Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/F16CF7BC240411F0AE5EFB74C4F9AE02.roa
File: F16CF7BC240411F0AE5EFB74C4F9AE02.roa (raw, json)
Hash identifier: dQ2dTj9Jkvl7Sy3fDkaXgviZuligzYFrRJ93k1VPhxM=
Subject key identifier: E0:86:02:34:04:1F:2C:DB:F7:30:D1:A8:F4:AD:45:C1:D0:12:16:80
Certificate issuer: /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial: 0D8F
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/F16CF7BC240411F0AE5EFB74C4F9AE02.roa
Signing time: Sun 06 Jul 2025 07:59:51 +0000
ROA not before: Sun 06 Jul 2025 07:59:51 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 133933
IP address blocks: 14.192.128.0/24 maxlen: 24
14.192.129.0/24 maxlen: 24
14.192.130.0/24 maxlen: 24
14.192.131.0/24 maxlen: 24
14.192.132.0/24 maxlen: 24
14.192.135.0/24 maxlen: 24
14.192.136.0/24 maxlen: 24
14.192.138.0/24 maxlen: 24
14.192.139.0/24 maxlen: 24
14.192.140.0/24 maxlen: 24
14.192.141.0/24 maxlen: 24
14.192.142.0/24 maxlen: 24
14.192.143.0/24 maxlen: 24
14.192.146.0/24 maxlen: 24
14.192.147.0/24 maxlen: 24
14.192.148.0/24 maxlen: 24
14.192.153.0/24 maxlen: 24
14.192.155.0/24 maxlen: 24
14.192.156.0/24 maxlen: 24
14.192.157.0/24 maxlen: 24
14.192.159.0/24 maxlen: 24
43.247.120.0/24 maxlen: 24
43.247.121.0/24 maxlen: 24
43.247.122.0/24 maxlen: 24
43.247.123.0/24 maxlen: 24
103.20.132.0/24 maxlen: 24
103.20.133.0/24 maxlen: 24
103.20.134.0/24 maxlen: 24
103.20.135.0/24 maxlen: 24
111.92.128.0/19 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 25 Jul 2025 20:15:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3471 (0xd8f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915A0CD, serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Validity
Not Before: Jul 6 07:59:51 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=686a2cf6-175a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:fc:9c:07:b0:31:11:07:63:df:7a:88:72:e1:
b2:22:f0:dd:2a:a6:57:cc:d4:2c:19:59:da:af:bd:
c0:40:e8:49:25:e6:f1:63:7f:bf:0e:a1:59:f8:68:
ee:a9:23:0d:93:48:d8:de:02:19:35:db:56:bd:2d:
70:11:9e:8b:47:9f:f0:e5:9a:42:29:e1:8c:04:e6:
99:b7:bc:e9:bb:11:ac:4b:42:36:0d:f7:2b:2a:c6:
99:b2:b7:d1:42:8f:ef:ba:d4:c6:c2:8d:50:96:b5:
99:56:fa:d0:f3:99:26:1f:82:29:20:41:f4:3b:99:
34:f8:bb:17:ba:88:57:66:e0:21:a7:78:35:0e:2e:
0f:c6:e0:f0:6a:72:63:04:63:32:b1:aa:ae:4a:f0:
ea:20:87:9c:85:f0:e2:e4:48:fd:1f:d5:89:0c:3b:
37:d8:a8:05:b2:8a:e1:16:f0:7e:4f:d3:65:63:0f:
14:35:2b:86:71:65:c5:f3:c1:9e:6c:83:36:3c:96:
55:33:ef:08:ec:e2:4f:d6:88:3c:23:2c:8c:f0:a0:
9a:fd:fc:22:5e:27:ca:1d:02:fc:e2:c4:94:82:70:
a9:d2:91:e5:8a:c4:3c:d3:45:f0:07:12:84:3a:c8:
91:98:fa:95:e9:d2:ff:7f:9b:7c:8c:e8:7e:ec:93:
c1:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:86:02:34:04:1F:2C:DB:F7:30:D1:A8:F4:AD:45:C1:D0:12:16:80
X509v3 Authority Key Identifier:
keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/F16CF7BC240411F0AE5EFB74C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.192.128.0-14.192.132.255
14.192.135.0-14.192.136.255
14.192.138.0-14.192.143.255
14.192.146.0-14.192.148.255
14.192.153.0/24
14.192.155.0-14.192.157.255
14.192.159.0/24
43.247.120.0/22
103.20.132.0/22
111.92.128.0/19
Signature Algorithm: sha256WithRSAEncryption
2d:72:f5:48:d5:35:01:ad:6b:c1:8d:82:62:af:9a:a3:26:bc:
21:c5:9e:8e:c1:fb:ed:28:35:ca:7b:00:56:e3:ed:7c:a2:e9:
46:c6:aa:8c:59:8b:d2:4a:ed:f8:f1:bf:ac:5d:74:76:10:f9:
af:75:97:77:c9:d8:67:09:25:c1:97:0c:99:40:02:bd:5b:10:
fc:18:95:ce:2f:33:85:55:dd:22:72:92:9e:8f:cc:a5:6d:74:
e8:cb:53:da:9b:7a:d4:43:38:fb:ac:a6:a2:45:0d:ef:c3:a6:
7c:0c:fc:fb:20:aa:be:27:55:0a:bf:1b:2b:db:e9:1f:35:47:
0a:a2:b7:d9:eb:0d:a4:6b:a1:1d:83:6c:c7:33:8b:54:3f:0c:
a8:47:72:2f:78:61:0b:12:ef:4a:96:d8:fb:a9:98:58:5e:82:
89:cd:0d:5c:2e:59:ec:18:97:02:b6:70:7f:6b:1d:48:ac:17:
d7:cf:c0:c3:d2:85:39:ff:64:e0:c5:ef:79:2f:f6:bc:e1:a8:
1b:e0:5c:ae:aa:42:fd:4b:64:37:72:c4:80:ff:1e:ef:37:54:
ec:f3:2e:57:9f:90:54:eb:6c:48:82:b4:cf:ed:fa:c7:2f:6f:
1c:61:ba:72:5f:91:85:00:c3:97:b8:0c:87:a5:8d:44:eb:29:
f4:a9:8f:16
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgICDY8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjUwNzA2MDc1OTUxWhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODZhMmNmNi0xNzVhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnfycB7AxEQdj33qIcuGyIvDdKqZXzNQsGVnar73AQOhJJebxY3+/DqFZ+Gju
qSMNk0jY3gIZNdtWvS1wEZ6LR5/w5ZpCKeGMBOaZt7zpuxGsS0I2DfcrKsaZsrfR
Qo/vutTGwo1QlrWZVvrQ85kmH4IpIEH0O5k0+LsXuohXZuAhp3g1Di4PxuDwanJj
BGMysaquSvDqIIechfDi5Ej9H9WJDDs32KgFsorhFvB+T9NlYw8UNSuGcWXF88Ge
bIM2PJZVM+8I7OJP1og8IyyM8KCa/fwiXifKHQL84sSUgnCp0pHlisQ800XwBxKE
OsiRmPqV6dL/f5t8jOh+7JPB3wIDAQABo4IC8zCCAu8wHQYDVR0OBBYEFOCGAjQE
Hyzb9zDRqPStRcHQEhaAMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvRjE2Q0Y3QkMy
NDA0MTFGMEFFNUVGQjc0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwfQYIKwYBBQUHAQcBAf8E
bjBsMGoEAgABMGQwDAMEBw7AgAMEAA7AhDAMAwQADsCHAwQADsCIMAwDBAEOwIoD
BAQOwIAwDAMEAQ7AkgMEAA7AlAMEAA7AmTAMAwQADsCbAwQBDsCcAwQADsCfAwQC
K/d4AwQCZxSEAwQFb1yAMA0GCSqGSIb3DQEBCwUAA4IBAQAtcvVI1TUBrWvBjYJi
r5qjJrwhxZ6OwfvtKDXKewBW4+18oulGxqqMWYvSSu348b+sXXR2EPmvdZd3ydhn
CSXBlwyZQAK9WxD8GJXOLzOFVd0icpKej8ylbXToy1Pam3rUQzj7rKaiRQ3vw6Z8
DPz7IKq+J1UKvxsr2+kfNUcKorfZ6w2ka6Edg2zHM4tUPwyoR3IveGELEu9Kltj7
qZhYXoKJzQ1cLlnsGJcCtnB/ax1IrBfXz8DD0oU5/2Tgxe95L/a84agb4FyuqkL9
S2Q3csSA/x7vN1Ts8y5Xn5BU62xIgrTP7frHL28cYbpyX5GFAMOXuAyHpY1E6yn0
qY8W
-----END CERTIFICATE-----
Generated at Sat Jul 19 18:41:51 2025 by rpki-client