Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A912442A/20F2CB00EB9C11ECA682120CC4F9AE02/3B4551B4CAA811F09DDC8D69C4F9AE02.roa
File: 3B4551B4CAA811F09DDC8D69C4F9AE02.roa (raw, json)
Hash identifier: hDuVof7d3QEQIcHs4zgmq/ai6KUFB43GrplnDI2UHX4=
Subject key identifier: E7:03:4E:31:D5:A6:8E:36:4E:E8:75:B7:66:08:E4:AF:B9:B3:F1:BC
Certificate issuer: /CN=A912442A/serialNumber=8485A39ED6B62128EDF4F99B2C2A811F5C201570
Certificate serial: 0448
Authority key identifier: 84:85:A3:9E:D6:B6:21:28:ED:F4:F9:9B:2C:2A:81:1F:5C:20:15:70
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hIWjnta2ISjt9PmbLCqBH1wgFXA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A912442A/20F2CB00EB9C11ECA682120CC4F9AE02/3B4551B4CAA811F09DDC8D69C4F9AE02.roa
Signing time: Sun 01 Mar 2026 18:49:55 +0000
ROA not before: Tue 02 Dec 2025 23:59:13 +0000
ROA not after: Sun 31 Jan 2027 00:00:00 +0000
asID: 38794
IP address blocks: 43.240.112.0/22 maxlen: 24
43.249.56.0/22 maxlen: 24
43.249.60.0/22 maxlen: 24
43.249.64.0/22 maxlen: 24
43.249.68.0/22 maxlen: 24
43.249.104.0/22 maxlen: 24
43.249.108.0/22 maxlen: 24
43.249.112.0/22 maxlen: 24
43.251.204.0/22 maxlen: 24
43.252.180.0/22 maxlen: 24
45.64.88.0/22 maxlen: 24
45.117.208.0/22 maxlen: 24
45.122.48.0/22 maxlen: 24
45.127.60.0/22 maxlen: 24
103.4.228.0/22 maxlen: 24
103.28.240.0/23 maxlen: 24
103.40.132.0/22 maxlen: 24
103.40.136.0/22 maxlen: 24
103.40.140.0/22 maxlen: 24
103.40.144.0/22 maxlen: 24
103.40.148.0/22 maxlen: 24
103.40.180.0/22 maxlen: 24
103.40.184.0/22 maxlen: 24
103.40.188.0/22 maxlen: 24
103.225.24.0/22 maxlen: 24
103.240.60.0/22 maxlen: 24
103.245.112.0/22 maxlen: 24
115.31.128.0/18 maxlen: 24
116.193.144.0/22 maxlen: 24
116.193.148.0/22 maxlen: 24
117.121.208.0/20 maxlen: 24
119.13.24.0/21 maxlen: 24
119.63.64.0/19 maxlen: 24
124.197.48.0/21 maxlen: 24
125.254.52.0/22 maxlen: 24
150.107.220.0/22 maxlen: 24
202.27.110.0/24 maxlen: 24
202.94.240.0/20 maxlen: 24
202.148.176.0/20 maxlen: 24
203.114.68.0/22 maxlen: 24
203.188.224.0/21 maxlen: 24
223.27.192.0/18 maxlen: 24
2001:df0:1e::/48 maxlen: 48
2400:cd00::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A912442A/20F2CB00EB9C11ECA682120CC4F9AE02/hIWjnta2ISjt9PmbLCqBH1wgFXA.crl
rsync://rpki.apnic.net/member_repository/A912442A/20F2CB00EB9C11ECA682120CC4F9AE02/hIWjnta2ISjt9PmbLCqBH1wgFXA.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hIWjnta2ISjt9PmbLCqBH1wgFXA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 08 Mar 2026 23:54:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1096 (0x448)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A912442A, serialNumber=8485A39ED6B62128EDF4F99B2C2A811F5C201570
Validity
Not Before: Dec 2 23:59:13 2025 GMT
Not After : Jan 31 00:00:00 2027 GMT
Subject: CN=69a48a53-7c71
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:e6:e3:80:b8:7a:fb:0d:ab:6d:99:4b:92:82:
22:67:18:d8:26:ab:2c:2b:f1:47:50:b3:dc:c9:fd:
8f:7d:3c:8b:9e:1c:d1:25:43:80:2c:73:55:02:4c:
4f:1f:d9:5a:89:83:2d:77:b7:d6:89:84:69:cd:30:
fa:51:51:e1:35:47:8d:11:22:60:ca:ef:6a:a1:45:
ca:95:b8:0a:61:31:12:0d:a7:66:90:2f:da:ce:c1:
b4:f6:e3:1b:f5:c1:f8:35:2f:a4:25:4f:94:ca:93:
a7:b7:5a:00:10:f4:82:fa:7f:98:0a:32:06:48:6f:
60:5f:91:3d:bc:2c:c3:74:c8:e1:d7:71:e0:bb:eb:
a5:46:6c:3e:fb:19:d0:19:91:a2:59:cd:b3:5c:a0:
4b:ed:d4:dd:e8:6f:cf:08:bb:d5:67:66:22:c6:22:
27:67:b7:78:4c:da:00:c5:7d:2b:7c:23:2d:ed:de:
d5:8b:59:03:29:42:b2:5c:f6:9f:6a:a5:e6:f6:c4:
55:21:2f:4c:66:5b:b7:b0:4e:3f:d6:46:06:96:db:
41:f6:63:3c:eb:45:50:92:ae:5e:d1:6a:7b:2c:32:
21:0a:b9:5c:5b:da:bb:a7:07:d1:61:c3:75:c0:0a:
2e:05:b7:ea:33:d6:fa:65:2e:c0:07:a2:63:77:ae:
31:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:03:4E:31:D5:A6:8E:36:4E:E8:75:B7:66:08:E4:AF:B9:B3:F1:BC
X509v3 Authority Key Identifier:
keyid:84:85:A3:9E:D6:B6:21:28:ED:F4:F9:9B:2C:2A:81:1F:5C:20:15:70
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A912442A/20F2CB00EB9C11ECA682120CC4F9AE02/hIWjnta2ISjt9PmbLCqBH1wgFXA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hIWjnta2ISjt9PmbLCqBH1wgFXA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912442A/20F2CB00EB9C11ECA682120CC4F9AE02/3B4551B4CAA811F09DDC8D69C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
43.240.112.0/22
43.249.56.0-43.249.71.255
43.249.104.0-43.249.115.255
43.251.204.0/22
43.252.180.0/22
45.64.88.0/22
45.117.208.0/22
45.122.48.0/22
45.127.60.0/22
103.4.228.0/22
103.28.240.0/23
103.40.132.0-103.40.151.255
103.40.180.0-103.40.191.255
103.225.24.0/22
103.240.60.0/22
103.245.112.0/22
115.31.128.0/18
116.193.144.0/21
117.121.208.0/20
119.13.24.0/21
119.63.64.0/19
124.197.48.0/21
125.254.52.0/22
150.107.220.0/22
202.27.110.0/24
202.94.240.0/20
202.148.176.0/20
203.114.68.0/22
203.188.224.0/21
223.27.192.0/18
IPv6:
2001:df0:1e::/48
2400:cd00::/32
Signature Algorithm: sha256WithRSAEncryption
79:02:72:0c:64:a8:2b:9e:78:f0:e8:7b:00:3a:9e:9e:07:49:
b4:8d:2c:dd:c1:69:b2:18:88:ff:f0:04:56:4c:79:73:2b:8f:
b1:13:4d:57:8b:39:04:53:54:a7:98:c5:ec:88:60:fd:db:f0:
b3:79:8a:49:dd:e4:62:1b:4e:0c:cf:05:fc:1e:18:14:71:c8:
42:6d:0d:47:75:b8:08:10:bf:e8:68:f4:65:50:b7:8c:13:64:
3e:0e:62:f0:6e:25:13:68:25:ed:a8:4a:9a:6e:6b:6a:25:57:
52:26:5d:56:2c:1d:72:67:8c:3b:15:b9:c2:e2:42:fb:ba:d6:
06:5e:13:20:98:e2:5d:c9:57:f9:e9:72:6b:91:ac:47:05:be:
e9:70:1c:83:12:cd:e5:9b:87:a9:b8:ef:37:81:52:69:74:0c:
b9:07:44:aa:cd:03:27:b5:39:54:a2:8e:ce:7b:66:21:75:51:
d8:5e:53:a9:1b:07:ec:3a:96:b9:b8:94:62:e4:27:b9:43:83:
5f:c6:85:44:82:d5:cd:a0:40:6a:3a:11:a6:b8:bd:6e:97:f2:
06:4b:a5:57:4d:cd:2a:b2:1e:81:13:3d:97:89:dd:79:e3:dc:
ed:f4:e1:8b:c5:e5:fa:30:10:4b:0a:b7:4a:59:37:fa:c5:e7:
6b:9f:57:0f
-----BEGIN CERTIFICATE-----
MIIGKDCCBRCgAwIBAgICBEgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjQ0MkExMTAvBgNVBAUTKDg0ODVBMzlFRDZCNjIxMjhFREY0Rjk5QjJDMkE4MTFG
NUMyMDE1NzAwHhcNMjUxMjAyMjM1OTEzWhcNMjcwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0OGE1My03YzcxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzebjgLh6+w2rbZlLkoIiZxjYJqssK/FHULPcyf2PfTyLnhzRJUOALHNVAkxP
H9laiYMtd7fWiYRpzTD6UVHhNUeNESJgyu9qoUXKlbgKYTESDadmkC/azsG09uMb
9cH4NS+kJU+UypOnt1oAEPSC+n+YCjIGSG9gX5E9vCzDdMjh13Hgu+ulRmw++xnQ
GZGiWc2zXKBL7dTd6G/PCLvVZ2YixiInZ7d4TNoAxX0rfCMt7d7Vi1kDKUKyXPaf
aqXm9sRVIS9MZlu3sE4/1kYGlttB9mM860VQkq5e0Wp7LDIhCrlcW9q7pwfRYcN1
wAouBbfqM9b6ZS7AB6Jjd64xBQIDAQABo4IDTDCCA0gwHQYDVR0OBBYEFOcDTjHV
po42Tuh1t2YI5K+5s/G8MB8GA1UdIwQYMBaAFISFo57WtiEo7fT5mywqgR9cIBVw
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNDQyQS8yMEYyQ0IwMEVC
OUMxMUVDQTY4MjEyMENDNEY5QUUwMi9oSVdqbnRhMklTanQ5UG1iTENxQkgxd2dG
WEEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2hJV2pudGEySVNqdDlQbWJMQ3FCSDF3Z0ZYQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjQ0MkEvMjBGMkNCMDBFQjlDMTFFQ0E2ODIxMjBDQzRGOUFFMDIvM0I0NTUxQjRD
QUE4MTFGMDlEREM4RDY5QzRGOUFFMDIucm9hMIIBCQYIKwYBBQUHAQcBAf8Egfkw
gfYwgdsEAgABMIHUAwQCK/BwMAwDBAMr+TgDBAMr+UAwDAMEAyv5aAMEAiv5cAME
Aiv7zAMEAiv8tAMEAi1AWAMEAi110AMEAi16MAMEAi1/PAMEAmcE5AMEAWcc8DAM
AwQCZyiEAwQDZyiQMAwDBAJnKLQDBAZnKIADBAJn4RgDBAJn8DwDBAJn9XADBAZz
H4ADBAN0wZADBAR1edADBAN3DRgDBAV3P0ADBAN8xTADBAJ9/jQDBAKWa9wDBADK
G24DBATKXvADBATKlLADBALLckQDBAPLvOADBAbfG8AwFgQCAAIwEAMHACABDfAA
HgMFACQAzQAwDQYJKoZIhvcNAQELBQADggEBAHkCcgxkqCueePDoewA6np4HSbSN
LN3BabIYiP/wBFZMeXMrj7ETTVeLOQRTVKeYxeyIYP3b8LN5iknd5GIbTgzPBfwe
GBRxyEJtDUd1uAgQv+ho9GVQt4wTZD4OYvBuJRNoJe2oSppua2olV1ImXVYsHXJn
jDsVucLiQvu61gZeEyCY4l3JV/npcmuRrEcFvulwHIMSzeWbh6m47zeBUml0DLkH
RKrNAye1OVSijs57ZiF1UdheU6kbB+w6lrm4lGLkJ7lDg1/GhUSC1c2gQGo6Eaa4
vW6X8gZLpVdNzSqyHoETPZeJ3Xnj3O304YvF5fowEEsKt0pZN/rF52ufVw8=
-----END CERTIFICATE-----
Generated at Mon Mar 2 07:28:39 2026 by rpki-client