Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914C33A/FEC77C9A073611E8AB7DCB4AC4F9AE02/F9B55ECA922111EAB5138581C4F9AE02.roa
File: F9B55ECA922111EAB5138581C4F9AE02.roa (raw, json)
Hash identifier: m9UGAfVu3orq8z+5jB4PFKlaJ9lxwAP7J6rRfrsg14M=
Subject key identifier: 14:4A:A7:62:C5:C7:DB:D6:17:9D:C7:C9:1B:D0:A5:35:6E:3A:BC:19
Certificate issuer: /CN=A914C33A/serialNumber=54411D9070E20C9FFCFFC414FD09320BF39AB6E8
Certificate serial: 16CF
Authority key identifier: 54:41:1D:90:70:E2:0C:9F:FC:FF:C4:14:FD:09:32:0B:F3:9A:B6:E8
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/VEEdkHDiDJ_8_8QU_QkyC_Oatug.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914C33A/FEC77C9A073611E8AB7DCB4AC4F9AE02/F9B55ECA922111EAB5138581C4F9AE02.roa
Signing time: Tue 30 Sep 2025 15:42:32 +0000
ROA not before: Tue 30 Sep 2025 15:42:31 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 7642
IP address blocks: 69.94.32.0/20 maxlen: 20
69.94.32.0/23 maxlen: 24
69.94.34.0/23 maxlen: 24
69.94.36.0/23 maxlen: 24
69.94.38.0/23 maxlen: 24
69.94.40.0/23 maxlen: 24
69.94.42.0/23 maxlen: 24
69.94.44.0/23 maxlen: 24
69.94.46.0/23 maxlen: 24
69.94.80.0/20 maxlen: 20
69.94.80.0/23 maxlen: 24
69.94.82.0/23 maxlen: 24
69.94.84.0/23 maxlen: 24
69.94.86.0/23 maxlen: 24
69.94.88.0/23 maxlen: 24
69.94.90.0/23 maxlen: 24
69.94.92.0/23 maxlen: 24
69.94.94.0/23 maxlen: 24
209.212.192.0/19 maxlen: 19
209.212.192.0/23 maxlen: 24
209.212.194.0/23 maxlen: 24
209.212.196.0/23 maxlen: 24
209.212.198.0/23 maxlen: 24
209.212.200.0/23 maxlen: 24
209.212.202.0/23 maxlen: 24
209.212.204.0/23 maxlen: 24
209.212.206.0/23 maxlen: 24
209.212.208.0/23 maxlen: 24
209.212.210.0/23 maxlen: 24
209.212.212.0/23 maxlen: 24
209.212.214.0/23 maxlen: 24
209.212.216.0/23 maxlen: 24
209.212.218.0/23 maxlen: 24
209.212.220.0/23 maxlen: 24
209.212.222.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A914C33A/FEC77C9A073611E8AB7DCB4AC4F9AE02/VEEdkHDiDJ_8_8QU_QkyC_Oatug.crl
rsync://rpki.apnic.net/member_repository/A914C33A/FEC77C9A073611E8AB7DCB4AC4F9AE02/VEEdkHDiDJ_8_8QU_QkyC_Oatug.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/VEEdkHDiDJ_8_8QU_QkyC_Oatug.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 27 Oct 2025 15:42:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5839 (0x16cf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914C33A, serialNumber=54411D9070E20C9FFCFFC414FD09320BF39AB6E8
Validity
Not Before: Sep 30 15:42:31 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=68dbfa67-fd16
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:16:49:c8:87:ae:cc:64:fd:71:77:44:38:22:
56:56:09:4f:a4:d4:09:87:ad:27:ef:54:1f:70:a3:
30:1b:8e:eb:91:bc:e9:9d:2a:a6:93:ba:d5:66:c8:
a4:f0:28:43:95:9f:ae:f7:f1:72:16:3f:eb:74:e8:
4c:fc:e4:1b:ff:ac:b2:c4:14:f8:e3:32:2c:d6:88:
82:79:1d:fd:d3:83:fc:93:12:17:f0:62:4d:23:e8:
af:e5:b1:f9:3e:4a:7c:6a:e8:e0:78:fc:05:d5:87:
c0:4e:7d:bd:10:1b:40:d9:eb:76:c6:e8:63:7f:50:
5c:98:0c:40:7c:00:1b:b0:ca:3f:35:b0:63:02:32:
45:5a:f7:a6:95:a6:35:20:97:30:24:df:e8:7e:a4:
98:40:2b:dd:b7:61:91:93:d3:20:c2:77:9d:83:70:
bd:52:f2:a5:ab:88:5e:63:ce:43:1d:00:23:97:ec:
03:0f:e2:98:a7:1a:8d:c5:60:1c:15:5e:05:c2:49:
f8:f1:24:f5:95:5b:b9:66:fd:30:ba:7c:68:99:2b:
e1:bd:e9:92:d4:fc:98:2a:4f:1e:d5:55:ee:34:56:
f4:43:3e:dc:75:fc:5c:18:ff:17:b2:eb:0f:3c:28:
b4:c3:b5:82:e7:98:7b:ba:4c:88:26:20:f3:44:af:
af:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:4A:A7:62:C5:C7:DB:D6:17:9D:C7:C9:1B:D0:A5:35:6E:3A:BC:19
X509v3 Authority Key Identifier:
keyid:54:41:1D:90:70:E2:0C:9F:FC:FF:C4:14:FD:09:32:0B:F3:9A:B6:E8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914C33A/FEC77C9A073611E8AB7DCB4AC4F9AE02/VEEdkHDiDJ_8_8QU_QkyC_Oatug.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/VEEdkHDiDJ_8_8QU_QkyC_Oatug.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914C33A/FEC77C9A073611E8AB7DCB4AC4F9AE02/F9B55ECA922111EAB5138581C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
69.94.32.0/20
69.94.80.0/20
209.212.192.0/19
Signature Algorithm: sha256WithRSAEncryption
65:c4:1c:7c:6b:7e:1a:f0:22:21:e0:3b:4e:a0:d6:71:11:bc:
27:06:b0:55:07:e1:5e:42:e7:47:31:97:56:c4:e7:3a:a2:3d:
24:5f:5f:34:53:50:85:c0:a1:6c:af:a6:80:f0:f7:ea:13:ed:
6c:22:d5:3b:dd:29:88:71:e1:64:c9:9d:2f:62:c8:13:2a:61:
25:43:ff:72:da:31:eb:25:45:7c:8b:fb:eb:79:50:98:1b:b6:
5a:5e:27:f3:db:36:8b:43:29:e4:20:59:8b:be:f4:cb:7b:a0:
b3:04:b8:66:9d:e4:bf:51:65:21:0f:1d:cd:fe:69:1e:01:8a:
e2:ff:d1:76:b6:34:17:33:eb:4c:8f:75:7e:41:88:ae:6b:ab:
72:7f:ba:ce:a4:38:53:d7:c8:a2:8b:98:a1:9c:9d:4b:28:a9:
40:05:8b:27:dc:3f:69:73:7e:f7:c9:34:de:3a:d4:cc:bd:2b:
5c:6b:22:ce:70:19:8e:08:51:3a:ef:5c:16:5b:62:d3:2d:1e:
05:04:4f:c7:86:ed:72:61:54:52:93:7f:81:32:e5:bd:c0:66:
5b:90:be:6a:bb:28:01:fd:9b:a3:db:f0:27:59:2a:5b:50:0b:
78:5f:cf:27:be:bf:cb:a5:bf:6d:d5:8e:69:4c:e7:16:7b:93:
a9:85:00:af
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICFs8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEMzM0ExMTAvBgNVBAUTKDU0NDExRDkwNzBFMjBDOUZGQ0ZGQzQxNEZEMDkzMjBC
RjM5QUI2RTgwHhcNMjUwOTMwMTU0MjMxWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRiZmE2Ny1mZDE2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2hZJyIeuzGT9cXdEOCJWVglPpNQJh60n71QfcKMwG47rkbzpnSqmk7rVZsik
8ChDlZ+u9/FyFj/rdOhM/OQb/6yyxBT44zIs1oiCeR3904P8kxIX8GJNI+iv5bH5
Pkp8aujgePwF1YfATn29EBtA2et2xuhjf1BcmAxAfAAbsMo/NbBjAjJFWvemlaY1
IJcwJN/ofqSYQCvdt2GRk9Mgwnedg3C9UvKlq4heY85DHQAjl+wDD+KYpxqNxWAc
FV4Fwkn48ST1lVu5Zv0wunxomSvhvemS1PyYKk8e1VXuNFb0Qz7cdfxcGP8XsusP
PCi0w7WC55h7ukyIJiDzRK+vVwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFBRKp2LF
x9vWF53HyRvQpTVuOrwZMB8GA1UdIwQYMBaAFFRBHZBw4gyf/P/EFP0JMgvzmrbo
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QzMzQS9GRUM3N0M5QTA3
MzYxMUU4QUI3RENCNEFDNEY5QUUwMi9WRUVka0hEaURKXzhfOFFVX1FreUNfT2F0
dWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL1ZFRWRrSERpREpfOF84UVVfUWt5Q19PYXR1Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEMzM0EvRkVDNzdDOUEwNzM2MTFFOEFCN0RDQjRBQzRGOUFFMDIvRjlCNTVFQ0E5
MjIxMTFFQUI1MTM4NTgxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBARFXiADBARFXlADBAXR1MAwDQYJKoZIhvcNAQELBQADggEB
AGXEHHxrfhrwIiHgO06g1nERvCcGsFUH4V5C50cxl1bE5zqiPSRfXzRTUIXAoWyv
poDw9+oT7Wwi1TvdKYhx4WTJnS9iyBMqYSVD/3LaMeslRXyL++t5UJgbtlpeJ/Pb
NotDKeQgWYu+9Mt7oLMEuGad5L9RZSEPHc3+aR4BiuL/0Xa2NBcz60yPdX5BiK5r
q3J/us6kOFPXyKKLmKGcnUsoqUAFiyfcP2lzfvfJNN461My9K1xrIs5wGY4IUTrv
XBZbYtMtHgUET8eG7XJhVFKTf4Ey5b3AZluQvmq7KAH9m6Pb8CdZKltQC3hfzye+
v8ulv23VjmlM5xZ7k6mFAK8=
-----END CERTIFICATE-----
Generated at Tue Oct 21 13:23:33 2025 by rpki-client