Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9196E6C/426E3DBA1D8D11E293C4DAEA08B02CD2/DD5C8412E84511EB87AD6B49C4F9AE02.roa
File: DD5C8412E84511EB87AD6B49C4F9AE02.roa (raw, json)
Hash identifier: xn1GYfH1rwc+2AIvQfDokFXkj6OoQH1mNdhrUcoaQW0=
Subject key identifier: B3:62:B5:A0:17:0A:34:E8:EA:6E:63:63:F1:90:9F:27:DE:27:67:B1
Certificate issuer: /CN=A9196E6C/serialNumber=8F31602F4EBE455E099C0049BB7B0066558B9D89
Certificate serial: 3553
Authority key identifier: 8F:31:60:2F:4E:BE:45:5E:09:9C:00:49:BB:7B:00:66:55:8B:9D:89
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jzFgL06-RV4JnABJu3sAZlWLnYk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9196E6C/426E3DBA1D8D11E293C4DAEA08B02CD2/DD5C8412E84511EB87AD6B49C4F9AE02.roa
Signing time: Wed 08 Apr 2026 15:12:47 +0000
ROA not before: Wed 08 Apr 2026 15:12:47 +0000
ROA not after: Fri 28 May 2027 00:00:00 +0000
asID: 24028
IP address blocks: 43.251.136.0/22 maxlen: 22
43.251.136.0/23 maxlen: 24
43.251.139.0/24 maxlen: 24
103.21.152.0/22 maxlen: 24
182.54.192.0/19 maxlen: 23
182.54.192.0/20 maxlen: 24
182.54.208.0/21 maxlen: 24
182.54.217.0/24 maxlen: 24
182.54.218.0/23 maxlen: 24
182.54.220.0/22 maxlen: 24
202.46.112.0/20 maxlen: 24
203.142.32.0/19 maxlen: 24
2405:7c00:1000::/36 maxlen: 36
2405:7c00:2000::/36 maxlen: 36
2405:7c00:3000::/36 maxlen: 36
2405:7c00:4000::/36 maxlen: 36
2405:7c00:5000::/36 maxlen: 36
2405:7c00:6000::/36 maxlen: 36
2405:7c00:7000::/36 maxlen: 36
2405:7c00:8000::/36 maxlen: 36
2405:7c00:9000::/36 maxlen: 36
2405:7c00:b000::/36 maxlen: 36
2405:7c00:c000::/36 maxlen: 36
2405:7c00:d000::/36 maxlen: 36
2405:7c00:e000::/36 maxlen: 36
2405:7c00:f000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9196E6C/426E3DBA1D8D11E293C4DAEA08B02CD2/jzFgL06-RV4JnABJu3sAZlWLnYk.crl
rsync://rpki.apnic.net/member_repository/A9196E6C/426E3DBA1D8D11E293C4DAEA08B02CD2/jzFgL06-RV4JnABJu3sAZlWLnYk.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jzFgL06-RV4JnABJu3sAZlWLnYk.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 23 Apr 2026 14:37:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13651 (0x3553)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9196E6C, serialNumber=8F31602F4EBE455E099C0049BB7B0066558B9D89
Validity
Not Before: Apr 8 15:12:47 2026 GMT
Not After : May 28 00:00:00 2027 GMT
Subject: CN=69d6706e-5f93
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:32:6b:03:cb:00:26:d1:a5:9a:3b:fe:aa:7d:
6b:3d:96:93:c0:38:1b:c5:a5:b6:8c:8f:28:dc:27:
31:4a:6b:93:11:ad:72:c1:71:a7:d3:b0:01:94:b5:
99:e4:4a:cf:3f:4a:60:10:c6:36:ff:df:c8:65:59:
08:9f:f5:be:c9:17:3a:2c:9d:bd:06:d0:7f:6f:00:
0b:84:35:eb:5b:e6:2b:c7:39:2a:7c:ec:48:9a:56:
d8:f3:02:6e:cc:68:da:e6:d6:77:95:8e:e6:28:31:
09:e3:dd:39:ec:cc:b5:89:b6:a4:d3:9b:8e:40:45:
ba:14:63:35:63:b2:9e:9a:07:43:d3:f4:52:ae:7c:
65:25:c8:1e:9a:f2:2c:49:a5:7c:4f:4c:3b:4b:69:
5c:5c:00:a0:67:0c:13:b7:0d:b7:e3:f2:5c:32:10:
02:3d:ff:38:85:ac:b8:5b:75:f0:b8:e6:78:20:b2:
3b:c2:de:f6:45:fa:fc:58:88:08:26:62:02:e5:d7:
95:79:cb:2e:6c:f9:a8:60:61:35:d4:97:87:af:fb:
a0:4d:94:2f:2b:2d:fe:79:a6:bd:b6:81:aa:f3:d7:
3b:c7:5e:c9:4b:5a:73:5d:87:4e:59:d9:4c:76:1a:
db:a8:f7:fd:d4:3b:cd:95:d2:a6:4c:8f:a6:60:26:
ef:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:62:B5:A0:17:0A:34:E8:EA:6E:63:63:F1:90:9F:27:DE:27:67:B1
X509v3 Authority Key Identifier:
keyid:8F:31:60:2F:4E:BE:45:5E:09:9C:00:49:BB:7B:00:66:55:8B:9D:89
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9196E6C/426E3DBA1D8D11E293C4DAEA08B02CD2/jzFgL06-RV4JnABJu3sAZlWLnYk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jzFgL06-RV4JnABJu3sAZlWLnYk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9196E6C/426E3DBA1D8D11E293C4DAEA08B02CD2/DD5C8412E84511EB87AD6B49C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
43.251.136.0/22
103.21.152.0/22
182.54.192.0/19
202.46.112.0/20
203.142.32.0/19
IPv6:
2405:7c00:1000::-2405:7c00:9fff:ffff:ffff:ffff:ffff:ffff
2405:7c00:b000::-2405:7c00:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
57:1c:44:03:0a:ab:58:30:f4:29:8d:ca:06:fd:24:5f:d2:bb:
59:ed:c5:02:29:d4:c4:2e:85:fd:e6:14:09:64:ad:4f:a5:59:
3b:66:f9:d3:69:46:3e:c5:62:f4:54:81:cb:2f:1a:e9:8c:d7:
c9:0a:fe:64:b3:ea:a5:16:89:66:1c:8e:8f:b9:1b:3a:40:ee:
dc:39:f0:e5:06:79:7f:67:4f:05:f8:b1:14:29:33:d7:ac:bf:
5c:d2:7e:45:f9:ac:c6:fd:ef:1f:19:44:3a:86:32:5d:c3:69:
1b:e5:05:3f:87:17:5e:6a:a7:11:55:67:07:ae:06:5f:67:e8:
aa:16:f0:4c:0d:85:20:ce:56:75:a0:21:6d:1b:39:ca:d2:72:
91:d3:f0:a5:57:20:f7:14:a4:43:51:35:66:02:0e:df:ca:70:
f2:90:7b:67:06:9f:a9:16:2b:d9:b1:65:93:c6:a2:4f:ec:b1:
08:a6:d1:eb:74:06:5d:89:e9:01:bf:36:d7:fb:a5:1b:0d:89:
22:a6:6a:d7:96:5e:2e:c2:8e:90:bf:25:9e:d5:d1:3f:03:07:
7b:ac:fa:bb:e8:73:b0:d7:12:70:8e:73:7b:66:e6:b3:24:b7:
a8:74:ea:12:cc:93:e2:7c:2b:ff:79:7d:10:33:d4:02:be:de:
86:69:b0:67
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICNVMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTZFNkMxMTAvBgNVBAUTKDhGMzE2MDJGNEVCRTQ1NUUwOTlDMDA0OUJCN0IwMDY2
NTU4QjlEODkwHhcNMjYwNDA4MTUxMjQ3WhcNMjcwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OWQ2NzA2ZS01ZjkzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyDJrA8sAJtGlmjv+qn1rPZaTwDgbxaW2jI8o3CcxSmuTEa1ywXGn07ABlLWZ
5ErPP0pgEMY2/9/IZVkIn/W+yRc6LJ29BtB/bwALhDXrW+YrxzkqfOxImlbY8wJu
zGja5tZ3lY7mKDEJ49057My1ibak05uOQEW6FGM1Y7KemgdD0/RSrnxlJcgemvIs
SaV8T0w7S2lcXACgZwwTtw234/JcMhACPf84hay4W3XwuOZ4ILI7wt72Rfr8WIgI
JmIC5deVecsubPmoYGE11JeHr/ugTZQvKy3+eaa9toGq89c7x17JS1pzXYdOWdlM
dhrbqPf91DvNldKmTI+mYCbvuwIDAQABo4ICozCCAp8wHQYDVR0OBBYEFLNitaAX
CjTo6m5jY/GQnyfeJ2exMB8GA1UdIwQYMBaAFI8xYC9OvkVeCZwASbt7AGZVi52J
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NkU2Qy80MjZFM0RCQTFE
OEQxMUUyOTNDNERBRUEwOEIwMkNEMi9qekZnTDA2LVJWNEpuQUJKdTNzQVpsV0xu
WWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2p6RmdMMDYtUlY0Sm5BQkp1M3NBWmxXTG5Zay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTZFNkMvNDI2RTNEQkExRDhEMTFFMjkzQzREQUVBMDhCMDJDRDIvREQ1Qzg0MTJF
ODQ1MTFFQjg3QUQ2QjQ5QzRGOUFFMDIucm9hMGIGCCsGAQUFBwEHAQH/BFMwUTAk
BAIAATAeAwQCK/uIAwQCZxWYAwQFtjbAAwQEyi5wAwQFy44gMCkEAgACMCMwEAMG
BCQFfAAQAwYFJAV8AIAwDwMGBCQFfACwAwUAJAV8ADANBgkqhkiG9w0BAQsFAAOC
AQEAVxxEAwqrWDD0KY3KBv0kX9K7We3FAinUxC6F/eYUCWStT6VZO2b502lGPsVi
9FSByy8a6YzXyQr+ZLPqpRaJZhyOj7kbOkDu3Dnw5QZ5f2dPBfixFCkz16y/XNJ+
Rfmsxv3vHxlEOoYyXcNpG+UFP4cXXmqnEVVnB64GX2foqhbwTA2FIM5WdaAhbRs5
ytJykdPwpVcg9xSkQ1E1ZgIO38pw8pB7ZwafqRYr2bFlk8aiT+yxCKbR63QGXYnp
Ab821/ulGw2JIqZq15ZeLsKOkL8lntXRPwMHe6z6u+hzsNcScI5ze2bmsyS3qHTq
EsyT4nwr/3l9EDPUAr7ehmmwZw==
-----END CERTIFICATE-----
Generated at Fri Apr 17 13:12:05 2026 by rpki-client