Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A914A140/CC1DCCE8C77411E69816B068C4F9AE02/8E652A7AC77611E68B1CDE6AC4F9AE02.roa
File: 8E652A7AC77611E68B1CDE6AC4F9AE02.roa (raw, json)
Hash identifier: HRZCFiI8waPHBtIDiuVXCKRbNp4ZHUWwRgIvIZoEOO4=
Subject key identifier: 01:22:19:32:AE:E9:F8:DD:F3:2E:03:0E:E3:A9:78:9B:64:5F:5B:3A
Certificate issuer: /CN=A914A140/serialNumber=05020FBF1020FD63BE57DA1B9704B0AA8103444A
Certificate serial: 1D79
Authority key identifier: 05:02:0F:BF:10:20:FD:63:BE:57:DA:1B:97:04:B0:AA:81:03:44:4A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BQIPvxAg_WO-V9oblwSwqoEDREo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A914A140/CC1DCCE8C77411E69816B068C4F9AE02/8E652A7AC77611E68B1CDE6AC4F9AE02.roa
Signing time: Sun 01 Mar 2026 16:24:19 +0000
ROA not before: Sun 01 Feb 2026 06:49:20 +0000
ROA not after: Sat 31 Oct 2026 00:00:00 +0000
asID: 63526
IP address blocks: 45.125.220.0/22 maxlen: 22
45.125.220.0/22 maxlen: 24
45.125.220.0/23 maxlen: 23
45.125.220.0/24 maxlen: 24
45.125.221.0/24 maxlen: 24
45.125.222.0/23 maxlen: 23
45.125.222.0/24 maxlen: 24
45.125.223.0/24 maxlen: 24
103.239.252.0/22 maxlen: 22
103.239.252.0/22 maxlen: 24
103.239.252.0/24 maxlen: 24
103.239.252.0/25 maxlen: 25
103.239.252.128/25 maxlen: 25
103.239.253.0/24 maxlen: 24
103.239.253.0/25 maxlen: 25
103.239.253.128/25 maxlen: 25
103.239.254.0/24 maxlen: 24
103.239.254.0/25 maxlen: 25
103.239.254.128/25 maxlen: 25
103.239.255.0/24 maxlen: 24
103.239.255.0/25 maxlen: 25
103.239.255.128/25 maxlen: 25
2404:4580::/32 maxlen: 32
2404:4580::/48 maxlen: 48
2404:4580:1::/48 maxlen: 48
2404:4580:2::/48 maxlen: 48
2404:4580:3::/48 maxlen: 48
2404:4580:4::/48 maxlen: 48
2404:4580:5::/48 maxlen: 48
2404:4580:6::/48 maxlen: 48
2404:4580:7::/48 maxlen: 48
2404:4580:ca::/48 maxlen: 48
2404:4580:cd10::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A914A140/CC1DCCE8C77411E69816B068C4F9AE02/BQIPvxAg_WO-V9oblwSwqoEDREo.crl
rsync://rpki.apnic.net/member_repository/A914A140/CC1DCCE8C77411E69816B068C4F9AE02/BQIPvxAg_WO-V9oblwSwqoEDREo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BQIPvxAg_WO-V9oblwSwqoEDREo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 00:42:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7545 (0x1d79)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914A140, serialNumber=05020FBF1020FD63BE57DA1B9704B0AA8103444A
Validity
Not Before: Feb 1 06:49:20 2026 GMT
Not After : Oct 31 00:00:00 2026 GMT
Subject: CN=69a46832-4253
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:88:08:cb:bf:cc:0b:1a:16:72:14:38:33:81:
d0:62:ad:a9:63:96:0e:bc:e0:e1:8b:1a:a3:1e:5a:
cd:79:98:0f:a5:40:43:1e:5e:51:f6:0f:44:fc:0b:
9f:27:c5:17:d4:13:43:6a:1d:cd:b0:01:a8:92:39:
af:34:ef:86:3c:02:bd:27:3e:5a:49:cb:30:9d:12:
2f:6c:fa:f9:c9:7c:ba:7a:22:34:5a:6d:bb:3f:48:
4d:ca:26:c5:9d:d2:3f:86:e0:fa:7c:45:b8:3a:71:
5a:f0:40:b0:75:db:04:7d:cd:af:78:ed:f5:01:83:
73:2a:8f:ea:1c:36:b3:a0:de:4a:12:1f:3a:40:15:
74:71:6c:59:7c:98:ad:b3:4d:aa:8d:ea:fe:10:70:
82:98:a5:8a:61:ba:37:53:11:b6:5e:35:66:7f:22:
3f:7f:d5:17:b6:5d:b9:ba:35:76:5b:4d:00:be:6e:
a7:26:b3:a0:15:00:c0:76:a4:57:92:fa:81:57:6c:
be:0c:bd:2a:11:f4:7d:0f:b2:62:c9:8c:a9:43:9d:
20:38:18:65:8d:85:3b:b8:bd:99:ec:ba:8f:cc:83:
d4:69:ba:85:48:88:34:a3:3a:45:e3:3e:30:07:80:
50:97:58:0f:e1:3b:b8:6f:38:17:7f:f1:ef:20:20:
49:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:22:19:32:AE:E9:F8:DD:F3:2E:03:0E:E3:A9:78:9B:64:5F:5B:3A
X509v3 Authority Key Identifier:
keyid:05:02:0F:BF:10:20:FD:63:BE:57:DA:1B:97:04:B0:AA:81:03:44:4A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A914A140/CC1DCCE8C77411E69816B068C4F9AE02/BQIPvxAg_WO-V9oblwSwqoEDREo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BQIPvxAg_WO-V9oblwSwqoEDREo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914A140/CC1DCCE8C77411E69816B068C4F9AE02/8E652A7AC77611E68B1CDE6AC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
45.125.220.0/22
103.239.252.0/22
IPv6:
2404:4580::/32
Signature Algorithm: sha256WithRSAEncryption
32:f3:1a:01:42:6f:28:7e:45:03:03:5d:b9:54:29:ff:9f:12:
c3:21:36:ad:01:f6:7b:88:3d:83:0c:57:78:9b:a3:cf:33:27:
f6:19:86:0e:55:eb:35:67:65:97:c9:48:3d:f9:22:7e:41:ee:
46:3c:bf:6f:65:85:65:c5:0c:e9:d2:29:d8:c6:c3:ad:e4:0d:
f7:89:8b:3f:fe:d0:1c:9e:9f:de:b7:dd:d8:50:94:0f:c3:04:
97:b0:8a:25:80:5a:b5:1d:4b:87:00:71:62:19:8a:15:a0:e4:
4d:e5:c4:ff:8e:49:53:56:82:fe:5a:27:be:40:3a:9f:34:3e:
40:2c:25:6f:86:66:6a:be:09:0a:15:7a:8e:82:31:d1:62:1a:
64:b3:1d:20:77:04:e4:24:ae:b2:7d:98:28:67:49:38:b0:a6:
85:25:27:e7:db:e6:3a:74:75:dc:48:df:98:8d:09:09:0f:c3:
c7:b0:4b:44:47:52:d4:a4:12:8d:89:ff:24:aa:93:e5:42:12:
31:db:54:cd:7b:69:cc:08:76:10:bc:cf:93:2f:12:12:b9:97:
3f:43:f9:01:bb:66:3a:7e:bb:cf:64:f1:68:22:52:24:5b:71:
7e:ab:8b:41:5c:e0:77:6e:c9:91:1e:61:e6:e8:cc:2c:7b:6f:
5f:54:00:42
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgICHXkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEExNDAxMTAvBgNVBAUTKDA1MDIwRkJGMTAyMEZENjNCRTU3REExQjk3MDRCMEFB
ODEwMzQ0NEEwHhcNMjYwMjAxMDY0OTIwWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NjgzMi00MjUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqogIy7/MCxoWchQ4M4HQYq2pY5YOvODhixqjHlrNeZgPpUBDHl5R9g9E/Auf
J8UX1BNDah3NsAGokjmvNO+GPAK9Jz5aScswnRIvbPr5yXy6eiI0Wm27P0hNyibF
ndI/huD6fEW4OnFa8ECwddsEfc2veO31AYNzKo/qHDazoN5KEh86QBV0cWxZfJit
s02qjer+EHCCmKWKYbo3UxG2XjVmfyI/f9UXtl25ujV2W00Avm6nJrOgFQDAdqRX
kvqBV2y+DL0qEfR9D7JiyYypQ50gOBhljYU7uL2Z7LqPzIPUabqFSIg0ozpF4z4w
B4BQl1gP4Tu4bzgXf/HvICBJGQIDAQABo4ICdTCCAnEwHQYDVR0OBBYEFAEiGTKu
6fjd8y4DDuOpeJtkX1s6MB8GA1UdIwQYMBaAFAUCD78QIP1jvlfaG5cEsKqBA0RK
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QTE0MC9DQzFEQ0NFOEM3
NzQxMUU2OTgxNkIwNjhDNEY5QUUwMi9CUUlQdnhBZ19XTy1WOW9ibHdTd3FvRURS
RW8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0JRSVB2eEFnX1dPLVY5b2Jsd1N3cW9FRFJFby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEExNDAvQ0MxRENDRThDNzc0MTFFNjk4MTZCMDY4QzRGOUFFMDIvOEU2NTJBN0FD
Nzc2MTFFNjhCMUNERTZBQzRGOUFFMDIucm9hMDQGCCsGAQUFBwEHAQH/BCUwIzAS
BAIAATAMAwQCLX3cAwQCZ+/8MA0EAgACMAcDBQAkBEWAMA0GCSqGSIb3DQEBCwUA
A4IBAQAy8xoBQm8ofkUDA125VCn/nxLDITatAfZ7iD2DDFd4m6PPMyf2GYYOVes1
Z2WXyUg9+SJ+Qe5GPL9vZYVlxQzp0inYxsOt5A33iYs//tAcnp/et93YUJQPwwSX
sIolgFq1HUuHAHFiGYoVoORN5cT/jklTVoL+Wie+QDqfND5ALCVvhmZqvgkKFXqO
gjHRYhpksx0gdwTkJK6yfZgoZ0k4sKaFJSfn2+Y6dHXcSN+YjQkJD8PHsEtER1LU
pBKNif8kqpPlQhIx21TNe2nMCHYQvM+TLxISuZc/Q/kBu2Y6frvPZPFoIlIkW3F+
q4tBXOB3bsmRHmHm6Mwse29fVABC
-----END CERTIFICATE-----
Generated at Mon Mar 2 06:32:05 2026 by rpki-client