Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/0FD0ED72DEDF11F085D204E3526F56BC.roa
File: 0FD0ED72DEDF11F085D204E3526F56BC.roa (raw, json)
Hash identifier: GXMx3T0wzMeQ5SqXIqTQB1NCcmuAlbTIQgesXA5F2WA=
Subject key identifier: EB:E7:E8:39:7A:6F:B9:44:EF:21:47:F0:3C:4B:0F:20:47:5F:E0:E8
Certificate issuer: /CN=A911E509/serialNumber=AA8E1BE3624240DC3302047FB41A7D4E47808EF8
Certificate serial: 0A1D
Authority key identifier: AA:8E:1B:E3:62:42:40:DC:33:02:04:7F:B4:1A:7D:4E:47:80:8E:F8
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qo4b42JCQNwzAgR_tBp9TkeAjvg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/0FD0ED72DEDF11F085D204E3526F56BC.roa
Signing time: Sun 01 Mar 2026 18:36:42 +0000
ROA not before: Mon 22 Dec 2025 02:36:47 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 135391
IP address blocks: 43.224.64.0/22 maxlen: 24
43.230.88.0/22 maxlen: 24
45.253.246.0/23 maxlen: 24
45.255.132.0/22 maxlen: 24
61.29.240.0/22 maxlen: 24
61.29.248.0/24 maxlen: 24
61.29.249.0/24 maxlen: 24
61.29.250.0/23 maxlen: 24
103.43.84.0/22 maxlen: 23
103.43.84.0/23 maxlen: 24
103.43.86.0/24 maxlen: 24
103.49.132.0/22 maxlen: 24
103.65.40.0/22 maxlen: 24
103.98.8.0/22 maxlen: 24
103.211.230.0/23 maxlen: 24
103.216.100.0/22 maxlen: 23
103.216.100.0/24 maxlen: 24
103.216.102.0/23 maxlen: 24
146.196.76.0/23 maxlen: 24
157.119.232.0/22 maxlen: 24
2405:fd80:1000::/40 maxlen: 40
2405:fd80:1000::/48 maxlen: 48
2405:fd80:1003::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/qo4b42JCQNwzAgR_tBp9TkeAjvg.crl
rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/qo4b42JCQNwzAgR_tBp9TkeAjvg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qo4b42JCQNwzAgR_tBp9TkeAjvg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 08 Mar 2026 23:36:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2589 (0xa1d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A911E509, serialNumber=AA8E1BE3624240DC3302047FB41A7D4E47808EF8
Validity
Not Before: Dec 22 02:36:47 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=69a4873a-4955
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:72:47:88:ed:b2:aa:01:47:c2:68:bb:09:a3:
40:17:09:a0:f4:af:6c:5b:07:d4:58:cd:b4:fb:d1:
37:44:49:4b:5f:17:24:a2:bd:e0:85:f0:54:84:95:
77:f4:d4:e1:ff:ce:53:5e:e3:45:0b:c3:e8:46:6e:
6d:d0:4a:58:d3:8e:d2:b4:d8:b6:3f:5d:e9:e2:34:
d2:b8:15:7f:5c:b4:66:35:b5:c7:35:9d:df:19:bb:
d8:7e:e9:30:16:ee:3b:ea:4a:13:ef:55:96:35:ad:
88:ca:7f:24:49:12:26:0f:ba:3a:21:72:9e:e2:fa:
1c:bb:6e:e6:fc:e0:93:bc:1b:7a:3e:54:fb:61:43:
a4:64:23:6f:0c:a5:d9:f4:eb:c5:5c:91:32:cc:93:
9f:99:7f:e9:85:ac:50:1c:50:8b:5d:f7:52:95:25:
db:cd:de:e8:f5:c5:c8:a1:5e:9d:21:87:c5:78:c1:
1a:eb:a8:aa:c0:ac:fe:28:20:4e:56:80:96:d1:b0:
61:34:26:67:f8:b0:8b:99:c4:37:3d:7c:54:a2:7d:
8a:c3:36:26:a2:31:68:da:da:be:e4:15:46:87:ea:
53:07:1b:be:1b:a0:2f:56:cd:ff:2a:99:8e:33:53:
6c:e2:44:bf:2a:fb:b4:f8:47:30:1a:47:6f:8c:95:
be:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:E7:E8:39:7A:6F:B9:44:EF:21:47:F0:3C:4B:0F:20:47:5F:E0:E8
X509v3 Authority Key Identifier:
keyid:AA:8E:1B:E3:62:42:40:DC:33:02:04:7F:B4:1A:7D:4E:47:80:8E:F8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/qo4b42JCQNwzAgR_tBp9TkeAjvg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qo4b42JCQNwzAgR_tBp9TkeAjvg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911E509/79EA591EA7BD11EAAAA62948C4F9AE02/0FD0ED72DEDF11F085D204E3526F56BC.roa
sbgp-ipAddrBlock: critical
IPv4:
43.224.64.0/22
43.230.88.0/22
45.253.246.0/23
45.255.132.0/22
61.29.240.0/22
61.29.248.0/22
103.43.84.0/22
103.49.132.0/22
103.65.40.0/22
103.98.8.0/22
103.211.230.0/23
103.216.100.0/22
146.196.76.0/23
157.119.232.0/22
IPv6:
2405:fd80:1000::/40
Signature Algorithm: sha256WithRSAEncryption
03:a1:26:b5:ba:66:66:34:f6:ca:ad:49:ce:37:72:1c:be:8e:
44:61:a0:ec:ca:8b:4b:02:0f:4f:b4:f5:63:b4:b8:a3:b5:d9:
47:e0:ad:31:7e:7e:2a:3a:f0:71:3a:11:be:ff:f3:12:53:85:
43:10:a0:39:6b:d3:e2:c8:df:40:3c:67:c0:10:fb:cb:8a:8e:
f8:f2:6f:b6:13:52:c4:bf:2a:fb:28:0b:b4:bb:bd:2e:b8:09:
6e:77:e3:1c:b2:c6:5c:ad:13:01:d0:0f:d3:f1:ea:c6:95:16:
e7:82:42:2b:0d:cf:d1:c3:8c:6c:52:ac:e5:23:b5:0a:83:d3:
78:77:44:b7:f5:74:aa:ac:6e:1a:c5:ae:30:6b:44:93:d5:1a:
11:aa:4a:cf:88:0d:ad:b3:0e:95:b5:b6:cd:c1:dd:f9:25:41:
18:cf:32:eb:4c:75:09:7b:bc:d2:7a:e6:ba:01:d3:0f:64:59:
df:8e:d8:b3:98:40:54:bf:9a:13:c5:ac:93:96:fc:84:f8:a0:
37:d8:c3:ff:2a:cb:88:e2:08:8c:82:d2:4b:66:51:8a:92:72:
05:f8:de:1d:1b:b6:c1:ef:d9:42:00:7d:84:19:f4:d0:b8:3a:
0f:bb:14:42:4f:18:0b:da:b1:86:f6:40:78:9d:47:1b:bc:9d:
63:75:ed:9e
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgICCh0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUU1MDkxMTAvBgNVBAUTKEFBOEUxQkUzNjI0MjQwREMzMzAyMDQ3RkI0MUE3RDRF
NDc4MDhFRjgwHhcNMjUxMjIyMDIzNjQ3WhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0ODczYS00OTU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtHJHiO2yqgFHwmi7CaNAFwmg9K9sWwfUWM20+9E3RElLXxckor3ghfBUhJV3
9NTh/85TXuNFC8PoRm5t0EpY047StNi2P13p4jTSuBV/XLRmNbXHNZ3fGbvYfukw
Fu476koT71WWNa2Iyn8kSRImD7o6IXKe4vocu27m/OCTvBt6PlT7YUOkZCNvDKXZ
9OvFXJEyzJOfmX/phaxQHFCLXfdSlSXbzd7o9cXIoV6dIYfFeMEa66iqwKz+KCBO
VoCW0bBhNCZn+LCLmcQ3PXxUon2KwzYmojFo2tq+5BVGh+pTBxu+G6AvVs3/KpmO
M1Ns4kS/Kvu0+EcwGkdvjJW+4QIDAQABo4ICvjCCArowHQYDVR0OBBYEFOvn6Dl6
b7lE7yFH8DxLDyBHX+DoMB8GA1UdIwQYMBaAFKqOG+NiQkDcMwIEf7QafU5HgI74
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRTUwOS83OUVBNTkxRUE3
QkQxMUVBQUFBNjI5NDhDNEY5QUUwMi9xbzRiNDJKQ1FOd3pBZ1JfdEJwOVRrZUFq
dmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FvNGI0MkpDUU53ekFnUl90QnA5VGtlQWp2Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUU1MDkvNzlFQTU5MUVBN0JEMTFFQUFBQTYyOTQ4QzRGOUFFMDIvMEZEMEVENzJE
RURGMTFGMDg1RDIwNEUzNTI2RjU2QkMucm9hMH0GCCsGAQUFBwEHAQH/BG4wbDBa
BAIAATBUAwQCK+BAAwQCK+ZYAwQBLf32AwQCLf+EAwQCPR3wAwQCPR34AwQCZytU
AwQCZzGEAwQCZ0EoAwQCZ2IIAwQBZ9PmAwQCZ9hkAwQBksRMAwQCnXfoMA4EAgAC
MAgDBgAkBf2AEDANBgkqhkiG9w0BAQsFAAOCAQEAA6EmtbpmZjT2yq1JzjdyHL6O
RGGg7MqLSwIPT7T1Y7S4o7XZR+CtMX5+KjrwcToRvv/zElOFQxCgOWvT4sjfQDxn
wBD7y4qO+PJvthNSxL8q+ygLtLu9LrgJbnfjHLLGXK0TAdAP0/HqxpUW54JCKw3P
0cOMbFKs5SO1CoPTeHdEt/V0qqxuGsWuMGtEk9UaEapKz4gNrbMOlbW2zcHd+SVB
GM8y60x1CXu80nrmugHTD2RZ347Ys5hAVL+aE8Wsk5b8hPigN9jD/yrLiOIIjILS
S2ZRipJyBfjeHRu2we/ZQgB9hBn00Lg6D7sUQk8YC9qxhvZAeJ1HG7ydY3Xtng==
-----END CERTIFICATE-----
Generated at Mon Mar 2 06:41:53 2026 by rpki-client