Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/5FD09C68393C11EFB8A9065BC4F9AE02.roa
File: 5FD09C68393C11EFB8A9065BC4F9AE02.roa (raw, json)
Hash identifier: vMbIDct9MA/MTRo5g6rG9rCZ9V47y1ZmNSqrr1liLbI=
Subject key identifier: 0C:4A:30:D4:0E:AE:BF:58:78:95:6C:7B:2F:63:E4:6D:A3:57:47:45
Certificate issuer: /CN=A9157D7A/serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Certificate serial: 075D
Authority key identifier: 40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/5FD09C68393C11EFB8A9065BC4F9AE02.roa
Signing time: Wed 14 May 2025 23:12:23 +0000
ROA not before: Wed 14 May 2025 23:12:23 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 55441
IP address blocks: 14.194.192.0/20 maxlen: 24
14.194.224.0/20 maxlen: 24
14.195.64.0/20 maxlen: 24
14.195.80.0/20 maxlen: 24
14.195.200.0/21 maxlen: 24
49.200.64.0/19 maxlen: 24
49.200.112.0/20 maxlen: 24
49.200.128.0/18 maxlen: 24
49.200.240.0/21 maxlen: 24
49.200.248.0/22 maxlen: 24
49.200.252.0/22 maxlen: 24
49.202.168.0/21 maxlen: 24
49.202.176.0/20 maxlen: 24
49.202.212.0/22 maxlen: 24
49.202.224.0/22 maxlen: 24
49.202.228.0/23 maxlen: 24
49.248.224.0/20 maxlen: 24
49.248.240.0/22 maxlen: 24
182.156.96.0/23 maxlen: 24
2407:8c00:90::/44 maxlen: 44
2407:8c00:a0::/44 maxlen: 44
2407:8c00:b0::/44 maxlen: 44
2407:8c00:1b0::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl
rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Jun 2025 23:00:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1885 (0x75d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9157D7A, serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Validity
Not Before: May 14 23:12:23 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=68252357-790b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:2c:91:b1:3f:40:43:14:78:0d:d1:2e:74:26:
ab:03:55:2c:de:7f:f4:ad:82:87:12:13:3a:f2:22:
b7:1c:10:f3:86:0e:c8:58:d7:dd:d9:55:28:f1:65:
01:60:4f:ba:80:32:31:0b:2a:0f:c7:e7:89:0b:a5:
f2:5a:7d:e6:07:e2:e6:f1:ab:1b:db:be:ea:d8:17:
ac:1a:68:47:29:9f:9a:ec:f8:c6:08:f2:f9:b1:94:
8e:ed:e3:9b:0a:d0:16:d9:0b:97:d7:ca:2e:a1:75:
b1:1a:f5:67:6e:31:2f:9b:6e:c3:5f:dc:c5:89:e5:
0c:4c:86:27:0f:0b:97:bd:ca:7d:66:ca:41:52:2a:
74:c1:a2:a9:00:f0:e6:cd:e2:99:0d:cc:95:ea:0f:
c0:29:3f:1e:2a:09:b7:f5:83:12:4e:77:9f:1a:66:
fa:29:53:bc:40:4b:52:09:9a:7b:01:8a:71:01:0e:
85:2e:5d:61:a3:a8:12:3f:e1:66:ff:77:83:24:3a:
be:8b:81:ad:fe:28:ac:96:92:15:9c:7d:1c:71:6f:
92:b0:7c:b2:91:2d:e5:13:d6:b0:22:ad:b5:87:4b:
0b:6f:8f:69:d7:21:7d:e8:84:ec:d4:49:da:b1:bc:
16:fb:6e:34:1b:a9:4b:cd:a4:5f:f4:06:1d:c2:c4:
d0:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:4A:30:D4:0E:AE:BF:58:78:95:6C:7B:2F:63:E4:6D:A3:57:47:45
X509v3 Authority Key Identifier:
keyid:40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/5FD09C68393C11EFB8A9065BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.194.192.0/20
14.194.224.0/20
14.195.64.0/19
14.195.200.0/21
49.200.64.0/19
49.200.112.0-49.200.191.255
49.200.240.0/20
49.202.168.0-49.202.191.255
49.202.212.0/22
49.202.224.0-49.202.229.255
49.248.224.0-49.248.243.255
182.156.96.0/23
IPv6:
2407:8c00:90::-2407:8c00:bf:ffff:ffff:ffff:ffff:ffff
2407:8c00:1b0::/44
Signature Algorithm: sha256WithRSAEncryption
b5:42:14:08:80:f6:93:87:f8:4b:b0:75:0f:12:fd:9d:8e:b2:
1f:08:d2:9f:3d:da:28:62:20:fa:ff:2a:4e:53:7c:6f:85:29:
ed:48:ee:3a:49:01:ba:72:30:48:c8:df:bf:ff:c8:bf:29:31:
c7:71:99:d6:5b:c1:fc:51:1e:eb:c5:ec:09:ee:74:f4:e7:5b:
b9:57:34:64:c6:16:28:91:d2:b2:4d:de:15:80:ba:9c:3d:07:
48:96:fc:e4:76:dc:6e:3a:49:83:fe:c6:5f:9a:d7:c1:c0:b4:
f4:c2:f3:ad:17:90:76:c9:18:03:f5:54:38:42:3a:2c:37:46:
d4:e0:3e:c6:59:f1:d8:9e:e4:14:4b:4c:dd:2a:94:4a:21:d9:
a2:db:e6:64:21:ca:38:88:48:78:a2:dd:53:b3:65:0c:89:71:
c6:0b:69:a0:ea:10:a0:d9:8b:1b:d0:f7:21:b4:e0:63:41:17:
44:2c:6c:ed:19:d7:f0:28:54:aa:37:bf:e8:22:fa:bb:32:76:
c8:9a:25:f3:17:45:52:e1:3a:f1:e9:bf:51:cf:1b:ec:be:ed:
a6:5b:bf:11:49:52:0a:02:53:ac:36:82:7c:de:14:ff:43:a4:
75:80:5e:7e:86:d3:60:bd:1e:20:22:d6:20:61:46:54:96:0e:
6e:43:32:14
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgICB10wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdEN0ExMTAvBgNVBAUTKDQwMUI0Mjk5MDZDOTBFQTAzRUNGQzYxQjE1QkE0RUYx
MjM5MDMzNzkwHhcNMjUwNTE0MjMxMjIzWhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02ODI1MjM1Ny03OTBiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwCyRsT9AQxR4DdEudCarA1Us3n/0rYKHEhM68iK3HBDzhg7IWNfd2VUo8WUB
YE+6gDIxCyoPx+eJC6XyWn3mB+Lm8asb277q2BesGmhHKZ+a7PjGCPL5sZSO7eOb
CtAW2QuX18ouoXWxGvVnbjEvm27DX9zFieUMTIYnDwuXvcp9ZspBUip0waKpAPDm
zeKZDcyV6g/AKT8eKgm39YMSTnefGmb6KVO8QEtSCZp7AYpxAQ6FLl1ho6gSP+Fm
/3eDJDq+i4Gt/iislpIVnH0ccW+SsHyykS3lE9awIq21h0sLb49p1yF96ITs1Ena
sbwW+240G6lLzaRf9AYdwsTQWwIDAQABo4IDHzCCAxswHQYDVR0OBBYEFAxKMNQO
rr9YeJVsey9j5G2jV0dFMB8GA1UdIwQYMBaAFEAbQpkGyQ6gPs/GGxW6TvEjkDN5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0Q3QS81RERDQ0NDNjk5
MTUxMUVCOTY3MjcyNDNDNEY5QUUwMi9RQnRDbVFiSkRxQS16OFliRmJwTzhTT1FN
M2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FCdENtUWJKRHFBLXo4WWJGYnBPOFNPUU0zay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdEN0EvNUREQ0NDQzY5OTE1MTFFQjk2NzI3MjQzQzRGOUFFMDIvNUZEMDlDNjgz
OTNDMTFFRkI4QTkwNjVCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgagGCCsGAQUFBwEHAQH/
BIGYMIGVMG4EAgABMGgDBAQOwsADBAQOwuADBAUOw0ADBAMOw8gDBAUxyEAwDAME
BDHIcAMEBjHIgAMEBDHI8DAMAwQDMcqoAwQGMcqAAwQCMcrUMAwDBAUxyuADBAEx
yuQwDAMEBTH44AMEAjH48AMEAbacYDAjBAIAAjAdMBIDBwQkB4wAAJADBwYkB4wA
AIADBwQkB4wAAbAwDQYJKoZIhvcNAQELBQADggEBALVCFAiA9pOH+EuwdQ8S/Z2O
sh8I0p892ihiIPr/Kk5TfG+FKe1I7jpJAbpyMEjI37//yL8pMcdxmdZbwfxRHuvF
7AnudPTnW7lXNGTGFiiR0rJN3hWAupw9B0iW/OR23G46SYP+xl+a18HAtPTC860X
kHbJGAP1VDhCOiw3RtTgPsZZ8die5BRLTN0qlEoh2aLb5mQhyjiISHii3VOzZQyJ
ccYLaaDqEKDZixvQ9yG04GNBF0QsbO0Z1/AoVKo3v+gi+rsydsiaJfMXRVLhOvHp
v1HPG+y+7aZbvxFJUgoCU6w2gnzeFP9DpHWAXn6G02C9HiAi1iBhRlSWDm5DMhQ=
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:04:23 2025 by rpki-client