Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9146AD7/F8BABACA8B8911E790115C3FC4F9AE02/3003BB4EB3A411F0B8845739C4F9AE02.roa
File: 3003BB4EB3A411F0B8845739C4F9AE02.roa (raw, json)
Hash identifier: 8kZjJfE5pI5U07OBtYa4V/xyWj0ZIzuRisNkfVOEOCo=
Subject key identifier: E9:C4:EC:4B:3B:50:DB:4C:C4:22:4E:82:FF:9C:AE:B5:E6:CF:B6:95
Certificate issuer: /CN=A9146AD7/serialNumber=BAF5ADA32CA0D34CF3CCF53ABDF86DE6F8ED9005
Certificate serial: 1AAC
Authority key identifier: BA:F5:AD:A3:2C:A0:D3:4C:F3:CC:F5:3A:BD:F8:6D:E6:F8:ED:90:05
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uvWtoyyg00zzzPU6vfht5vjtkAU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9146AD7/F8BABACA8B8911E790115C3FC4F9AE02/3003BB4EB3A411F0B8845739C4F9AE02.roa
Signing time: Sun 01 Mar 2026 18:24:12 +0000
ROA not before: Tue 28 Oct 2025 02:17:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 19905
IP address blocks: 116.89.224.0/20 maxlen: 24
121.74.0.0/16 maxlen: 16
121.75.0.0/16 maxlen: 16
121.90.0.0/16 maxlen: 16
124.6.192.0/19 maxlen: 19
124.6.198.0/24 maxlen: 24
202.0.32.0/19 maxlen: 19
202.20.93.0/24 maxlen: 24
202.36.72.0/24 maxlen: 24
203.96.144.0/20 maxlen: 20
203.96.152.0/24 maxlen: 24
203.96.192.0/19 maxlen: 19
203.97.128.0/17 maxlen: 17
203.97.183.0/24 maxlen: 24
203.97.184.0/23 maxlen: 23
203.97.224.0/24 maxlen: 24
203.97.225.0/24 maxlen: 24
203.97.226.0/24 maxlen: 24
203.97.227.0/24 maxlen: 24
203.97.232.0/24 maxlen: 24
203.97.246.0/23 maxlen: 23
203.109.128.0/17 maxlen: 17
203.109.143.0/24 maxlen: 24
203.109.179.0/24 maxlen: 24
203.109.183.0/24 maxlen: 24
203.144.32.0/20 maxlen: 24
210.246.0.0/18 maxlen: 18
218.101.0.0/18 maxlen: 18
218.101.64.0/18 maxlen: 18
2001:4400::/30 maxlen: 48
2407:7000::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9146AD7/F8BABACA8B8911E790115C3FC4F9AE02/uvWtoyyg00zzzPU6vfht5vjtkAU.crl
rsync://rpki.apnic.net/member_repository/A9146AD7/F8BABACA8B8911E790115C3FC4F9AE02/uvWtoyyg00zzzPU6vfht5vjtkAU.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uvWtoyyg00zzzPU6vfht5vjtkAU.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 02:40:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6828 (0x1aac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9146AD7, serialNumber=BAF5ADA32CA0D34CF3CCF53ABDF86DE6F8ED9005
Validity
Not Before: Oct 28 02:17:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=69a4844c-b853
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:43:1d:9b:89:77:54:e9:fa:b2:57:5a:b2:b0:
9a:97:33:bd:4d:7c:43:08:17:7c:ff:b2:0d:28:21:
d9:90:08:8c:e2:2d:06:4c:75:a5:0a:1c:8b:3e:b9:
18:f2:c0:73:e2:84:ea:a4:af:97:7b:b2:a5:14:c5:
3f:2f:85:8d:23:32:c7:0c:3e:ca:40:62:93:2b:60:
3e:58:3c:77:3c:df:af:52:95:38:6d:6f:bf:12:a1:
a5:ae:c4:2b:a5:43:35:93:54:af:ce:39:9b:59:b6:
21:93:47:65:eb:83:50:71:a8:4f:f8:cd:c8:a3:9d:
64:c3:72:79:23:2a:32:ea:67:29:31:8f:6a:fd:33:
0f:37:b7:67:0e:ad:09:19:64:aa:17:ea:46:b1:ac:
94:b9:c4:25:c5:52:9d:7b:92:27:9c:8d:ad:d5:1b:
2a:8a:f2:a1:b8:32:e9:84:4f:37:e0:34:7f:09:5f:
2a:8d:73:a0:98:2b:fe:26:ca:1b:d3:39:b7:fe:65:
82:79:d8:7b:88:79:31:6f:ed:48:ed:d4:65:ac:4e:
d1:ea:1f:37:ab:a4:ad:50:51:4e:84:e7:70:41:c5:
1b:f7:4c:8f:52:08:b6:10:bb:e6:1b:71:9b:93:19:
01:05:3e:cb:db:4f:3f:ed:f6:ec:4d:78:d2:72:a7:
dd:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:C4:EC:4B:3B:50:DB:4C:C4:22:4E:82:FF:9C:AE:B5:E6:CF:B6:95
X509v3 Authority Key Identifier:
keyid:BA:F5:AD:A3:2C:A0:D3:4C:F3:CC:F5:3A:BD:F8:6D:E6:F8:ED:90:05
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9146AD7/F8BABACA8B8911E790115C3FC4F9AE02/uvWtoyyg00zzzPU6vfht5vjtkAU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uvWtoyyg00zzzPU6vfht5vjtkAU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9146AD7/F8BABACA8B8911E790115C3FC4F9AE02/3003BB4EB3A411F0B8845739C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
116.89.224.0/20
121.74.0.0/15
121.90.0.0/16
124.6.192.0/19
202.0.32.0/19
202.20.93.0/24
202.36.72.0/24
203.96.144.0/20
203.96.192.0/19
203.97.128.0/17
203.109.128.0/17
203.144.32.0/20
210.246.0.0/18
218.101.0.0/17
IPv6:
2001:4400::/30
2407:7000::/32
Signature Algorithm: sha256WithRSAEncryption
94:a0:d5:d6:09:96:b4:db:2e:7f:7d:e3:0f:d0:80:c5:d8:6e:
90:e9:cf:a4:1f:a3:1a:d2:a7:f2:05:3d:bd:90:73:10:f3:82:
70:fd:e8:35:90:d0:9b:cd:42:d3:f3:58:94:3a:d2:4b:a5:bd:
70:d7:e0:c4:23:d7:56:a4:95:98:39:70:01:27:99:d4:8d:f7:
b0:d2:2c:cb:94:d4:e3:eb:29:fe:06:e4:d9:9e:89:07:06:37:
4e:ed:40:81:d0:5b:9f:d1:75:a2:63:19:d2:5a:87:33:ed:33:
ca:5a:a8:0d:8a:a7:b6:ae:78:e1:75:14:50:2f:56:51:44:8e:
7f:61:f9:a0:0a:ce:0f:f4:86:1d:e2:14:88:23:7e:c5:10:9d:
fd:cc:82:04:8f:a9:58:52:75:6e:02:bc:d1:bf:88:bf:bf:06:
3f:f4:cd:3a:13:76:0e:b0:fe:c7:b2:c2:92:b5:92:97:6b:0a:
c2:ae:35:80:92:d3:e0:48:27:00:d7:43:7b:c5:64:38:fb:48:
18:a1:ca:be:20:c1:8b:f3:80:28:a3:42:eb:1e:e7:16:e6:bd:
23:2e:32:90:9b:c3:bd:d6:de:08:2d:e2:4d:74:db:96:d0:26:
35:77:00:16:e7:6b:86:72:d0:ff:96:7a:dc:89:b6:f9:ab:c2:
ed:c4:7d:c3
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgICGqwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDZBRDcxMTAvBgNVBAUTKEJBRjVBREEzMkNBMEQzNENGM0NDRjUzQUJERjg2REU2
RjhFRDkwMDUwHhcNMjUxMDI4MDIxNzAxWhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0ODQ0Yy1iODUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAv0Mdm4l3VOn6sldasrCalzO9TXxDCBd8/7INKCHZkAiM4i0GTHWlChyLPrkY
8sBz4oTqpK+Xe7KlFMU/L4WNIzLHDD7KQGKTK2A+WDx3PN+vUpU4bW+/EqGlrsQr
pUM1k1SvzjmbWbYhk0dl64NQcahP+M3Io51kw3J5Iyoy6mcpMY9q/TMPN7dnDq0J
GWSqF+pGsayUucQlxVKde5InnI2t1RsqivKhuDLphE834DR/CV8qjXOgmCv+Jsob
0zm3/mWCedh7iHkxb+1I7dRlrE7R6h83q6StUFFOhOdwQcUb90yPUgi2ELvmG3Gb
kxkBBT7L208/7fbsTXjScqfd1QIDAQABo4ICwzCCAr8wHQYDVR0OBBYEFOnE7Es7
UNtMxCJOgv+crrXmz7aVMB8GA1UdIwQYMBaAFLr1raMsoNNM88z1Or34beb47ZAF
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NkFENy9GOEJBQkFDQThC
ODkxMUU3OTAxMTVDM0ZDNEY5QUUwMi91dld0b3l5ZzAwenp6UFU2dmZodDV2anRr
QVUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3V2V3RveXlnMDB6enpQVTZ2Zmh0NXZqdGtBVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDZBRDcvRjhCQUJBQ0E4Qjg5MTFFNzkwMTE1QzNGQzRGOUFFMDIvMzAwM0JCNEVC
M0E0MTFGMEI4ODQ1NzM5QzRGOUFFMDIucm9hMIGBBggrBgEFBQcBBwEB/wRyMHAw
WAQCAAEwUgMEBHRZ4AMDAXlKAwMAeVoDBAV8BsADBAXKACADBADKFF0DBADKJEgD
BATLYJADBAXLYMADBAfLYYADBAfLbYADBATLkCADBAbS9gADBAfaZQAwFAQCAAIw
DgMFAiABRAADBQAkB3AAMA0GCSqGSIb3DQEBCwUAA4IBAQCUoNXWCZa02y5/feMP
0IDF2G6Q6c+kH6Ma0qfyBT29kHMQ84Jw/eg1kNCbzULT81iUOtJLpb1w1+DEI9dW
pJWYOXABJ5nUjfew0izLlNTj6yn+BuTZnokHBjdO7UCB0Fuf0XWiYxnSWocz7TPK
WqgNiqe2rnjhdRRQL1ZRRI5/YfmgCs4P9IYd4hSII37FEJ39zIIEj6lYUnVuArzR
v4i/vwY/9M06E3YOsP7HssKStZKXawrCrjWAktPgSCcA10N7xWQ4+0gYocq+IMGL
84Aoo0LrHucW5r0jLjKQm8O91t4ILeJNdNuW0CY1dwAW52uGctD/lnrcibb5q8Lt
xH3D
-----END CERTIFICATE-----
Generated at Mon Mar 2 09:41:12 2026 by rpki-client