Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919D6BB/3AB0F76AFB6211E9A82B394AC4F9AE02/CA39F7F0FB6311E999847F4DC4F9AE02.roa
File: CA39F7F0FB6311E999847F4DC4F9AE02.roa (raw, json)
Hash identifier: Ra9KeGGoq4qKoY1lvMm4sJXsGfKv+RNnldeY/mU1RTs=
Subject key identifier: 64:2F:81:FE:D6:1E:3E:FD:2D:A8:DE:3B:3A:11:B3:7E:EF:E4:B2:FF
Certificate issuer: /CN=A919D6BB/serialNumber=3753728E54F09A48513DFFD2FA71804411FCDB20
Certificate serial: 0D25
Authority key identifier: 37:53:72:8E:54:F0:9A:48:51:3D:FF:D2:FA:71:80:44:11:FC:DB:20
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/N1NyjlTwmkhRPf_S-nGARBH82yA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919D6BB/3AB0F76AFB6211E9A82B394AC4F9AE02/CA39F7F0FB6311E999847F4DC4F9AE02.roa
Signing time: Sun 01 Mar 2026 15:34:46 +0000
ROA not before: Thu 20 Nov 2025 18:08:14 +0000
ROA not after: Sun 31 Jan 2027 00:00:00 +0000
asID: 45891
IP address blocks: 103.2.88.0/22 maxlen: 22
103.2.88.0/23 maxlen: 23
103.2.90.0/24 maxlen: 24
103.2.91.0/24 maxlen: 24
202.1.160.0/19 maxlen: 19
202.1.160.0/20 maxlen: 20
202.1.160.0/24 maxlen: 24
202.1.161.0/24 maxlen: 24
202.1.162.0/24 maxlen: 24
202.1.163.0/24 maxlen: 24
202.1.164.0/24 maxlen: 24
202.1.165.0/24 maxlen: 24
202.1.166.0/24 maxlen: 24
202.1.167.0/24 maxlen: 24
202.1.168.0/24 maxlen: 24
202.1.169.0/24 maxlen: 24
202.1.170.0/24 maxlen: 24
202.1.172.0/24 maxlen: 24
202.1.173.0/24 maxlen: 24
202.1.174.0/24 maxlen: 24
202.1.175.0/24 maxlen: 24
202.1.176.0/20 maxlen: 20
202.1.176.0/23 maxlen: 23
202.1.176.0/24 maxlen: 24
202.1.177.0/24 maxlen: 24
202.1.178.0/24 maxlen: 24
202.1.180.0/24 maxlen: 24
202.1.181.0/24 maxlen: 24
202.1.182.0/24 maxlen: 24
202.1.183.0/24 maxlen: 24
202.1.184.0/24 maxlen: 24
202.1.185.0/24 maxlen: 24
202.1.186.0/24 maxlen: 24
202.1.187.0/24 maxlen: 24
202.1.188.0/24 maxlen: 24
202.1.189.0/24 maxlen: 24
202.1.190.0/24 maxlen: 24
202.1.191.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A919D6BB/3AB0F76AFB6211E9A82B394AC4F9AE02/N1NyjlTwmkhRPf_S-nGARBH82yA.crl
rsync://rpki.apnic.net/member_repository/A919D6BB/3AB0F76AFB6211E9A82B394AC4F9AE02/N1NyjlTwmkhRPf_S-nGARBH82yA.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/N1NyjlTwmkhRPf_S-nGARBH82yA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 16:03:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3365 (0xd25)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919D6BB, serialNumber=3753728E54F09A48513DFFD2FA71804411FCDB20
Validity
Not Before: Nov 20 18:08:14 2025 GMT
Not After : Jan 31 00:00:00 2027 GMT
Subject: CN=69a45c96-d764
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:d9:55:8c:1a:9e:99:08:3a:66:84:68:a0:a8:
3f:fc:fe:11:29:d2:cc:4f:e8:a8:26:cb:d7:ba:38:
1d:8e:22:e2:a0:87:9f:11:3e:08:5f:1a:6e:9b:5a:
5b:00:76:09:71:38:91:1a:dd:8f:93:fb:ac:5a:08:
5a:38:ce:df:1f:2b:be:fe:97:87:6a:22:13:0e:22:
12:bf:14:73:e5:c0:da:d4:91:8d:43:af:b5:64:1d:
11:10:f4:e9:c5:04:89:bf:83:9d:0a:f2:f4:15:ad:
34:18:87:b4:96:3f:52:bd:5a:76:86:37:76:95:71:
34:46:33:ad:6e:c9:9e:b1:60:32:93:fc:68:e9:41:
3a:c7:57:90:49:0a:7e:d4:86:90:b1:e5:0f:7a:1f:
ce:85:02:38:6a:6f:01:30:a1:97:cb:53:78:89:a1:
d8:14:78:48:56:9f:f2:4c:41:0c:88:95:9f:73:1a:
9e:24:7c:9f:ca:bc:2b:75:fc:d5:d2:df:74:a1:f8:
f2:1f:e9:d5:84:ea:63:fe:38:b7:a3:55:8e:62:ec:
78:30:df:19:04:01:dc:20:4d:60:77:f6:46:d0:27:
b5:fc:6f:de:e2:8e:8d:32:a3:01:3f:2f:95:e7:1a:
8e:84:e8:06:be:8a:08:79:a5:2a:61:16:c0:7f:75:
3a:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:2F:81:FE:D6:1E:3E:FD:2D:A8:DE:3B:3A:11:B3:7E:EF:E4:B2:FF
X509v3 Authority Key Identifier:
keyid:37:53:72:8E:54:F0:9A:48:51:3D:FF:D2:FA:71:80:44:11:FC:DB:20
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919D6BB/3AB0F76AFB6211E9A82B394AC4F9AE02/N1NyjlTwmkhRPf_S-nGARBH82yA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/N1NyjlTwmkhRPf_S-nGARBH82yA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919D6BB/3AB0F76AFB6211E9A82B394AC4F9AE02/CA39F7F0FB6311E999847F4DC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
103.2.88.0/22
202.1.160.0/19
Signature Algorithm: sha256WithRSAEncryption
6d:e5:aa:5b:c2:05:fb:d8:d9:0d:57:52:82:5f:da:25:ea:ea:
dd:33:a5:fe:50:ea:62:06:40:25:31:07:b0:5d:95:a2:af:74:
23:3e:60:a1:00:63:bd:3b:93:c1:7a:88:ee:b9:14:c8:c9:93:
81:73:03:60:f2:55:4f:73:91:85:6b:7d:d8:a4:27:9c:7a:a4:
3e:05:e7:a4:0a:29:25:cf:6c:80:ed:77:c8:86:e3:df:dc:71:
e0:83:05:6a:86:d9:ca:fa:da:ac:7b:41:a0:f5:0e:75:20:aa:
ed:6e:03:13:c4:2e:3a:6c:68:b8:1e:41:ff:29:b2:49:43:d5:
59:0d:91:23:04:29:91:be:c1:ac:d3:87:10:a4:0c:f9:55:d4:
55:de:7e:a7:e3:1b:1d:06:27:c5:02:15:7a:4e:71:05:8c:bb:
8c:62:be:fe:73:2e:c1:a0:0a:64:49:b0:b9:04:7b:52:9f:96:
6c:01:4f:0c:5f:97:5b:fe:d4:58:d6:3b:80:91:36:71:33:29:
3d:ef:fd:c3:e0:85:11:26:f3:58:12:0d:de:60:04:6b:a6:57:
6d:65:39:ec:5e:d1:60:fc:42:6e:96:2a:30:97:2f:37:4f:74:
e5:78:16:71:db:30:bf:04:b6:44:d0:ea:1d:29:6d:e8:4b:2f:
28:f5:a1:7d
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgICDSUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUQ2QkIxMTAvBgNVBAUTKDM3NTM3MjhFNTRGMDlBNDg1MTNERkZEMkZBNzE4MDQ0
MTFGQ0RCMjAwHhcNMjUxMTIwMTgwODE0WhcNMjcwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NWM5Ni1kNzY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAptlVjBqemQg6ZoRooKg//P4RKdLMT+ioJsvXujgdjiLioIefET4IXxpum1pb
AHYJcTiRGt2Pk/usWghaOM7fHyu+/peHaiITDiISvxRz5cDa1JGNQ6+1ZB0REPTp
xQSJv4OdCvL0Fa00GIe0lj9SvVp2hjd2lXE0RjOtbsmesWAyk/xo6UE6x1eQSQp+
1IaQseUPeh/OhQI4am8BMKGXy1N4iaHYFHhIVp/yTEEMiJWfcxqeJHyfyrwrdfzV
0t90ofjyH+nVhOpj/ji3o1WOYux4MN8ZBAHcIE1gd/ZG0Ce1/G/e4o6NMqMBPy+V
5xqOhOgGvooIeaUqYRbAf3U6yQIDAQABo4ICZjCCAmIwHQYDVR0OBBYEFGQvgf7W
Hj79LajeOzoRs37v5LL/MB8GA1UdIwQYMBaAFDdTco5U8JpIUT3/0vpxgEQR/Nsg
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5RDZCQi8zQUIwRjc2QUZC
NjIxMUU5QTgyQjM5NEFDNEY5QUUwMi9OMU55amxUd21raFJQZl9TLW5HQVJCSDgy
eUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL04xTnlqbFR3bWtoUlBmX1MtbkdBUkJIODJ5QS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUQ2QkIvM0FCMEY3NkFGQjYyMTFFOUE4MkIzOTRBQzRGOUFFMDIvQ0EzOUY3RjBG
QjYzMTFFOTk5ODQ3RjREQzRGOUFFMDIucm9hMCUGCCsGAQUFBwEHAQH/BBYwFDAS
BAIAATAMAwQCZwJYAwQFygGgMA0GCSqGSIb3DQEBCwUAA4IBAQBt5apbwgX72NkN
V1KCX9ol6urdM6X+UOpiBkAlMQewXZWir3QjPmChAGO9O5PBeojuuRTIyZOBcwNg
8lVPc5GFa33YpCeceqQ+BeekCiklz2yA7XfIhuPf3HHggwVqhtnK+tqse0Gg9Q51
IKrtbgMTxC46bGi4HkH/KbJJQ9VZDZEjBCmRvsGs04cQpAz5VdRV3n6n4xsdBifF
AhV6TnEFjLuMYr7+cy7BoApkSbC5BHtSn5ZsAU8MX5db/tRY1juAkTZxMyk97/3D
4IURJvNYEg3eYARrpldtZTnsXtFg/EJuliowly83T3TleBZx2zC/BLZE0OodKW3o
Sy8o9aF9
-----END CERTIFICATE-----
Generated at Mon Mar 2 21:10:55 2026 by rpki-client