Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/4C174808FEC411F0BC5B0AB76C6F56BC.roa
File: 4C174808FEC411F0BC5B0AB76C6F56BC.roa (raw, json)
Hash identifier: e5nhsFDUwUiXCSq5j62Pge8MwK7pSUy+zV2SNUj9tjo=
Subject key identifier: 98:FE:4E:49:98:CC:8D:57:98:D4:F3:A9:81:A8:4D:F9:10:0B:0E:EC
Certificate issuer: /CN=A915D03A/serialNumber=615ED84C44E657F7095E0212AFEA052C542A0D91
Certificate serial: 1A49
Authority key identifier: 61:5E:D8:4C:44:E6:57:F7:09:5E:02:12:AF:EA:05:2C:54:2A:0D:91
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YV7YTETmV_cJXgISr-oFLFQqDZE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/4C174808FEC411F0BC5B0AB76C6F56BC.roa
Signing time: Sat 31 Jan 2026 16:45:49 +0000
ROA not before: Sat 31 Jan 2026 16:45:49 +0000
ROA not after: Tue 02 Mar 2027 00:00:00 +0000
asID: 20940
IP address blocks: 43.254.120.0/22 maxlen: 22
59.151.128.0/18 maxlen: 18
60.254.128.0/18 maxlen: 18
60.254.143.0/24 maxlen: 24
60.254.148.0/24 maxlen: 24
60.254.173.0/24 maxlen: 24
103.238.148.0/22 maxlen: 22
118.214.0.0/16 maxlen: 16
118.214.1.0/24 maxlen: 24
118.214.167.0/24 maxlen: 24
118.214.171.0/24 maxlen: 24
118.214.178.0/24 maxlen: 24
118.214.181.0/24 maxlen: 24
118.214.185.0/24 maxlen: 24
118.214.186.0/24 maxlen: 24
118.214.187.0/24 maxlen: 24
118.214.188.0/23 maxlen: 23
118.214.190.0/24 maxlen: 24
118.215.0.0/17 maxlen: 17
118.215.128.0/18 maxlen: 18
122.252.32.0/19 maxlen: 19
122.252.128.0/20 maxlen: 20
125.56.128.0/17 maxlen: 17
125.56.184.0/24 maxlen: 24
125.56.185.0/24 maxlen: 24
125.56.186.0/24 maxlen: 24
125.56.205.0/24 maxlen: 24
125.56.219.0/24 maxlen: 24
125.56.222.0/24 maxlen: 24
125.252.192.0/18 maxlen: 18
125.252.224.0/24 maxlen: 24
2405:9600::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/YV7YTETmV_cJXgISr-oFLFQqDZE.crl
rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/YV7YTETmV_cJXgISr-oFLFQqDZE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YV7YTETmV_cJXgISr-oFLFQqDZE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 07 Mar 2026 16:28:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6729 (0x1a49)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915D03A, serialNumber=615ED84C44E657F7095E0212AFEA052C542A0D91
Validity
Not Before: Jan 31 16:45:49 2026 GMT
Not After : Mar 2 00:00:00 2027 GMT
Subject: CN=697e31bd-86a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:dc:60:08:22:a2:f0:05:35:63:0d:0d:76:13:
f8:2b:c3:b3:f8:6d:2d:79:52:41:6d:53:d5:01:f7:
d5:0d:b4:ac:d5:a3:79:94:cf:d9:c0:78:1d:94:96:
9b:45:e6:57:f2:d1:d5:05:a0:e4:61:c6:ae:58:ef:
2a:ea:16:ac:b9:69:0e:6a:ad:34:a6:5f:95:8d:9d:
53:6a:c2:ac:73:d9:ae:a7:82:53:04:5a:35:2f:61:
93:39:ab:67:33:cd:e2:2f:76:78:15:4c:10:c6:d5:
2b:21:6c:2b:a8:a1:b0:8f:59:33:3d:00:65:0d:b8:
76:1c:b5:89:48:31:03:9d:13:2a:b4:4c:84:8f:bf:
c4:97:e3:cc:1a:8e:3d:bf:77:25:a2:39:d0:a2:aa:
a6:da:3c:31:68:75:db:a3:1d:e0:68:6c:18:66:77:
ef:a7:a6:42:36:9c:50:57:e0:e8:22:10:63:40:91:
ec:29:9d:0b:a5:39:b3:b5:ab:26:19:49:6c:2d:f6:
3f:f1:0f:50:08:d8:35:fd:d6:74:7a:3e:1e:ed:90:
a1:e0:78:18:35:a1:00:1e:c6:72:bd:36:75:3a:8f:
df:24:ed:7c:a0:13:de:d6:8e:8a:4f:13:4d:5a:37:
d2:a8:a8:23:88:06:b4:fa:6f:cb:72:46:cd:f0:71:
de:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:FE:4E:49:98:CC:8D:57:98:D4:F3:A9:81:A8:4D:F9:10:0B:0E:EC
X509v3 Authority Key Identifier:
keyid:61:5E:D8:4C:44:E6:57:F7:09:5E:02:12:AF:EA:05:2C:54:2A:0D:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/YV7YTETmV_cJXgISr-oFLFQqDZE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YV7YTETmV_cJXgISr-oFLFQqDZE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/4C174808FEC411F0BC5B0AB76C6F56BC.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.254.120.0/22
59.151.128.0/18
60.254.128.0/18
103.238.148.0/22
118.214.0.0-118.215.191.255
122.252.32.0/19
122.252.128.0/20
125.56.128.0/17
125.252.192.0/18
IPv6:
2405:9600::/32
Signature Algorithm: sha256WithRSAEncryption
a1:28:60:90:7a:13:7a:3b:0e:5b:cf:e3:75:6b:c3:7d:99:6d:
d1:33:b2:f7:b6:35:8f:25:f5:c5:d9:e9:e6:5c:e7:59:8e:9d:
ff:85:28:43:ba:bb:17:19:94:42:bc:35:f5:ee:72:0d:a2:3c:
44:1e:36:53:f4:a4:38:19:22:31:31:ac:cd:f8:cb:a4:e7:46:
2f:bf:9a:6c:c5:34:53:86:ce:cf:50:4c:12:c8:f7:eb:9a:6a:
c3:e7:72:69:15:de:83:73:10:55:e8:0e:5b:75:2b:da:59:2e:
a0:1e:32:5f:53:04:c2:3d:34:2c:18:01:9d:89:b3:90:1a:1c:
19:82:cb:5b:6b:85:bd:32:d9:95:a0:db:f9:c8:b5:e3:d1:54:
c8:7a:a7:5f:a6:f0:c6:dd:40:97:d4:18:16:52:f5:1b:82:22:
7e:e4:6c:ad:67:8c:17:d9:7c:e6:97:b8:f9:7a:8a:ec:26:88:
94:46:ff:94:b9:1f:53:52:b0:cd:e1:95:48:a9:19:e7:5b:22:
13:02:85:e6:bd:58:67:88:91:6c:e9:fc:9f:50:96:da:d0:60:
31:db:ed:c6:ce:f7:36:0c:d2:2a:ee:6d:ef:6e:73:30:f8:3c:
1b:b8:37:7b:21:55:5c:93:4f:24:b3:29:3f:e6:5b:00:42:5b:
6c:d6:b7:1f
-----BEGIN CERTIFICATE-----
MIIFtzCCBJ+gAwIBAgICGkkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAwwIQTkx
NUQwM0ExMTAvBgNVBAUTKDYxNUVEODRDNDRFNjU3RjcwOTVFMDIxMkFGRUEwNTJD
NTQyQTBEOTEwHhcNMjYwMTMxMTY0NTQ5WhcNMjcwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDDA02OTdlMzFiZC04NmE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy9xgCCKi8AU1Yw0NdhP4K8Oz+G0teVJBbVPVAffVDbSs1aN5lM/ZwHgdlJab
ReZX8tHVBaDkYcauWO8q6hasuWkOaq00pl+VjZ1TasKsc9mup4JTBFo1L2GTOatn
M83iL3Z4FUwQxtUrIWwrqKGwj1kzPQBlDbh2HLWJSDEDnRMqtEyEj7/El+PMGo49
v3clojnQoqqm2jwxaHXbox3gaGwYZnfvp6ZCNpxQV+DoIhBjQJHsKZ0LpTmztasm
GUlsLfY/8Q9QCNg1/dZ0ej4e7ZCh4HgYNaEAHsZyvTZ1Oo/fJO18oBPe1o6KTxNN
WjfSqKgjiAa0+m/LckbN8HHeXQIDAQABo4IC2zCCAtcwHQYDVR0OBBYEFJj+TkmY
zI1XmNTzqYGoTfkQCw7sMB8GA1UdIwQYMBaAFGFe2ExE5lf3CV4CEq/qBSxUKg2R
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1RDAzQS8xQjY0NzcxMDky
NDYxMUU3OUFBRUJFMTBDNEY5QUUwMi9ZVjdZVEVUbVZfY0pYZ0lTci1vRkxGUXFE
WkUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1lWN1lURVRtVl9jSlhnSVNyLW9GTEZRcURaRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUQwM0EvMUI2NDc3MTA5MjQ2MTFFNzlBQUVCRTEwQzRGOUFFMDIvNEMxNzQ4MDhG
RUM0MTFGMEJDNUIwQUI3NkM2RjU2QkMucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwZQYIKwYBBQUHAQcBAf8E
VjBUMEMEAgABMD0DBAIr/ngDBAY7l4ADBAY8/oADBAJn7pQwCwMDAXbWAwQGdteA
AwQFevwgAwQEevyAAwQHfTiAAwQGffzAMA0EAgACMAcDBQAkBZYAMA0GCSqGSIb3
DQEBCwUAA4IBAQChKGCQehN6Ow5bz+N1a8N9mW3RM7L3tjWPJfXF2enmXOdZjp3/
hShDursXGZRCvDX17nINojxEHjZT9KQ4GSIxMazN+Muk50Yvv5psxTRThs7PUEwS
yPfrmmrD53JpFd6DcxBV6A5bdSvaWS6gHjJfUwTCPTQsGAGdibOQGhwZgstba4W9
MtmVoNv5yLXj0VTIeqdfpvDG3UCX1BgWUvUbgiJ+5GytZ4wX2Xzml7j5eorsJoiU
Rv+UuR9TUrDN4ZVIqRnnWyITAoXmvVhniJFs6fyfUJba0GAx2+3Gzvc2DNIq7m3v
bnMw+DwbuDd7IVVck08ksyk/5lsAQlts1rcf
-----END CERTIFICATE-----
Generated at Mon Mar 2 00:09:22 2026 by rpki-client