c5:
79:d6:d6:36:6d:84:9d:a6:d2:c0:f7:93:72:bf:53:2f:f7:1a:
2b:54:0a:46:f4:42:d7:d4:e0:e3:a5:53:00:05:64:da:46:45:
80:a3:be:19:d5:6a:32:b1:2d:f3:9e:39:20:7b:9f:9c:65:e3:
d1:8f:f7:62:37:22:0b:a8:c5:c4:13:d8:21:fe:13:83:a2:4e:
03:0f:3b:8c:2e:82:ee:dc:b9:23:c4:f3:55:aa:0f:85:cb:1e:
62:be:0d:7a:39:74:73:f3:27:86:84:69:b6:ff:25:c7:a9:fb:
6d:f7:de:40:a9:79:5e:80:4b:1a:57:8a:75:0c:b5:e3:b2:4a:
01:c1:da:42:98:7d:79:79:c0:03:1a:2d:e6:af:2f:56:49:a1:
9d:61:c3:0b:f6:c2:7b:a3:ad:96:02:60:54:3c:0b:f2:25:e6:
ec:ec:55:f6
-----BEGIN CERTIFICATE-----
MIIF8TCCBNmgAwIBAgIDAJzPMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI0MTEwNzEwMTMyMFoXDTI1MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjcyYzkyYmYtZDAwZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMLBWpUYqUcSAN4sYiGqFAh4uV602EJDI2KPX/nRnLgD8sCS1HabJMa50GhZ
TIwQA+Xw5zvhGHdaEb0GX9cKraWb1SluQvnAWUsddtOX/4DMX/JMieu3DhwDqzpF
EDb7jZjNhACoA5dJYzCP3qZnI64aTyFaJkKObqpAGv34bFZlr7TsCytwTsWeawtQ
MffM4NOvf+H+KvgXi35wj40pTiI8EwmOhzqC5vF9Sp9lfspr006NW8dVwWhz/vl4
kuOJP5LvrEa5hFwFwZFBM5Fsqw9v0aE7uUOMBNq8pG1zosJ/o6JhLkmsPOhqWnT7
o4ZGedJqSuqMMzmiYjucZt3iOokCAwEAAaOCAxQwggMQMB0GA1UdDgQWBBRyxg/2
4cZ5eH1j905z+uLTm9SVFTAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0QxMEVGQjky
OUNFRjExRUZCQzdEQkYxMEM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIGdBggrBgEFBQcBBwEB
/wSBjTCBijCBhwQCAAEwgYADBAIOZgAwDAMEAQ5mFgMEAA5mJjAMAwQDDmYoAwQB
DmYsAwQADmYwAwQADmYyAwQBDmY4MAwDBAYOZkADBAAOZk4DBAIOZlADBAAOZlgw
DAMEAg5mXAMEBw5mAAMEAG6siAMEAG6slgMEAG6sqAMEAm/rQAMEAHZbsAMEAMpZ
RjANBgkqhkiG9w0BAQsFAAOCAQEAHKX0E/gGQCB4LFNr8IURwbdPX16Nyi9Cb/rD
oLKxoU9YBsled3LYa+0KVKLdtG3U46JrmiCWim/PvJIa1DKGwAYaGDsXvgvIlfs9
SwNVDRCQvSHvfBoAyIXFedbWNm2EnabSwPeTcr9TL/caK1QKRvRC19Tg46VTAAVk
2kZFgKO+GdVqMrEt8545IHufnGXj0Y/3YjciC6jFxBPYIf4Tg6JOAw87jC6C7ty5
I8TzVaoPhcseYr4Nejl0c/MnhoRptv8lx6n7bffeQKl5XoBLGleKdQy147JKAcHa
Qph9eXnAAxot5q8vVkmhnWHDC/bCe6OtlgJgVDwL8iXm7OxV9g==
-----END CERTIFICATE-----
Generated at Sat Apr 26 13:00:17 2025 by rpki-client