Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/C5251E64F97A11EFA49F1830C4F9AE02.roa
File: C5251E64F97A11EFA49F1830C4F9AE02.roa (raw, json)
Hash identifier: f3LVpFr6M/dg9ekal9pqjIFzPCeur3jpF1T60xR8oGU=
Subject key identifier: 65:2A:B9:57:B4:91:20:D5:1B:23:A6:EB:2A:31:98:55:9A:77:98:BD
Certificate issuer: /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial: 0CDB
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/C5251E64F97A11EFA49F1830C4F9AE02.roa
Signing time: Tue 11 Mar 2025 06:48:40 +0000
ROA not before: Tue 11 Mar 2025 06:48:40 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 133933
IP address blocks: 14.192.128.0/24 maxlen: 24
14.192.129.0/24 maxlen: 24
14.192.130.0/24 maxlen: 24
14.192.131.0/24 maxlen: 24
14.192.132.0/24 maxlen: 24
14.192.133.0/24 maxlen: 24
14.192.136.0/24 maxlen: 24
14.192.139.0/24 maxlen: 24
14.192.140.0/24 maxlen: 24
14.192.141.0/24 maxlen: 24
14.192.142.0/24 maxlen: 24
14.192.143.0/24 maxlen: 24
14.192.145.0/24 maxlen: 24
14.192.147.0/24 maxlen: 24
14.192.148.0/24 maxlen: 24
14.192.153.0/24 maxlen: 24
14.192.155.0/24 maxlen: 24
14.192.156.0/24 maxlen: 24
14.192.157.0/24 maxlen: 24
14.192.159.0/24 maxlen: 24
43.247.120.0/24 maxlen: 24
43.247.121.0/24 maxlen: 24
43.247.122.0/24 maxlen: 24
43.247.123.0/24 maxlen: 24
103.20.132.0/24 maxlen: 24
103.20.133.0/24 maxlen: 24
103.20.134.0/24 maxlen: 24
111.92.128.0/19 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 11 Apr 2025 20:17:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3291 (0xcdb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915A0CD
Validity
Not Before: Mar 11 06:48:40 2025 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=67cfdcc7-bf06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:21:c4:b9:33:ce:4d:6c:1a:9c:06:04:c9:09:
7d:c0:1c:90:a6:89:45:e4:6f:b5:8b:71:e4:0f:ea:
7a:96:68:a3:a1:78:08:10:4a:c7:97:6e:e3:54:9c:
88:a2:3f:0a:17:3a:c2:58:c1:b6:a2:e3:a4:fd:66:
00:b8:fb:4c:35:a5:d0:bf:30:29:cd:bf:22:c4:d6:
0c:ca:80:91:ca:8e:26:3a:7a:5a:c6:bd:a0:8a:13:
bb:ec:54:2a:6d:5e:5d:60:a1:c1:63:ab:a2:72:71:
e9:75:79:31:45:d5:55:d2:c3:b5:18:fa:9c:ed:a9:
b2:4a:1a:be:1d:24:cb:7a:ae:a6:e8:2c:78:b5:a4:
7c:67:9e:e4:c7:65:fc:c8:71:70:1e:2f:ce:3b:5f:
db:96:72:78:dc:ea:ff:57:83:de:61:44:5e:dd:4f:
52:41:6d:3b:a9:b6:58:4b:c6:a2:1d:6b:ba:f8:bc:
d4:b7:72:86:6e:61:3a:44:21:4d:99:d8:8c:ba:70:
61:85:dd:80:d9:77:d8:85:e4:70:16:5f:77:c3:83:
3e:e9:ed:31:26:fd:40:75:64:75:eb:12:4e:81:0d:
9f:82:02:a4:04:42:b6:41:d9:bf:1e:8e:2d:41:c8:
69:7c:63:20:16:04:2c:64:91:28:74:3e:a6:98:27:
9d:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:2A:B9:57:B4:91:20:D5:1B:23:A6:EB:2A:31:98:55:9A:77:98:BD
X509v3 Authority Key Identifier:
keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/C5251E64F97A11EFA49F1830C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.192.128.0-14.192.133.255
14.192.136.0/24
14.192.139.0-14.192.143.255
14.192.145.0/24
14.192.147.0-14.192.148.255
14.192.153.0/24
14.192.155.0-14.192.157.255
14.192.159.0/24
43.247.120.0/22
103.20.132.0-103.20.134.255
111.92.128.0/19
Signature Algorithm: sha256WithRSAEncryption
33:9b:58:35:dd:c7:65:f4:68:07:c8:aa:30:50:b2:cc:98:9e:
45:7e:ab:cf:a8:e8:ca:9f:c3:09:5d:fa:58:53:82:da:0b:a1:
0e:08:a6:48:cd:e2:ae:0e:9b:26:9b:34:8a:67:b3:61:5b:b8:
73:16:81:92:8d:4a:7b:da:e8:c7:26:1d:72:81:c8:19:26:e5:
e5:32:f8:55:fa:04:00:e7:4d:0c:5b:74:40:1a:52:8d:04:f8:
4a:69:8c:63:15:94:be:85:25:1b:63:d7:a9:a0:02:f8:32:a8:
40:99:fe:71:81:59:cc:d1:7d:18:d5:4d:4f:07:83:58:67:c8:
1f:b0:0c:34:06:85:48:c8:5e:22:5d:6e:d1:b2:8a:49:41:c2:
3d:4d:06:57:4e:c7:c6:f4:99:ad:86:ce:a1:e7:fe:9d:d7:64:
0c:ca:b4:91:ac:88:56:24:7a:a0:cd:f6:45:eb:3b:c5:13:f4:
c1:29:bd:1a:22:9d:c7:f7:a6:d5:67:e9:93:68:5e:11:e2:5b:
72:03:01:f5:5d:1f:77:7a:6a:67:2d:ed:23:55:68:fe:b7:e3:
66:ff:e8:b8:e6:17:af:f4:ed:53:fc:57:0e:08:c5:db:43:87:
79:3b:64:71:aa:58:20:89:ae:04:a1:da:89:22:f2:3d:45:03:
66:29:33:8b
-----BEGIN CERTIFICATE-----
MIIF1jCCBL6gAwIBAgICDNswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjUwMzExMDY0ODQwWhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2NmZGNjNy1iZjA2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3CHEuTPOTWwanAYEyQl9wByQpolF5G+1i3HkD+p6lmijoXgIEErHl27jVJyI
oj8KFzrCWMG2ouOk/WYAuPtMNaXQvzApzb8ixNYMyoCRyo4mOnpaxr2gihO77FQq
bV5dYKHBY6uicnHpdXkxRdVV0sO1GPqc7amyShq+HSTLeq6m6Cx4taR8Z57kx2X8
yHFwHi/OO1/blnJ43Or/V4PeYURe3U9SQW07qbZYS8aiHWu6+LzUt3KGbmE6RCFN
mdiMunBhhd2A2XfYheRwFl93w4M+6e0xJv1AdWR16xJOgQ2fggKkBEK2Qdm/Ho4t
QchpfGMgFgQsZJEodD6mmCedUwIDAQABo4IC+jCCAvYwHQYDVR0OBBYEFGUquVe0
kSDVGyOm6yoxmFWad5i9MB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvQzUyNTFFNjRG
OTdBMTFFRkE0OUYxODMwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgYMGCCsGAQUFBwEHAQH/
BHQwcjBwBAIAATBqMAwDBAcOwIADBAEOwIQDBAAOwIgwDAMEAA7AiwMEBA7AgAME
AA7AkTAMAwQADsCTAwQADsCUAwQADsCZMAwDBAAOwJsDBAEOwJwDBAAOwJ8DBAIr
93gwDAMEAmcUhAMEAGcUhgMEBW9cgDANBgkqhkiG9w0BAQsFAAOCAQEAM5tYNd3H
ZfRoB8iqMFCyzJieRX6rz6joyp/DCV36WFOC2guhDgimSM3irg6bJps0imezYVu4
cxaBko1Ke9roxyYdcoHIGSbl5TL4VfoEAOdNDFt0QBpSjQT4SmmMYxWUvoUlG2PX
qaAC+DKoQJn+cYFZzNF9GNVNTweDWGfIH7AMNAaFSMheIl1u0bKKSUHCPU0GV07H
xvSZrYbOoef+nddkDMq0kayIViR6oM32Res7xRP0wSm9GiKdx/em1Wfpk2heEeJb
cgMB9V0fd3pqZy3tI1Vo/rfjZv/ouOYXr/TtU/xXDgjF20OHeTtkcapYIImuBKHa
iSLyPUUDZikziw==
-----END CERTIFICATE-----
Generated at Sat Apr 5 16:24:57 2025 by rpki-client