Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/2E96A63A690A11EF9525E980C4F9AE02.roa
File: 2E96A63A690A11EF9525E980C4F9AE02.roa (raw, json)
Hash identifier: UWNHUtR2tpu3wwcSUr5hiqVkZ+ymUeDHv4HEKQzHk7w=
Subject key identifier: 21:B2:E2:DF:EA:74:05:A9:33:8D:77:67:41:78:3B:6A:B4:3F:0D:B8
Certificate issuer: /CN=A9157D7A/serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Certificate serial: 0795
Authority key identifier: 40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/2E96A63A690A11EF9525E980C4F9AE02.roa
Signing time: Tue 08 Jul 2025 09:28:20 +0000
ROA not before: Tue 08 Jul 2025 09:28:20 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 45820
IP address blocks: 14.194.0.0/18 maxlen: 24
14.194.64.0/18 maxlen: 24
14.194.128.0/18 maxlen: 24
14.194.208.0/20 maxlen: 24
14.194.240.0/20 maxlen: 24
14.195.0.0/18 maxlen: 24
14.195.64.0/19 maxlen: 24
14.195.96.0/19 maxlen: 24
14.195.128.0/18 maxlen: 24
14.195.192.0/20 maxlen: 24
14.195.208.0/20 maxlen: 24
14.195.240.0/20 maxlen: 24
49.200.0.0/14 maxlen: 14
49.200.0.0/19 maxlen: 24
49.202.208.0/24 maxlen: 24
49.249.0.0/17 maxlen: 24
49.249.128.0/18 maxlen: 24
115.160.217.0/24 maxlen: 24
182.156.0.0/18 maxlen: 22
182.156.0.0/22 maxlen: 24
182.156.4.0/23 maxlen: 24
182.156.8.0/21 maxlen: 24
182.156.16.0/22 maxlen: 24
182.156.22.0/23 maxlen: 24
182.156.24.0/21 maxlen: 23
182.156.24.0/23 maxlen: 24
182.156.28.0/22 maxlen: 24
182.156.32.0/19 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl
rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 25 Jul 2025 22:58:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1941 (0x795)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9157D7A, serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Validity
Not Before: Jul 8 09:28:20 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=686ce4b4-7cca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:d0:d5:12:97:d3:12:ca:a5:c2:d5:ef:45:2f:
79:ae:a4:70:86:14:b3:53:bf:f9:cb:e6:a2:d9:29:
c6:50:98:88:fe:83:8c:c6:51:aa:58:d2:76:13:0c:
57:cc:cb:37:55:9d:7b:ee:56:cf:11:6a:f9:18:50:
9a:7a:17:fe:0c:b4:ee:06:08:d3:63:09:49:3d:74:
d4:0b:68:a9:18:43:1f:6c:c4:e9:af:b0:9d:2d:12:
1f:7e:17:14:53:f0:1e:41:99:72:8e:36:fd:91:19:
af:68:69:8c:35:79:c2:6b:08:72:16:0e:08:6e:b3:
ab:8f:1a:23:af:56:84:cb:f0:b3:a6:5e:0b:52:b8:
88:96:82:6e:49:c9:dc:dc:74:cf:f6:45:dd:f8:62:
b6:6b:e7:76:5e:dd:c2:37:0c:0c:8b:4f:1d:73:2f:
80:50:2b:c5:c8:92:68:96:84:de:24:38:0c:29:89:
7f:73:93:15:b6:95:06:62:f7:d7:a4:42:fa:90:4b:
1d:d7:3c:70:cc:d1:6f:33:34:06:5e:5d:fc:61:11:
6c:b4:cf:c8:74:55:2e:ee:fe:b5:65:c5:7d:c1:73:
63:1d:de:fb:5d:51:79:43:f6:f4:4e:b9:d1:ee:c3:
de:2b:f7:d8:9a:11:87:03:50:17:03:0d:33:10:4e:
d9:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:B2:E2:DF:EA:74:05:A9:33:8D:77:67:41:78:3B:6A:B4:3F:0D:B8
X509v3 Authority Key Identifier:
keyid:40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/2E96A63A690A11EF9525E980C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.194.0.0-14.194.191.255
14.194.208.0/20
14.194.240.0-14.195.223.255
14.195.240.0/20
49.200.0.0/14
49.249.0.0-49.249.191.255
115.160.217.0/24
182.156.0.0/18
Signature Algorithm: sha256WithRSAEncryption
20:c8:c1:99:37:a5:d9:02:82:b9:4b:18:d1:59:89:dc:02:ca:
22:d2:c2:38:8b:93:9f:5f:c5:bd:8f:a6:8a:ff:19:87:3b:7a:
19:8d:a0:30:28:54:3c:ba:52:4b:4f:b7:a4:23:82:61:11:08:
e1:66:1e:66:69:b7:1a:99:38:58:a5:f6:67:27:4c:c6:61:c7:
38:8f:84:fa:ce:69:42:bd:33:76:f9:8d:99:6e:5a:f2:80:d0:
a0:59:62:b9:16:cd:dd:94:36:3e:fa:53:ad:b8:4d:48:33:c4:
9f:0b:53:b7:61:df:57:50:67:77:9b:2c:7a:ba:e4:1d:f7:50:
52:89:83:74:01:d7:59:93:b1:ed:ad:a9:cb:d1:9d:57:bb:16:
b5:02:3a:71:27:8b:d4:c8:16:44:bd:61:c1:4c:b3:fe:a0:0b:
42:05:4f:15:84:e4:43:b2:c4:18:c5:ba:80:5a:a0:96:d2:25:
8c:51:34:a5:35:7e:4a:7a:e7:81:d9:71:c8:89:b5:91:d7:3b:
ca:d6:e8:be:e4:89:78:ef:28:3f:fa:f6:0f:0d:e6:16:2b:a3:
cc:2e:40:e7:77:07:7b:3a:01:63:f8:30:51:65:ae:ee:04:64:
e4:48:50:6e:a7:b7:cf:5a:a6:06:01:4e:9e:82:4d:ad:32:f3:
53:18:94:23
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgICB5UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdEN0ExMTAvBgNVBAUTKDQwMUI0Mjk5MDZDOTBFQTAzRUNGQzYxQjE1QkE0RUYx
MjM5MDMzNzkwHhcNMjUwNzA4MDkyODIwWhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02ODZjZTRiNC03Y2NhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6tDVEpfTEsqlwtXvRS95rqRwhhSzU7/5y+ai2SnGUJiI/oOMxlGqWNJ2EwxX
zMs3VZ177lbPEWr5GFCaehf+DLTuBgjTYwlJPXTUC2ipGEMfbMTpr7CdLRIffhcU
U/AeQZlyjjb9kRmvaGmMNXnCawhyFg4IbrOrjxojr1aEy/Czpl4LUriIloJuScnc
3HTP9kXd+GK2a+d2Xt3CNwwMi08dcy+AUCvFyJJoloTeJDgMKYl/c5MVtpUGYvfX
pEL6kEsd1zxwzNFvMzQGXl38YRFstM/IdFUu7v61ZcV9wXNjHd77XVF5Q/b0TrnR
7sPeK/fYmhGHA1AXAw0zEE7ZawIDAQABo4IC1DCCAtAwHQYDVR0OBBYEFCGy4t/q
dAWpM413Z0F4O2q0Pw24MB8GA1UdIwQYMBaAFEAbQpkGyQ6gPs/GGxW6TvEjkDN5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0Q3QS81RERDQ0NDNjk5
MTUxMUVCOTY3MjcyNDNDNEY5QUUwMi9RQnRDbVFiSkRxQS16OFliRmJwTzhTT1FN
M2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FCdENtUWJKRHFBLXo4WWJGYnBPOFNPUU0zay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdEN0EvNUREQ0NDQzY5OTE1MTFFQjk2NzI3MjQzQzRGOUFFMDIvMkU5NkE2M0E2
OTBBMTFFRjk1MjVFOTgwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwXgYIKwYBBQUHAQcBAf8E
TzBNMEsEAgABMEUwCwMDAQ7CAwQGDsKAAwQEDsLQMAwDBAQOwvADBAUOw8ADBAQO
w/ADAwIxyDALAwMAMfkDBAYx+YADBABzoNkDBAa2nAAwDQYJKoZIhvcNAQELBQAD
ggEBACDIwZk3pdkCgrlLGNFZidwCyiLSwjiLk59fxb2Ppor/GYc7ehmNoDAoVDy6
UktPt6QjgmERCOFmHmZptxqZOFil9mcnTMZhxziPhPrOaUK9M3b5jZluWvKA0KBZ
YrkWzd2UNj76U624TUgzxJ8LU7dh31dQZ3ebLHq65B33UFKJg3QB11mTse2tqcvR
nVe7FrUCOnEni9TIFkS9YcFMs/6gC0IFTxWE5EOyxBjFuoBaoJbSJYxRNKU1fkp6
54HZcciJtZHXO8rW6L7kiXjvKD/69g8N5hYro8wuQOd3B3s6AWP4MFFlru4EZORI
UG6nt89apgYBTp6CTa0y81MYlCM=
-----END CERTIFICATE-----
Generated at Sun Jul 20 11:38:59 2025 by rpki-client