Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9196172/E867CB100F1B11E9A5DBDB1BC4F9AE02/2D9B5B380F1D11E991F4271EC4F9AE02.roa
File: 2D9B5B380F1D11E991F4271EC4F9AE02.roa (raw, json)
Hash identifier: l9qxQIDYZFB8lqVkzL19z7LMxH3Tman8VfcseXtGTGQ=
Subject key identifier: B7:FE:0A:EF:FB:BE:35:7D:62:5B:F2:F2:00:C4:BB:FF:9E:B5:82:6B
Certificate issuer: /CN=A9196172/serialNumber=6C3A7E02ACBB73A6635BDAFE022D785D00C447DB
Certificate serial: 11CA
Authority key identifier: 6C:3A:7E:02:AC:BB:73:A6:63:5B:DA:FE:02:2D:78:5D:00:C4:47:DB
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bDp-Aqy7c6ZjW9r-Ai14XQDER9s.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9196172/E867CB100F1B11E9A5DBDB1BC4F9AE02/2D9B5B380F1D11E991F4271EC4F9AE02.roa
Signing time: Sun 01 Mar 2026 15:56:57 +0000
ROA not before: Tue 10 Feb 2026 17:15:10 +0000
ROA not after: Sat 01 May 2027 00:00:00 +0000
asID: 56300
IP address blocks: 101.100.160.0/24 maxlen: 24
101.100.161.0/24 maxlen: 24
101.100.162.0/24 maxlen: 24
101.100.163.0/24 maxlen: 24
101.100.164.0/24 maxlen: 24
101.100.165.0/24 maxlen: 24
101.100.166.0/24 maxlen: 24
101.100.167.0/24 maxlen: 24
101.100.168.0/24 maxlen: 24
101.100.169.0/24 maxlen: 24
101.100.170.0/24 maxlen: 24
101.100.171.0/24 maxlen: 24
101.100.172.0/24 maxlen: 24
101.100.173.0/24 maxlen: 24
101.100.174.0/24 maxlen: 24
101.100.175.0/24 maxlen: 24
101.100.176.0/24 maxlen: 24
101.100.177.0/24 maxlen: 24
101.100.178.0/24 maxlen: 24
101.100.179.0/24 maxlen: 24
101.100.180.0/24 maxlen: 24
101.100.181.0/24 maxlen: 24
101.100.182.0/24 maxlen: 24
101.100.183.0/24 maxlen: 24
101.100.184.0/24 maxlen: 24
101.100.185.0/24 maxlen: 24
101.100.186.0/24 maxlen: 24
101.100.188.0/24 maxlen: 24
101.100.189.0/24 maxlen: 24
101.100.190.0/24 maxlen: 24
103.247.133.0/24 maxlen: 24
103.247.134.0/24 maxlen: 24
103.247.135.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9196172/E867CB100F1B11E9A5DBDB1BC4F9AE02/bDp-Aqy7c6ZjW9r-Ai14XQDER9s.crl
rsync://rpki.apnic.net/member_repository/A9196172/E867CB100F1B11E9A5DBDB1BC4F9AE02/bDp-Aqy7c6ZjW9r-Ai14XQDER9s.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bDp-Aqy7c6ZjW9r-Ai14XQDER9s.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 00:58:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4554 (0x11ca)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9196172, serialNumber=6C3A7E02ACBB73A6635BDAFE022D785D00C447DB
Validity
Not Before: Feb 10 17:15:10 2026 GMT
Not After : May 1 00:00:00 2027 GMT
Subject: CN=69a461c9-d7b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:3e:c5:fb:07:c5:2c:7c:fc:ad:cf:cc:12:15:
fd:22:83:7b:31:0f:18:b6:ce:bd:6e:4b:be:80:41:
78:7a:0d:36:83:28:09:b3:53:0d:4a:9c:97:8d:a7:
a8:b0:f6:fd:83:9f:50:c0:ff:10:e1:af:76:70:fa:
77:59:97:ce:3a:fb:48:c4:57:cc:1b:99:40:dd:3c:
1c:bd:ab:dd:c1:13:dd:44:dc:e0:e7:82:b3:c2:f9:
13:2e:d4:7a:e4:15:19:0b:09:b6:83:1c:e5:1f:5f:
2b:0f:00:a8:cb:46:6e:25:87:f9:7f:61:b7:17:14:
3e:97:bd:88:0b:2e:f5:4a:cb:07:b1:96:0b:96:26:
be:e8:7e:01:ee:fa:ff:b7:4b:c5:f8:ed:40:b2:ce:
9e:33:4b:13:fe:2a:71:3d:cb:cd:8e:d2:5e:77:c6:
a6:69:b4:1c:12:cf:cd:6f:ce:a4:1a:e6:e4:20:6f:
dc:73:a8:d9:a5:3a:61:95:04:58:e3:cd:f1:35:7a:
b3:19:54:52:95:be:99:22:8c:6c:21:a8:93:a7:1a:
09:81:dc:14:ad:42:a3:3a:87:9b:18:ed:25:69:4b:
14:b8:34:9e:56:46:28:46:50:49:c8:7c:e6:35:8c:
cb:16:ce:77:cd:08:b1:cf:cd:38:82:e2:e0:6c:1d:
58:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:FE:0A:EF:FB:BE:35:7D:62:5B:F2:F2:00:C4:BB:FF:9E:B5:82:6B
X509v3 Authority Key Identifier:
keyid:6C:3A:7E:02:AC:BB:73:A6:63:5B:DA:FE:02:2D:78:5D:00:C4:47:DB
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9196172/E867CB100F1B11E9A5DBDB1BC4F9AE02/bDp-Aqy7c6ZjW9r-Ai14XQDER9s.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bDp-Aqy7c6ZjW9r-Ai14XQDER9s.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9196172/E867CB100F1B11E9A5DBDB1BC4F9AE02/2D9B5B380F1D11E991F4271EC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
101.100.160.0-101.100.186.255
101.100.188.0-101.100.190.255
103.247.133.0-103.247.135.255
Signature Algorithm: sha256WithRSAEncryption
78:47:73:d8:4f:3e:3b:48:24:54:46:62:14:fe:cf:01:d3:0d:
20:68:51:46:d2:2e:51:bf:4c:ed:d2:b4:ce:58:c8:ba:a9:06:
50:d7:f1:5a:8c:12:01:7f:e4:a7:3a:f3:9e:3d:79:58:4f:6d:
2f:f1:e5:05:71:c6:23:20:41:90:a0:64:2c:89:a1:73:46:a8:
fc:a3:d1:b6:23:24:e4:43:fd:99:0c:99:ab:9e:b9:4b:ed:c6:
36:0c:e1:09:07:ca:41:c3:95:ff:f1:22:e6:0c:e3:a6:54:8a:
d8:a2:b7:81:d3:a5:64:b9:60:24:7c:37:0f:10:7a:e9:50:92:
dd:39:c0:9d:70:4c:2f:a2:2e:35:d8:5a:6e:cf:b5:d7:c4:8d:
3a:26:ee:13:18:c5:07:6f:24:a4:de:7a:a3:6d:42:ed:de:17:
4a:c5:87:65:57:b8:37:00:01:49:3e:72:20:65:9f:3a:44:2f:
b8:9a:92:44:6d:fa:b5:e3:fe:99:8c:b3:1c:2e:27:4e:c6:21:
b0:6a:c6:00:94:4b:6a:d5:8f:0d:ee:0e:c3:11:84:c4:85:c7:
b1:9f:49:de:d5:63:8f:f8:d2:40:a3:bd:7f:bf:8c:90:d1:f8:
b1:8d:35:3e:70:6a:04:02:1c:15:5e:08:da:8d:39:18:22:81:
db:a1:91:d4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgICEcowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTYxNzIxMTAvBgNVBAUTKDZDM0E3RTAyQUNCQjczQTY2MzVCREFGRTAyMkQ3ODVE
MDBDNDQ3REIwHhcNMjYwMjEwMTcxNTEwWhcNMjcwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NjFjOS1kN2IxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2D7F+wfFLHz8rc/MEhX9IoN7MQ8Yts69bku+gEF4eg02gygJs1MNSpyXjaeo
sPb9g59QwP8Q4a92cPp3WZfOOvtIxFfMG5lA3TwcvavdwRPdRNzg54KzwvkTLtR6
5BUZCwm2gxzlH18rDwCoy0ZuJYf5f2G3FxQ+l72ICy71SssHsZYLlia+6H4B7vr/
t0vF+O1Ass6eM0sT/ipxPcvNjtJed8amabQcEs/Nb86kGubkIG/cc6jZpTphlQRY
483xNXqzGVRSlb6ZIoxsIaiTpxoJgdwUrUKjOoebGO0laUsUuDSeVkYoRlBJyHzm
NYzLFs53zQixz804guLgbB1YGwIDAQABo4IChDCCAoAwHQYDVR0OBBYEFLf+Cu/7
vjV9Ylvy8gDEu/+etYJrMB8GA1UdIwQYMBaAFGw6fgKsu3OmY1va/gIteF0AxEfb
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NjE3Mi9FODY3Q0IxMDBG
MUIxMUU5QTVEQkRCMUJDNEY5QUUwMi9iRHAtQXF5N2M2WmpXOXItQWkxNFhRREVS
OXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2JEcC1BcXk3YzZaalc5ci1BaTE0WFFERVI5cy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTYxNzIvRTg2N0NCMTAwRjFCMTFFOUE1REJEQjFCQzRGOUFFMDIvMkQ5QjVCMzgw
RjFEMTFFOTkxRjQyNzFFQzRGOUFFMDIucm9hMEMGCCsGAQUFBwEHAQH/BDQwMjAw
BAIAATAqMAwDBAVlZKADBABlZLowDAMEAmVkvAMEAGVkvjAMAwQAZ/eFAwQDZ/eA
MA0GCSqGSIb3DQEBCwUAA4IBAQB4R3PYTz47SCRURmIU/s8B0w0gaFFG0i5Rv0zt
0rTOWMi6qQZQ1/FajBIBf+SnOvOePXlYT20v8eUFccYjIEGQoGQsiaFzRqj8o9G2
IyTkQ/2ZDJmrnrlL7cY2DOEJB8pBw5X/8SLmDOOmVIrYoreB06VkuWAkfDcPEHrp
UJLdOcCdcEwvoi412Fpuz7XXxI06Ju4TGMUHbySk3nqjbULt3hdKxYdlV7g3AAFJ
PnIgZZ86RC+4mpJEbfq14/6ZjLMcLidOxiGwasYAlEtq1Y8N7g7DEYTEhcexn0ne
1WOP+NJAo71/v4yQ0fixjTU+cGoEAhwVXgjajTkYIoHboZHU
-----END CERTIFICATE-----
Generated at Mon Mar 2 17:04:57 2026 by rpki-client