Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/FFFBCAEE9A9511EBB49D7E1AC4F9AE02.roa
File: FFFBCAEE9A9511EBB49D7E1AC4F9AE02.roa (raw, json)
Hash identifier: Ybb2csXFZo9W1XG+GRQhzLexAF28aEoPNkvLGKQiexs=
Subject key identifier: F6:C4:41:41:80:E3:45:42:19:2B:91:C9:6D:18:0D:62:51:2F:C4:73
Certificate issuer: /CN=A917DEA4/serialNumber=B4D6FFD5DFF9EAC413AB4408E09637B09494DBC8
Certificate serial: 0772
Authority key identifier: B4:D6:FF:D5:DF:F9:EA:C4:13:AB:44:08:E0:96:37:B0:94:94:DB:C8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tNb_1d_56sQTq0QI4JY3sJSU28g.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/FFFBCAEE9A9511EBB49D7E1AC4F9AE02.roa
Signing time: Fri 26 Sep 2025 06:47:52 +0000
ROA not before: Fri 26 Sep 2025 06:47:52 +0000
ROA not after: Sat 31 Oct 2026 00:00:00 +0000
asID: 45820
IP address blocks: 14.96.8.0/21 maxlen: 24
14.96.48.0/21 maxlen: 24
14.96.56.0/22 maxlen: 24
14.96.60.0/22 maxlen: 24
14.96.72.0/21 maxlen: 24
14.96.128.0/21 maxlen: 24
14.96.136.0/21 maxlen: 24
14.96.144.0/21 maxlen: 24
14.96.152.0/21 maxlen: 24
14.96.160.0/21 maxlen: 24
14.96.168.0/24 maxlen: 24
14.96.169.0/24 maxlen: 24
14.96.172.0/23 maxlen: 24
14.96.174.0/23 maxlen: 24
14.96.176.0/23 maxlen: 24
14.96.180.0/23 maxlen: 24
14.96.184.0/23 maxlen: 24
14.96.186.0/23 maxlen: 24
14.96.188.0/23 maxlen: 24
14.96.190.0/23 maxlen: 24
14.96.216.0/21 maxlen: 24
14.96.224.0/21 maxlen: 24
14.96.232.0/21 maxlen: 24
14.96.240.0/21 maxlen: 24
14.96.248.0/21 maxlen: 24
14.97.0.0/21 maxlen: 24
14.97.8.0/21 maxlen: 24
14.97.16.0/21 maxlen: 24
14.97.24.0/21 maxlen: 24
14.97.32.0/21 maxlen: 24
14.97.40.0/21 maxlen: 24
14.97.48.0/21 maxlen: 24
14.97.56.0/21 maxlen: 24
14.97.64.0/21 maxlen: 24
14.97.72.0/21 maxlen: 24
14.97.80.0/21 maxlen: 24
14.97.88.0/21 maxlen: 24
14.97.96.0/21 maxlen: 24
14.97.104.0/21 maxlen: 24
14.97.112.0/21 maxlen: 24
14.97.120.0/21 maxlen: 24
14.97.128.0/21 maxlen: 24
14.97.136.0/21 maxlen: 24
14.97.144.0/21 maxlen: 24
14.97.152.0/21 maxlen: 24
14.97.160.0/21 maxlen: 24
14.97.168.0/21 maxlen: 24
14.97.176.0/21 maxlen: 24
14.97.184.0/21 maxlen: 24
14.97.192.0/21 maxlen: 24
14.97.200.0/21 maxlen: 24
14.97.208.0/21 maxlen: 24
14.97.216.0/21 maxlen: 24
14.97.224.0/21 maxlen: 24
14.97.240.0/21 maxlen: 24
14.97.248.0/21 maxlen: 24
14.99.0.0/21 maxlen: 24
14.99.8.0/21 maxlen: 24
14.99.16.0/21 maxlen: 24
14.99.24.0/21 maxlen: 24
14.99.32.0/20 maxlen: 24
14.99.48.0/21 maxlen: 24
14.99.56.0/21 maxlen: 24
14.99.64.0/21 maxlen: 24
14.99.72.0/21 maxlen: 24
14.99.80.0/21 maxlen: 24
14.99.88.0/21 maxlen: 24
14.99.96.0/20 maxlen: 24
14.99.112.0/21 maxlen: 24
14.99.120.0/21 maxlen: 24
14.99.128.0/21 maxlen: 24
14.99.136.0/21 maxlen: 24
14.99.144.0/21 maxlen: 24
14.99.152.0/21 maxlen: 24
14.99.160.0/21 maxlen: 24
14.99.168.0/21 maxlen: 24
14.99.176.0/21 maxlen: 24
14.99.184.0/21 maxlen: 24
14.99.192.0/21 maxlen: 24
14.99.200.0/21 maxlen: 24
14.99.208.0/21 maxlen: 24
14.99.216.0/21 maxlen: 24
14.99.224.0/21 maxlen: 24
14.99.232.0/21 maxlen: 24
14.99.240.0/21 maxlen: 24
14.99.248.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/tNb_1d_56sQTq0QI4JY3sJSU28g.crl
rsync://rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/tNb_1d_56sQTq0QI4JY3sJSU28g.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tNb_1d_56sQTq0QI4JY3sJSU28g.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 26 Oct 2025 00:03:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1906 (0x772)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917DEA4, serialNumber=B4D6FFD5DFF9EAC413AB4408E09637B09494DBC8
Validity
Not Before: Sep 26 06:47:52 2025 GMT
Not After : Oct 31 00:00:00 2026 GMT
Subject: CN=68d63718-8e44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:5b:0c:76:9a:d4:44:35:98:f0:d6:0a:e2:2f:
05:7e:5e:ff:e2:46:00:26:a3:1e:1a:05:63:1f:4f:
37:00:65:ed:a3:de:91:9f:a1:e6:19:fe:cc:18:28:
e6:9e:87:20:b2:24:9d:b2:3a:20:69:11:b2:5c:ca:
61:99:81:be:37:d0:59:d8:9c:57:f4:69:66:3b:c1:
42:39:72:ba:45:c5:76:f9:2f:13:a4:f0:03:f8:e7:
76:6b:b9:b1:90:49:11:13:bc:8a:02:04:1d:a7:08:
15:03:ba:20:f7:ca:8f:7e:f7:81:3d:d8:11:36:27:
b4:df:06:64:60:3c:62:5e:8c:13:8c:07:b3:e7:d2:
ee:8a:c2:13:8d:0b:c7:ec:20:26:7b:f9:d9:47:1f:
8c:e9:24:84:52:19:fe:76:f7:ad:73:2a:1e:2d:57:
eb:88:ef:07:d7:f7:b3:30:0b:e1:84:dc:00:87:ae:
28:2b:e7:04:8a:fe:8e:6d:cd:81:59:83:b6:1b:69:
64:61:b5:9c:93:8c:93:5f:bb:65:8d:7f:50:34:65:
39:de:68:92:65:81:bf:a3:4a:5f:ed:0a:75:0c:fa:
a7:7c:03:68:03:4c:24:e0:3d:52:e5:e2:f7:ba:5a:
ce:00:dc:a2:4c:a6:6d:17:d2:38:72:a3:c7:f6:16:
ca:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:C4:41:41:80:E3:45:42:19:2B:91:C9:6D:18:0D:62:51:2F:C4:73
X509v3 Authority Key Identifier:
keyid:B4:D6:FF:D5:DF:F9:EA:C4:13:AB:44:08:E0:96:37:B0:94:94:DB:C8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/tNb_1d_56sQTq0QI4JY3sJSU28g.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tNb_1d_56sQTq0QI4JY3sJSU28g.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917DEA4/A2426B60982911EBB7882081C4F9AE02/FFFBCAEE9A9511EBB49D7E1AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.96.8.0/21
14.96.48.0/20
14.96.72.0/21
14.96.128.0-14.96.169.255
14.96.172.0-14.96.177.255
14.96.180.0/23
14.96.184.0/21
14.96.216.0-14.97.231.255
14.97.240.0/20
14.99.0.0/16
Signature Algorithm: sha256WithRSAEncryption
26:b2:23:e1:13:a9:4c:b4:52:f5:27:c5:39:d8:f3:a5:43:ed:
fb:af:ac:f0:77:bd:56:18:ef:7f:10:d1:ab:e5:cf:83:6a:61:
58:a3:42:2a:48:2b:7b:67:97:e9:93:3c:9c:70:cd:87:8a:04:
fa:f2:e4:b4:76:84:41:45:3b:c4:5b:d1:7b:5a:6c:4b:36:31:
7b:26:6c:40:38:6d:b0:38:78:38:1c:2c:e4:97:80:65:b5:5d:
05:5d:2d:38:c4:72:97:29:06:2c:1f:83:51:63:4d:f0:98:2a:
3e:6b:a4:cb:46:8a:6c:0c:64:87:23:e1:f4:a1:7c:b0:4b:b7:
49:91:38:63:02:b7:2b:60:c6:14:7b:6d:03:b0:13:69:e1:1d:
72:db:12:64:ff:22:7d:a3:24:ba:48:f9:80:33:8d:2d:44:55:
80:7e:f5:40:6f:29:a1:d0:e3:7e:c0:5f:1f:50:69:2d:b0:f5:
54:6f:70:82:09:49:a8:a7:d1:51:b7:d4:d1:05:31:d2:16:70:
0f:f1:1f:a1:91:93:62:d7:fc:6f:96:c7:d5:6f:44:bc:03:a8:
27:30:19:6a:c2:96:a5:fa:6e:49:7a:18:61:92:3d:62:2e:b7:
7e:2a:77:5c:a3:bf:a7:39:83:fb:48:59:a1:62:72:11:5d:c8:
3e:5c:9e:50
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgICB3IwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0RFQTQxMTAvBgNVBAUTKEI0RDZGRkQ1REZGOUVBQzQxM0FCNDQwOEUwOTYzN0Iw
OTQ5NERCQzgwHhcNMjUwOTI2MDY0NzUyWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGQ2MzcxOC04ZTQ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtVsMdprURDWY8NYK4i8Ffl7/4kYAJqMeGgVjH083AGXto96Rn6HmGf7MGCjm
nocgsiSdsjogaRGyXMphmYG+N9BZ2JxX9GlmO8FCOXK6RcV2+S8TpPAD+Od2a7mx
kEkRE7yKAgQdpwgVA7og98qPfveBPdgRNie03wZkYDxiXowTjAez59LuisITjQvH
7CAme/nZRx+M6SSEUhn+dvetcyoeLVfriO8H1/ezMAvhhNwAh64oK+cEiv6Obc2B
WYO2G2lkYbWck4yTX7tljX9QNGU53miSZYG/o0pf7Qp1DPqnfANoA0wk4D1S5eL3
ulrOANyiTKZtF9I4cqPH9hbKuwIDAQABo4IC4jCCAt4wHQYDVR0OBBYEFPbEQUGA
40VCGSuRyW0YDWJRL8RzMB8GA1UdIwQYMBaAFLTW/9Xf+erEE6tECOCWN7CUlNvI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3REVBNC9BMjQyNkI2MDk4
MjkxMUVCQjc4ODIwODFDNEY5QUUwMi90TmJfMWRfNTZzUVRxMFFJNEpZM3NKU1Uy
OGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ROYl8xZF81NnNRVHEwUUk0Slkzc0pTVTI4Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0RFQTQvQTI0MjZCNjA5ODI5MTFFQkI3ODgyMDgxQzRGOUFFMDIvRkZGQkNBRUU5
QTk1MTFFQkI0OUQ3RTFBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbAYIKwYBBQUHAQcBAf8E
XTBbMFkEAgABMFMDBAMOYAgDBAQOYDADBAMOYEgwDAMEBw5ggAMEAQ5gqDAMAwQC
DmCsAwQBDmCwAwQBDmC0AwQDDmC4MAwDBAMOYNgDBAMOYeADBAQOYfADAwAOYzAN
BgkqhkiG9w0BAQsFAAOCAQEAJrIj4ROpTLRS9SfFOdjzpUPt+6+s8He9VhjvfxDR
q+XPg2phWKNCKkgre2eX6ZM8nHDNh4oE+vLktHaEQUU7xFvRe1psSzYxeyZsQDht
sDh4OBws5JeAZbVdBV0tOMRylykGLB+DUWNN8JgqPmuky0aKbAxkhyPh9KF8sEu3
SZE4YwK3K2DGFHttA7ATaeEdctsSZP8ifaMkukj5gDONLURVgH71QG8podDjfsBf
H1BpLbD1VG9wgglJqKfRUbfU0QUx0hZwD/EfoZGTYtf8b5bH1W9EvAOoJzAZasKW
pfpuSXoYYZI9Yi63fip3XKO/pzmD+0hZoWJyEV3IPlyeUA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:43:16 2025 by rpki-client