Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa
File: 24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa (raw, json)
Hash identifier: FXCVIBZtmzju9cWOxPkZCfQlYGeqv1UjQpOEkpTPeD4=
Subject key identifier: 3A:2B:FE:56:0F:7F:D9:F4:B0:9E:A3:BB:1A:50:97:19:D2:55:AC:33
Certificate issuer: /CN=A9123E38/serialNumber=D54BF399BE1B659B132314B821933A20BA38B96A
Certificate serial: 1765
Authority key identifier: D5:4B:F3:99:BE:1B:65:9B:13:23:14:B8:21:93:3A:20:BA:38:B9:6A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa
Signing time: Sun 01 Mar 2026 12:15:09 +0000
ROA not before: Wed 30 Apr 2025 16:55:39 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 24337
IP address blocks: 103.228.252.0/24 maxlen: 24
103.228.253.0/24 maxlen: 24
103.228.254.0/24 maxlen: 24
103.228.255.0/24 maxlen: 24
139.5.156.0/22 maxlen: 22
139.5.156.0/24 maxlen: 24
139.5.157.0/24 maxlen: 24
139.5.158.0/24 maxlen: 24
139.5.159.0/24 maxlen: 24
141.164.96.0/20 maxlen: 20
141.164.96.0/24 maxlen: 24
141.164.97.0/24 maxlen: 24
141.164.98.0/24 maxlen: 24
141.164.99.0/24 maxlen: 24
141.164.103.0/24 maxlen: 24
141.164.104.0/24 maxlen: 24
141.164.105.0/24 maxlen: 24
141.164.107.0/24 maxlen: 24
141.164.108.0/24 maxlen: 24
141.164.109.0/24 maxlen: 24
141.164.110.0/24 maxlen: 24
141.164.111.0/24 maxlen: 24
202.123.176.0/21 maxlen: 21
202.123.176.0/24 maxlen: 24
202.123.177.0/24 maxlen: 24
202.123.178.0/24 maxlen: 24
202.123.179.0/24 maxlen: 24
202.123.180.0/24 maxlen: 24
202.123.181.0/24 maxlen: 24
202.123.182.0/24 maxlen: 24
202.123.183.0/24 maxlen: 24
2400:c180::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.crl
rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 00:34:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5989 (0x1765)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9123E38, serialNumber=D54BF399BE1B659B132314B821933A20BA38B96A
Validity
Not Before: Apr 30 16:55:39 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=69a42dcd-f7c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:87:64:ce:8b:e6:08:82:9e:f0:e7:72:03:c2:
48:c4:68:f6:5b:54:8d:89:ab:f4:2f:4f:0f:2c:57:
0b:52:c0:2c:5a:b5:c3:3c:17:0e:82:cb:55:31:e3:
22:42:11:59:7e:b8:2c:87:66:78:ed:55:b9:e3:0e:
7a:66:07:17:cf:ae:74:c2:24:56:23:3b:b4:12:f8:
d4:8b:76:57:23:8a:f7:40:55:7a:c6:ec:22:53:1f:
38:b3:9b:05:5d:d0:f3:8d:92:94:94:27:e1:ba:66:
50:09:84:a2:80:5a:7e:ac:4a:b6:d6:dd:44:36:8e:
92:d7:e5:dc:2b:de:b2:75:12:73:c7:bc:fc:5b:80:
fb:5f:49:87:b3:b5:82:07:34:0b:4b:e8:59:b4:d3:
d0:ba:10:5c:c1:9b:6d:d9:58:dd:ea:af:50:b4:4d:
62:45:4f:8b:70:cb:af:9c:bd:13:71:42:5a:0f:b0:
44:9d:f4:27:45:6b:31:66:4d:77:25:b0:9f:e7:d6:
b3:6b:9d:3a:fb:1f:99:4a:9e:51:e4:b5:79:64:21:
b3:73:a3:a4:7c:a4:fd:42:ba:6e:64:3c:98:f8:b1:
23:b4:ad:65:56:0b:a3:1d:e5:b0:7d:75:63:fc:b7:
f5:b6:35:b3:1c:61:b4:1a:24:9b:69:db:f2:fa:76:
e0:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:2B:FE:56:0F:7F:D9:F4:B0:9E:A3:BB:1A:50:97:19:D2:55:AC:33
X509v3 Authority Key Identifier:
keyid:D5:4B:F3:99:BE:1B:65:9B:13:23:14:B8:21:93:3A:20:BA:38:B9:6A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
103.228.252.0/22
139.5.156.0/22
141.164.96.0/20
202.123.176.0/21
IPv6:
2400:c180::/32
Signature Algorithm: sha256WithRSAEncryption
57:8d:8b:c5:d0:e4:58:90:40:65:65:7e:b4:06:86:9c:49:99:
85:8f:0c:ff:80:7d:42:62:b5:bc:3d:4d:f7:d5:d6:2f:fc:58:
4c:50:9f:47:42:20:27:a0:71:b5:ad:75:2b:77:7b:e5:64:ee:
10:a8:ed:4b:28:c5:4a:41:37:53:c0:c3:6c:90:03:ce:be:73:
89:fb:39:c7:42:8e:34:1e:d0:d6:f3:fb:03:9d:ad:c8:7a:77:
1d:c3:79:c1:59:ad:1d:2f:fd:96:cd:be:de:74:3c:4e:1c:f2:
b8:33:0c:3c:7e:62:fe:91:72:ce:f7:6c:44:44:4e:2d:89:38:
77:bf:b4:fd:e5:23:dc:78:09:e6:dc:ca:ef:8c:d8:b4:1b:f7:
9f:a9:b9:a6:f5:27:54:4a:f8:47:a1:04:d4:99:5a:21:21:d8:
a2:8d:ff:2b:92:4e:43:f3:fb:ff:fc:6e:17:1f:24:e2:6f:44:
d7:2e:23:31:08:9e:c9:50:df:54:87:40:e7:03:66:aa:37:38:
5f:21:c2:45:11:da:f1:fb:e9:da:d2:8a:28:d6:09:a7:d3:81:
0a:65:9c:aa:d5:50:1d:53:16:d3:0e:45:ca:06:18:a9:ed:85:
8d:92:fa:ae:2d:10:34:ad:65:25:0f:12:29:6a:19:89:58:5d:
e0:04:3d:02
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgICF2UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjNFMzgxMTAvBgNVBAUTKEQ1NEJGMzk5QkUxQjY1OUIxMzIzMTRCODIxOTMzQTIw
QkEzOEI5NkEwHhcNMjUwNDMwMTY1NTM5WhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0MmRjZC1mN2MxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7odkzovmCIKe8OdyA8JIxGj2W1SNiav0L08PLFcLUsAsWrXDPBcOgstVMeMi
QhFZfrgsh2Z47VW54w56ZgcXz650wiRWIzu0EvjUi3ZXI4r3QFV6xuwiUx84s5sF
XdDzjZKUlCfhumZQCYSigFp+rEq21t1ENo6S1+XcK96ydRJzx7z8W4D7X0mHs7WC
BzQLS+hZtNPQuhBcwZtt2Vjd6q9QtE1iRU+LcMuvnL0TcUJaD7BEnfQnRWsxZk13
JbCf59aza506+x+ZSp5R5LV5ZCGzc6OkfKT9QrpuZDyY+LEjtK1lVgujHeWwfXVj
/Lf1tjWzHGG0GiSbadvy+nbgYQIDAQABo4ICgTCCAn0wHQYDVR0OBBYEFDor/lYP
f9n0sJ6juxpQlxnSVawzMB8GA1UdIwQYMBaAFNVL85m+G2WbEyMUuCGTOiC6OLlq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyM0UzOC9BMTA4N0QzNjAw
RUExMUU4QkM5M0IxNkJDNEY5QUUwMi8xVXZ6bWI0Ylpac1RJeFM0SVpNNklMbzR1
V28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzFVdnptYjRiWlpzVEl4UzRJWk02SUxvNHVXby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjNFMzgvQTEwODdEMzYwMEVBMTFFOEJDOTNCMTZCQzRGOUFFMDIvMjRDRkRBQkUw
MEVDMTFFOEFBQzRERDZFQzRGOUFFMDIucm9hMEAGCCsGAQUFBwEHAQH/BDEwLzAe
BAIAATAYAwQCZ+T8AwQCiwWcAwQEjaRgAwQDynuwMA0EAgACMAcDBQAkAMGAMA0G
CSqGSIb3DQEBCwUAA4IBAQBXjYvF0ORYkEBlZX60BoacSZmFjwz/gH1CYrW8PU33
1dYv/FhMUJ9HQiAnoHG1rXUrd3vlZO4QqO1LKMVKQTdTwMNskAPOvnOJ+znHQo40
HtDW8/sDna3Iencdw3nBWa0dL/2Wzb7edDxOHPK4Mww8fmL+kXLO92xERE4tiTh3
v7T95SPceAnm3MrvjNi0G/efqbmm9SdUSvhHoQTUmVohIdiijf8rkk5D8/v//G4X
HyTib0TXLiMxCJ7JUN9Uh0DnA2aqNzhfIcJFEdrx++na0ooo1gmn04EKZZyq1VAd
UxbTDkXKBhip7YWNkvquLRA0rWUlDxIpahmJWF3gBD0C
-----END CERTIFICATE-----
Generated at Mon Mar 2 17:55:45 2026 by rpki-client