Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A913C627/C265C1A4D07D11EA8600986DC4F9AE02/FFB3EF94F53C11EEA5B4623BC4F9AE02.roa
File: FFB3EF94F53C11EEA5B4623BC4F9AE02.roa (raw, json)
Hash identifier: qCV1CGEKKAAFyjh2aY/pv/O3Ul0oy0qB9pbyOTWaQu4=
Subject key identifier: EF:AC:CC:71:2B:CE:1A:C9:E6:8F:96:D2:86:B6:E3:46:99:C6:41:9D
Certificate issuer: /CN=A913C627/serialNumber=6FFA5DB159D40A3A172DBC74F5C32B55517979AF
Certificate serial: 0853
Authority key identifier: 6F:FA:5D:B1:59:D4:0A:3A:17:2D:BC:74:F5:C3:2B:55:51:79:79:AF
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/b_pdsVnUCjoXLbx09cMrVVF5ea8.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A913C627/C265C1A4D07D11EA8600986DC4F9AE02/FFB3EF94F53C11EEA5B4623BC4F9AE02.roa
Signing time: Wed 02 Apr 2025 21:21:53 +0000
ROA not before: Wed 02 Apr 2025 21:21:53 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 9738
IP address blocks: 61.14.96.0/19 maxlen: 19
61.14.96.0/23 maxlen: 24
61.14.98.0/23 maxlen: 24
61.14.100.0/24 maxlen: 24
61.14.101.0/24 maxlen: 24
61.14.102.0/23 maxlen: 24
61.14.104.0/24 maxlen: 24
61.14.105.0/24 maxlen: 24
61.14.106.0/24 maxlen: 24
61.14.107.0/24 maxlen: 24
61.14.108.0/24 maxlen: 24
61.14.109.0/24 maxlen: 24
61.14.110.0/24 maxlen: 24
61.14.111.0/24 maxlen: 24
61.14.112.0/24 maxlen: 24
61.14.113.0/24 maxlen: 24
61.14.114.0/24 maxlen: 24
61.14.115.0/24 maxlen: 24
61.14.116.0/24 maxlen: 24
61.14.117.0/24 maxlen: 24
61.14.118.0/24 maxlen: 24
61.14.119.0/24 maxlen: 24
61.14.121.0/24 maxlen: 24
61.14.122.0/24 maxlen: 24
61.14.123.0/24 maxlen: 24
61.14.127.0/24 maxlen: 24
103.28.196.0/22 maxlen: 22
103.28.196.0/23 maxlen: 23
103.28.198.0/23 maxlen: 23
202.148.224.0/21 maxlen: 21
202.148.224.0/24 maxlen: 24
202.148.225.0/24 maxlen: 24
202.148.226.0/24 maxlen: 24
202.148.227.0/24 maxlen: 24
202.148.228.0/24 maxlen: 24
202.148.229.0/24 maxlen: 24
202.148.231.0/24 maxlen: 24
202.148.232.0/24 maxlen: 24
202.148.233.0/24 maxlen: 24
202.148.234.0/23 maxlen: 23
202.148.234.0/24 maxlen: 24
202.148.235.0/24 maxlen: 24
202.148.236.0/22 maxlen: 22
202.148.236.0/23 maxlen: 24
202.148.238.0/24 maxlen: 24
202.148.239.0/24 maxlen: 24
203.19.157.0/24 maxlen: 24
210.18.192.0/22 maxlen: 24
210.18.196.0/24 maxlen: 24
210.18.197.0/24 maxlen: 24
210.18.198.0/24 maxlen: 24
210.18.199.0/24 maxlen: 24
210.18.200.0/24 maxlen: 24
210.18.201.0/24 maxlen: 24
210.18.202.0/23 maxlen: 23
210.18.202.0/24 maxlen: 24
210.18.203.0/24 maxlen: 24
210.18.204.0/22 maxlen: 22
210.18.204.0/24 maxlen: 24
210.18.205.0/24 maxlen: 24
210.18.207.0/24 maxlen: 24
210.18.208.0/20 maxlen: 21
210.18.208.0/23 maxlen: 24
210.18.210.0/23 maxlen: 24
210.18.212.0/23 maxlen: 24
210.18.214.0/23 maxlen: 24
210.18.216.0/21 maxlen: 24
210.18.224.0/20 maxlen: 20
210.18.224.0/21 maxlen: 21
210.18.227.0/24 maxlen: 24
210.18.232.0/24 maxlen: 24
210.18.233.0/24 maxlen: 24
210.18.234.0/23 maxlen: 24
210.18.236.0/22 maxlen: 22
210.18.236.0/24 maxlen: 24
210.18.237.0/24 maxlen: 24
210.18.238.0/24 maxlen: 24
210.18.239.0/24 maxlen: 24
210.18.240.0/24 maxlen: 24
210.18.241.0/24 maxlen: 24
210.18.242.0/24 maxlen: 24
210.18.243.0/24 maxlen: 24
210.18.244.0/22 maxlen: 22
210.18.248.0/23 maxlen: 23
210.18.248.0/24 maxlen: 24
210.18.250.0/23 maxlen: 23
210.18.251.0/24 maxlen: 24
210.18.252.0/24 maxlen: 24
210.18.253.0/24 maxlen: 24
210.18.254.0/24 maxlen: 24
210.18.255.0/24 maxlen: 24
2403:c800::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A913C627/C265C1A4D07D11EA8600986DC4F9AE02/b_pdsVnUCjoXLbx09cMrVVF5ea8.crl
rsync://rpki.apnic.net/member_repository/A913C627/C265C1A4D07D11EA8600986DC4F9AE02/b_pdsVnUCjoXLbx09cMrVVF5ea8.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/b_pdsVnUCjoXLbx09cMrVVF5ea8.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 11 Apr 2025 21:01:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2131 (0x853)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A913C627
Validity
Not Before: Apr 2 21:21:53 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=67edaa70-f2e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:29:f1:3f:9f:1c:6c:36:b6:92:10:a0:4f:cf:
99:88:d6:0c:cd:bd:1e:63:38:31:f2:52:81:8a:ef:
ce:24:a1:02:13:7c:2e:80:67:6d:7e:6c:a2:0c:48:
07:09:78:0c:b4:1a:f8:39:32:84:ee:64:01:56:69:
f5:66:0a:4a:55:6e:3f:53:a6:7c:c2:5b:6e:8f:b7:
8c:a9:d5:27:6c:2b:88:57:69:53:6c:b5:d0:3a:4a:
48:14:78:68:d8:b6:9f:5b:40:b4:a5:e7:e7:02:d6:
a4:2a:13:88:71:c0:72:14:b6:ed:ff:e8:de:ad:da:
65:c3:a5:17:92:5d:b7:d3:dc:68:a9:e7:79:5c:17:
79:3d:98:dc:05:52:74:e8:bc:0e:e6:54:c9:7d:d7:
f6:49:1c:88:52:ef:37:50:75:3f:04:bd:05:a6:e5:
6e:7c:8d:2a:30:c9:ce:a2:14:8a:5d:1e:61:6a:71:
9a:9c:68:50:d2:6a:ce:b2:60:4e:50:f4:55:40:70:
d1:10:7e:6e:30:4a:a3:e6:32:4d:88:5f:95:e8:ab:
b5:c7:c9:f7:e3:4a:04:7a:c7:91:ad:e4:f4:15:5f:
e2:8e:6a:51:79:b3:e1:b6:88:cb:55:88:0b:a2:5f:
3c:f1:a0:6d:18:ad:e0:29:83:29:ba:65:b1:07:54:
bf:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:AC:CC:71:2B:CE:1A:C9:E6:8F:96:D2:86:B6:E3:46:99:C6:41:9D
X509v3 Authority Key Identifier:
keyid:6F:FA:5D:B1:59:D4:0A:3A:17:2D:BC:74:F5:C3:2B:55:51:79:79:AF
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A913C627/C265C1A4D07D11EA8600986DC4F9AE02/b_pdsVnUCjoXLbx09cMrVVF5ea8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/b_pdsVnUCjoXLbx09cMrVVF5ea8.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913C627/C265C1A4D07D11EA8600986DC4F9AE02/FFB3EF94F53C11EEA5B4623BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
61.14.96.0/19
103.28.196.0/22
202.148.224.0/20
203.19.157.0/24
210.18.192.0/18
IPv6:
2403:c800::/32
Signature Algorithm: sha256WithRSAEncryption
65:e8:eb:d4:73:45:ce:7e:3c:f4:23:f7:94:03:c0:c6:ee:34:
a7:dd:c4:b2:e9:3e:5d:e0:e9:22:03:14:d3:6f:11:c7:e9:9a:
9e:a6:d3:88:6c:a9:0a:4b:6c:d1:90:37:75:f3:26:49:ed:3a:
bb:ed:1e:71:54:4f:94:3f:c7:d3:f0:9f:8a:d4:52:a7:4b:57:
a9:c4:4d:fa:55:58:9a:45:f1:d8:ed:40:f5:40:24:4b:49:9f:
5a:d7:e5:61:62:19:07:3a:5f:5f:0f:3b:bf:0c:63:b7:b8:fc:
c5:86:62:d7:e7:0a:ad:9d:9a:32:ad:fc:78:d1:10:2e:6a:67:
7c:63:4f:87:a6:c5:59:c0:23:1e:04:18:cf:bf:15:05:dc:d4:
11:05:d0:f1:64:32:b5:31:02:e4:3a:d3:7d:32:3f:f6:f6:17:
c9:d6:f6:41:10:37:7d:15:68:bb:1b:e8:aa:04:40:99:bb:dd:
4c:81:3e:41:e6:0b:b2:4c:86:98:10:03:09:65:bc:63:98:85:
6a:72:f6:0b:f4:6d:41:c4:31:3d:04:43:6f:ef:35:7a:39:9f:
1b:d3:1e:fe:c1:31:1f:1e:90:ba:36:72:18:c7:10:99:b5:5e:
6b:3c:68:0e:ee:b1:37:8a:7d:bc:5e:eb:7d:4f:31:a2:f4:54:
d7:3b:0a:7b
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICCFMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0M2MjcxMTAvBgNVBAUTKDZGRkE1REIxNTlENDBBM0ExNzJEQkM3NEY1QzMyQjU1
NTE3OTc5QUYwHhcNMjUwNDAyMjEyMTUzWhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02N2VkYWE3MC1mMmUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxynxP58cbDa2khCgT8+ZiNYMzb0eYzgx8lKBiu/OJKECE3wugGdtfmyiDEgH
CXgMtBr4OTKE7mQBVmn1ZgpKVW4/U6Z8wltuj7eMqdUnbCuIV2lTbLXQOkpIFHho
2LafW0C0pefnAtakKhOIccByFLbt/+jerdplw6UXkl2309xoqed5XBd5PZjcBVJ0
6LwO5lTJfdf2SRyIUu83UHU/BL0FpuVufI0qMMnOohSKXR5hanGanGhQ0mrOsmBO
UPRVQHDREH5uMEqj5jJNiF+V6Ku1x8n340oEeseRreT0FV/ijmpRebPhtojLVYgL
ol888aBtGK3gKYMpumWxB1S/XwIDAQABo4ICvDCCArgwHQYDVR0OBBYEFO+szHEr
zhrJ5o+W0oa240aZxkGdMB8GA1UdIwQYMBaAFG/6XbFZ1Ao6Fy28dPXDK1VReXmv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzQzYyNy9DMjY1QzFBNEQw
N0QxMUVBODYwMDk4NkRDNEY5QUUwMi9iX3Bkc1ZuVUNqb1hMYngwOWNNclZWRjVl
YTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2JfcGRzVm5VQ2pvWExieDA5Y01yVlZGNWVhOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0M2MjcvQzI2NUMxQTREMDdEMTFFQTg2MDA5ODZEQzRGOUFFMDIvRkZCM0VGOTRG
NTNDMTFFRUE1QjQ2MjNCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MCQEAgABMB4DBAU9DmADBAJnHMQDBATKlOADBADLE50DBAbSEsAwDQQCAAIw
BwMFACQDyAAwDQYJKoZIhvcNAQELBQADggEBAGXo69RzRc5+PPQj95QDwMbuNKfd
xLLpPl3g6SIDFNNvEcfpmp6m04hsqQpLbNGQN3XzJkntOrvtHnFUT5Q/x9Pwn4rU
UqdLV6nETfpVWJpF8djtQPVAJEtJn1rX5WFiGQc6X18PO78MY7e4/MWGYtfnCq2d
mjKt/HjREC5qZ3xjT4emxVnAIx4EGM+/FQXc1BEF0PFkMrUxAuQ6030yP/b2F8nW
9kEQN30VaLsb6KoEQJm73UyBPkHmC7JMhpgQAwllvGOYhWpy9gv0bUHEMT0EQ2/v
NXo5nxvTHv7BMR8ekLo2chjHEJm1Xms8aA7usTeKfbxe631PMaL0VNc7Cns=
-----END CERTIFICATE-----
Generated at Sat Apr 5 03:36:44 2025 by rpki-client