Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/346F90C45F7A11EFB8032057C4F9AE02.roa
File: 346F90C45F7A11EFB8032057C4F9AE02.roa (raw, json)
Hash identifier: QikYLWnTfsts+2TUbX5+V5p/5mlpQETmq2q7G5hlAGs=
Subject key identifier: D6:0A:77:7D:D8:12:E6:FC:72:57:2B:5C:3E:AF:79:6D:F9:2F:E7:F0
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: DA45
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/346F90C45F7A11EFB8032057C4F9AE02.roa
Signing time: Sun 01 Mar 2026 23:03:17 +0000
ROA not before: Tue 21 Oct 2025 10:31:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 17625
IP address blocks: 36.255.8.0/22 maxlen: 24
43.252.192.0/22 maxlen: 24
45.64.196.0/22 maxlen: 24
45.64.204.0/22 maxlen: 24
45.114.56.0/22 maxlen: 24
45.114.64.0/22 maxlen: 24
45.114.212.0/22 maxlen: 24
45.114.216.0/22 maxlen: 24
45.115.8.0/22 maxlen: 24
45.116.56.0/24 maxlen: 24
45.116.57.0/24 maxlen: 24
45.116.58.0/24 maxlen: 24
45.116.59.0/24 maxlen: 24
103.19.196.0/22 maxlen: 24
103.54.12.0/22 maxlen: 24
103.54.20.0/22 maxlen: 24
103.54.188.0/22 maxlen: 24
103.54.196.0/22 maxlen: 24
103.54.244.0/22 maxlen: 24
103.56.88.0/22 maxlen: 24
103.91.132.0/22 maxlen: 24
103.206.56.0/22 maxlen: 24
103.208.224.0/22 maxlen: 24
103.254.32.0/22 maxlen: 24
103.254.244.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 07:20:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 55877 (0xda45)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Oct 21 10:31:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=69a4c5b5-a198
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:53:87:1c:28:1c:a0:f3:ca:f2:5e:67:eb:5a:
d0:54:24:b0:36:c8:6d:15:59:ff:ab:0f:7f:f4:75:
16:8a:e3:3f:8e:f7:b4:f6:93:ce:2b:58:7f:08:1e:
57:ae:e2:33:28:c1:a9:4c:14:88:52:b9:c8:4b:d8:
6f:0a:69:d7:1e:eb:1e:6c:fe:ae:10:80:b6:3c:35:
51:b5:51:ea:c0:8c:d3:03:fe:3a:25:18:af:07:3e:
b5:4c:86:5c:94:76:15:b4:ff:f3:8c:c0:48:e8:c3:
09:b1:77:bd:a2:0d:73:60:20:91:3a:ce:d5:92:9e:
62:06:af:13:f4:d5:3b:d6:99:49:1a:4d:d5:f5:d9:
6d:79:85:46:38:60:74:b7:cb:7a:c6:4b:47:95:3d:
10:65:fe:48:0f:b1:2c:0a:0a:e7:2f:55:ad:01:7e:
a4:12:b4:65:ce:c4:89:a4:87:bb:6d:ae:ef:32:b4:
96:80:68:95:83:22:bd:f8:6a:c2:e7:84:f8:25:d3:
c1:35:77:e4:62:82:62:4b:bf:b2:1a:20:07:27:77:
f7:a2:86:43:83:46:0b:7f:d4:4f:89:48:8d:81:b1:
3f:29:da:55:70:4d:54:3e:87:ac:0d:d1:44:32:31:
5f:93:ee:e7:0d:4e:27:6f:35:a5:68:b3:d6:06:73:
8a:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:0A:77:7D:D8:12:E6:FC:72:57:2B:5C:3E:AF:79:6D:F9:2F:E7:F0
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/346F90C45F7A11EFB8032057C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
36.255.8.0/22
43.252.192.0/22
45.64.196.0/22
45.64.204.0/22
45.114.56.0/22
45.114.64.0/22
45.114.212.0-45.114.219.255
45.115.8.0/22
45.116.56.0/22
103.19.196.0/22
103.54.12.0/22
103.54.20.0/22
103.54.188.0/22
103.54.196.0/22
103.54.244.0/22
103.56.88.0/22
103.91.132.0/22
103.206.56.0/22
103.208.224.0/22
103.254.32.0/22
103.254.244.0/22
Signature Algorithm: sha256WithRSAEncryption
26:a9:34:bf:18:ae:fd:3e:5a:6e:df:54:78:78:8f:cc:15:e8:
49:b0:0f:3a:4a:41:41:fc:da:4e:29:fb:95:ef:30:dc:2c:d0:
fb:88:d4:b9:e8:64:64:6f:fa:a5:f0:0c:fe:c3:a8:36:9a:5b:
4d:54:71:2c:a5:af:d7:cc:2d:e7:69:6a:49:44:0b:5d:fd:73:
ed:c0:6b:53:39:27:f2:b9:3d:c3:ea:cc:d1:dc:c9:4b:92:72:
10:0f:49:b0:cb:cc:d3:17:65:a9:d5:c2:f9:3f:3e:34:bd:f3:
00:27:34:a3:30:d3:a4:2e:73:86:60:b6:16:0f:7e:92:aa:82:
04:3d:4d:c9:8b:ed:64:99:68:ac:20:89:57:00:b9:bf:93:80:
28:8c:5a:87:d8:45:5e:2b:79:de:e0:6f:4f:74:db:b8:5c:ba:
86:de:dd:d3:a6:25:77:5e:74:82:73:ad:ea:a3:8c:da:73:ea:
df:20:26:8e:a5:81:a3:4c:97:a0:5d:22:58:18:6f:9a:ab:a5:
3a:f0:19:a6:9a:79:a2:27:7e:26:21:87:3e:5e:aa:09:92:0e:
d6:1c:a2:fa:da:63:4d:79:38:1a:9b:9d:02:08:2b:07:c1:f0:
fe:fd:2c:72:11:df:6a:4b:55:13:14:83:e4:cd:e3:aa:23:2c:
31:df:2e:df
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgIDANpFMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MTAyMTEwMzE0NloXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjlhNGM1YjUtYTE5ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJVThxwoHKDzyvJeZ+ta0FQksDbIbRVZ/6sPf/R1ForjP473tPaTzitYfwge
V67iMyjBqUwUiFK5yEvYbwpp1x7rHmz+rhCAtjw1UbVR6sCM0wP+OiUYrwc+tUyG
XJR2FbT/84zASOjDCbF3vaINc2AgkTrO1ZKeYgavE/TVO9aZSRpN1fXZbXmFRjhg
dLfLesZLR5U9EGX+SA+xLAoK5y9VrQF+pBK0Zc7EiaSHu22u7zK0loBolYMivfhq
wueE+CXTwTV35GKCYku/shogByd396KGQ4NGC3/UT4lIjYGxPynaVXBNVD6HrA3R
RDIxX5Pu5w1OJ281pWiz1gZzissCAwEAAaOCAuUwggLhMB0GA1UdDgQWBBTWCnd9
2BLm/HJXK1w+r3lt+S/n8DAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBlgYIKwYBBQUHAQsEgYkwgYYwgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzM0NkY5MEM0
NUY3QTExRUZCODAzMjA1N0M0RjlBRTAyLnJvYTCBowYIKwYBBQUHAQcBAf8EgZMw
gZAwgY0EAgABMIGGAwQCJP8IAwQCK/zAAwQCLUDEAwQCLUDMAwQCLXI4AwQCLXJA
MAwDBAItctQDBAItctgDBAItcwgDBAItdDgDBAJnE8QDBAJnNgwDBAJnNhQDBAJn
NrwDBAJnNsQDBAJnNvQDBAJnOFgDBAJnW4QDBAJnzjgDBAJn0OADBAJn/iADBAJn
/vQwDQYJKoZIhvcNAQELBQADggEBACapNL8Yrv0+Wm7fVHh4j8wV6EmwDzpKQUH8
2k4p+5XvMNws0PuI1LnoZGRv+qXwDP7DqDaaW01UcSylr9fMLedpaklEC139c+3A
a1M5J/K5PcPqzNHcyUuSchAPSbDLzNMXZanVwvk/PjS98wAnNKMw06Quc4ZgthYP
fpKqggQ9TcmL7WSZaKwgiVcAub+TgCiMWofYRV4red7gb09027hcuobe3dOmJXde
dIJzreqjjNpz6t8gJo6lgaNMl6BdIlgYb5qrpTrwGaaaeaInfiYhhz5eqgmSDtYc
ovraY015OBqbnQIIKwfB8P79LHIR32pLVRMUg+TN46ojLDHfLt8=
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:07:49 2026 by rpki-client