Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/2E96A63A690A11EF9525E980C4F9AE02.roa
File: 2E96A63A690A11EF9525E980C4F9AE02.roa (raw, json)
Hash identifier: XfoPEJYVNqL9GPN7OO5lgySj9Am2K4GGqFy2jrQL4vA=
Subject key identifier: 5F:34:50:04:3B:14:77:44:DE:C8:87:A6:5F:C3:24:EE:4A:E4:3E:1F
Certificate issuer: /CN=A9157D7A/serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Certificate serial: 0783
Authority key identifier: 40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/2E96A63A690A11EF9525E980C4F9AE02.roa
Signing time: Thu 12 Jun 2025 12:19:51 +0000
ROA not before: Thu 12 Jun 2025 12:19:51 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 45820
IP address blocks: 14.194.0.0/18 maxlen: 24
14.194.64.0/18 maxlen: 24
14.194.128.0/18 maxlen: 24
14.194.208.0/20 maxlen: 24
14.194.240.0/20 maxlen: 24
14.195.0.0/18 maxlen: 24
14.195.64.0/19 maxlen: 24
14.195.96.0/19 maxlen: 24
14.195.128.0/18 maxlen: 24
14.195.192.0/20 maxlen: 24
14.195.208.0/20 maxlen: 24
14.195.240.0/20 maxlen: 24
49.200.0.0/14 maxlen: 14
49.200.0.0/19 maxlen: 24
49.202.208.0/24 maxlen: 24
49.249.0.0/17 maxlen: 24
49.249.128.0/18 maxlen: 24
115.160.217.0/24 maxlen: 24
182.156.0.0/18 maxlen: 22
182.156.0.0/22 maxlen: 24
182.156.4.0/23 maxlen: 24
182.156.8.0/21 maxlen: 24
182.156.16.0/22 maxlen: 24
182.156.22.0/23 maxlen: 24
182.156.24.0/23 maxlen: 24
182.156.28.0/22 maxlen: 24
182.156.32.0/19 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl
rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 27 Jun 2025 22:29:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1923 (0x783)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9157D7A, serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Validity
Not Before: Jun 12 12:19:51 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=684ac5e7-341a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:19:3a:9f:73:b3:4c:ff:e2:2f:4e:33:cb:c0:
3e:55:32:12:62:a2:91:4a:83:a6:dd:e9:2f:ea:1e:
9d:14:8e:9a:15:4f:47:4b:71:85:8b:70:ef:f4:e5:
69:48:bb:04:22:b3:18:59:ac:de:57:15:3c:cc:32:
35:7e:85:76:97:df:aa:1f:14:44:63:46:67:1d:fb:
4f:18:10:e5:c6:2b:4f:1d:43:e1:9a:00:06:b0:ce:
5e:41:5a:a1:ae:c9:d2:85:6a:11:95:5d:6a:a8:e3:
92:45:5c:3d:29:57:1c:f6:5b:23:9d:5f:ff:23:cf:
cb:2f:98:fa:55:65:df:6d:61:0a:23:c9:16:86:75:
78:73:75:c1:c3:4a:94:66:70:d5:f1:52:ee:3b:d2:
80:91:b5:c9:b0:0c:36:0e:9f:63:2a:9e:a4:cd:7e:
7c:c8:64:d5:bd:3d:ef:9c:10:da:54:28:24:69:3f:
29:7e:5b:30:15:3d:02:91:9c:75:ab:2e:72:6a:a7:
99:73:44:80:70:35:4e:bf:5b:36:97:8b:8b:d3:c2:
18:07:ba:1f:7c:53:59:72:7b:7e:69:ff:d4:6d:6b:
82:dc:b8:e2:8f:09:f2:ab:ed:bc:41:29:69:4c:fc:
c0:29:7e:79:df:38:fb:c9:b8:43:1b:9e:e6:ab:19:
37:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:34:50:04:3B:14:77:44:DE:C8:87:A6:5F:C3:24:EE:4A:E4:3E:1F
X509v3 Authority Key Identifier:
keyid:40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/2E96A63A690A11EF9525E980C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.194.0.0-14.194.191.255
14.194.208.0/20
14.194.240.0-14.195.223.255
14.195.240.0/20
49.200.0.0/14
49.249.0.0-49.249.191.255
115.160.217.0/24
182.156.0.0/18
Signature Algorithm: sha256WithRSAEncryption
58:86:ca:52:63:f1:22:6d:12:c8:a9:7b:17:23:de:d4:d9:85:
78:b8:f2:46:98:4e:74:e4:4c:e1:d4:9d:7a:e9:4c:53:4e:5b:
d9:c8:97:57:5a:99:1f:5f:ff:17:2c:06:fe:58:9e:b7:ae:13:
bc:97:21:b3:dd:51:32:04:af:6c:4c:a8:5f:63:cf:13:dd:fc:
a0:50:60:85:9a:3f:6a:16:47:52:ac:47:52:e9:e2:23:1d:1e:
94:01:12:02:c3:81:9f:14:14:e7:8e:6d:be:67:06:37:2b:40:
b5:8c:0f:bb:b9:9e:42:b0:d9:96:79:65:7f:fb:6b:6b:0a:83:
81:39:00:2a:fc:e7:c0:28:b1:5c:87:f6:8c:67:21:89:0b:e6:
ac:fc:57:1e:65:63:fd:99:df:c8:0f:57:02:51:bd:ae:59:3d:
ac:6e:85:f9:88:2c:f5:e7:05:79:32:59:79:4f:3d:40:51:ff:
41:77:0f:80:0c:f1:14:e5:ba:09:4c:04:12:af:19:3c:07:a4:
b2:6b:3c:39:9f:37:a9:32:9f:79:40:f6:02:51:1b:df:59:37:
b4:88:9c:38:b3:bf:88:f8:b2:29:7b:35:73:a3:c5:19:f8:2d:
a4:ba:e6:c3:5a:2c:cf:d8:06:17:42:7e:05:86:7d:c7:6f:8c:
5a:c3:56:b7
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgICB4MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdEN0ExMTAvBgNVBAUTKDQwMUI0Mjk5MDZDOTBFQTAzRUNGQzYxQjE1QkE0RUYx
MjM5MDMzNzkwHhcNMjUwNjEyMTIxOTUxWhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02ODRhYzVlNy0zNDFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvhk6n3OzTP/iL04zy8A+VTISYqKRSoOm3ekv6h6dFI6aFU9HS3GFi3Dv9OVp
SLsEIrMYWazeVxU8zDI1foV2l9+qHxREY0ZnHftPGBDlxitPHUPhmgAGsM5eQVqh
rsnShWoRlV1qqOOSRVw9KVcc9lsjnV//I8/LL5j6VWXfbWEKI8kWhnV4c3XBw0qU
ZnDV8VLuO9KAkbXJsAw2Dp9jKp6kzX58yGTVvT3vnBDaVCgkaT8pflswFT0CkZx1
qy5yaqeZc0SAcDVOv1s2l4uL08IYB7offFNZcnt+af/UbWuC3Ljijwnyq+28QSlp
TPzAKX553zj7ybhDG57mqxk3RwIDAQABo4IC1DCCAtAwHQYDVR0OBBYEFF80UAQ7
FHdE3siHpl/DJO5K5D4fMB8GA1UdIwQYMBaAFEAbQpkGyQ6gPs/GGxW6TvEjkDN5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0Q3QS81RERDQ0NDNjk5
MTUxMUVCOTY3MjcyNDNDNEY5QUUwMi9RQnRDbVFiSkRxQS16OFliRmJwTzhTT1FN
M2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FCdENtUWJKRHFBLXo4WWJGYnBPOFNPUU0zay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdEN0EvNUREQ0NDQzY5OTE1MTFFQjk2NzI3MjQzQzRGOUFFMDIvMkU5NkE2M0E2
OTBBMTFFRjk1MjVFOTgwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwXgYIKwYBBQUHAQcBAf8E
TzBNMEsEAgABMEUwCwMDAQ7CAwQGDsKAAwQEDsLQMAwDBAQOwvADBAUOw8ADBAQO
w/ADAwIxyDALAwMAMfkDBAYx+YADBABzoNkDBAa2nAAwDQYJKoZIhvcNAQELBQAD
ggEBAFiGylJj8SJtEsipexcj3tTZhXi48kaYTnTkTOHUnXrpTFNOW9nIl1damR9f
/xcsBv5YnreuE7yXIbPdUTIEr2xMqF9jzxPd/KBQYIWaP2oWR1KsR1Lp4iMdHpQB
EgLDgZ8UFOeObb5nBjcrQLWMD7u5nkKw2ZZ5ZX/7a2sKg4E5ACr858AosVyH9oxn
IYkL5qz8Vx5lY/2Z38gPVwJRva5ZPaxuhfmILPXnBXkyWXlPPUBR/0F3D4AM8RTl
uglMBBKvGTwHpLJrPDmfN6kyn3lA9gJRG99ZN7SInDizv4j4sil7NXOjxRn4LaS6
5sNaLM/YBhdCfgWGfcdvjFrDVrc=
-----END CERTIFICATE-----
Generated at Sat Jun 21 19:10:42 2025 by rpki-client