Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/F16CF7BC240411F0AE5EFB74C4F9AE02.roa
File: F16CF7BC240411F0AE5EFB74C4F9AE02.roa (raw, json)
Hash identifier: NRkATBKCrFf8XehUQ4Kcg07Ah9qbgMhjDJkO80Y8+Ms=
Subject key identifier: 2A:9B:D1:4C:F4:0B:6E:07:2A:35:B5:F1:65:BA:FE:90:93:91:82:A7
Certificate issuer: /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial: 0D30
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/F16CF7BC240411F0AE5EFB74C4F9AE02.roa
Signing time: Mon 28 Apr 2025 07:46:50 +0000
ROA not before: Mon 28 Apr 2025 07:46:50 +0000
ROA not after: Tue 30 Sep 2025 00:00:00 +0000
asID: 133933
IP address blocks: 14.192.128.0/24 maxlen: 24
14.192.129.0/24 maxlen: 24
14.192.130.0/24 maxlen: 24
14.192.131.0/24 maxlen: 24
14.192.132.0/24 maxlen: 24
14.192.136.0/24 maxlen: 24
14.192.139.0/24 maxlen: 24
14.192.140.0/24 maxlen: 24
14.192.141.0/24 maxlen: 24
14.192.142.0/24 maxlen: 24
14.192.143.0/24 maxlen: 24
14.192.147.0/24 maxlen: 24
14.192.148.0/24 maxlen: 24
14.192.153.0/24 maxlen: 24
14.192.155.0/24 maxlen: 24
14.192.156.0/24 maxlen: 24
14.192.157.0/24 maxlen: 24
14.192.159.0/24 maxlen: 24
43.247.120.0/24 maxlen: 24
43.247.121.0/24 maxlen: 24
43.247.122.0/24 maxlen: 24
43.247.123.0/24 maxlen: 24
103.20.132.0/24 maxlen: 24
103.20.133.0/24 maxlen: 24
103.20.134.0/24 maxlen: 24
103.20.135.0/24 maxlen: 24
111.92.128.0/19 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 05 May 2025 20:31:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3376 (0xd30)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915A0CD, serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Validity
Not Before: Apr 28 07:46:50 2025 GMT
Not After : Sep 30 00:00:00 2025 GMT
Subject: CN=680f3269-0a88
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:e6:2b:29:ef:34:08:db:3b:59:6b:48:71:5f:
9b:d0:13:32:17:16:c1:2a:a8:be:2d:18:4b:20:44:
19:42:9d:3b:46:c7:a7:a1:d7:58:61:2c:d0:d3:cf:
2d:8b:54:1b:7c:2d:e1:9c:8d:f1:28:64:02:48:ee:
eb:3f:a9:11:60:a2:0b:c1:78:72:ed:1e:79:8c:32:
58:e2:44:bc:60:83:7f:b2:f5:12:72:c0:a7:fa:94:
d1:07:cf:59:ac:00:f8:c6:81:0e:1e:05:8d:44:bb:
ab:b1:42:ff:3f:47:d3:b2:53:dc:a7:62:5f:7d:3b:
5d:57:43:82:cb:e3:56:9f:2d:a7:a2:2c:aa:75:1d:
7b:c1:fb:74:c4:e1:62:db:b0:d9:3f:49:c2:51:d0:
c4:24:25:ab:fe:31:fc:15:be:04:2f:7d:cb:48:08:
dc:2c:86:c6:e5:1a:00:73:23:a3:fc:d8:37:6d:4d:
24:43:c0:79:2e:19:07:20:91:4d:fb:a0:55:3a:3f:
e1:bc:25:56:14:d3:d2:a5:13:64:22:82:44:b7:14:
9d:af:b7:07:36:02:b3:45:a5:d4:62:b6:be:b0:d5:
9f:2e:44:13:4a:81:d3:ef:78:27:eb:ca:9c:72:63:
b1:f8:6f:f7:bb:82:a9:5b:82:6d:4a:ac:97:4b:fb:
32:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:9B:D1:4C:F4:0B:6E:07:2A:35:B5:F1:65:BA:FE:90:93:91:82:A7
X509v3 Authority Key Identifier:
keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/F16CF7BC240411F0AE5EFB74C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
14.192.128.0-14.192.132.255
14.192.136.0/24
14.192.139.0-14.192.143.255
14.192.147.0-14.192.148.255
14.192.153.0/24
14.192.155.0-14.192.157.255
14.192.159.0/24
43.247.120.0/22
103.20.132.0/22
111.92.128.0/19
Signature Algorithm: sha256WithRSAEncryption
01:b6:b4:25:9e:b7:d1:14:35:af:fa:2d:eb:a7:98:74:9b:24:
e5:50:68:0f:30:9e:b3:11:95:1d:c5:43:0b:8e:5b:03:26:0b:
46:b9:a6:9f:98:89:e4:e8:71:e1:2a:f4:9f:bf:3f:01:ad:e7:
02:30:28:94:94:c6:7d:65:94:db:95:7f:61:88:22:63:05:ad:
bf:9f:4e:6d:0c:65:ec:3a:82:17:f7:41:ff:8d:01:98:2f:9a:
c3:ed:25:dc:57:12:0a:3e:41:6c:6d:44:c4:40:02:19:55:1d:
8c:c2:65:29:92:71:da:84:ea:59:03:7e:63:e5:49:51:7e:ab:
68:44:b6:22:a7:d2:77:62:19:cb:31:5f:5b:d5:3c:da:7f:90:
a8:54:27:ce:17:5a:06:6d:a9:35:19:77:54:a4:7c:76:d3:2d:
dc:c5:c4:7b:a1:da:0c:e1:3f:50:25:94:00:1c:39:f8:44:08:
c2:39:4f:0e:15:4d:71:2b:03:d2:01:8f:1a:18:84:5e:74:1d:
9a:a5:c2:77:eb:c3:da:c3:2b:32:5f:d0:fd:ff:07:e5:ca:17:
89:cf:54:64:22:98:5c:bb:5a:74:47:76:bf:4c:23:f9:46:16:
d3:86:7d:52:6c:77:46:15:05:76:7d:dd:b4:ff:65:ca:a8:ca:
25:71:77:44
-----BEGIN CERTIFICATE-----
MIIFxzCCBK+gAwIBAgICDTAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjUwNDI4MDc0NjUwWhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODBmMzI2OS0wYTg4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyeYrKe80CNs7WWtIcV+b0BMyFxbBKqi+LRhLIEQZQp07RsenoddYYSzQ088t
i1QbfC3hnI3xKGQCSO7rP6kRYKILwXhy7R55jDJY4kS8YIN/svUScsCn+pTRB89Z
rAD4xoEOHgWNRLursUL/P0fTslPcp2JffTtdV0OCy+NWny2noiyqdR17wft0xOFi
27DZP0nCUdDEJCWr/jH8Fb4EL33LSAjcLIbG5RoAcyOj/Ng3bU0kQ8B5LhkHIJFN
+6BVOj/hvCVWFNPSpRNkIoJEtxSdr7cHNgKzRaXUYra+sNWfLkQTSoHT73gn68qc
cmOx+G/3u4KpW4JtSqyXS/syVQIDAQABo4IC6zCCAucwHQYDVR0OBBYEFCqb0Uz0
C24HKjW18WW6/pCTkYKnMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvRjE2Q0Y3QkMy
NDA0MTFGMEFFNUVGQjc0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwdQYIKwYBBQUHAQcBAf8E
ZjBkMGIEAgABMFwwDAMEBw7AgAMEAA7AhAMEAA7AiDAMAwQADsCLAwQEDsCAMAwD
BAAOwJMDBAAOwJQDBAAOwJkwDAMEAA7AmwMEAQ7AnAMEAA7AnwMEAiv3eAMEAmcU
hAMEBW9cgDANBgkqhkiG9w0BAQsFAAOCAQEAAba0JZ630RQ1r/ot66eYdJsk5VBo
DzCesxGVHcVDC45bAyYLRrmmn5iJ5Ohx4Sr0n78/Aa3nAjAolJTGfWWU25V/YYgi
YwWtv59ObQxl7DqCF/dB/40BmC+aw+0l3FcSCj5BbG1ExEACGVUdjMJlKZJx2oTq
WQN+Y+VJUX6raES2IqfSd2IZyzFfW9U82n+QqFQnzhdaBm2pNRl3VKR8dtMt3MXE
e6HaDOE/UCWUABw5+EQIwjlPDhVNcSsD0gGPGhiEXnQdmqXCd+vD2sMrMl/Q/f8H
5coXic9UZCKYXLtadEd2v0wj+UYW04Z9Umx3RhUFdn3dtP9lyqjKJXF3RA==
-----END CERTIFICATE-----
Generated at Mon Apr 28 23:05:15 2025 by rpki-client on console.sobornost.net