Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/801B5CA0D49711EFBF7D3414C4F9AE02.roa
File: 801B5CA0D49711EFBF7D3414C4F9AE02.roa (raw, json)
Hash identifier: h19/MR9hkMVPGpl7f/+5Vxrt7msI3muNoOIhYt+wOkY=
Subject key identifier: 1E:50:12:60:1E:1F:D7:BF:C6:76:1A:95:78:97:7B:7F:C7:65:AE:A9
Certificate issuer: /CN=A91B268A/serialNumber=F8EECE7D3C0CF5922EA3D803553638823FAEEA08
Certificate serial: 12DB
Authority key identifier: F8:EE:CE:7D:3C:0C:F5:92:2E:A3:D8:03:55:36:38:82:3F:AE:EA:08
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/801B5CA0D49711EFBF7D3414C4F9AE02.roa
Signing time: Sun 01 Mar 2026 15:56:33 +0000
ROA not before: Fri 24 Oct 2025 10:12:13 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 7600
IP address blocks: 14.102.136.0/21 maxlen: 24
43.247.116.0/22 maxlen: 24
103.237.160.0/22 maxlen: 22
103.237.160.0/22 maxlen: 24
103.237.160.0/24 maxlen: 24
115.42.0.0/20 maxlen: 24
115.42.16.0/20 maxlen: 24
122.129.221.0/24 maxlen: 24
122.129.222.0/24 maxlen: 24
122.129.223.0/24 maxlen: 24
123.136.32.0/19 maxlen: 19
203.18.23.0/24 maxlen: 24
203.25.185.0/24 maxlen: 24
203.57.0.0/23 maxlen: 23
210.56.80.0/20 maxlen: 20
210.56.80.0/21 maxlen: 24
210.56.88.0/21 maxlen: 21
210.56.88.0/24 maxlen: 24
210.56.90.0/24 maxlen: 24
210.56.90.192/26 maxlen: 26
210.56.91.0/24 maxlen: 24
210.56.95.0/24 maxlen: 24
2404:9600::/32 maxlen: 32
2404:9600:300::/40 maxlen: 40
2404:9601::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.crl
rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 08 Mar 2026 23:57:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4827 (0x12db)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B268A, serialNumber=F8EECE7D3C0CF5922EA3D803553638823FAEEA08
Validity
Not Before: Oct 24 10:12:13 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=69a461b1-ce32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:f0:d3:85:53:6c:50:b1:e4:4f:f4:10:7c:6a:
7d:d1:71:21:9e:a5:df:98:cc:a3:0d:b5:69:ec:8d:
f0:fc:2d:b1:ce:9a:a6:c3:da:7b:87:cf:68:26:e2:
27:72:ef:0e:37:05:23:8a:e2:9e:8d:cc:f4:2e:9b:
2c:8f:7c:c7:b1:89:7a:3f:20:fd:42:88:4a:14:d9:
45:55:b7:84:ab:50:ce:53:8e:2c:f0:a0:bd:ea:40:
12:8f:0f:18:a0:95:15:12:57:0d:d4:8f:4d:bc:c8:
4d:02:d6:bc:9e:ec:af:21:16:a7:c0:96:0b:30:fb:
f0:66:30:07:70:88:c2:e4:d5:43:d1:12:6e:ce:d9:
b1:8e:34:27:16:4c:8d:f1:84:78:0a:43:05:ad:59:
dc:0c:5f:62:ac:0e:1c:eb:7b:22:af:91:35:e3:64:
cd:b6:19:47:6f:0f:d6:6b:54:e2:13:d1:29:9b:2b:
91:62:40:08:1f:ce:47:bb:78:cf:ad:55:3a:6b:4d:
78:16:ef:e8:6e:9d:dd:49:bc:7b:24:20:9a:bf:ec:
19:3f:96:a8:b3:5c:bc:5c:96:32:f6:7b:16:83:aa:
08:91:20:86:98:d9:ba:c0:4f:73:1a:5a:5e:d7:fb:
1f:0f:bb:84:91:25:69:a0:33:3b:9a:6e:46:00:55:
e3:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:50:12:60:1E:1F:D7:BF:C6:76:1A:95:78:97:7B:7F:C7:65:AE:A9
X509v3 Authority Key Identifier:
keyid:F8:EE:CE:7D:3C:0C:F5:92:2E:A3:D8:03:55:36:38:82:3F:AE:EA:08
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-O7OfTwM9ZIuo9gDVTY4gj-u6gg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B268A/84FB4C9CDDA111E8A2E78A69C4F9AE02/801B5CA0D49711EFBF7D3414C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
14.102.136.0/21
43.247.116.0/22
103.237.160.0/22
115.42.0.0/19
122.129.221.0-122.129.223.255
123.136.32.0/19
203.18.23.0/24
203.25.185.0/24
203.57.0.0/23
210.56.80.0/20
IPv6:
2404:9600::/31
Signature Algorithm: sha256WithRSAEncryption
0b:11:f2:b6:e6:fd:df:1f:b0:09:54:d6:eb:83:13:e9:10:54:
49:fa:66:a6:7c:08:05:b0:ce:70:4a:55:25:a7:ee:ae:47:1c:
5a:19:de:b9:d7:0e:d5:1d:de:ed:8a:b5:b7:bb:09:77:db:27:
1d:ae:58:a1:b4:e8:6c:95:27:03:42:70:bc:2b:70:d0:b5:eb:
f3:a1:9a:fe:36:78:d5:69:88:5f:ac:20:fc:0f:46:5c:c5:c3:
ff:7a:92:3a:8a:c3:d6:b0:95:20:95:7a:d9:00:8b:3b:9e:e7:
35:9d:61:13:d7:3b:61:22:bf:3c:1d:e3:72:d9:7a:46:c9:af:
4c:db:47:35:c9:1a:5e:fc:9b:f1:be:40:1e:2a:f7:03:67:26:
03:45:37:8d:e4:7a:4f:45:f9:71:70:71:c5:21:86:f7:60:9b:
4f:08:ae:85:e4:14:e8:dc:a6:b1:17:c3:ae:12:21:f2:dd:ab:
8c:9b:af:6b:8d:11:72:35:58:ba:56:e5:25:37:15:f6:54:80:
c2:70:b9:37:0d:7c:5f:67:ad:9f:27:2d:0b:e4:5b:b5:ed:a9:
80:1c:99:d8:80:a6:dc:bc:73:f5:50:d1:2b:63:a4:e4:a9:22:
1d:45:ae:53:36:9f:a7:09:a3:f6:3d:e2:5c:ed:9c:7c:a1:b8:
d1:e5:95:10
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICEtswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjI2OEExMTAvBgNVBAUTKEY4RUVDRTdEM0MwQ0Y1OTIyRUEzRDgwMzU1MzYzODgy
M0ZBRUVBMDgwHhcNMjUxMDI0MTAxMjEzWhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NjFiMS1jZTMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoPDThVNsULHkT/QQfGp90XEhnqXfmMyjDbVp7I3w/C2xzpqmw9p7h89oJuIn
cu8ONwUjiuKejcz0Lpssj3zHsYl6PyD9QohKFNlFVbeEq1DOU44s8KC96kASjw8Y
oJUVElcN1I9NvMhNAta8nuyvIRanwJYLMPvwZjAHcIjC5NVD0RJuztmxjjQnFkyN
8YR4CkMFrVncDF9irA4c63sir5E142TNthlHbw/Wa1TiE9EpmyuRYkAIH85Hu3jP
rVU6a014Fu/obp3dSbx7JCCav+wZP5aos1y8XJYy9nsWg6oIkSCGmNm6wE9zGlpe
1/sfD7uEkSVpoDM7mm5GAFXj8wIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFB5QEmAe
H9e/xnYalXiXe3/HZa6pMB8GA1UdIwQYMBaAFPjuzn08DPWSLqPYA1U2OII/ruoI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMjY4QS84NEZCNEM5Q0RE
QTExMUU4QTJFNzhBNjlDNEY5QUUwMi8tTzdPZlR3TTlaSXVvOWdEVlRZNGdqLXU2
Z2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1PN09mVHdNOVpJdW85Z0RWVFk0Z2otdTZnZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjI2OEEvODRGQjRDOUNEREExMTFFOEEyRTc4QTY5QzRGOUFFMDIvODAxQjVDQTBE
NDk3MTFFRkJGN0QzNDE0QzRGOUFFMDIucm9hMGwGCCsGAQUFBwEHAQH/BF0wWzBK
BAIAATBEAwQDDmaIAwQCK/d0AwQCZ+2gAwQFcyoAMAwDBAB6gd0DBAV6gcADBAV7
iCADBADLEhcDBADLGbkDBAHLOQADBATSOFAwDQQCAAIwBwMFASQElgAwDQYJKoZI
hvcNAQELBQADggEBAAsR8rbm/d8fsAlU1uuDE+kQVEn6ZqZ8CAWwznBKVSWn7q5H
HFoZ3rnXDtUd3u2Ktbe7CXfbJx2uWKG06GyVJwNCcLwrcNC16/Ohmv42eNVpiF+s
IPwPRlzFw/96kjqKw9awlSCVetkAizue5zWdYRPXO2Eivzwd43LZekbJr0zbRzXJ
Gl78m/G+QB4q9wNnJgNFN43kek9F+XFwccUhhvdgm08IroXkFOjcprEXw64SIfLd
q4ybr2uNEXI1WLpW5SU3FfZUgMJwuTcNfF9nrZ8nLQvkW7XtqYAcmdiApty8c/VQ
0StjpOSpIh1FrlM2n6cJo/Y94lztnHyhuNHllRA=
-----END CERTIFICATE-----
Generated at Mon Mar 2 09:16:39 2026 by rpki-client