Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2B1F397E08A911F0AF0D472BC4F9AE02.roa
File: 2B1F397E08A911F0AF0D472BC4F9AE02.roa (raw, json)
Hash identifier: cJeml11hT/pfhquJnm71QzP1MiTcVdmu1Y85ARXTbuw=
Subject key identifier: 35:93:F9:63:6B:7A:68:05:14:13:A7:50:BC:93:95:08:4D:15:AA:34
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: D272
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2B1F397E08A911F0AF0D472BC4F9AE02.roa
Signing time: Sun 01 Mar 2026 22:20:02 +0000
ROA not before: Thu 08 May 2025 16:01:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 134316
IP address blocks: 14.102.188.0/24 maxlen: 24
14.102.190.0/24 maxlen: 24
14.102.191.0/24 maxlen: 24
45.115.177.0/24 maxlen: 24
45.115.178.0/24 maxlen: 24
45.115.179.0/24 maxlen: 24
103.46.236.0/24 maxlen: 24
103.46.237.0/24 maxlen: 24
103.46.238.0/24 maxlen: 24
103.46.239.0/24 maxlen: 24
103.90.207.0/24 maxlen: 24
103.116.84.0/24 maxlen: 24
103.116.85.0/24 maxlen: 24
103.116.87.0/24 maxlen: 24
103.119.164.0/22 maxlen: 22
103.119.164.0/24 maxlen: 24
103.119.165.0/24 maxlen: 24
103.119.166.0/24 maxlen: 24
103.119.167.0/24 maxlen: 24
103.199.112.0/24 maxlen: 24
103.199.113.0/24 maxlen: 24
103.199.114.0/24 maxlen: 24
103.199.115.0/24 maxlen: 24
103.201.140.0/22 maxlen: 24
103.212.130.0/24 maxlen: 24
103.219.140.0/22 maxlen: 24
139.5.222.0/23 maxlen: 24
157.119.212.0/24 maxlen: 24
157.119.213.0/24 maxlen: 24
157.119.214.0/24 maxlen: 24
157.119.215.0/24 maxlen: 24
202.9.121.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 07:20:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 53874 (0xd272)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 8 16:01:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=69a4bb92-749c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:f9:b1:21:e0:8d:8f:e3:ef:bf:48:2e:f2:a9:
51:b1:3c:b8:89:b4:87:30:be:18:2d:8e:5a:04:f4:
9a:f9:23:aa:f2:92:99:c9:be:5d:37:20:d7:c5:de:
7c:07:1b:f7:32:45:57:dd:0d:a5:e5:fa:7e:61:94:
38:56:9c:4e:44:95:dc:fa:a3:4f:08:e0:b4:b1:a6:
6b:22:88:a0:2c:48:b1:b7:56:a8:0f:d6:0a:d2:bd:
29:6f:7b:89:ba:09:3b:a3:19:14:4b:a9:fc:8f:e6:
aa:60:9e:ee:9e:20:89:4f:34:21:aa:a4:48:ad:6c:
bd:8a:72:8d:80:4a:4d:6a:f3:3e:b1:07:c8:a5:bc:
a4:1e:51:c3:d7:9a:d8:e8:1f:03:bd:90:20:a5:8a:
27:ab:1e:d7:6c:b9:fb:7c:2f:55:9a:f6:fe:de:b8:
c0:90:96:14:83:09:12:e6:7c:a4:08:77:00:e0:fd:
df:81:78:eb:23:c9:a2:e4:3f:64:19:47:bf:32:3c:
a4:a6:31:91:02:6c:e0:e8:8b:f8:d5:cd:a4:3f:70:
69:91:87:e9:4a:f6:66:4d:f2:80:bd:15:b2:15:55:
56:e4:4b:06:35:3b:69:dc:63:2c:14:e9:38:d3:8c:
e4:61:8b:c4:0a:7d:16:a5:93:d2:90:84:7b:51:c4:
85:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:93:F9:63:6B:7A:68:05:14:13:A7:50:BC:93:95:08:4D:15:AA:34
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/2B1F397E08A911F0AF0D472BC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
14.102.188.0/24
14.102.190.0/23
45.115.177.0-45.115.179.255
103.46.236.0/22
103.90.207.0/24
103.116.84.0/23
103.116.87.0/24
103.119.164.0/22
103.199.112.0/22
103.201.140.0/22
103.212.130.0/24
103.219.140.0/22
139.5.222.0/23
157.119.212.0/22
202.9.121.0/24
Signature Algorithm: sha256WithRSAEncryption
70:70:e5:43:58:97:89:9f:f9:6e:42:5e:67:72:1f:b8:7c:b5:
10:9e:ca:82:73:1c:c7:f5:1f:9d:50:d2:a8:e6:22:c3:3f:c3:
48:32:77:dd:a9:f6:c3:1e:e8:38:da:4a:1c:de:62:8c:41:2b:
2b:08:88:16:bf:a0:14:2f:a2:d2:41:43:96:fd:52:e4:94:ae:
b3:3a:fd:03:c1:72:dc:7e:ec:94:18:a6:3b:bd:37:d7:7c:db:
7d:fd:af:03:5e:b7:31:0a:1a:f7:8f:92:1f:29:18:8a:b8:a1:
6e:dd:35:4e:12:a3:be:26:78:dd:5b:6d:03:2a:32:20:7e:53:
1f:6f:59:95:1d:bd:17:19:40:1d:bd:f4:71:72:57:49:3b:8c:
67:56:f3:89:4d:e1:fd:13:70:11:d8:52:20:06:3c:fb:a9:2f:
b7:7b:39:cb:6c:93:51:cb:5b:16:b1:4f:45:cb:f9:c0:d7:70:
96:db:3b:af:71:45:d9:6c:9a:b7:93:67:20:83:dd:29:fe:0e:
76:09:4f:41:ad:38:e8:7d:8b:25:ee:35:f9:95:be:26:e0:c5:
19:65:5e:7c:79:e8:cd:2a:d9:12:c7:95:fa:b4:33:22:1e:36:
52:0a:3d:70:dd:f8:3e:c9:86:3f:4a:49:88:a3:57:14:30:de:
2e:e6:ac:e2
-----BEGIN CERTIFICATE-----
MIIFmTCCBIGgAwIBAgIDANJyMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUwODE2MDEyMVoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjlhNGJiOTItNzQ5YzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL/5sSHgjY/j779ILvKpUbE8uIm0hzC+GC2OWgT0mvkjqvKSmcm+XTcg18Xe
fAcb9zJFV90NpeX6fmGUOFacTkSV3PqjTwjgtLGmayKIoCxIsbdWqA/WCtK9KW97
iboJO6MZFEup/I/mqmCe7p4giU80IaqkSK1svYpyjYBKTWrzPrEHyKW8pB5Rw9ea
2OgfA72QIKWKJ6se12y5+3wvVZr2/t64wJCWFIMJEuZ8pAh3AOD934F46yPJouQ/
ZBlHvzI8pKYxkQJs4OiL+NXNpD9waZGH6Ur2Zk3ygL0VshVVVuRLBjU7adxjLBTp
ONOM5GGLxAp9FqWT0pCEe1HEhWsCAwEAAaOCArwwggK4MB0GA1UdDgQWBBQ1k/lj
a3poBRQTp1C8k5UITRWqNDAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBlgYIKwYBBQUHAQsEgYkwgYYwgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzJCMUYzOTdF
MDhBOTExRjBBRjBENDcyQkM0RjlBRTAyLnJvYTB7BggrBgEFBQcBBwEB/wRsMGow
aAQCAAEwYgMEAA5mvAMEAQ5mvjAMAwQALXOxAwQCLXOwAwQCZy7sAwQAZ1rPAwQB
Z3RUAwQAZ3RXAwQCZ3ekAwQCZ8dwAwQCZ8mMAwQAZ9SCAwQCZ9uMAwQBiwXeAwQC
nXfUAwQAygl5MA0GCSqGSIb3DQEBCwUAA4IBAQBwcOVDWJeJn/luQl5nch+4fLUQ
nsqCcxzH9R+dUNKo5iLDP8NIMnfdqfbDHug42koc3mKMQSsrCIgWv6AUL6LSQUOW
/VLklK6zOv0DwXLcfuyUGKY7vTfXfNt9/a8DXrcxChr3j5IfKRiKuKFu3TVOEqO+
JnjdW20DKjIgflMfb1mVHb0XGUAdvfRxcldJO4xnVvOJTeH9E3AR2FIgBjz7qS+3
eznLbJNRy1sWsU9Fy/nA13CW2zuvcUXZbJq3k2cgg90p/g52CU9BrTjofYsl7jX5
lb4m4MUZZV58eejNKtkSx5X6tDMiHjZSCj1w3fg+yYY/SkmIo1cUMN4u5qzi
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:08:28 2026 by rpki-client