Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
File: BDECB94CEC4F11EEB0B9B467C4F9AE02.roa (raw, json)
Hash identifier: fSlbtUc39UCW3k1Yy6pAqJg048Gxa2v6PcevURxg5Zs=
Subject key identifier: 22:C6:E6:95:5C:91:56:13:C5:3F:EA:BA:F2:44:35:FE:1B:C9:C1:B3
Certificate issuer: /CN=A919A777/serialNumber=647D0927DB3B178E2F654A3268557FE5B5D6729C
Certificate serial: 01C4
Authority key identifier: 64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
Signing time: Sun 01 Mar 2026 18:14:39 +0000
ROA not before: Tue 13 Jan 2026 21:25:02 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 134835
IP address blocks: 45.120.156.0/24 maxlen: 24
45.120.157.0/24 maxlen: 24
45.120.159.0/24 maxlen: 24
45.125.164.0/24 maxlen: 24
45.125.165.0/24 maxlen: 24
45.125.166.0/24 maxlen: 24
45.125.167.0/24 maxlen: 24
103.56.216.0/24 maxlen: 24
103.56.217.0/24 maxlen: 24
103.56.218.0/24 maxlen: 24
103.56.219.0/24 maxlen: 24
103.194.41.0/24 maxlen: 24
103.194.42.0/24 maxlen: 24
103.194.43.0/24 maxlen: 24
103.200.96.0/24 maxlen: 24
103.200.97.0/24 maxlen: 24
103.204.172.0/24 maxlen: 24
103.204.173.0/24 maxlen: 24
103.204.174.0/24 maxlen: 24
103.204.175.0/24 maxlen: 24
122.128.96.0/24 maxlen: 24
122.128.97.0/24 maxlen: 24
122.128.99.0/24 maxlen: 24
2403:ad80:60::/45 maxlen: 45
2403:ad80:80::/45 maxlen: 45
2403:ad80:88::/45 maxlen: 45
2403:ad80:98::/45 maxlen: 45
2403:ad80:a0::/45 maxlen: 45
2403:ad80:3c00::/38 maxlen: 38
2403:ad80:4c00::/38 maxlen: 38
2403:ad80:5000::/38 maxlen: 38
2403:ad80:8100::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl
rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 01:24:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 452 (0x1c4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919A777, serialNumber=647D0927DB3B178E2F654A3268557FE5B5D6729C
Validity
Not Before: Jan 13 21:25:02 2026 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=69a4820f-b224
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dc:4e:35:a7:d1:1d:1b:22:f1:66:35:06:57:
52:79:65:b9:d5:72:d2:74:a0:70:a8:a0:bb:2a:6c:
6d:f2:dd:fb:78:b1:4e:95:f7:74:c7:b4:4d:c2:6b:
34:d2:30:26:9f:6d:4c:e4:d6:17:ba:98:3f:15:d3:
a5:5d:e3:da:d2:76:9a:e5:34:e1:49:e8:98:53:f4:
f6:8e:bf:26:56:bb:bc:e5:de:2a:d6:d4:36:22:35:
e2:40:3b:b8:de:f2:9e:12:a5:ba:b2:7f:cf:ed:44:
ed:0a:f3:20:32:d4:c3:50:6d:a4:79:de:9c:7d:59:
6e:74:dd:69:f2:ff:ed:5c:e3:62:a2:c8:0c:be:12:
42:df:25:50:d1:db:1c:2b:c5:e2:97:6f:c7:ab:ed:
46:76:ec:09:9a:0b:08:5b:cf:78:e9:f1:96:ae:47:
ed:5e:4d:65:52:c7:1e:37:cb:fa:de:32:af:fe:af:
d0:b1:21:0e:57:44:0c:cd:a3:79:0d:7e:99:0a:66:
46:9b:35:03:c0:c9:c5:87:6b:f3:48:9d:4e:d1:fd:
e7:63:78:4b:4a:b5:62:4d:29:59:7a:90:f4:70:ee:
12:6c:c7:3c:d7:1e:40:bd:2f:af:db:3d:d5:53:41:
d0:c2:16:f9:f4:eb:4d:4d:f6:cd:c0:d1:da:53:5c:
58:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:C6:E6:95:5C:91:56:13:C5:3F:EA:BA:F2:44:35:FE:1B:C9:C1:B3
X509v3 Authority Key Identifier:
keyid:64:7D:09:27:DB:3B:17:8E:2F:65:4A:32:68:55:7F:E5:B5:D6:72:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZH0JJ9s7F44vZUoyaFV_5bXWcpw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919A777/0BA572B0EC4F11EEA1B38866C4F9AE02/BDECB94CEC4F11EEB0B9B467C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
45.120.156.0/23
45.120.159.0/24
45.125.164.0/22
103.56.216.0/22
103.194.41.0-103.194.43.255
103.200.96.0/23
103.204.172.0/22
122.128.96.0/23
122.128.99.0/24
IPv6:
2403:ad80:60::/45
2403:ad80:80::/44
2403:ad80:98::-2403:ad80:a7:ffff:ffff:ffff:ffff:ffff
2403:ad80:3c00::/38
2403:ad80:4c00::-2403:ad80:53ff:ffff:ffff:ffff:ffff:ffff
2403:ad80:8100::/40
Signature Algorithm: sha256WithRSAEncryption
28:e9:3f:55:22:2f:5f:ca:85:6e:9a:22:04:0a:a5:9e:9a:6a:
9c:4a:22:ec:24:3d:a5:72:59:36:7c:03:a9:74:a7:27:be:3f:
e6:03:ac:1a:7a:2c:84:78:97:62:6e:62:b0:e7:df:6f:0b:7f:
95:30:3b:85:e7:8b:27:ee:f9:8c:62:cd:ef:b7:7a:46:5d:da:
d9:f4:9e:36:89:6a:fd:14:27:88:18:fc:00:5f:22:fb:3d:8d:
42:00:48:74:76:a3:63:69:28:d7:7b:b8:35:6c:7c:c4:51:61:
57:df:1d:6f:5d:f9:88:59:e8:eb:77:93:33:53:7b:09:1c:a1:
f9:48:67:75:b6:2a:96:fb:2d:e8:cc:e2:7e:60:23:84:e1:62:
2d:3f:08:9a:48:46:bc:6e:1b:38:26:b8:e6:39:44:64:41:1f:
9d:eb:8a:0d:64:a3:35:84:aa:c6:c7:8e:e2:8a:cb:88:b3:37:
80:da:cf:61:1f:73:c9:4d:5d:d7:49:60:2b:89:43:61:e3:7f:
56:43:97:9c:4f:4e:c1:9a:67:b8:21:b0:59:0a:54:f0:48:c0:
f7:1b:e5:6a:c5:d3:02:e5:f8:c0:72:c2:a9:fe:9f:15:18:60:
94:6e:23:8e:87:7d:93:76:93:d6:4f:46:dd:50:d0:4d:87:6e:
eb:4d:ae:d7
-----BEGIN CERTIFICATE-----
MIIFxzCCBK+gAwIBAgICAcQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUE3NzcxMTAvBgNVBAUTKDY0N0QwOTI3REIzQjE3OEUyRjY1NEEzMjY4NTU3RkU1
QjVENjcyOUMwHhcNMjYwMTEzMjEyNTAyWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0ODIwZi1iMjI0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5dxONafRHRsi8WY1BldSeWW51XLSdKBwqKC7Kmxt8t37eLFOlfd0x7RNwms0
0jAmn21M5NYXupg/FdOlXePa0naa5TThSeiYU/T2jr8mVru85d4q1tQ2IjXiQDu4
3vKeEqW6sn/P7UTtCvMgMtTDUG2ked6cfVludN1p8v/tXONiosgMvhJC3yVQ0dsc
K8Xil2/Hq+1GduwJmgsIW8946fGWrkftXk1lUsceN8v63jKv/q/QsSEOV0QMzaN5
DX6ZCmZGmzUDwMnFh2vzSJ1O0f3nY3hLSrViTSlZepD0cO4SbMc81x5AvS+v2z3V
U0HQwhb59OtNTfbNwNHaU1xYvwIDAQABo4IC6zCCAucwHQYDVR0OBBYEFCLG5pVc
kVYTxT/quvJENf4bycGzMB8GA1UdIwQYMBaAFGR9CSfbOxeOL2VKMmhVf+W11nKc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QTc3Ny8wQkE1NzJCMEVD
NEYxMUVFQTFCMzg4NjZDNEY5QUUwMi9aSDBKSjlzN0Y0NHZaVW95YUZWXzViWFdj
cHcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1pIMEpKOXM3RjQ0dlpVb3lhRlZfNWJYV2Nwdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUE3NzcvMEJBNTcyQjBFQzRGMTFFRUExQjM4ODY2QzRGOUFFMDIvQkRFQ0I5NENF
QzRGMTFFRUIwQjlCNDY3QzRGOUFFMDIucm9hMIGpBggrBgEFBQcBBwEB/wSBmTCB
ljBEBAIAATA+AwQBLXicAwQALXifAwQCLX2kAwQCZzjYMAwDBABnwikDBAJnwigD
BAFnyGADBAJnzKwDBAF6gGADBAB6gGMwTgQCAAIwSAMHAyQDrYAAYAMHBCQDrYAA
gDASAwcDJAOtgACYAwcDJAOtgACgAwYCJAOtgDwwEAMGAiQDrYBMAwYCJAOtgFAD
BgAkA62AgTANBgkqhkiG9w0BAQsFAAOCAQEAKOk/VSIvX8qFbpoiBAqlnppqnEoi
7CQ9pXJZNnwDqXSnJ74/5gOsGnoshHiXYm5isOffbwt/lTA7heeLJ+75jGLN77d6
Rl3a2fSeNolq/RQniBj8AF8i+z2NQgBIdHajY2ko13u4NWx8xFFhV98db135iFno
63eTM1N7CRyh+UhndbYqlvst6MzifmAjhOFiLT8ImkhGvG4bOCa45jlEZEEfneuK
DWSjNYSqxseO4orLiLM3gNrPYR9zyU1d10lgK4lDYeN/VkOXnE9OwZpnuCGwWQpU
8EjA9xvlasXTAuX4wHLCqf6fFRhglG4jjod9k3aT1k9G3VDQTYdu602u1w==
-----END CERTIFICATE-----
Generated at Mon Mar 2 03:58:03 2026 by rpki-client