Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/2E96A63A690A11EF9525E980C4F9AE02.roa
File: 2E96A63A690A11EF9525E980C4F9AE02.roa (raw, json)
Hash identifier: n+cZOeCarx5jNko9dz4X4vMi8IAEqtDVRtDk4yCyv7k=
Subject key identifier: 56:22:2A:46:AA:13:D3:39:E6:0B:9D:85:22:5E:E1:6F:CB:28:D3:03
Certificate issuer: /CN=A9157D7A/serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Certificate serial: 07D6
Authority key identifier: 40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/2E96A63A690A11EF9525E980C4F9AE02.roa
Signing time: Mon 13 Oct 2025 12:28:19 +0000
ROA not before: Mon 13 Oct 2025 12:28:19 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 45820
IP address blocks: 14.194.0.0/18 maxlen: 24
14.194.64.0/18 maxlen: 24
14.194.128.0/18 maxlen: 24
14.194.208.0/20 maxlen: 24
14.194.240.0/20 maxlen: 24
14.195.0.0/18 maxlen: 24
14.195.64.0/19 maxlen: 24
14.195.96.0/19 maxlen: 24
14.195.128.0/18 maxlen: 24
14.195.192.0/20 maxlen: 24
14.195.208.0/20 maxlen: 24
14.195.240.0/20 maxlen: 24
49.200.0.0/14 maxlen: 14
49.200.0.0/19 maxlen: 24
49.200.48.0/21 maxlen: 24
49.202.208.0/24 maxlen: 24
49.249.0.0/17 maxlen: 24
49.249.128.0/18 maxlen: 24
115.160.217.0/24 maxlen: 24
182.156.0.0/18 maxlen: 22
182.156.0.0/22 maxlen: 24
182.156.4.0/23 maxlen: 24
182.156.8.0/21 maxlen: 24
182.156.16.0/22 maxlen: 24
182.156.22.0/23 maxlen: 24
182.156.24.0/21 maxlen: 23
182.156.24.0/23 maxlen: 24
182.156.28.0/22 maxlen: 24
182.156.32.0/19 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl
rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 26 Oct 2025 00:04:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2006 (0x7d6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9157D7A, serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Validity
Not Before: Oct 13 12:28:19 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=68ecf063-7319
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:00:e3:dd:a3:a4:87:be:7a:21:d3:80:65:f3:
77:6f:45:4f:ad:e6:4a:c5:df:da:d7:26:fc:e4:bc:
51:26:7b:7d:eb:13:68:98:c4:7e:cb:ba:c1:3c:78:
56:c0:cf:08:13:04:95:7c:aa:fe:36:3b:e7:2e:d6:
a0:29:75:e1:e6:46:74:6f:7a:d2:b7:4a:3e:90:3e:
30:56:3b:57:3b:ed:e2:f3:3b:9f:5a:94:dd:0f:b8:
5d:d9:64:ff:bc:4c:3f:e1:48:95:65:45:d8:19:65:
69:69:50:8e:4c:7d:7f:56:1f:a6:62:54:c9:90:b3:
17:1e:cf:0c:2b:56:ca:d6:6c:2d:16:f6:8a:e2:9f:
cb:fa:31:38:88:9b:f4:30:ac:f0:50:f0:c2:41:b0:
60:2f:6b:15:e3:73:c8:42:18:53:ff:0f:b6:d5:fe:
3d:8e:76:c9:c3:4f:f7:26:9d:4f:77:1c:86:70:a8:
b4:a1:43:67:d8:56:2c:84:b1:18:f3:8f:2c:f0:c8:
0d:56:44:ca:f7:d9:0a:44:72:26:8a:3d:00:90:86:
42:44:fb:56:97:89:7b:0d:94:d8:75:f4:86:c4:3d:
99:ab:2a:cc:43:74:d7:93:db:9e:ee:3b:58:5b:35:
65:45:ce:46:2e:b5:87:c4:be:77:5c:3d:1a:ac:cb:
f3:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:22:2A:46:AA:13:D3:39:E6:0B:9D:85:22:5E:E1:6F:CB:28:D3:03
X509v3 Authority Key Identifier:
keyid:40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/2E96A63A690A11EF9525E980C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.194.0.0-14.194.191.255
14.194.208.0/20
14.194.240.0-14.195.223.255
14.195.240.0/20
49.200.0.0/14
49.249.0.0-49.249.191.255
115.160.217.0/24
182.156.0.0/18
Signature Algorithm: sha256WithRSAEncryption
1d:82:9a:b9:4f:0e:8c:7f:59:be:60:a3:c9:5f:7e:86:1d:ff:
94:e2:e7:ac:f8:c5:48:78:f6:1a:b2:a7:bb:18:b1:23:e6:69:
e2:57:ec:1f:19:ea:f2:39:95:25:b4:2b:e7:50:69:90:cc:1b:
48:9e:2d:62:8e:ff:d7:56:b9:c5:6a:56:b8:39:96:dd:78:de:
b2:70:c8:97:ac:ac:13:ee:81:a6:be:46:37:d3:1e:1a:86:d9:
75:15:4e:18:b3:8b:80:38:81:26:95:10:bb:79:08:11:04:da:
61:01:7e:d3:da:35:57:00:32:bd:e4:38:7b:e6:1d:0b:49:94:
9e:63:e0:13:2d:50:89:b3:6d:c6:46:7d:3f:fe:c4:93:f4:17:
96:47:e0:a0:24:10:4a:63:96:27:ae:08:51:40:40:6e:83:6f:
74:bc:dd:09:a3:98:01:78:84:ac:80:38:83:a2:0f:05:0f:58:
94:59:95:f0:cd:5d:13:a5:1f:81:66:2a:7d:ce:b3:f8:e5:7e:
e2:13:4d:c9:b4:af:7d:38:2d:fd:4f:49:49:0b:2f:0a:f3:65:
63:db:ea:5e:d3:67:e9:a7:02:8a:9b:8b:fc:08:73:96:0d:7e:
3a:7c:6b:af:7a:5b:3a:91:8c:cb:05:8f:6b:5a:ce:54:74:c0:
1d:a7:4e:25
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgICB9YwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdEN0ExMTAvBgNVBAUTKDQwMUI0Mjk5MDZDOTBFQTAzRUNGQzYxQjE1QkE0RUYx
MjM5MDMzNzkwHhcNMjUxMDEzMTIyODE5WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OGVjZjA2My03MzE5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7wDj3aOkh756IdOAZfN3b0VPreZKxd/a1yb85LxRJnt96xNomMR+y7rBPHhW
wM8IEwSVfKr+NjvnLtagKXXh5kZ0b3rSt0o+kD4wVjtXO+3i8zufWpTdD7hd2WT/
vEw/4UiVZUXYGWVpaVCOTH1/Vh+mYlTJkLMXHs8MK1bK1mwtFvaK4p/L+jE4iJv0
MKzwUPDCQbBgL2sV43PIQhhT/w+21f49jnbJw0/3Jp1PdxyGcKi0oUNn2FYshLEY
848s8MgNVkTK99kKRHImij0AkIZCRPtWl4l7DZTYdfSGxD2ZqyrMQ3TXk9ue7jtY
WzVlRc5GLrWHxL53XD0arMvzJQIDAQABo4IC1DCCAtAwHQYDVR0OBBYEFFYiKkaq
E9M55gudhSJe4W/LKNMDMB8GA1UdIwQYMBaAFEAbQpkGyQ6gPs/GGxW6TvEjkDN5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0Q3QS81RERDQ0NDNjk5
MTUxMUVCOTY3MjcyNDNDNEY5QUUwMi9RQnRDbVFiSkRxQS16OFliRmJwTzhTT1FN
M2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FCdENtUWJKRHFBLXo4WWJGYnBPOFNPUU0zay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdEN0EvNUREQ0NDQzY5OTE1MTFFQjk2NzI3MjQzQzRGOUFFMDIvMkU5NkE2M0E2
OTBBMTFFRjk1MjVFOTgwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwXgYIKwYBBQUHAQcBAf8E
TzBNMEsEAgABMEUwCwMDAQ7CAwQGDsKAAwQEDsLQMAwDBAQOwvADBAUOw8ADBAQO
w/ADAwIxyDALAwMAMfkDBAYx+YADBABzoNkDBAa2nAAwDQYJKoZIhvcNAQELBQAD
ggEBAB2CmrlPDox/Wb5go8lffoYd/5Ti56z4xUh49hqyp7sYsSPmaeJX7B8Z6vI5
lSW0K+dQaZDMG0ieLWKO/9dWucVqVrg5lt143rJwyJesrBPugaa+RjfTHhqG2XUV
Thizi4A4gSaVELt5CBEE2mEBftPaNVcAMr3kOHvmHQtJlJ5j4BMtUImzbcZGfT/+
xJP0F5ZH4KAkEEpjlieuCFFAQG6Db3S83QmjmAF4hKyAOIOiDwUPWJRZlfDNXROl
H4FmKn3Os/jlfuITTcm0r304Lf1PSUkLLwrzZWPb6l7TZ+mnAoqbi/wIc5YNfjp8
a696WzqRjMsFj2tazlR0wB2nTiU=
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:49:31 2025 by rpki-client