Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A916A3BE/89B4F678841911EA98FF0637C4F9AE02/9FC3DC92883311EDB7271C62C4F9AE02.roa
File: 9FC3DC92883311EDB7271C62C4F9AE02.roa (raw, json)
Hash identifier: +xcD+XJAzMs34Apsat7Enhn+9h/kEqw5O2ozBTodW3U=
Subject key identifier: 58:DC:0F:8D:81:F1:5C:D2:B6:2E:C6:CF:A1:B6:3D:4C:0A:E6:00:FB
Certificate issuer: /CN=A916A3BE/serialNumber=A10603302BFEC82A07F8C5D42E458B76C5FF91A4
Certificate serial: 0A67
Authority key identifier: A1:06:03:30:2B:FE:C8:2A:07:F8:C5:D4:2E:45:8B:76:C5:FF:91:A4
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oQYDMCv-yCoH-MXULkWLdsX_kaQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A916A3BE/89B4F678841911EA98FF0637C4F9AE02/9FC3DC92883311EDB7271C62C4F9AE02.roa
Signing time: Sun 01 Mar 2026 14:01:48 +0000
ROA not before: Sat 28 Feb 2026 20:16:58 +0000
ROA not after: Sat 01 May 2027 00:00:00 +0000
asID: 45280
IP address blocks: 114.134.160.0/20 maxlen: 20
114.134.160.0/24 maxlen: 24
114.134.161.0/24 maxlen: 24
114.134.162.0/24 maxlen: 24
114.134.163.0/24 maxlen: 24
114.134.164.0/24 maxlen: 24
114.134.165.0/24 maxlen: 24
114.134.166.0/24 maxlen: 24
114.134.167.0/24 maxlen: 24
114.134.168.0/24 maxlen: 24
114.134.169.0/24 maxlen: 24
114.134.170.0/24 maxlen: 24
114.134.171.0/24 maxlen: 24
114.134.172.0/24 maxlen: 24
114.134.173.0/24 maxlen: 24
114.134.174.0/24 maxlen: 24
114.134.175.0/24 maxlen: 24
114.134.176.0/21 maxlen: 21
114.134.176.0/24 maxlen: 24
114.134.177.0/24 maxlen: 24
114.134.178.0/24 maxlen: 24
114.134.179.0/24 maxlen: 24
114.134.180.0/24 maxlen: 24
114.134.181.0/24 maxlen: 24
114.134.182.0/24 maxlen: 24
114.134.183.0/24 maxlen: 24
203.80.60.0/22 maxlen: 22
203.80.60.0/23 maxlen: 24
203.80.62.0/24 maxlen: 24
203.80.63.0/24 maxlen: 24
2402:7e00::/32 maxlen: 32
2407:ca00::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A916A3BE/89B4F678841911EA98FF0637C4F9AE02/oQYDMCv-yCoH-MXULkWLdsX_kaQ.crl
rsync://rpki.apnic.net/member_repository/A916A3BE/89B4F678841911EA98FF0637C4F9AE02/oQYDMCv-yCoH-MXULkWLdsX_kaQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oQYDMCv-yCoH-MXULkWLdsX_kaQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 01:12:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2663 (0xa67)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A916A3BE, serialNumber=A10603302BFEC82A07F8C5D42E458B76C5FF91A4
Validity
Not Before: Feb 28 20:16:58 2026 GMT
Not After : May 1 00:00:00 2027 GMT
Subject: CN=69a446cc-3806
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:fa:ef:8d:b0:cb:47:30:98:e9:25:1e:9f:a2:
fe:11:be:5e:b4:52:55:11:62:3d:e1:f1:3c:56:61:
f6:95:8c:b0:06:c7:9b:bf:fc:30:5e:2b:41:f0:e6:
1e:d8:65:0b:6f:bd:ff:3b:e1:da:f5:43:18:79:1e:
74:9c:09:b7:0f:16:15:a8:5b:8f:e4:8b:0c:94:c3:
e5:2c:c0:13:cd:05:7a:86:d7:1f:db:c3:b1:7f:a1:
a0:17:a4:6c:28:26:f5:b9:f6:34:6f:50:c8:84:03:
26:dc:c6:41:06:21:9c:23:ac:1d:89:c3:0e:49:1f:
3e:b7:ef:9c:db:75:9a:95:9f:7e:91:22:b8:af:1d:
74:ac:15:c7:cd:ce:e1:6f:8d:df:a0:2d:db:69:25:
8e:ae:fb:64:2f:31:91:a6:93:74:15:28:8d:d9:87:
65:31:f4:bf:71:72:a0:a6:c3:be:d8:29:34:ff:03:
2a:ad:91:fa:69:db:c1:4a:9c:9f:63:12:59:76:41:
84:d7:26:84:2f:d8:a7:b9:a3:0a:01:7f:6d:9e:8d:
28:01:23:70:5c:03:d4:3e:8c:45:c8:5a:75:4b:8d:
97:cb:7c:ae:6c:f9:93:51:ee:d4:93:a3:a1:82:78:
dc:d0:9a:e7:a1:23:e2:d6:0e:c7:72:ca:e1:19:c9:
a1:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:DC:0F:8D:81:F1:5C:D2:B6:2E:C6:CF:A1:B6:3D:4C:0A:E6:00:FB
X509v3 Authority Key Identifier:
keyid:A1:06:03:30:2B:FE:C8:2A:07:F8:C5:D4:2E:45:8B:76:C5:FF:91:A4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A916A3BE/89B4F678841911EA98FF0637C4F9AE02/oQYDMCv-yCoH-MXULkWLdsX_kaQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oQYDMCv-yCoH-MXULkWLdsX_kaQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916A3BE/89B4F678841911EA98FF0637C4F9AE02/9FC3DC92883311EDB7271C62C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
114.134.160.0-114.134.183.255
203.80.60.0/22
IPv6:
2402:7e00::/32
2407:ca00::/32
Signature Algorithm: sha256WithRSAEncryption
8b:2b:44:26:84:bf:5c:b2:23:ab:ad:f7:fb:47:cf:2c:7c:d1:
ed:bf:de:cd:6a:38:5d:80:d0:90:ee:93:eb:fe:18:99:9c:3d:
8c:77:08:ad:a9:ed:4f:22:9e:df:f5:40:19:00:cf:68:0c:d2:
c7:52:65:c8:a1:cb:2b:3f:28:d5:f8:05:c8:6d:34:5c:5c:5e:
49:10:0c:ca:99:c8:b0:4f:27:10:44:34:ac:d1:d3:be:ff:ff:
e6:81:b2:db:8c:2c:cc:a8:68:82:1d:42:4b:3d:a4:27:cd:97:
aa:f6:2c:c9:6c:d7:04:0e:60:80:ea:cb:fd:d6:07:03:db:cf:
74:aa:53:41:6d:14:68:82:9f:eb:06:ed:bb:21:ae:9f:5c:57:
3b:07:a6:2e:64:07:33:a3:6b:5f:cd:47:b6:3e:54:ce:75:83:
49:5f:ac:0e:69:69:61:69:9a:c3:1a:10:98:58:bc:22:ca:3c:
fd:09:8d:46:5b:85:39:f6:60:80:77:6b:d8:36:e6:a7:bc:61:
f8:77:be:9e:d5:9c:9a:2f:4b:f8:e1:1d:dd:02:02:74:0e:09:
d1:21:1e:84:a2:2b:50:5a:4f:7f:aa:1c:c2:03:e3:5d:3c:59:
a8:6f:6b:0c:99:51:0c:6a:98:16:0c:25:9c:42:1e:b5:9e:c3:
6e:7b:bd:1d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgICCmcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkEzQkUxMTAvBgNVBAUTKEExMDYwMzMwMkJGRUM4MkEwN0Y4QzVENDJFNDU4Qjc2
QzVGRjkxQTQwHhcNMjYwMjI4MjAxNjU4WhcNMjcwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NDZjYy0zODA2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6PrvjbDLRzCY6SUen6L+Eb5etFJVEWI94fE8VmH2lYywBsebv/wwXitB8OYe
2GULb73/O+Ha9UMYeR50nAm3DxYVqFuP5IsMlMPlLMATzQV6htcf28Oxf6GgF6Rs
KCb1ufY0b1DIhAMm3MZBBiGcI6wdicMOSR8+t++c23WalZ9+kSK4rx10rBXHzc7h
b43foC3baSWOrvtkLzGRppN0FSiN2YdlMfS/cXKgpsO+2Ck0/wMqrZH6advBSpyf
YxJZdkGE1yaEL9inuaMKAX9tno0oASNwXAPUPoxFyFp1S42Xy3yubPmTUe7Uk6Oh
gnjc0JrnoSPi1g7HcsrhGcmhawIDAQABo4IChDCCAoAwHQYDVR0OBBYEFFjcD42B
8VzSti7Gz6G2PUwK5gD7MB8GA1UdIwQYMBaAFKEGAzAr/sgqB/jF1C5Fi3bF/5Gk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QTNCRS84OUI0RjY3ODg0
MTkxMUVBOThGRjA2MzdDNEY5QUUwMi9vUVlETUN2LXlDb0gtTVhVTGtXTGRzWF9r
YVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29RWURNQ3YteUNvSC1NWFVMa1dMZHNYX2thUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkEzQkUvODlCNEY2Nzg4NDE5MTFFQTk4RkYwNjM3QzRGOUFFMDIvOUZDM0RDOTI4
ODMzMTFFREI3MjcxQzYyQzRGOUFFMDIucm9hMEMGCCsGAQUFBwEHAQH/BDQwMjAa
BAIAATAUMAwDBAVyhqADBANyhrADBALLUDwwFAQCAAIwDgMFACQCfgADBQAkB8oA
MA0GCSqGSIb3DQEBCwUAA4IBAQCLK0QmhL9csiOrrff7R88sfNHtv97NajhdgNCQ
7pPr/hiZnD2Mdwitqe1PIp7f9UAZAM9oDNLHUmXIocsrPyjV+AXIbTRcXF5JEAzK
mciwTycQRDSs0dO+///mgbLbjCzMqGiCHUJLPaQnzZeq9izJbNcEDmCA6sv91gcD
2890qlNBbRRogp/rBu27Ia6fXFc7B6YuZAczo2tfzUe2PlTOdYNJX6wOaWlhaZrD
GhCYWLwiyjz9CY1GW4U59mCAd2vYNuanvGH4d76e1ZyaL0v44R3dAgJ0DgnRIR6E
oitQWk9/qhzCA+NdPFmob2sMmVEMapgWDCWcQh61nsNue70d
-----END CERTIFICATE-----
Generated at Mon Mar 2 20:36:20 2026 by rpki-client