Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/CD1E94321A7D11F09A63C576C4F9AE02.roa
File: CD1E94321A7D11F09A63C576C4F9AE02.roa (raw, json)
Hash identifier: wqzw9xIrrEpLFwLVCM13o/IRitqP0tZ9rILqPFlHz/Q=
Subject key identifier: A5:BE:B8:98:F6:93:78:C6:E7:85:7E:00:23:86:93:F9:26:C6:FF:00
Certificate issuer: /CN=A91450A4/serialNumber=3D1D6A332AEA4EC502037A0909F4CC19D42DB198
Certificate serial: 08BA
Authority key identifier: 3D:1D:6A:33:2A:EA:4E:C5:02:03:7A:09:09:F4:CC:19:D4:2D:B1:98
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PR1qMyrqTsUCA3oJCfTMGdQtsZg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/CD1E94321A7D11F09A63C576C4F9AE02.roa
Signing time: Sun 01 Mar 2026 16:34:36 +0000
ROA not before: Mon 02 Feb 2026 21:17:43 +0000
ROA not after: Wed 31 Mar 2027 00:00:00 +0000
asID: 55766
IP address blocks: 43.243.238.0/23 maxlen: 24
43.252.96.0/22 maxlen: 24
103.22.184.0/22 maxlen: 24
103.24.242.0/23 maxlen: 24
103.27.152.0/22 maxlen: 24
103.224.210.0/24 maxlen: 24
103.226.36.0/22 maxlen: 24
115.165.172.0/24 maxlen: 24
118.107.144.0/24 maxlen: 24
118.107.151.0/24 maxlen: 24
175.184.192.0/24 maxlen: 24
175.184.194.0/24 maxlen: 24
175.184.198.0/24 maxlen: 24
175.184.218.0/24 maxlen: 24
175.184.219.0/24 maxlen: 24
175.184.220.0/24 maxlen: 24
202.146.6.0/23 maxlen: 24
203.148.94.0/23 maxlen: 24
223.29.240.0/22 maxlen: 24
2400:f280::/32 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/PR1qMyrqTsUCA3oJCfTMGdQtsZg.crl
rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/PR1qMyrqTsUCA3oJCfTMGdQtsZg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PR1qMyrqTsUCA3oJCfTMGdQtsZg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 01:33:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2234 (0x8ba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91450A4, serialNumber=3D1D6A332AEA4EC502037A0909F4CC19D42DB198
Validity
Not Before: Feb 2 21:17:43 2026 GMT
Not After : Mar 31 00:00:00 2027 GMT
Subject: CN=69a46a9c-73ee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:c5:11:51:0f:46:21:2c:73:7d:5a:1e:00:2a:
53:fa:98:72:e7:64:b3:cd:bc:3d:66:88:25:5e:0e:
36:c1:ab:c7:7f:38:4c:5f:b9:2e:e9:5e:41:3c:be:
ec:d9:28:40:ca:28:be:a4:c0:37:99:38:15:1d:8f:
56:ed:3f:4c:ce:70:34:2f:79:4c:da:7f:4a:10:93:
1e:a9:7e:85:8f:17:d0:ce:1c:94:d5:6e:e1:46:32:
52:63:e9:ce:a8:7e:5b:b0:de:3d:4c:4b:b5:81:47:
0a:9e:2d:d5:0a:9c:3b:80:3f:5b:0c:49:11:3f:c7:
ed:40:bf:73:f4:38:df:49:d7:4a:78:30:e8:52:03:
8d:5f:57:f5:93:f7:c4:cc:87:dd:b8:45:1c:1a:64:
e3:f2:38:89:a7:08:5a:0f:27:5d:bd:c3:98:04:a7:
94:a5:f2:23:c9:26:d7:ad:60:fe:17:ae:87:11:d4:
b5:27:6f:e1:5d:0a:6c:fd:e3:95:60:be:76:1d:2b:
83:6c:31:a6:63:f0:72:bf:52:62:bf:44:b3:8d:2e:
43:c9:18:90:7e:b9:c9:36:fc:a5:5b:a8:91:33:d3:
88:96:fc:0f:dd:ad:e6:ca:d3:15:da:fe:00:2d:1b:
fe:28:4a:bb:5c:6d:96:76:f6:2f:e0:db:09:82:04:
85:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:BE:B8:98:F6:93:78:C6:E7:85:7E:00:23:86:93:F9:26:C6:FF:00
X509v3 Authority Key Identifier:
keyid:3D:1D:6A:33:2A:EA:4E:C5:02:03:7A:09:09:F4:CC:19:D4:2D:B1:98
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/PR1qMyrqTsUCA3oJCfTMGdQtsZg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PR1qMyrqTsUCA3oJCfTMGdQtsZg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/CD1E94321A7D11F09A63C576C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
43.243.238.0/23
43.252.96.0/22
103.22.184.0/22
103.24.242.0/23
103.27.152.0/22
103.224.210.0/24
103.226.36.0/22
115.165.172.0/24
118.107.144.0/24
118.107.151.0/24
175.184.192.0/24
175.184.194.0/24
175.184.198.0/24
175.184.218.0-175.184.220.255
202.146.6.0/23
203.148.94.0/23
223.29.240.0/22
IPv6:
2400:f280::/32
Signature Algorithm: sha256WithRSAEncryption
92:d0:97:ee:1d:2e:ed:59:be:49:05:36:52:0c:a9:99:85:87:
f3:fb:4b:96:3d:80:22:04:25:05:e5:16:39:8f:59:85:95:0a:
e9:ae:e2:79:9b:58:71:60:9e:38:08:a4:5d:af:c3:dd:d5:fc:
60:b3:c0:5b:94:42:3c:97:f5:54:26:b7:e4:b5:3a:5d:40:59:
86:ed:ba:39:ce:61:ff:39:c5:f1:4a:83:32:0a:7f:04:b1:ea:
ba:ad:d1:cc:e0:10:ff:0a:55:77:05:d3:4b:48:54:e4:4d:e3:
84:d5:8b:de:f5:d4:48:c5:94:86:a2:f9:83:ff:89:a1:25:2b:
30:b8:e9:11:17:f1:c8:21:d7:ab:4e:07:12:ff:9e:2f:2a:03:
f4:49:a1:6c:48:c4:e9:f7:2c:fe:5b:04:16:54:13:92:69:11:
10:06:0c:8b:a6:ec:a4:f0:78:47:e0:be:af:79:ac:2d:ed:9f:
de:38:08:f9:aa:21:88:5e:bc:87:eb:5a:97:49:29:22:ba:07:
96:26:c7:a8:23:cd:20:2f:84:b3:4d:14:80:41:f8:4a:73:8d:
2d:25:9f:5a:c5:c9:f3:13:b0:73:49:01:56:32:e6:85:5a:be:
2d:fb:2d:29:de:47:83:56:ef:0a:87:01:a1:6a:34:7e:4f:bf:
6a:75:a2:9a
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgICCLowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDUwQTQxMTAvBgNVBAUTKDNEMUQ2QTMzMkFFQTRFQzUwMjAzN0EwOTA5RjRDQzE5
RDQyREIxOTgwHhcNMjYwMjAyMjExNzQzWhcNMjcwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NmE5Yy03M2VlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr8URUQ9GISxzfVoeACpT+phy52Szzbw9ZoglXg42wavHfzhMX7ku6V5BPL7s
2ShAyii+pMA3mTgVHY9W7T9MznA0L3lM2n9KEJMeqX6FjxfQzhyU1W7hRjJSY+nO
qH5bsN49TEu1gUcKni3VCpw7gD9bDEkRP8ftQL9z9DjfSddKeDDoUgONX1f1k/fE
zIfduEUcGmTj8jiJpwhaDyddvcOYBKeUpfIjySbXrWD+F66HEdS1J2/hXQps/eOV
YL52HSuDbDGmY/Byv1Jiv0SzjS5DyRiQfrnJNvylW6iRM9OIlvwP3a3mytMV2v4A
LRv+KEq7XG2WdvYv4NsJggSFXwIDAQABo4IC2jCCAtYwHQYDVR0OBBYEFKW+uJj2
k3jG54V+ACOGk/kmxv8AMB8GA1UdIwQYMBaAFD0dajMq6k7FAgN6CQn0zBnULbGY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NTBBNC9ERDQ3MzY5ODBD
MzYxMUVCQTRFNDlFMjFDNEY5QUUwMi9QUjFxTXlycVRzVUNBM29KQ2ZUTUdkUXRz
WmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BSMXFNeXJxVHNVQ0Ezb0pDZlRNR2RRdHNaZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDUwQTQvREQ0NzM2OTgwQzM2MTFFQkE0RTQ5RTIxQzRGOUFFMDIvQ0QxRTk0MzIx
QTdEMTFGMDlBNjNDNTc2QzRGOUFFMDIucm9hMIGYBggrBgEFBQcBBwEB/wSBiDCB
hTB0BAIAATBuAwQBK/PuAwQCK/xgAwQCZxa4AwQBZxjyAwQCZxuYAwQAZ+DSAwQC
Z+IkAwQAc6WsAwQAdmuQAwQAdmuXAwQAr7jAAwQAr7jCAwQAr7jGMAwDBAGvuNoD
BACvuNwDBAHKkgYDBAHLlF4DBALfHfAwDQQCAAIwBwMFACQA8oAwDQYJKoZIhvcN
AQELBQADggEBAJLQl+4dLu1ZvkkFNlIMqZmFh/P7S5Y9gCIEJQXlFjmPWYWVCumu
4nmbWHFgnjgIpF2vw93V/GCzwFuUQjyX9VQmt+S1Ol1AWYbtujnOYf85xfFKgzIK
fwSx6rqt0czgEP8KVXcF00tIVORN44TVi9711EjFlIai+YP/iaElKzC46REX8cgh
16tOBxL/ni8qA/RJoWxIxOn3LP5bBBZUE5JpERAGDIum7KTweEfgvq95rC3tn944
CPmqIYhevIfrWpdJKSK6B5Ymx6gjzSAvhLNNFIBB+EpzjS0ln1rFyfMTsHNJAVYy
5oVavi37LSneR4NW7wqHAaFqNH5Pv2p1opo=
-----END CERTIFICATE-----
Generated at Mon Mar 2 13:19:39 2026 by rpki-client