Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/FFFBCAEE9A9511EBB49D7E1AC4F9AE02.roa
File: FFFBCAEE9A9511EBB49D7E1AC4F9AE02.roa (raw, json)
Hash identifier: 2PtEBSXuAKl4QFaMfqrCf9uckFYxie6P+46y94SOfxs=
Subject key identifier: 0F:C6:C3:EE:EB:13:7E:21:08:44:64:F3:35:37:AA:64:B1:89:35:12
Certificate issuer: /CN=A917DEA4/serialNumber=B4D6FFD5DFF9EAC413AB4408E09637B09494DBC8
Certificate serial: 06A9
Authority key identifier: B4:D6:FF:D5:DF:F9:EA:C4:13:AB:44:08:E0:96:37:B0:94:94:DB:C8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tNb_1d_56sQTq0QI4JY3sJSU28g.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/FFFBCAEE9A9511EBB49D7E1AC4F9AE02.roa
Signing time: Wed 29 Jan 2025 13:51:06 +0000
ROA not before: Wed 29 Jan 2025 13:51:06 +0000
ROA not after: Fri 31 Oct 2025 00:00:00 +0000
asID: 45820
IP address blocks: 14.96.8.0/21 maxlen: 24
14.96.128.0/21 maxlen: 24
14.96.136.0/21 maxlen: 24
14.96.144.0/21 maxlen: 24
14.96.152.0/21 maxlen: 24
14.96.160.0/21 maxlen: 24
14.97.0.0/21 maxlen: 24
14.97.8.0/21 maxlen: 24
14.97.16.0/21 maxlen: 24
14.97.24.0/21 maxlen: 24
14.97.32.0/21 maxlen: 24
14.97.40.0/21 maxlen: 24
14.97.48.0/21 maxlen: 24
14.97.56.0/21 maxlen: 24
14.97.64.0/21 maxlen: 24
14.97.72.0/21 maxlen: 24
14.97.80.0/21 maxlen: 24
14.97.88.0/21 maxlen: 24
14.97.96.0/21 maxlen: 24
14.97.104.0/21 maxlen: 24
14.97.112.0/21 maxlen: 24
14.97.120.0/21 maxlen: 24
14.97.128.0/21 maxlen: 24
14.97.136.0/21 maxlen: 24
14.97.144.0/21 maxlen: 24
14.97.152.0/21 maxlen: 24
14.97.160.0/21 maxlen: 24
14.97.168.0/21 maxlen: 24
14.97.176.0/21 maxlen: 24
14.97.184.0/21 maxlen: 24
14.97.192.0/21 maxlen: 24
14.97.200.0/21 maxlen: 24
14.97.208.0/21 maxlen: 24
14.97.216.0/21 maxlen: 24
14.97.224.0/21 maxlen: 24
14.97.240.0/21 maxlen: 24
14.97.248.0/21 maxlen: 24
14.99.0.0/21 maxlen: 24
14.99.8.0/21 maxlen: 24
14.99.16.0/21 maxlen: 24
14.99.24.0/21 maxlen: 24
14.99.32.0/20 maxlen: 24
14.99.48.0/21 maxlen: 24
14.99.56.0/21 maxlen: 24
14.99.64.0/21 maxlen: 24
14.99.72.0/21 maxlen: 24
14.99.80.0/21 maxlen: 24
14.99.88.0/21 maxlen: 24
14.99.96.0/20 maxlen: 24
14.99.112.0/21 maxlen: 24
14.99.120.0/21 maxlen: 24
14.99.128.0/21 maxlen: 24
14.99.136.0/21 maxlen: 24
14.99.144.0/21 maxlen: 24
14.99.152.0/21 maxlen: 24
14.99.160.0/21 maxlen: 24
14.99.168.0/21 maxlen: 24
14.99.176.0/21 maxlen: 24
14.99.184.0/21 maxlen: 24
14.99.192.0/21 maxlen: 24
14.99.200.0/21 maxlen: 24
14.99.208.0/21 maxlen: 24
14.99.216.0/21 maxlen: 24
14.99.224.0/21 maxlen: 24
14.99.232.0/21 maxlen: 24
14.99.240.0/21 maxlen: 24
14.99.248.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/tNb_1d_56sQTq0QI4JY3sJSU28g.crl
rsync://rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/tNb_1d_56sQTq0QI4JY3sJSU28g.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tNb_1d_56sQTq0QI4JY3sJSU28g.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 21 Feb 2025 05:15:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1705 (0x6a9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917DEA4
Validity
Not Before: Jan 29 13:51:06 2025 GMT
Not After : Oct 31 00:00:00 2025 GMT
Subject: CN=679a324a-d67a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:1f:37:4e:2f:05:12:65:e9:4e:79:63:95:23:
c5:ce:8a:a6:2a:99:9f:f9:cb:61:73:14:37:d0:ee:
f2:fd:04:4c:2f:60:95:f0:55:76:19:12:c0:f7:8c:
de:44:ab:51:3c:9a:3e:19:bf:bd:51:47:f4:e7:f8:
f4:85:4a:20:68:76:1d:aa:62:15:35:69:73:63:f4:
73:aa:4d:8b:dc:2a:5a:9c:11:e3:a4:17:d4:58:59:
68:15:60:86:c7:92:53:c4:31:22:d4:d0:0b:8b:4b:
db:98:06:86:e6:de:be:72:4d:37:79:9b:75:4b:07:
bb:94:03:de:be:81:78:f6:2d:cc:1a:3b:d1:27:2e:
fa:dc:5d:c4:17:40:1b:81:2c:ee:62:ef:7d:c2:69:
37:36:8e:f8:c4:a9:a0:2d:6a:1b:8c:56:b3:26:b0:
8e:1f:aa:97:16:00:81:3b:31:5e:33:62:79:08:63:
85:68:31:92:59:0b:5d:07:22:3b:13:fd:37:e3:d7:
0e:1b:8f:db:a5:9c:01:93:b4:66:e8:1e:0a:9e:e5:
17:06:48:ef:37:5b:d2:1c:b3:a4:4f:8f:68:3c:90:
a2:e6:0f:54:b1:fa:12:ca:22:17:d9:86:0c:0a:5c:
1b:66:66:01:95:6f:28:d7:24:cc:76:fc:55:db:91:
45:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:C6:C3:EE:EB:13:7E:21:08:44:64:F3:35:37:AA:64:B1:89:35:12
X509v3 Authority Key Identifier:
keyid:B4:D6:FF:D5:DF:F9:EA:C4:13:AB:44:08:E0:96:37:B0:94:94:DB:C8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/tNb_1d_56sQTq0QI4JY3sJSU28g.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tNb_1d_56sQTq0QI4JY3sJSU28g.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/FFFBCAEE9A9511EBB49D7E1AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.96.8.0/21
14.96.128.0-14.96.167.255
14.97.0.0-14.97.231.255
14.97.240.0/20
14.99.0.0/16
Signature Algorithm: sha256WithRSAEncryption
76:9a:af:4c:3e:3c:d1:19:a2:63:14:e0:6d:c5:55:c2:c5:40:
f9:7d:0e:4f:33:65:bb:0f:7b:13:46:5a:60:e4:43:0d:b3:65:
c6:14:86:b2:a0:f2:ae:4f:83:dc:be:3c:aa:e3:f1:b0:5e:2d:
c4:0a:ce:90:8c:19:24:2b:95:2c:d2:f6:cb:06:f3:14:92:c8:
99:ef:21:b9:53:1b:5a:54:00:ba:ed:0c:5f:32:95:4f:0f:61:
31:4e:c2:29:1c:7b:f1:67:36:ba:c0:aa:b7:cd:c6:2f:09:c4:
47:f9:6c:11:7f:a1:a4:f9:3b:5c:d1:ca:c0:86:68:e9:e6:05:
d1:08:e3:8b:0d:e9:42:fe:6e:f7:b0:7d:fc:7f:a5:4f:57:f5:
ba:31:63:59:16:b2:39:f7:18:e5:b2:4e:4c:34:e0:d6:93:08:
03:4f:fd:06:ff:26:9f:be:d8:0e:83:e3:cc:5e:4a:d4:ac:6d:
00:17:53:a5:e0:ec:ba:f4:4e:cf:d4:76:65:04:87:95:1d:27:
64:07:6f:04:d5:dd:18:77:a2:c4:5b:4c:78:f6:56:8c:98:c6:
47:cf:47:a9:4a:4a:35:c5:4c:68:ad:07:83:f3:bd:dc:5b:a7:
7b:fa:3c:89:ee:fd:fa:b3:47:95:17:69:ed:5e:02:28:56:96:
47:d4:68:9b
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgICBqkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0RFQTQxMTAvBgNVBAUTKEI0RDZGRkQ1REZGOUVBQzQxM0FCNDQwOEUwOTYzN0Iw
OTQ5NERCQzgwHhcNMjUwMTI5MTM1MTA2WhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzlhMzI0YS1kNjdhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwR83Ti8FEmXpTnljlSPFzoqmKpmf+cthcxQ30O7y/QRML2CV8FV2GRLA94ze
RKtRPJo+Gb+9UUf05/j0hUogaHYdqmIVNWlzY/Rzqk2L3CpanBHjpBfUWFloFWCG
x5JTxDEi1NALi0vbmAaG5t6+ck03eZt1Swe7lAPevoF49i3MGjvRJy763F3EF0Ab
gSzuYu99wmk3No74xKmgLWobjFazJrCOH6qXFgCBOzFeM2J5CGOFaDGSWQtdByI7
E/0349cOG4/bpZwBk7Rm6B4KnuUXBkjvN1vSHLOkT49oPJCi5g9UsfoSyiIX2YYM
ClwbZmYBlW8o1yTMdvxV25FF0wIDAQABo4ICuzCCArcwHQYDVR0OBBYEFA/Gw+7r
E34hCERk8zU3qmSxiTUSMB8GA1UdIwQYMBaAFLTW/9Xf+erEE6tECOCWN7CUlNvI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3REVBNC9BMjQyNkI2MDk4
MjkxMUVCQjc4ODIwODFDNEY5QUUwMi90TmJfMWRfNTZzUVRxMFFJNEpZM3NKU1Uy
OGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ROYl8xZF81NnNRVHEwUUk0Slkzc0pTVTI4Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0RFQTQvQTI0MjZCNjA5ODI5MTFFQkI3ODgyMDgxQzRGOUFFMDIvRkZGQkNBRUU5
QTk1MTFFQkI0OUQ3RTFBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRQYIKwYBBQUHAQcBAf8E
NjA0MDIEAgABMCwDBAMOYAgwDAMEBw5ggAMEAw5goDALAwMADmEDBAMOYeADBAQO
YfADAwAOYzANBgkqhkiG9w0BAQsFAAOCAQEAdpqvTD480RmiYxTgbcVVwsVA+X0O
TzNluw97E0ZaYORDDbNlxhSGsqDyrk+D3L48quPxsF4txArOkIwZJCuVLNL2ywbz
FJLIme8huVMbWlQAuu0MXzKVTw9hMU7CKRx78Wc2usCqt83GLwnER/lsEX+hpPk7
XNHKwIZo6eYF0Qjjiw3pQv5u97B9/H+lT1f1ujFjWRayOfcY5bJOTDTg1pMIA0/9
Bv8mn77YDoPjzF5K1KxtABdTpeDsuvROz9R2ZQSHlR0nZAdvBNXdGHeixFtMePZW
jJjGR89HqUpKNcVMaK0Hg/O93Fune/o8ie79+rNHlRdp7V4CKFaWR9Romw==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:08:06 2025 by rpki-client