Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91AEA8C/F27B9CDEBB8611E68FF50C57C4F9AE02/2C9502D83C4011EA852C097BC4F9AE02.roa
File: 2C9502D83C4011EA852C097BC4F9AE02.roa (raw, json)
Hash identifier: SnQLKrTdABnlhkWQ+AVqddVj1mUuPuJmeCU6LxGP6eo=
Subject key identifier: 5A:F0:59:88:3B:09:AE:0A:AB:C9:73:3E:75:22:6F:10:F1:5C:D3:4C
Certificate issuer: /CN=A91AEA8C/serialNumber=870B9CD2E41DAB05BD5527C9150E948959716696
Certificate serial: 1DDF
Authority key identifier: 87:0B:9C:D2:E4:1D:AB:05:BD:55:27:C9:15:0E:94:89:59:71:66:96
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hwuc0uQdqwW9VSfJFQ6UiVlxZpY.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91AEA8C/F27B9CDEBB8611E68FF50C57C4F9AE02/2C9502D83C4011EA852C097BC4F9AE02.roa
Signing time: Mon 02 Mar 2026 04:50:17 +0000
ROA not before: Thu 31 Jul 2025 16:24:28 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 133524
IP address blocks: 43.242.134.0/23 maxlen: 23
43.242.134.0/24 maxlen: 24
43.242.135.0/24 maxlen: 24
43.245.44.0/22 maxlen: 22
43.245.44.0/24 maxlen: 24
43.245.45.0/24 maxlen: 24
43.245.46.0/24 maxlen: 24
43.245.47.0/24 maxlen: 24
103.25.76.0/22 maxlen: 22
103.25.76.0/24 maxlen: 24
103.25.77.0/24 maxlen: 24
103.25.78.0/24 maxlen: 24
103.25.79.0/24 maxlen: 24
103.29.90.0/23 maxlen: 23
103.29.90.0/24 maxlen: 24
103.29.91.0/24 maxlen: 24
103.233.204.0/22 maxlen: 22
103.233.204.0/24 maxlen: 24
103.233.205.0/24 maxlen: 24
103.233.206.0/24 maxlen: 24
103.233.207.0/24 maxlen: 24
185.133.212.0/22 maxlen: 22
185.133.212.0/24 maxlen: 24
185.133.213.0/24 maxlen: 24
185.133.214.0/24 maxlen: 24
185.133.215.0/24 maxlen: 24
2407:2a80::/32 maxlen: 32
2407:2a80::/36 maxlen: 36
2407:2a80:a::/48 maxlen: 48
2407:2a80:1000::/36 maxlen: 36
2407:2a80:2000::/36 maxlen: 36
2407:2a80:3000::/36 maxlen: 36
2407:2a80:4000::/36 maxlen: 36
2407:2a80:5000::/36 maxlen: 36
2407:2a80:6000::/36 maxlen: 36
2407:2a80:7000::/36 maxlen: 36
2407:2a80:8000::/36 maxlen: 36
2407:2a80:9000::/36 maxlen: 36
2407:2a80:a000::/36 maxlen: 36
2407:2a80:b000::/36 maxlen: 36
2407:2a80:c000::/36 maxlen: 36
2407:2a80:d000::/36 maxlen: 36
2407:2a80:e000::/36 maxlen: 36
2407:2a80:f000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91AEA8C/F27B9CDEBB8611E68FF50C57C4F9AE02/hwuc0uQdqwW9VSfJFQ6UiVlxZpY.crl
rsync://rpki.apnic.net/member_repository/A91AEA8C/F27B9CDEBB8611E68FF50C57C4F9AE02/hwuc0uQdqwW9VSfJFQ6UiVlxZpY.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hwuc0uQdqwW9VSfJFQ6UiVlxZpY.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 16:03:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7647 (0x1ddf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91AEA8C, serialNumber=870B9CD2E41DAB05BD5527C9150E948959716696
Validity
Not Before: Jul 31 16:24:28 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=69a51709-814b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:c2:be:bf:3c:e4:b2:af:b5:3c:3e:f2:48:27:
52:d4:8f:78:7d:5d:85:f8:ad:80:e8:ce:7b:d5:89:
dd:52:0a:fa:7f:2b:4d:88:85:2c:78:5b:63:a3:b5:
bd:2a:a1:bd:d5:97:04:a1:c5:06:2b:bf:d0:f4:50:
6b:ed:46:40:da:2d:de:98:f4:5a:89:f6:4f:3c:5d:
ff:ee:44:7f:ec:b5:dd:a2:4b:f5:d7:1d:f7:87:dc:
7f:e4:b0:e6:b9:60:3f:78:dc:76:1c:96:7e:46:19:
0d:30:ef:98:02:f8:15:77:16:11:1c:c1:ef:25:2f:
8d:ab:23:3a:c1:8a:55:a3:c7:65:73:3b:a4:79:f8:
fc:85:79:f8:93:ff:9c:88:fb:0b:f6:d3:cd:ad:8a:
fd:fe:33:2a:a7:19:f4:80:da:d1:fc:36:2d:bc:89:
2c:46:38:a6:6a:a7:58:e1:cd:8b:87:c9:cd:38:ec:
6f:81:f3:12:d6:2a:52:64:e0:85:5c:ab:c1:bf:71:
81:90:51:a8:da:5e:94:96:e7:87:9b:ed:e8:7c:9a:
47:e5:4b:69:1b:15:08:df:25:0a:61:2f:ae:19:1d:
f3:60:71:28:0c:e7:31:d6:ec:74:db:92:8f:03:ed:
fa:0d:08:c2:04:05:84:81:83:47:c4:1d:1c:19:e5:
a2:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:F0:59:88:3B:09:AE:0A:AB:C9:73:3E:75:22:6F:10:F1:5C:D3:4C
X509v3 Authority Key Identifier:
keyid:87:0B:9C:D2:E4:1D:AB:05:BD:55:27:C9:15:0E:94:89:59:71:66:96
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91AEA8C/F27B9CDEBB8611E68FF50C57C4F9AE02/hwuc0uQdqwW9VSfJFQ6UiVlxZpY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hwuc0uQdqwW9VSfJFQ6UiVlxZpY.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AEA8C/F27B9CDEBB8611E68FF50C57C4F9AE02/2C9502D83C4011EA852C097BC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
43.242.134.0/23
43.245.44.0/22
103.25.76.0/22
103.29.90.0/23
103.233.204.0/22
185.133.212.0/22
IPv6:
2407:2a80::/32
Signature Algorithm: sha256WithRSAEncryption
0c:dc:e9:05:6a:52:19:ef:85:be:3c:fd:75:d1:f9:e2:0b:f4:
98:45:67:b5:a6:6a:16:dc:db:17:38:81:92:82:4f:75:01:4d:
04:ec:2f:bc:65:53:62:7f:63:9f:06:de:ae:cf:ac:1d:9b:cb:
f3:31:36:15:16:45:67:60:fa:17:1d:52:e6:cc:a8:1b:91:26:
7c:8a:aa:8b:74:94:dd:4a:7f:3a:83:0c:ce:06:53:6b:28:13:
98:40:12:c6:ea:76:5c:da:01:f2:29:6c:1e:ac:0d:4a:24:35:
a1:2f:e4:4e:ae:53:f3:dd:52:d8:63:a9:35:7c:11:34:72:da:
0f:83:57:10:42:1c:33:b1:89:60:e9:d9:4b:f3:f5:4d:cd:b4:
59:28:1f:df:86:dc:68:ec:12:bc:1f:1b:9f:37:45:0b:7a:4a:
22:00:40:88:e9:6d:d3:bf:c2:db:ae:47:5c:44:e9:28:3c:25:
2c:ac:af:65:27:e4:15:b7:5f:50:ec:7d:d8:2a:20:6f:84:4c:
94:8c:3d:c7:34:9d:54:08:5a:bc:ce:91:fb:0a:46:08:b1:30:
e3:23:06:c7:08:62:d9:7d:5e:c1:86:3f:97:f4:df:d1:d5:b2:
0d:1c:97:23:d2:fb:c8:ad:28:c1:e4:55:4c:89:1a:a7:dd:9a:
1a:1d:c1:bc
-----BEGIN CERTIFICATE-----
MIIFaTCCBFGgAwIBAgICHd8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUVBOEMxMTAvBgNVBAUTKDg3MEI5Q0QyRTQxREFCMDVCRDU1MjdDOTE1MEU5NDg5
NTk3MTY2OTYwHhcNMjUwNzMxMTYyNDI4WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE1MTcwOS04MTRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5sK+vzzksq+1PD7ySCdS1I94fV2F+K2A6M571YndUgr6fytNiIUseFtjo7W9
KqG91ZcEocUGK7/Q9FBr7UZA2i3emPRaifZPPF3/7kR/7LXdokv11x33h9x/5LDm
uWA/eNx2HJZ+RhkNMO+YAvgVdxYRHMHvJS+NqyM6wYpVo8dlczukefj8hXn4k/+c
iPsL9tPNrYr9/jMqpxn0gNrR/DYtvIksRjimaqdY4c2Lh8nNOOxvgfMS1ipSZOCF
XKvBv3GBkFGo2l6UlueHm+3ofJpH5UtpGxUI3yUKYS+uGR3zYHEoDOcx1ux025KP
A+36DQjCBAWEgYNHxB0cGeWiTwIDAQABo4ICjTCCAokwHQYDVR0OBBYEFFrwWYg7
Ca4Kq8lzPnUibxDxXNNMMB8GA1UdIwQYMBaAFIcLnNLkHasFvVUnyRUOlIlZcWaW
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBRUE4Qy9GMjdCOUNERUJC
ODYxMUU2OEZGNTBDNTdDNEY5QUUwMi9od3VjMHVRZHF3VzlWU2ZKRlE2VWlWbHha
cFkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2h3dWMwdVFkcXdXOVZTZkpGUTZVaVZseFpwWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUVBOEMvRjI3QjlDREVCQjg2MTFFNjhGRjUwQzU3QzRGOUFFMDIvMkM5NTAyRDgz
QzQwMTFFQTg1MkMwOTdCQzRGOUFFMDIucm9hMEwGCCsGAQUFBwEHAQH/BD0wOzAq
BAIAATAkAwQBK/KGAwQCK/UsAwQCZxlMAwQBZx1aAwQCZ+nMAwQCuYXUMA0EAgAC
MAcDBQAkByqAMA0GCSqGSIb3DQEBCwUAA4IBAQAM3OkFalIZ74W+PP110fniC/SY
RWe1pmoW3NsXOIGSgk91AU0E7C+8ZVNif2OfBt6uz6wdm8vzMTYVFkVnYPoXHVLm
zKgbkSZ8iqqLdJTdSn86gwzOBlNrKBOYQBLG6nZc2gHyKWwerA1KJDWhL+ROrlPz
3VLYY6k1fBE0ctoPg1cQQhwzsYlg6dlL8/VNzbRZKB/fhtxo7BK8HxufN0ULekoi
AECI6W3Tv8LbrkdcROkoPCUsrK9lJ+QVt19Q7H3YKiBvhEyUjD3HNJ1UCFq8zpH7
CkYIsTDjIwbHCGLZfV7Bhj+X9N/R1bINHJcj0vvIrSjB5FVMiRqn3ZoaHcG8
-----END CERTIFICATE-----
Generated at Mon Mar 2 21:55:34 2026 by rpki-client