Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/C5251E64F97A11EFA49F1830C4F9AE02.roa
File: C5251E64F97A11EFA49F1830C4F9AE02.roa (raw, json)
Hash identifier: 1s6o144svvuBT7bM0nKhLdrQKAxPDy6rl1DbIqyk5zw=
Subject key identifier: A8:EE:6E:81:FA:90:15:BE:98:B8:11:DD:AE:6B:27:9A:84:02:99:43
Certificate issuer: /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial: 0D25
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/C5251E64F97A11EFA49F1830C4F9AE02.roa
Signing time: Wed 23 Apr 2025 15:02:29 +0000
ROA not before: Wed 23 Apr 2025 15:02:29 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 133933
IP address blocks: 14.192.128.0/24 maxlen: 24
14.192.129.0/24 maxlen: 24
14.192.130.0/24 maxlen: 24
14.192.131.0/24 maxlen: 24
14.192.132.0/24 maxlen: 24
14.192.133.0/24 maxlen: 24
14.192.136.0/24 maxlen: 24
14.192.139.0/24 maxlen: 24
14.192.140.0/24 maxlen: 24
14.192.141.0/24 maxlen: 24
14.192.142.0/24 maxlen: 24
14.192.143.0/24 maxlen: 24
14.192.145.0/24 maxlen: 24
14.192.147.0/24 maxlen: 24
14.192.148.0/24 maxlen: 24
14.192.153.0/24 maxlen: 24
14.192.155.0/24 maxlen: 24
14.192.156.0/24 maxlen: 24
14.192.157.0/24 maxlen: 24
14.192.159.0/24 maxlen: 24
43.247.120.0/24 maxlen: 24
43.247.121.0/24 maxlen: 24
43.247.122.0/24 maxlen: 24
43.247.123.0/24 maxlen: 24
103.20.132.0/24 maxlen: 24
103.20.133.0/24 maxlen: 24
103.20.134.0/24 maxlen: 24
103.20.135.0/24 maxlen: 24
111.92.128.0/19 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 01 May 2025 19:59:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3365 (0xd25)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915A0CD, serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Validity
Not Before: Apr 23 15:02:29 2025 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=68090105-0960
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:8e:57:fa:69:fa:03:9e:6a:7c:da:b5:8e:ec:
a2:18:90:58:d4:04:6d:77:ff:2d:16:ed:50:06:2f:
2e:d0:4a:cf:e9:d3:a2:8e:93:13:32:af:2f:9d:1c:
73:9b:1d:ca:f3:f4:8c:ba:5e:d4:db:a3:d4:91:18:
94:77:bd:ce:29:59:22:26:14:60:61:c2:df:11:34:
65:8e:f3:0c:96:3d:ff:db:b5:69:c9:2c:e8:ef:4d:
d6:25:3e:de:c4:3e:03:d9:f6:0c:a0:00:d5:b3:44:
92:61:2b:59:b4:88:85:1b:0d:7d:a2:fd:fe:3c:3f:
a6:c7:b6:bb:77:f8:c2:72:69:22:8c:be:9b:f6:50:
86:72:83:95:c6:d9:1f:ab:de:b3:31:66:38:77:04:
d3:aa:dc:bb:a7:b2:63:2f:c4:80:85:20:cd:aa:52:
60:59:84:25:e8:7b:5b:9a:8d:a7:3f:fd:aa:3b:b8:
af:20:16:36:61:7d:2e:0a:9f:64:98:a7:34:3c:ac:
ee:b6:dc:27:ff:c7:86:9f:db:bd:f9:99:b8:d4:a7:
a5:35:66:25:00:d1:2b:ee:fe:b3:58:b1:2f:7c:ce:
c5:42:c9:cb:39:d9:a5:6b:ed:9c:9b:15:5c:40:cf:
15:82:6e:cc:7b:c1:4b:75:71:99:34:b2:07:27:f4:
be:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:EE:6E:81:FA:90:15:BE:98:B8:11:DD:AE:6B:27:9A:84:02:99:43
X509v3 Authority Key Identifier:
keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/C5251E64F97A11EFA49F1830C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.192.128.0-14.192.133.255
14.192.136.0/24
14.192.139.0-14.192.143.255
14.192.145.0/24
14.192.147.0-14.192.148.255
14.192.153.0/24
14.192.155.0-14.192.157.255
14.192.159.0/24
43.247.120.0/22
103.20.132.0/22
111.92.128.0/19
Signature Algorithm: sha256WithRSAEncryption
b7:53:ae:63:d4:3e:25:53:47:ee:02:23:cd:99:21:e9:12:e9:
87:58:d1:44:55:dd:ee:19:93:7d:dc:f1:09:dc:35:ff:7a:7f:
d4:c3:cc:4b:0e:38:3b:be:9b:13:45:f0:f4:1e:d6:ba:2a:f0:
f3:c7:d3:23:44:29:96:4d:53:b9:10:09:df:48:d1:47:e8:19:
94:f2:43:44:b6:cc:17:cb:72:dd:71:a1:9c:60:68:58:ef:89:
af:69:1d:2c:18:55:83:ff:c1:20:62:51:32:fb:7f:91:26:c6:
61:3d:1f:5f:dc:38:f7:5b:2a:bc:62:38:8f:07:de:ba:ec:d7:
62:d4:3e:cc:5d:4b:0f:c8:51:ef:36:b2:96:80:84:23:1b:fa:
22:17:e7:02:8b:42:8f:27:1b:f6:e2:2b:c5:f2:76:df:9f:6e:
d6:2b:39:04:e4:08:20:96:74:0a:9b:db:40:b0:d9:40:7c:4d:
8f:0a:5f:43:f6:91:29:0a:f9:4c:2c:99:5f:d6:b8:ee:4c:66:
50:79:cb:56:75:b5:63:db:80:21:32:be:1d:aa:64:5d:54:bc:
5d:6c:2a:12:62:70:40:7e:39:31:39:79:0f:12:fb:43:64:b2:
5f:fd:6a:9e:27:2e:bf:84:4a:1a:09:e4:c4:47:62:f1:18:ba:
ae:12:86:9c
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgICDSUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjUwNDIzMTUwMjI5WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODA5MDEwNS0wOTYwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoo5X+mn6A55qfNq1juyiGJBY1ARtd/8tFu1QBi8u0ErP6dOijpMTMq8vnRxz
mx3K8/SMul7U26PUkRiUd73OKVkiJhRgYcLfETRljvMMlj3/27VpySzo703WJT7e
xD4D2fYMoADVs0SSYStZtIiFGw19ov3+PD+mx7a7d/jCcmkijL6b9lCGcoOVxtkf
q96zMWY4dwTTqty7p7JjL8SAhSDNqlJgWYQl6Htbmo2nP/2qO7ivIBY2YX0uCp9k
mKc0PKzuttwn/8eGn9u9+Zm41KelNWYlANEr7v6zWLEvfM7FQsnLOdmla+2cmxVc
QM8Vgm7Me8FLdXGZNLIHJ/S+WQIDAQABo4IC8TCCAu0wHQYDVR0OBBYEFKjuboH6
kBW+mLgR3a5rJ5qEAplDMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvQzUyNTFFNjRG
OTdBMTFFRkE0OUYxODMwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwewYIKwYBBQUHAQcBAf8E
bDBqMGgEAgABMGIwDAMEBw7AgAMEAQ7AhAMEAA7AiDAMAwQADsCLAwQEDsCAAwQA
DsCRMAwDBAAOwJMDBAAOwJQDBAAOwJkwDAMEAA7AmwMEAQ7AnAMEAA7AnwMEAiv3
eAMEAmcUhAMEBW9cgDANBgkqhkiG9w0BAQsFAAOCAQEAt1OuY9Q+JVNH7gIjzZkh
6RLph1jRRFXd7hmTfdzxCdw1/3p/1MPMSw44O76bE0Xw9B7Wuirw88fTI0Qplk1T
uRAJ30jRR+gZlPJDRLbMF8ty3XGhnGBoWO+Jr2kdLBhVg//BIGJRMvt/kSbGYT0f
X9w491sqvGI4jwfeuuzXYtQ+zF1LD8hR7zayloCEIxv6IhfnAotCjycb9uIrxfJ2
359u1is5BOQIIJZ0CpvbQLDZQHxNjwpfQ/aRKQr5TCyZX9a47kxmUHnLVnW1Y9uA
ITK+HapkXVS8XWwqEmJwQH45MTl5DxL7Q2SyX/1qnicuv4RKGgnkxEdi8Ri6rhKG
nA==
-----END CERTIFICATE-----
Generated at Sat Apr 26 08:06:25 2025 by rpki-client