Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911E008/DD88C3AEF1D311E797ED4240C4F9AE02/C96DCB80D00A11F0BC76FE15C4F9AE02.roa
File: C96DCB80D00A11F0BC76FE15C4F9AE02.roa (raw, json)
Hash identifier: 9clXsEeVc8Rrec1VecieWHsCO3PFs56kSy/Kdhg94ag=
Subject key identifier: 00:8E:35:06:59:86:EE:DE:6D:7C:3D:7A:E6:56:33:5C:AA:DB:57:9F
Certificate issuer: /CN=A911E008/serialNumber=248F5588EA8FC7DD0A3B4DA1E1558031C0D927E4
Certificate serial: 1783
Authority key identifier: 24:8F:55:88:EA:8F:C7:DD:0A:3B:4D:A1:E1:55:80:31:C0:D9:27:E4
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JI9ViOqPx90KO02h4VWAMcDZJ-Q.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911E008/DD88C3AEF1D311E797ED4240C4F9AE02/C96DCB80D00A11F0BC76FE15C4F9AE02.roa
Signing time: Sun 01 Mar 2026 17:49:42 +0000
ROA not before: Wed 03 Dec 2025 06:19:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 23749
IP address blocks: 112.213.64.0/24 maxlen: 24
112.213.65.0/24 maxlen: 24
112.213.66.0/24 maxlen: 24
112.213.67.0/24 maxlen: 24
112.213.68.0/22 maxlen: 22
112.213.68.0/24 maxlen: 24
112.213.69.0/24 maxlen: 24
112.213.70.0/24 maxlen: 24
112.213.71.0/24 maxlen: 24
112.213.72.0/22 maxlen: 22
112.213.72.0/24 maxlen: 24
112.213.73.0/24 maxlen: 24
112.213.74.0/24 maxlen: 24
112.213.75.0/24 maxlen: 24
202.122.96.0/24 maxlen: 24
202.122.97.0/24 maxlen: 24
202.122.98.0/24 maxlen: 24
202.122.99.0/24 maxlen: 24
202.122.100.0/24 maxlen: 24
202.122.101.0/24 maxlen: 24
202.122.102.0/24 maxlen: 24
202.122.103.0/24 maxlen: 24
202.122.104.0/24 maxlen: 24
202.122.105.0/24 maxlen: 24
202.122.106.0/24 maxlen: 24
202.122.107.0/24 maxlen: 24
202.122.108.0/23 maxlen: 23
202.122.108.0/24 maxlen: 24
202.122.109.0/24 maxlen: 24
202.122.110.0/24 maxlen: 24
2401:3c60::/32 maxlen: 32
2401:3c60:1::/48 maxlen: 48
2401:3c60:2::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A911E008/DD88C3AEF1D311E797ED4240C4F9AE02/JI9ViOqPx90KO02h4VWAMcDZJ-Q.crl
rsync://rpki.apnic.net/member_repository/A911E008/DD88C3AEF1D311E797ED4240C4F9AE02/JI9ViOqPx90KO02h4VWAMcDZJ-Q.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JI9ViOqPx90KO02h4VWAMcDZJ-Q.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 08 Mar 2026 23:27:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6019 (0x1783)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911E008, serialNumber=248F5588EA8FC7DD0A3B4DA1E1558031C0D927E4
Validity
Not Before: Dec 3 06:19:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=69a47c36-56c6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:41:84:27:4a:e8:d6:69:e9:78:35:4e:44:f8:
60:ed:5e:1c:73:82:cd:1c:22:9f:0b:93:11:52:6f:
4f:c9:d6:36:ca:d1:28:8e:d1:a9:a9:ad:d4:c6:1d:
9b:8b:96:ab:05:f9:7f:6a:c4:92:ff:75:dc:59:bc:
2d:21:e4:8b:e8:4c:9c:e1:c0:79:8e:05:c4:ad:f6:
56:cd:4c:d0:c4:a5:2d:05:a8:ad:ae:17:43:cc:b5:
e7:1a:4b:58:21:fc:21:6b:cc:d2:6f:b2:ab:f1:fe:
e4:85:6c:49:ad:9c:f2:17:40:8b:a0:cf:16:99:96:
23:9b:df:2b:a3:24:cc:9c:be:e8:d6:05:a0:46:d3:
77:ec:81:65:78:0b:c7:2e:a0:ee:82:d3:0f:18:6a:
62:25:3d:39:49:79:10:ac:32:e7:c8:38:2a:85:13:
77:56:18:e3:e8:8e:32:e8:2b:6e:79:2e:20:c1:77:
2d:d2:a1:8e:b1:1e:13:5c:cd:43:a9:bc:06:21:02:
c8:80:a4:4c:55:25:c9:62:54:74:3b:06:12:4e:08:
66:93:30:3e:ea:71:25:f9:62:fd:0a:2c:ff:84:f5:
b5:39:55:ce:78:c7:06:74:14:95:70:24:5d:2f:94:
84:1c:f5:a4:72:22:ac:94:cb:cc:ed:be:ff:71:36:
08:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:8E:35:06:59:86:EE:DE:6D:7C:3D:7A:E6:56:33:5C:AA:DB:57:9F
X509v3 Authority Key Identifier:
keyid:24:8F:55:88:EA:8F:C7:DD:0A:3B:4D:A1:E1:55:80:31:C0:D9:27:E4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911E008/DD88C3AEF1D311E797ED4240C4F9AE02/JI9ViOqPx90KO02h4VWAMcDZJ-Q.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JI9ViOqPx90KO02h4VWAMcDZJ-Q.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911E008/DD88C3AEF1D311E797ED4240C4F9AE02/C96DCB80D00A11F0BC76FE15C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
112.213.64.0-112.213.75.255
202.122.96.0-202.122.110.255
IPv6:
2401:3c60::/32
Signature Algorithm: sha256WithRSAEncryption
af:64:24:21:ba:7a:74:eb:c5:76:4c:48:67:3d:b9:68:5b:ba:
e5:be:bd:ef:3c:40:d7:d8:60:11:d4:01:15:09:e0:3f:4c:a7:
68:63:3e:c5:e6:bc:32:12:53:39:c9:57:c6:63:e2:2f:0a:43:
9c:4c:f4:27:5f:6c:1b:86:58:6d:28:a7:8d:18:b2:5e:23:a8:
dc:84:22:e4:9c:57:8b:a9:e3:3b:95:74:71:ee:fa:c5:77:59:
fe:d0:a1:17:ed:08:97:8c:d5:a4:d0:61:c3:3d:c3:d5:20:26:
7b:07:88:e5:9a:9f:65:d3:f3:ae:a4:7a:94:c0:06:93:d2:a6:
13:99:d9:45:be:b3:ec:d7:4c:4a:67:44:6b:d4:ae:f9:e6:51:
4a:67:43:b5:17:3b:71:48:75:b8:82:99:0d:6e:40:12:da:22:
4f:37:a6:d0:4a:6c:a0:e8:ad:36:2d:8d:7b:3e:8c:c6:d6:b6:
80:5a:eb:4f:21:77:b4:55:d9:a0:69:3b:8e:10:c2:41:6c:d2:
55:59:0a:14:ee:92:ab:e1:b4:89:ad:16:94:6b:2a:2f:e3:0a:
cb:d1:66:95:73:e8:64:5d:75:f3:40:19:7b:e4:e7:18:36:fb:
34:96:0c:9e:08:92:d0:78:39:74:30:6a:d3:a5:42:e1:a6:2b:
2c:2a:ab:0b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgICF4MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUUwMDgxMTAvBgNVBAUTKDI0OEY1NTg4RUE4RkM3REQwQTNCNERBMUUxNTU4MDMx
QzBEOTI3RTQwHhcNMjUxMjAzMDYxOTM4WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0N2MzNi01NmM2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApUGEJ0ro1mnpeDVORPhg7V4cc4LNHCKfC5MRUm9PydY2ytEojtGpqa3Uxh2b
i5arBfl/asSS/3XcWbwtIeSL6Eyc4cB5jgXErfZWzUzQxKUtBaitrhdDzLXnGktY
Ifwha8zSb7Kr8f7khWxJrZzyF0CLoM8WmZYjm98royTMnL7o1gWgRtN37IFleAvH
LqDugtMPGGpiJT05SXkQrDLnyDgqhRN3Vhjj6I4y6CtueS4gwXct0qGOsR4TXM1D
qbwGIQLIgKRMVSXJYlR0OwYSTghmkzA+6nEl+WL9Ciz/hPW1OVXOeMcGdBSVcCRd
L5SEHPWkciKslMvM7b7/cTYIawIDAQABo4IChTCCAoEwHQYDVR0OBBYEFACONQZZ
hu7ebXw9euZWM1yq21efMB8GA1UdIwQYMBaAFCSPVYjqj8fdCjtNoeFVgDHA2Sfk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRTAwOC9ERDg4QzNBRUYx
RDMxMUU3OTdFRDQyNDBDNEY5QUUwMi9KSTlWaU9xUHg5MEtPMDJoNFZXQU1jRFpK
LVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0pJOVZpT3FQeDkwS08wMmg0VldBTWNEWkotUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUUwMDgvREQ4OEMzQUVGMUQzMTFFNzk3RUQ0MjQwQzRGOUFFMDIvQzk2RENCODBE
MDBBMTFGMEJDNzZGRTE1QzRGOUFFMDIucm9hMEQGCCsGAQUFBwEHAQH/BDUwMzAi
BAIAATAcMAwDBAZw1UADBAJw1UgwDAMEBcp6YAMEAMp6bjANBAIAAjAHAwUAJAE8
YDANBgkqhkiG9w0BAQsFAAOCAQEAr2QkIbp6dOvFdkxIZz25aFu65b697zxA19hg
EdQBFQngP0ynaGM+xea8MhJTOclXxmPiLwpDnEz0J19sG4ZYbSinjRiyXiOo3IQi
5JxXi6njO5V0ce76xXdZ/tChF+0Il4zVpNBhwz3D1SAmeweI5ZqfZdPzrqR6lMAG
k9KmE5nZRb6z7NdMSmdEa9Su+eZRSmdDtRc7cUh1uIKZDW5AEtoiTzem0EpsoOit
Ni2Nez6Mxta2gFrrTyF3tFXZoGk7jhDCQWzSVVkKFO6Sq+G0ia0WlGsqL+MKy9Fm
lXPoZF1180AZe+TnGDb7NJYMngiS0Hg5dDBq06VC4aYrLCqrCw==
-----END CERTIFICATE-----
Generated at Mon Mar 2 06:32:27 2026 by rpki-client