Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/20C856389F8311F089B0D463C4F9AE02.roa
File: 20C856389F8311F089B0D463C4F9AE02.roa (raw, json)
Hash identifier: b3tA2TdLP1BkSFeIpGGEVgtBYC21TwBxlah/IIc3Izc=
Subject key identifier: C1:6E:10:A1:A6:D8:72:E7:98:FF:DC:52:C6:61:72:F4:29:57:11:FE
Certificate issuer: /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial: 0EB9
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/20C856389F8311F089B0D463C4F9AE02.roa
Signing time: Sun 12 Oct 2025 06:57:18 +0000
ROA not before: Sun 12 Oct 2025 06:57:18 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 45814
IP address blocks: 14.192.130.0/24 maxlen: 24
14.192.131.0/24 maxlen: 24
14.192.132.0/24 maxlen: 24
14.192.133.0/24 maxlen: 24
14.192.136.0/24 maxlen: 24
14.192.137.0/24 maxlen: 24
14.192.138.0/24 maxlen: 24
14.192.139.0/24 maxlen: 24
14.192.140.0/24 maxlen: 24
14.192.141.0/24 maxlen: 24
14.192.142.0/24 maxlen: 24
14.192.143.0/24 maxlen: 24
14.192.144.0/24 maxlen: 24
14.192.145.0/24 maxlen: 24
14.192.146.0/24 maxlen: 24
14.192.147.0/24 maxlen: 24
14.192.148.0/24 maxlen: 24
14.192.149.0/24 maxlen: 24
14.192.150.0/24 maxlen: 24
14.192.151.0/24 maxlen: 24
14.192.152.0/24 maxlen: 24
14.192.153.0/24 maxlen: 24
14.192.154.0/24 maxlen: 24
14.192.155.0/24 maxlen: 24
14.192.156.0/24 maxlen: 24
14.192.157.0/24 maxlen: 24
14.192.158.0/24 maxlen: 24
14.192.159.0/24 maxlen: 24
43.247.120.0/24 maxlen: 24
43.247.121.0/24 maxlen: 24
43.247.122.0/24 maxlen: 24
43.247.123.0/24 maxlen: 24
103.20.132.0/24 maxlen: 24
103.20.133.0/24 maxlen: 24
103.20.134.0/24 maxlen: 24
103.20.135.0/24 maxlen: 24
111.92.128.0/21 maxlen: 24
2403:7980::/32 maxlen: 32
2403:7980::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 25 Oct 2025 20:56:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3769 (0xeb9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915A0CD, serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Validity
Not Before: Oct 12 06:57:18 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=68eb514e-9df1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:7f:8e:f4:67:d6:c9:a0:d6:a2:cf:4b:35:b3:
9a:ed:1a:bb:9c:f6:6e:c3:68:01:a1:8a:22:6e:b6:
13:a5:37:5c:8b:5b:ca:ac:96:2a:5e:8a:74:45:cf:
36:6f:f8:81:79:53:47:64:de:c0:f8:93:47:ae:89:
df:1d:bf:df:01:c0:e7:42:71:b0:d7:4e:55:3e:79:
9a:46:67:52:3b:ce:7f:1e:ed:7e:16:b6:09:8c:c7:
ab:b8:87:c6:e3:bc:41:67:43:7f:99:08:79:dc:bb:
f0:db:61:3f:0c:b4:36:57:0f:b0:a6:81:c3:4e:ec:
21:06:40:43:c6:a1:50:79:1a:7e:53:bb:11:ed:e2:
7d:31:db:93:9f:65:7b:51:6f:cf:28:52:3b:87:91:
c7:db:16:94:cd:d8:26:87:89:ae:b2:7d:60:b4:56:
80:c0:41:4c:69:3f:ef:b7:e2:5e:13:76:c6:e5:ba:
d7:a0:5c:a7:d6:fd:b2:c8:1f:57:81:0c:4f:48:ed:
26:bc:3e:d0:7d:80:3c:56:90:d5:eb:1b:b8:60:4f:
20:8a:f4:9d:ff:0d:f7:cc:1c:24:78:b1:b2:c5:b2:
e2:34:04:ab:0a:5e:45:ea:4a:65:26:7c:84:ab:86:
d2:77:24:35:f6:07:2d:1d:c7:5c:0c:a3:ed:85:48:
74:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:6E:10:A1:A6:D8:72:E7:98:FF:DC:52:C6:61:72:F4:29:57:11:FE
X509v3 Authority Key Identifier:
keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/20C856389F8311F089B0D463C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.192.130.0-14.192.133.255
14.192.136.0-14.192.159.255
43.247.120.0/22
103.20.132.0/22
111.92.128.0/21
IPv6:
2403:7980::/32
Signature Algorithm: sha256WithRSAEncryption
8e:a8:2c:90:cf:22:21:5e:ab:c2:df:c6:b7:92:80:63:73:fd:
94:56:b7:a3:a4:15:10:e1:31:1a:b6:18:e1:98:11:72:a2:6f:
b2:41:7d:a7:21:34:49:8a:2e:e8:e3:94:fe:6d:64:89:13:da:
b0:e6:67:69:01:93:8e:5b:5b:e4:4a:0b:82:22:68:58:b8:7c:
ae:f6:da:ca:9b:3a:13:16:83:58:41:79:37:c8:ea:23:b0:6c:
50:c6:61:55:39:4e:12:4d:f3:47:97:48:65:08:30:0d:93:14:
38:b7:03:71:47:34:1b:7f:48:e3:21:0d:5e:7e:8a:a4:cd:35:
21:22:7c:7c:e2:43:f5:33:cb:0e:35:49:27:58:b7:1a:30:35:
e8:36:ef:9f:f8:00:a7:fe:98:bd:36:b5:7a:65:b1:69:63:e1:
a0:51:d2:ee:f4:bf:17:36:36:4c:1b:48:ec:d9:c2:ab:75:80:
d1:2a:91:27:67:77:e8:cb:80:6a:5a:10:cc:ce:c7:00:86:82:
f4:11:86:cf:c0:59:e3:e5:4d:50:b7:30:35:4c:e1:20:5b:40:
94:e2:f1:84:8d:d7:64:d6:07:90:d5:22:43:1b:e7:38:83:ff:
43:93:ed:9f:85:10:07:f3:b5:8d:0a:fe:29:da:fc:83:b3:ab:
8c:7c:af:e8
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgICDrkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjUxMDEyMDY1NzE4WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGViNTE0ZS05ZGYxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5H+O9GfWyaDWos9LNbOa7Rq7nPZuw2gBoYoibrYTpTdci1vKrJYqXop0Rc82
b/iBeVNHZN7A+JNHronfHb/fAcDnQnGw105VPnmaRmdSO85/Hu1+FrYJjMeruIfG
47xBZ0N/mQh53Lvw22E/DLQ2Vw+wpoHDTuwhBkBDxqFQeRp+U7sR7eJ9MduTn2V7
UW/PKFI7h5HH2xaUzdgmh4musn1gtFaAwEFMaT/vt+JeE3bG5brXoFyn1v2yyB9X
gQxPSO0mvD7QfYA8VpDV6xu4YE8givSd/w33zBwkeLGyxbLiNASrCl5F6kplJnyE
q4bSdyQ19gctHcdcDKPthUh0pwIDAQABo4ICzDCCAsgwHQYDVR0OBBYEFMFuEKGm
2HLnmP/cUsZhcvQpVxH+MB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvMjBDODU2Mzg5
RjgzMTFGMDg5QjBENDYzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVgYIKwYBBQUHAQcBAf8E
RzBFMDQEAgABMC4wDAMEAQ7AggMEAQ7AhDAMAwQDDsCIAwQFDsCAAwQCK/d4AwQC
ZxSEAwQDb1yAMA0EAgACMAcDBQAkA3mAMA0GCSqGSIb3DQEBCwUAA4IBAQCOqCyQ
zyIhXqvC38a3koBjc/2UVrejpBUQ4TEathjhmBFyom+yQX2nITRJii7o45T+bWSJ
E9qw5mdpAZOOW1vkSguCImhYuHyu9trKmzoTFoNYQXk3yOojsGxQxmFVOU4STfNH
l0hlCDANkxQ4twNxRzQbf0jjIQ1efoqkzTUhInx84kP1M8sONUknWLcaMDXoNu+f
+ACn/pi9NrV6ZbFpY+GgUdLu9L8XNjZMG0js2cKrdYDRKpEnZ3foy4BqWhDMzscA
hoL0EYbPwFnj5U1QtzA1TOEgW0CU4vGEjddk1geQ1SJDG+c4g/9Dk+2fhRAH87WN
Cv4p2vyDs6uMfK/o
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:24:49 2025 by rpki-client