Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/8B2EE9667A0911EE934F1262C4F9AE02.roa
File: 8B2EE9667A0911EE934F1262C4F9AE02.roa (raw, json)
Hash identifier: MEzLdc1mcUKhmt3EB8Vtl6X+cdAGdTbXNb9giVL32ZM=
Subject key identifier: 3C:F9:91:A4:02:94:B8:FC:8F:BC:DE:28:45:12:AB:15:2A:49:68:29
Certificate issuer: /CN=A91743EF/serialNumber=D1D65C8A4324E287F6EA915B39F5D3602D1E37A6
Certificate serial: 18A1
Authority key identifier: D1:D6:5C:8A:43:24:E2:87:F6:EA:91:5B:39:F5:D3:60:2D:1E:37:A6
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0dZcikMk4of26pFbOfXTYC0eN6Y.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/8B2EE9667A0911EE934F1262C4F9AE02.roa
Signing time: Sun 01 Mar 2026 12:14:49 +0000
ROA not before: Fri 30 May 2025 16:47:57 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 17747
IP address blocks: 103.199.224.0/24 maxlen: 24
103.199.225.0/24 maxlen: 24
103.199.226.0/24 maxlen: 24
103.199.227.0/24 maxlen: 24
150.107.8.0/23 maxlen: 24
202.142.80.0/24 maxlen: 24
202.142.82.0/24 maxlen: 24
202.142.84.0/24 maxlen: 24
202.142.88.0/24 maxlen: 24
202.142.94.0/24 maxlen: 24
202.142.108.0/23 maxlen: 23
202.142.109.0/24 maxlen: 24
202.142.111.0/24 maxlen: 24
202.142.116.0/24 maxlen: 24
202.142.117.0/24 maxlen: 24
202.142.121.0/24 maxlen: 24
202.142.122.0/24 maxlen: 24
203.81.240.0/24 maxlen: 24
203.81.241.0/24 maxlen: 24
203.81.242.0/24 maxlen: 24
203.81.243.0/24 maxlen: 24
2402:ea80::/32 maxlen: 32
2402:ea80::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/0dZcikMk4of26pFbOfXTYC0eN6Y.crl
rsync://rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/0dZcikMk4of26pFbOfXTYC0eN6Y.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0dZcikMk4of26pFbOfXTYC0eN6Y.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 08 Mar 2026 23:44:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6305 (0x18a1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91743EF, serialNumber=D1D65C8A4324E287F6EA915B39F5D3602D1E37A6
Validity
Not Before: May 30 16:47:57 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=69a42db9-550e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:28:82:74:9c:dc:45:e1:e8:e3:20:c7:e8:76:
02:5a:c1:72:02:14:15:2a:69:b4:33:3a:e3:f6:db:
06:fc:ea:7a:2b:f4:fb:3b:26:4e:ad:3e:ac:57:2e:
49:a3:3b:e4:cc:35:f8:85:90:96:ee:7c:59:ac:d3:
01:38:10:ff:39:69:9b:31:c3:db:9a:f5:e0:f0:a9:
24:2e:3f:d2:4f:fd:3e:75:39:c0:92:6e:4f:03:b1:
61:a3:fe:80:6d:29:f0:e7:59:60:03:56:73:f7:71:
9b:f6:7e:e7:2e:7e:70:2f:fc:55:35:ba:49:e0:9a:
1b:4e:14:54:f9:9e:7e:dc:e9:d4:b9:3d:e7:73:3a:
5a:77:6f:ea:b4:30:87:dc:5d:64:f8:fc:cb:b3:7f:
a0:74:33:27:aa:c0:ec:29:f3:11:58:59:27:8c:14:
35:de:fd:7c:27:d6:86:86:d9:5d:29:29:19:ed:d7:
0d:ef:1a:2d:ce:3a:19:ad:8f:3e:1e:ca:b2:b3:15:
be:23:15:03:d4:8a:1c:9b:85:05:6b:96:88:e8:62:
9e:f8:2a:b6:50:fd:59:86:40:ba:7c:9c:73:c1:37:
12:58:e7:71:15:19:31:0e:ef:c6:f3:7a:a3:36:04:
8b:7c:a9:9b:cd:d3:55:a3:08:72:ac:db:ba:95:74:
21:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:F9:91:A4:02:94:B8:FC:8F:BC:DE:28:45:12:AB:15:2A:49:68:29
X509v3 Authority Key Identifier:
keyid:D1:D6:5C:8A:43:24:E2:87:F6:EA:91:5B:39:F5:D3:60:2D:1E:37:A6
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/0dZcikMk4of26pFbOfXTYC0eN6Y.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0dZcikMk4of26pFbOfXTYC0eN6Y.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91743EF/E6ABB010BA4011E7A08D266FC4F9AE02/8B2EE9667A0911EE934F1262C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
103.199.224.0/22
150.107.8.0/23
202.142.80.0/24
202.142.82.0/24
202.142.84.0/24
202.142.88.0/24
202.142.94.0/24
202.142.108.0/23
202.142.111.0/24
202.142.116.0/23
202.142.121.0-202.142.122.255
203.81.240.0/22
IPv6:
2402:ea80::/32
Signature Algorithm: sha256WithRSAEncryption
48:34:dd:8e:92:60:5d:96:a5:40:75:4b:87:0b:9e:2b:cd:4b:
d1:85:03:bd:14:b5:6d:a0:3b:f3:b9:8d:42:e7:58:a5:2b:9f:
5f:1e:9b:32:25:4d:8f:d3:00:be:80:c7:bc:68:b7:fa:c9:3f:
0e:f4:3a:c3:1f:8a:e6:af:07:e1:76:f4:b5:64:b6:80:0c:d9:
19:66:cb:2d:c5:51:97:80:a6:4a:1b:d0:d4:b1:12:c7:9b:bd:
bf:f1:4f:9c:ba:30:21:75:fe:da:2b:32:c6:5e:ac:e7:32:d0:
b1:d2:a3:50:8b:40:05:71:da:70:6b:94:6d:ec:39:bd:8a:ca:
9b:49:19:8c:98:4e:5a:54:24:88:02:ee:bc:c8:c8:00:5e:13:
f2:3e:07:37:e8:57:f0:83:94:86:7f:7c:b0:80:eb:04:59:05:
e4:84:87:b9:62:c4:d4:85:20:06:6f:15:e0:a2:b2:63:1c:6a:
00:fc:70:6d:8e:10:ac:e1:c8:76:5d:72:e5:25:d1:a7:98:59:
97:da:c0:9b:66:d8:c5:7f:fb:74:ae:f6:db:2e:a0:b1:af:a3:
4c:2d:cd:0b:36:57:9c:0f:0c:4b:39:8d:9b:94:95:49:21:1f:
dc:d7:b4:03:d8:0f:15:5c:16:76:b3:d4:ee:46:c4:d5:ca:ac:
20:1d:8b:fc
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgICGKEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzQzRUYxMTAvBgNVBAUTKEQxRDY1QzhBNDMyNEUyODdGNkVBOTE1QjM5RjVEMzYw
MkQxRTM3QTYwHhcNMjUwNTMwMTY0NzU3WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0MmRiOS01NTBlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0CiCdJzcReHo4yDH6HYCWsFyAhQVKmm0Mzrj9tsG/Op6K/T7OyZOrT6sVy5J
ozvkzDX4hZCW7nxZrNMBOBD/OWmbMcPbmvXg8KkkLj/ST/0+dTnAkm5PA7Fho/6A
bSnw51lgA1Zz93Gb9n7nLn5wL/xVNbpJ4JobThRU+Z5+3OnUuT3nczpad2/qtDCH
3F1k+PzLs3+gdDMnqsDsKfMRWFknjBQ13v18J9aGhtldKSkZ7dcN7xotzjoZrY8+
HsqysxW+IxUD1Iocm4UFa5aI6GKe+Cq2UP1ZhkC6fJxzwTcSWOdxFRkxDu/G83qj
NgSLfKmbzdNVowhyrNu6lXQhOwIDAQABo4ICuTCCArUwHQYDVR0OBBYEFDz5kaQC
lLj8j7zeKEUSqxUqSWgpMB8GA1UdIwQYMBaAFNHWXIpDJOKH9uqRWzn102AtHjem
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3NDNFRi9FNkFCQjAxMEJB
NDAxMUU3QTA4RDI2NkZDNEY5QUUwMi8wZFpjaWtNazRvZjI2cEZiT2ZYVFlDMGVO
NlkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzBkWmNpa01rNG9mMjZwRmJPZlhUWUMwZU42WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzQzRUYvRTZBQkIwMTBCQTQwMTFFN0EwOEQyNjZGQzRGOUFFMDIvOEIyRUU5NjY3
QTA5MTFFRTkzNEYxMjYyQzRGOUFFMDIucm9hMHgGCCsGAQUFBwEHAQH/BGkwZzBW
BAIAATBQAwQCZ8fgAwQBlmsIAwQAyo5QAwQAyo5SAwQAyo5UAwQAyo5YAwQAyo5e
AwQByo5sAwQAyo5vAwQByo50MAwDBADKjnkDBADKjnoDBALLUfAwDQQCAAIwBwMF
ACQC6oAwDQYJKoZIhvcNAQELBQADggEBAEg03Y6SYF2WpUB1S4cLnivNS9GFA70U
tW2gO/O5jULnWKUrn18emzIlTY/TAL6Ax7xot/rJPw70OsMfiuavB+F29LVktoAM
2Rlmyy3FUZeApkob0NSxEsebvb/xT5y6MCF1/torMsZerOcy0LHSo1CLQAVx2nBr
lG3sOb2KyptJGYyYTlpUJIgC7rzIyABeE/I+BzfoV/CDlIZ/fLCA6wRZBeSEh7li
xNSFIAZvFeCismMcagD8cG2OEKzhyHZdcuUl0aeYWZfawJtm2MV/+3Su9tsuoLGv
o0wtzQs2V5wPDEs5jZuUlUkhH9zXtAPYDxVcFnaz1O5GxNXKrCAdi/w=
-----END CERTIFICATE-----
Generated at Mon Mar 2 16:46:43 2026 by rpki-client