Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/5FD09C68393C11EFB8A9065BC4F9AE02.roa
File: 5FD09C68393C11EFB8A9065BC4F9AE02.roa (raw, json)
Hash identifier: +YUzem1Dht6409gXoGs+oHKgdorYtgcsq8os/J9U2GA=
Subject key identifier: 30:E0:F6:00:B3:5B:55:83:8B:AB:BF:32:73:60:86:78:07:26:09:55
Certificate issuer: /CN=A9157D7A/serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Certificate serial: 0742
Authority key identifier: 40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/5FD09C68393C11EFB8A9065BC4F9AE02.roa
Signing time: Mon 28 Apr 2025 23:34:17 +0000
ROA not before: Mon 28 Apr 2025 23:34:17 +0000
ROA not after: Thu 28 Aug 2025 00:00:00 +0000
asID: 55441
IP address blocks: 14.194.192.0/20 maxlen: 24
14.194.224.0/20 maxlen: 24
14.195.64.0/20 maxlen: 24
14.195.80.0/20 maxlen: 24
14.195.200.0/21 maxlen: 24
49.200.64.0/19 maxlen: 24
49.200.112.0/20 maxlen: 24
49.200.128.0/18 maxlen: 24
49.200.240.0/21 maxlen: 24
49.200.248.0/22 maxlen: 24
49.200.252.0/22 maxlen: 24
49.202.168.0/21 maxlen: 24
49.202.176.0/20 maxlen: 24
49.202.212.0/22 maxlen: 24
49.202.224.0/22 maxlen: 24
49.202.228.0/23 maxlen: 24
49.248.224.0/20 maxlen: 24
49.248.240.0/22 maxlen: 24
182.156.96.0/23 maxlen: 24
2407:8c00:90::/44 maxlen: 44
2407:8c00:a0::/44 maxlen: 44
2407:8c00:b0::/44 maxlen: 44
2407:8c00:1b0::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl
rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 19 May 2025 22:33:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1858 (0x742)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9157D7A, serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Validity
Not Before: Apr 28 23:34:17 2025 GMT
Not After : Aug 28 00:00:00 2025 GMT
Subject: CN=68101079-23d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:20:29:f5:1e:19:50:c8:31:bd:d0:df:d1:8a:
ee:18:11:e8:1b:f8:50:c0:6b:99:6a:b7:f4:67:a2:
c7:0a:12:dc:82:66:b7:a8:81:2c:a8:57:86:12:02:
1e:6c:91:48:b6:15:c6:62:f5:1a:39:79:ff:de:2b:
82:96:49:3f:6b:a9:98:92:bf:f8:12:cf:45:0a:68:
e6:5e:a5:74:f3:7f:3c:c1:4c:c9:66:f5:31:ab:56:
b3:5a:ab:b6:7b:74:5e:4e:a5:89:9a:64:10:e2:ca:
bc:78:7c:e5:b6:31:7e:4f:3d:bd:c0:e0:04:3d:05:
a5:22:7e:dd:22:76:bd:56:8a:06:69:37:8a:1d:0c:
36:cd:62:d2:e6:57:00:d6:40:e9:47:30:94:66:44:
a3:3a:14:7b:e3:c3:42:c6:a1:f7:a1:88:a1:ad:4a:
d6:e2:00:25:96:4b:dc:3c:f0:21:c5:cf:4a:0a:d3:
35:80:b0:32:0e:a6:f2:c8:46:b2:85:39:09:d1:18:
ee:61:12:73:48:32:d7:3a:61:88:d0:ec:d5:c7:21:
71:2d:b6:63:15:c1:12:1c:1a:aa:ec:3f:d5:59:9c:
d5:57:36:11:d4:4a:04:c6:87:2f:c1:d6:2a:bc:3f:
64:0c:4a:89:3d:1c:de:f0:e8:d3:75:68:8d:63:09:
87:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:E0:F6:00:B3:5B:55:83:8B:AB:BF:32:73:60:86:78:07:26:09:55
X509v3 Authority Key Identifier:
keyid:40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/5FD09C68393C11EFB8A9065BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.194.192.0/20
14.194.224.0/20
14.195.64.0/19
14.195.200.0/21
49.200.64.0/19
49.200.112.0-49.200.191.255
49.200.240.0/20
49.202.168.0-49.202.191.255
49.202.212.0/22
49.202.224.0-49.202.229.255
49.248.224.0-49.248.243.255
182.156.96.0/23
IPv6:
2407:8c00:90::-2407:8c00:bf:ffff:ffff:ffff:ffff:ffff
2407:8c00:1b0::/44
Signature Algorithm: sha256WithRSAEncryption
4d:81:6b:d6:7d:07:17:ec:82:02:65:59:1b:b9:63:45:d8:d5:
18:7f:04:29:2f:6b:dd:7b:da:6c:81:75:98:64:fa:d3:f8:69:
28:04:32:6a:f0:eb:5e:e5:5f:2a:73:b9:ae:53:2e:1f:b2:98:
ae:b6:51:38:0d:1f:39:af:6a:dd:39:b2:de:cc:a1:bf:de:20:
2b:e5:91:83:c0:72:c4:34:85:c8:fb:d0:51:2b:96:8e:d1:77:
b2:a6:e8:03:5d:8a:af:87:1f:a2:b1:61:ef:45:bf:e4:16:1a:
b0:4d:77:8b:d4:97:5c:ce:72:05:64:ca:31:a6:ee:11:18:42:
10:87:a6:f6:0c:2e:f2:96:53:06:8f:de:ff:9c:d8:dc:94:27:
63:5b:8b:c5:6c:ae:d6:36:93:1b:8a:b9:bd:a5:f3:98:17:79:
f2:1d:be:e5:97:43:0e:23:84:19:60:ed:c2:bc:01:f2:a1:2a:
5a:1e:8b:34:ac:cc:b7:1f:47:6e:0d:f1:53:fe:59:21:5d:6c:
63:4c:a0:a7:35:6a:26:cd:7a:ef:6e:bf:dc:b7:cd:26:0c:d3:
c1:f8:c4:a8:42:74:12:24:56:16:60:0e:06:0d:99:67:5d:b6:
41:95:51:11:98:94:52:86:48:40:7a:e5:c6:ca:33:e1:59:52:
b6:ce:75:3e
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgICB0IwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdEN0ExMTAvBgNVBAUTKDQwMUI0Mjk5MDZDOTBFQTAzRUNGQzYxQjE1QkE0RUYx
MjM5MDMzNzkwHhcNMjUwNDI4MjMzNDE3WhcNMjUwODI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02ODEwMTA3OS0yM2Q2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2CAp9R4ZUMgxvdDf0YruGBHoG/hQwGuZarf0Z6LHChLcgma3qIEsqFeGEgIe
bJFIthXGYvUaOXn/3iuClkk/a6mYkr/4Es9FCmjmXqV08388wUzJZvUxq1azWqu2
e3ReTqWJmmQQ4sq8eHzltjF+Tz29wOAEPQWlIn7dIna9VooGaTeKHQw2zWLS5lcA
1kDpRzCUZkSjOhR748NCxqH3oYihrUrW4gAllkvcPPAhxc9KCtM1gLAyDqbyyEay
hTkJ0RjuYRJzSDLXOmGI0OzVxyFxLbZjFcESHBqq7D/VWZzVVzYR1EoExocvwdYq
vD9kDEqJPRze8OjTdWiNYwmHVwIDAQABo4IDHzCCAxswHQYDVR0OBBYEFDDg9gCz
W1WDi6u/MnNghngHJglVMB8GA1UdIwQYMBaAFEAbQpkGyQ6gPs/GGxW6TvEjkDN5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0Q3QS81RERDQ0NDNjk5
MTUxMUVCOTY3MjcyNDNDNEY5QUUwMi9RQnRDbVFiSkRxQS16OFliRmJwTzhTT1FN
M2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FCdENtUWJKRHFBLXo4WWJGYnBPOFNPUU0zay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdEN0EvNUREQ0NDQzY5OTE1MTFFQjk2NzI3MjQzQzRGOUFFMDIvNUZEMDlDNjgz
OTNDMTFFRkI4QTkwNjVCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgagGCCsGAQUFBwEHAQH/
BIGYMIGVMG4EAgABMGgDBAQOwsADBAQOwuADBAUOw0ADBAMOw8gDBAUxyEAwDAME
BDHIcAMEBjHIgAMEBDHI8DAMAwQDMcqoAwQGMcqAAwQCMcrUMAwDBAUxyuADBAEx
yuQwDAMEBTH44AMEAjH48AMEAbacYDAjBAIAAjAdMBIDBwQkB4wAAJADBwYkB4wA
AIADBwQkB4wAAbAwDQYJKoZIhvcNAQELBQADggEBAE2Ba9Z9BxfsggJlWRu5Y0XY
1Rh/BCkva9172myBdZhk+tP4aSgEMmrw617lXypzua5TLh+ymK62UTgNHzmvat05
st7Mob/eICvlkYPAcsQ0hcj70FErlo7Rd7Km6ANdiq+HH6KxYe9Fv+QWGrBNd4vU
l1zOcgVkyjGm7hEYQhCHpvYMLvKWUwaP3v+c2NyUJ2Nbi8VsrtY2kxuKub2l85gX
efIdvuWXQw4jhBlg7cK8AfKhKloeizSszLcfR24N8VP+WSFdbGNMoKc1aibNeu9u
v9y3zSYM08H4xKhCdBIkVhZgDgYNmWddtkGVURGYlFKGSEB65cbKM+FZUrbOdT4=
-----END CERTIFICATE-----
Generated at Tue May 13 22:40:31 2025 by rpki-client