Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/002DDDC22B9D11EA92F3094CC4F9AE02.roa
File: 002DDDC22B9D11EA92F3094CC4F9AE02.roa (raw, json)
Hash identifier: 4BKljBwTJ54sgoUO+GlHrdqF9//rEaG2GoS412dY6XI=
Subject key identifier: F2:2A:31:27:D9:5B:F9:61:B9:84:68:B6:11:2E:B6:64:95:DB:18:37
Certificate issuer: /CN=A91722A3/serialNumber=7085B5B4549ACDB5B6C2704C85BA788760F88A27
Certificate serial: 0C14
Authority key identifier: 70:85:B5:B4:54:9A:CD:B5:B6:C2:70:4C:85:BA:78:87:60:F8:8A:27
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cIW1tFSazbW2wnBMhbp4h2D4iic.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/002DDDC22B9D11EA92F3094CC4F9AE02.roa
Signing time: Sun 01 Mar 2026 09:25:21 +0000
ROA not before: Wed 02 Apr 2025 19:18:48 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 133421
IP address blocks: 45.117.236.0/22 maxlen: 22
45.117.236.0/24 maxlen: 24
45.117.237.0/24 maxlen: 24
45.117.238.0/24 maxlen: 24
45.117.239.0/24 maxlen: 24
101.78.16.0/20 maxlen: 20
101.78.16.0/24 maxlen: 24
101.78.17.0/24 maxlen: 24
101.78.18.0/24 maxlen: 24
101.78.19.0/24 maxlen: 24
101.78.20.0/24 maxlen: 24
101.78.21.0/24 maxlen: 24
101.78.22.0/24 maxlen: 24
101.78.23.0/24 maxlen: 24
101.78.24.0/24 maxlen: 24
101.78.25.0/24 maxlen: 24
101.78.26.0/24 maxlen: 24
101.78.27.0/24 maxlen: 24
101.78.28.0/24 maxlen: 24
101.78.29.0/24 maxlen: 24
101.78.30.0/24 maxlen: 24
101.78.31.0/24 maxlen: 24
103.228.56.0/22 maxlen: 22
103.228.56.0/24 maxlen: 24
103.228.57.0/24 maxlen: 24
103.228.58.0/24 maxlen: 24
103.228.59.0/24 maxlen: 24
2403:1380::/32 maxlen: 32
2403:1380:1::/48 maxlen: 48
2403:1380:2::/48 maxlen: 48
2403:1380:3::/48 maxlen: 48
2403:1380:11::/48 maxlen: 48
2403:1380:12::/48 maxlen: 48
2403:1380:1380::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/cIW1tFSazbW2wnBMhbp4h2D4iic.crl
rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/cIW1tFSazbW2wnBMhbp4h2D4iic.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cIW1tFSazbW2wnBMhbp4h2D4iic.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 08 Mar 2026 18:27:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3092 (0xc14)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91722A3, serialNumber=7085B5B4549ACDB5B6C2704C85BA788760F88A27
Validity
Not Before: Apr 2 19:18:48 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=69a40601-aa7d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:4c:b8:ab:91:79:57:3d:0d:29:c5:90:69:17:
05:58:1e:af:25:e2:37:76:f7:c8:a3:b1:1a:f6:94:
d1:74:fc:c9:a9:91:63:fc:11:1b:85:0f:e6:1c:6a:
2d:82:a1:a3:b1:43:a0:5f:4a:00:b0:05:5f:97:fd:
6c:cf:49:8d:2a:b0:c1:32:f3:20:9d:d8:ce:e6:75:
bb:3e:cf:39:4b:d1:3c:c4:1d:75:97:35:95:a6:5a:
ae:b0:cb:95:12:33:8b:91:78:4f:a0:bc:33:f8:2d:
ba:09:1b:2d:d6:b6:95:11:ad:78:4d:87:fa:02:cb:
5a:5f:a4:a4:a2:00:28:19:e7:a0:11:cc:e0:29:24:
a2:cf:25:e3:f5:73:29:57:98:64:53:36:4f:0b:fe:
59:66:98:0f:82:e3:ee:7a:e3:41:91:59:ec:16:fe:
0e:57:8e:b5:1e:08:e1:62:7a:71:8f:b4:ef:ae:b2:
bb:de:71:69:9a:60:1a:65:8a:d7:9c:27:50:ad:2e:
40:5e:ee:70:73:d2:c0:39:6e:7b:d3:2c:eb:23:31:
28:26:d8:f5:98:47:b6:90:e6:7d:f7:5f:01:94:69:
cd:18:b2:a6:0e:a7:86:7d:e2:da:44:56:a3:7c:f0:
e0:bc:c4:94:cd:82:b0:41:7a:4a:44:3d:3e:13:86:
d1:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:2A:31:27:D9:5B:F9:61:B9:84:68:B6:11:2E:B6:64:95:DB:18:37
X509v3 Authority Key Identifier:
keyid:70:85:B5:B4:54:9A:CD:B5:B6:C2:70:4C:85:BA:78:87:60:F8:8A:27
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/cIW1tFSazbW2wnBMhbp4h2D4iic.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cIW1tFSazbW2wnBMhbp4h2D4iic.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/002DDDC22B9D11EA92F3094CC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
45.117.236.0/22
101.78.16.0/20
103.228.56.0/22
IPv6:
2403:1380::/32
Signature Algorithm: sha256WithRSAEncryption
25:d5:de:ff:26:54:43:ad:1b:1b:bb:de:1c:59:41:fb:c8:c0:
fe:f0:7c:52:96:02:15:d5:fc:05:88:a7:24:f7:95:af:97:69:
94:5d:b1:32:8a:d3:f4:fc:8e:df:c5:ac:d3:cd:db:20:47:e8:
d7:4d:14:54:c7:8e:51:d9:29:f8:71:7a:6e:84:d5:0a:b3:14:
bb:1e:93:a4:83:01:70:0f:8b:4b:3a:d2:16:a7:e8:af:ea:fd:
e7:7d:15:d0:d9:40:f7:c9:a9:fd:b0:0c:b4:e3:8a:6f:27:7a:
00:71:bc:13:5a:a8:b1:ad:29:12:b1:26:14:35:0a:c1:2d:47:
56:86:cd:51:7d:2a:d7:a7:6d:82:af:a3:45:b3:fd:df:e4:d6:
33:85:cf:38:81:f4:4a:d5:dd:f0:c5:50:6f:9f:41:2e:5d:c0:
ce:92:4e:cb:88:e9:77:cf:9c:0e:58:24:02:08:a9:91:34:e3:
d4:a9:ec:1a:aa:77:ae:e9:0c:1c:89:77:42:51:e6:0a:83:53:
d7:69:30:1e:f0:1f:85:ed:37:76:99:44:a4:6a:aa:96:f6:8e:
aa:fb:4d:f5:74:29:5a:30:36:2f:73:c6:59:92:6f:85:7d:7b:
78:b4:5b:f7:aa:40:31:bb:db:75:c0:f8:64:f4:2b:16:44:8f:
61:b2:db:ea
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgICDBQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzIyQTMxMTAvBgNVBAUTKDcwODVCNUI0NTQ5QUNEQjVCNkMyNzA0Qzg1QkE3ODg3
NjBGODhBMjcwHhcNMjUwNDAyMTkxODQ4WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0MDYwMS1hYTdkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAkUy4q5F5Vz0NKcWQaRcFWB6vJeI3dvfIo7Ea9pTRdPzJqZFj/BEbhQ/mHGot
gqGjsUOgX0oAsAVfl/1sz0mNKrDBMvMgndjO5nW7Ps85S9E8xB11lzWVplqusMuV
EjOLkXhPoLwz+C26CRst1raVEa14TYf6AstaX6SkogAoGeegEczgKSSizyXj9XMp
V5hkUzZPC/5ZZpgPguPueuNBkVnsFv4OV461HgjhYnpxj7TvrrK73nFpmmAaZYrX
nCdQrS5AXu5wc9LAOW570yzrIzEoJtj1mEe2kOZ9918BlGnNGLKmDqeGfeLaRFaj
fPDgvMSUzYKwQXpKRD0+E4bRuwIDAQABo4ICezCCAncwHQYDVR0OBBYEFPIqMSfZ
W/lhuYRothEutmSV2xg3MB8GA1UdIwQYMBaAFHCFtbRUms21tsJwTIW6eIdg+Ion
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MjJBMy9DMDJEODVERTJC
OUIxMUVBOTcyQ0RGNDZDNEY5QUUwMi9jSVcxdEZTYXpiVzJ3bkJNaGJwNGgyRDRp
aWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NJVzF0RlNhemJXMnduQk1oYnA0aDJENGlpYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzIyQTMvQzAyRDg1REUyQjlCMTFFQTk3MkNERjQ2QzRGOUFFMDIvMDAyREREQzIy
QjlEMTFFQTkyRjMwOTRDQzRGOUFFMDIucm9hMDoGCCsGAQUFBwEHAQH/BCswKTAY
BAIAATASAwQCLXXsAwQEZU4QAwQCZ+Q4MA0EAgACMAcDBQAkAxOAMA0GCSqGSIb3
DQEBCwUAA4IBAQAl1d7/JlRDrRsbu94cWUH7yMD+8HxSlgIV1fwFiKck95Wvl2mU
XbEyitP0/I7fxazTzdsgR+jXTRRUx45R2Sn4cXpuhNUKsxS7HpOkgwFwD4tLOtIW
p+iv6v3nfRXQ2UD3yan9sAy044pvJ3oAcbwTWqixrSkSsSYUNQrBLUdWhs1RfSrX
p22Cr6NFs/3f5NYzhc84gfRK1d3wxVBvn0EuXcDOkk7LiOl3z5wOWCQCCKmRNOPU
qewaqneu6QwciXdCUeYKg1PXaTAe8B+F7Td2mUSkaqqW9o6q+031dClaMDYvc8ZZ
km+FfXt4tFv3qkAxu9t1wPhk9CsWRI9hstvq
-----END CERTIFICATE-----
Generated at Mon Mar 2 02:30:59 2026 by rpki-client