Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914CE75/D22EF3D6FF4B11E281BE06625911EA32/0E95C2D8F14211EAA4333775C4F9AE02.roa
File: 0E95C2D8F14211EAA4333775C4F9AE02.roa (raw, json)
Hash identifier: Ahn6ZDXaFlyG3ps/K1qhqsraiLwDj6j+LNP8Jh18fxI=
Subject key identifier: CD:DA:DB:AC:B7:24:77:47:23:62:2E:14:18:F2:97:4F:EA:52:34:AE
Certificate issuer: /CN=A914CE75/serialNumber=49892537D8B2C0325B7BE081FD9286C79BEA6A85
Certificate serial: 31D5
Authority key identifier: 49:89:25:37:D8:B2:C0:32:5B:7B:E0:81:FD:92:86:C7:9B:EA:6A:85
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SYklN9iywDJbe-CB_ZKGx5vqaoU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914CE75/D22EF3D6FF4B11E281BE06625911EA32/0E95C2D8F14211EAA4333775C4F9AE02.roa
Signing time: Wed 30 Apr 2025 15:52:17 +0000
ROA not before: Wed 30 Apr 2025 15:52:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 10199
IP address blocks: 14.141.140.0/24 maxlen: 24
59.161.0.0/16 maxlen: 16
59.161.0.0/20 maxlen: 20
59.161.16.0/20 maxlen: 20
59.161.64.0/18 maxlen: 18
59.161.80.0/21 maxlen: 21
59.161.88.0/22 maxlen: 22
59.161.92.0/22 maxlen: 22
59.161.96.0/21 maxlen: 21
59.161.120.0/21 maxlen: 21
59.161.128.0/20 maxlen: 20
59.161.144.0/20 maxlen: 20
115.117.0.0/16 maxlen: 16
115.117.19.0/24 maxlen: 24
115.117.35.0/24 maxlen: 24
115.117.50.0/23 maxlen: 23
115.117.56.0/22 maxlen: 22
115.117.100.0/22 maxlen: 22
115.117.160.0/22 maxlen: 22
115.117.164.0/22 maxlen: 22
115.117.168.0/22 maxlen: 22
115.117.172.0/22 maxlen: 22
115.117.180.0/22 maxlen: 22
115.117.184.0/21 maxlen: 21
115.117.192.0/18 maxlen: 18
115.117.208.0/20 maxlen: 20
115.118.67.0/24 maxlen: 24
121.244.0.0/21 maxlen: 21
121.244.10.0/23 maxlen: 23
121.244.12.0/23 maxlen: 23
121.244.14.0/23 maxlen: 23
121.244.16.0/23 maxlen: 23
121.244.18.0/23 maxlen: 23
121.244.20.0/23 maxlen: 23
121.245.32.0/20 maxlen: 24
121.245.64.0/20 maxlen: 20
121.245.80.0/20 maxlen: 20
121.245.96.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A914CE75/D22EF3D6FF4B11E281BE06625911EA32/SYklN9iywDJbe-CB_ZKGx5vqaoU.crl
rsync://rpki.apnic.net/member_repository/A914CE75/D22EF3D6FF4B11E281BE06625911EA32/SYklN9iywDJbe-CB_ZKGx5vqaoU.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SYklN9iywDJbe-CB_ZKGx5vqaoU.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 23 May 2025 15:38:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12757 (0x31d5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914CE75, serialNumber=49892537D8B2C0325B7BE081FD9286C79BEA6A85
Validity
Not Before: Apr 30 15:52:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68124731-b61c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:d3:20:52:ae:2e:6f:52:a7:42:01:d2:5c:6b:
cb:60:41:29:01:27:2f:d6:69:7f:44:40:22:23:11:
a7:42:fd:24:65:0a:18:ad:6b:fd:83:f3:62:66:cc:
62:c4:09:6a:b8:d6:5f:25:82:08:0a:a9:ba:e0:de:
26:fa:bb:34:39:5f:e2:ab:e6:7e:d8:c6:a0:98:0c:
7b:30:6a:5d:93:2e:5b:37:36:8e:29:29:5f:42:3c:
ef:12:c2:f8:bb:97:4b:7c:e4:eb:35:3a:25:d3:a0:
04:85:31:20:7a:b6:33:bd:57:17:db:8a:d0:e2:ed:
0a:07:e3:ff:74:cf:6a:97:3e:8b:5b:2d:e7:7f:b3:
6f:6a:4d:95:53:87:0a:0e:e3:99:b8:e7:9c:ef:22:
97:e6:4d:90:55:37:bc:9d:48:50:e2:fc:31:40:4f:
ca:05:ea:ab:92:db:da:b4:94:61:c4:6a:db:1e:38:
3b:1c:3e:a1:2b:36:da:e6:b9:f6:2c:f6:ce:ca:b4:
24:d9:a1:a4:68:be:1b:ad:c0:87:3f:4a:5f:da:10:
67:d6:25:03:c1:02:8b:fa:f0:fa:13:54:a2:33:bc:
76:d4:79:51:38:e0:f4:ec:39:44:cc:b1:f4:0c:0f:
1e:57:a9:d7:4e:1b:65:71:1d:0f:cf:e3:1c:67:cc:
8b:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:DA:DB:AC:B7:24:77:47:23:62:2E:14:18:F2:97:4F:EA:52:34:AE
X509v3 Authority Key Identifier:
keyid:49:89:25:37:D8:B2:C0:32:5B:7B:E0:81:FD:92:86:C7:9B:EA:6A:85
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914CE75/D22EF3D6FF4B11E281BE06625911EA32/SYklN9iywDJbe-CB_ZKGx5vqaoU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SYklN9iywDJbe-CB_ZKGx5vqaoU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914CE75/D22EF3D6FF4B11E281BE06625911EA32/0E95C2D8F14211EAA4333775C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.141.140.0/24
59.161.0.0/16
115.117.0.0/16
115.118.67.0/24
121.244.0.0/21
121.244.10.0-121.244.21.255
121.245.32.0/20
121.245.64.0-121.245.111.255
Signature Algorithm: sha256WithRSAEncryption
0f:71:a8:c8:61:28:21:41:68:8b:4e:7c:15:ff:73:02:93:e9:
28:a9:4e:97:e2:b7:d8:4e:78:4c:f3:2e:13:a5:a2:73:29:1b:
61:e3:cb:0d:93:25:1a:3f:a1:31:97:61:4e:29:f6:dc:0c:8a:
53:c2:a1:cf:03:7b:75:be:b8:b0:23:f1:d6:4b:ef:f6:94:53:
83:2a:e5:9d:ef:fe:d7:d4:d5:6a:4a:45:d1:e9:32:a9:0a:fd:
16:73:2f:a4:0d:9c:cb:c0:3d:c5:08:44:c4:10:cf:ec:9b:ab:
c9:91:0a:93:20:c9:0e:ac:3e:17:34:dc:95:9d:a4:45:30:11:
22:65:ef:93:e2:e6:8b:a6:d1:d0:c3:45:e9:38:ba:1e:80:9e:
e9:33:44:ad:86:ce:16:b4:0f:68:25:8e:ab:d4:40:a5:df:bd:
66:0b:9f:56:b1:53:f7:2e:13:27:39:b3:36:24:7a:7f:de:7c:
cd:e0:cf:de:2d:51:ef:26:f8:9a:71:40:40:e4:d5:b7:da:73:
52:51:b8:f4:11:aa:40:33:07:df:4a:2c:bc:ce:35:03:2a:8e:
bd:b3:97:58:bf:13:52:1a:3c:9d:45:ee:c5:41:28:55:47:5a:
cf:b3:79:2f:f6:76:d8:e1:d7:54:22:df:0a:a2:59:3d:3c:96:
86:10:b4:f4
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgICMdUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NENFNzUxMTAvBgNVBAUTKDQ5ODkyNTM3RDhCMkMwMzI1QjdCRTA4MUZEOTI4NkM3
OUJFQTZBODUwHhcNMjUwNDMwMTU1MjE3WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODEyNDczMS1iNjFjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAq9MgUq4ub1KnQgHSXGvLYEEpAScv1ml/REAiIxGnQv0kZQoYrWv9g/NiZsxi
xAlquNZfJYIICqm64N4m+rs0OV/iq+Z+2MagmAx7MGpdky5bNzaOKSlfQjzvEsL4
u5dLfOTrNTol06AEhTEgerYzvVcX24rQ4u0KB+P/dM9qlz6LWy3nf7Nvak2VU4cK
DuOZuOec7yKX5k2QVTe8nUhQ4vwxQE/KBeqrktvatJRhxGrbHjg7HD6hKzba5rn2
LPbOyrQk2aGkaL4brcCHP0pf2hBn1iUDwQKL+vD6E1SiM7x21HlROOD07DlEzLH0
DA8eV6nXThtlcR0Pz+McZ8yL8QIDAQABo4ICzTCCAskwHQYDVR0OBBYEFM3a26y3
JHdHI2IuFBjyl0/qUjSuMB8GA1UdIwQYMBaAFEmJJTfYssAyW3vggf2Shseb6mqF
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0Q0U3NS9EMjJFRjNENkZG
NEIxMUUyODFCRTA2NjI1OTExRUEzMi9TWWtsTjlpeXdESmJlLUNCX1pLR3g1dnFh
b1UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1NZa2xOOWl5d0RKYmUtQ0JfWktHeDV2cWFvVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NENFNzUvRDIyRUYzRDZGRjRCMTFFMjgxQkUwNjYyNTkxMUVBMzIvMEU5NUMyRDhG
MTQyMTFFQUE0MzMzNzc1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVwYIKwYBBQUHAQcBAf8E
SDBGMEQEAgABMD4DBAAOjYwDAwA7oQMDAHN1AwQAc3ZDAwQDefQAMAwDBAF59AoD
BAF59BQDBAR59SAwDAMEBnn1QAMEBHn1YDANBgkqhkiG9w0BAQsFAAOCAQEAD3Go
yGEoIUFoi058Ff9zApPpKKlOl+K32E54TPMuE6WicykbYePLDZMlGj+hMZdhTin2
3AyKU8KhzwN7db64sCPx1kvv9pRTgyrlne/+19TVakpF0ekyqQr9FnMvpA2cy8A9
xQhExBDP7JuryZEKkyDJDqw+FzTclZ2kRTARImXvk+Lmi6bR0MNF6Ti6HoCe6TNE
rYbOFrQPaCWOq9RApd+9ZgufVrFT9y4TJzmzNiR6f958zeDP3i1R7yb4mnFAQOTV
t9pzUlG49BGqQDMH30osvM41AyqOvbOXWL8TUho8nUXuxUEoVUdaz7N5L/Z22OHX
VCLfCqJZPTyWhhC09A==
-----END CERTIFICATE-----
Generated at Sat May 17 05:40:06 2025 by rpki-client