Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91B527E/E8A88CBAAB7211E4B8BBB81CC4F9AE02/C22BA9D094E411EA9076F758C4F9AE02.roa
File: C22BA9D094E411EA9076F758C4F9AE02.roa (raw, json)
Hash identifier: rRiVIajPSLI+ltjj8x160JSpvpbe+500OymL7hdtAAw=
Subject key identifier: 9F:B1:3B:B2:7B:96:3D:25:1F:3B:B6:7F:6A:23:4A:81:BE:2A:AE:CF
Certificate issuer: /CN=A91B527E/serialNumber=57B687274B3319ED9071B966158F9B8AB64AE6F7
Certificate serial: 2823
Authority key identifier: 57:B6:87:27:4B:33:19:ED:90:71:B9:66:15:8F:9B:8A:B6:4A:E6:F7
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/V7aHJ0szGe2QcblmFY-birZK5vc.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91B527E/E8A88CBAAB7211E4B8BBB81CC4F9AE02/C22BA9D094E411EA9076F758C4F9AE02.roa
Signing time: Sun 01 Mar 2026 09:12:59 +0000
ROA not before: Sat 26 Apr 2025 15:52:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 38553
IP address blocks: 103.123.40.0/24 maxlen: 24
103.123.41.0/24 maxlen: 24
103.123.42.0/24 maxlen: 24
103.123.43.0/24 maxlen: 24
120.72.16.0/24 maxlen: 24
120.72.17.0/24 maxlen: 24
120.72.18.0/24 maxlen: 24
120.72.19.0/24 maxlen: 24
120.72.20.0/24 maxlen: 24
120.72.21.0/24 maxlen: 24
120.72.22.0/24 maxlen: 24
120.72.23.0/24 maxlen: 24
120.72.24.0/24 maxlen: 24
120.72.25.0/24 maxlen: 24
120.72.26.0/24 maxlen: 24
120.72.27.0/24 maxlen: 24
120.72.28.0/24 maxlen: 24
120.72.29.0/24 maxlen: 24
120.72.30.0/24 maxlen: 24
120.72.31.0/24 maxlen: 24
202.137.112.0/24 maxlen: 24
202.137.113.0/24 maxlen: 24
202.137.114.0/24 maxlen: 24
202.137.115.0/24 maxlen: 24
202.137.116.0/24 maxlen: 24
202.137.117.0/24 maxlen: 24
202.137.118.0/24 maxlen: 24
202.137.119.0/24 maxlen: 24
202.137.120.0/24 maxlen: 24
202.137.121.0/24 maxlen: 24
202.137.122.0/24 maxlen: 24
202.137.123.0/24 maxlen: 24
202.137.124.0/24 maxlen: 24
202.137.125.0/24 maxlen: 24
202.137.126.0/24 maxlen: 24
202.137.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91B527E/E8A88CBAAB7211E4B8BBB81CC4F9AE02/V7aHJ0szGe2QcblmFY-birZK5vc.crl
rsync://rpki.apnic.net/member_repository/A91B527E/E8A88CBAAB7211E4B8BBB81CC4F9AE02/V7aHJ0szGe2QcblmFY-birZK5vc.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/V7aHJ0szGe2QcblmFY-birZK5vc.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 00:31:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10275 (0x2823)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91B527E, serialNumber=57B687274B3319ED9071B966158F9B8AB64AE6F7
Validity
Not Before: Apr 26 15:52:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=69a4031b-40ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:0e:37:fd:73:25:97:cb:8c:c2:53:83:c7:89:
23:60:14:b8:df:68:f5:62:fe:e6:9e:1c:be:4c:4c:
35:e7:43:36:ba:84:64:07:8d:b7:c5:7d:27:38:92:
df:da:2e:e7:f4:6f:11:7b:d6:60:2f:76:f0:5e:68:
47:56:ad:20:93:d4:8b:4c:56:c8:e8:c8:fa:a6:3e:
12:42:0a:c9:7c:f1:21:ee:b6:fe:45:8d:66:7c:7d:
1b:05:69:14:a5:99:04:eb:d0:80:46:3e:32:b8:0a:
ba:ff:17:31:dc:bc:41:2a:16:4d:5e:c7:9d:8d:95:
c4:d4:1d:d3:3a:2d:bb:46:cf:05:1e:01:82:9f:d2:
15:ca:33:1b:88:78:02:85:25:87:dd:92:57:74:f4:
04:50:97:c8:f2:38:7b:c3:dd:b9:df:a0:61:a3:ee:
0b:72:5d:26:5b:b7:a0:84:ec:14:d5:44:fd:6a:fc:
80:84:63:bb:13:f5:f0:75:d4:33:43:d5:e0:1d:40:
57:17:70:a5:e0:9b:47:cf:ce:d6:bf:0f:60:8b:62:
86:a8:f8:85:12:e1:a4:7c:0d:73:84:1b:76:40:76:
d9:8c:e5:ec:b5:f1:7b:c0:a9:3a:ba:1f:9c:ec:23:
55:9e:01:8a:91:f6:b9:86:af:53:aa:e8:c5:e1:7c:
e7:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:B1:3B:B2:7B:96:3D:25:1F:3B:B6:7F:6A:23:4A:81:BE:2A:AE:CF
X509v3 Authority Key Identifier:
keyid:57:B6:87:27:4B:33:19:ED:90:71:B9:66:15:8F:9B:8A:B6:4A:E6:F7
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91B527E/E8A88CBAAB7211E4B8BBB81CC4F9AE02/V7aHJ0szGe2QcblmFY-birZK5vc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/V7aHJ0szGe2QcblmFY-birZK5vc.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B527E/E8A88CBAAB7211E4B8BBB81CC4F9AE02/C22BA9D094E411EA9076F758C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
103.123.40.0/22
120.72.16.0/20
202.137.112.0/20
Signature Algorithm: sha256WithRSAEncryption
af:e4:82:c4:fa:c5:ea:3f:2a:e2:e2:3a:5e:b4:6b:2e:d8:61:
79:1c:b9:5b:d1:c1:e3:73:e4:d3:ee:4d:e7:7d:8f:aa:5e:13:
ea:a2:32:f7:17:75:4c:f7:b1:0e:95:74:ac:e9:d9:26:51:10:
a2:a7:f8:37:79:da:9b:8f:8a:13:3c:dc:dc:f8:71:9f:64:2f:
33:74:b4:cc:aa:8d:b4:b4:33:f9:f4:c1:f6:96:5b:46:a2:b6:
66:c8:e3:2d:f8:c4:b5:ca:d4:66:2c:b8:aa:35:d6:f4:d6:f4:
39:1d:f8:4b:29:b3:d0:df:b1:19:e4:a3:33:8d:fa:11:c0:18:
2e:35:84:32:12:af:18:79:3b:fc:60:1e:c7:20:7c:5e:d0:c7:
7c:d5:db:f0:35:b6:fe:5d:17:f8:db:28:1f:a5:00:18:d2:07:
6a:b2:5c:f0:99:ea:96:6b:15:99:b9:4d:f0:a5:b1:69:f9:0e:
40:34:25:f0:62:b0:77:fc:7e:18:15:16:1e:29:87:4b:3a:a6:
45:09:65:41:9a:58:4e:c9:70:05:84:5c:5d:6a:8f:0f:ae:55:
6b:f7:42:51:e8:88:f2:8c:dc:3f:22:96:d0:ad:67:83:ef:11:
02:72:d2:80:72:bc:7f:0a:60:2e:98:ef:c2:04:42:0e:09:0e:
bf:3c:11:cc
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgICKCMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjUyN0UxMTAvBgNVBAUTKDU3QjY4NzI3NEIzMzE5RUQ5MDcxQjk2NjE1OEY5QjhB
QjY0QUU2RjcwHhcNMjUwNDI2MTU1MjM5WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0MDMxYi00MGFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtg43/XMll8uMwlODx4kjYBS432j1Yv7mnhy+TEw150M2uoRkB423xX0nOJLf
2i7n9G8Re9ZgL3bwXmhHVq0gk9SLTFbI6Mj6pj4SQgrJfPEh7rb+RY1mfH0bBWkU
pZkE69CARj4yuAq6/xcx3LxBKhZNXsedjZXE1B3TOi27Rs8FHgGCn9IVyjMbiHgC
hSWH3ZJXdPQEUJfI8jh7w92536Bho+4Lcl0mW7eghOwU1UT9avyAhGO7E/XwddQz
Q9XgHUBXF3Cl4JtHz87Wvw9gi2KGqPiFEuGkfA1zhBt2QHbZjOXstfF7wKk6uh+c
7CNVngGKkfa5hq9TqujF4Xzn/QIDAQABo4ICbDCCAmgwHQYDVR0OBBYEFJ+xO7J7
lj0lHzu2f2ojSoG+Kq7PMB8GA1UdIwQYMBaAFFe2hydLMxntkHG5ZhWPm4q2Sub3
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNTI3RS9FOEE4OENCQUFC
NzIxMUU0QjhCQkI4MUNDNEY5QUUwMi9WN2FISjBzekdlMlFjYmxtRlktYmlyWks1
dmMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1Y3YUhKMHN6R2UyUWNibG1GWS1iaXJaSzV2Yy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjUyN0UvRThBODhDQkFBQjcyMTFFNEI4QkJCODFDQzRGOUFFMDIvQzIyQkE5RDA5
NEU0MTFFQTkwNzZGNzU4QzRGOUFFMDIucm9hMCsGCCsGAQUFBwEHAQH/BBwwGjAY
BAIAATASAwQCZ3soAwQEeEgQAwQEyolwMA0GCSqGSIb3DQEBCwUAA4IBAQCv5ILE
+sXqPyri4jpetGsu2GF5HLlb0cHjc+TT7k3nfY+qXhPqojL3F3VM97EOlXSs6dkm
URCip/g3edqbj4oTPNzc+HGfZC8zdLTMqo20tDP59MH2lltGorZmyOMt+MS1ytRm
LLiqNdb01vQ5HfhLKbPQ37EZ5KMzjfoRwBguNYQyEq8YeTv8YB7HIHxe0Md81dvw
Nbb+XRf42ygfpQAY0gdqslzwmeqWaxWZuU3wpbFp+Q5ANCXwYrB3/H4YFRYeKYdL
OqZFCWVBmlhOyXAFhFxdao8PrlVr90JR6IjyjNw/IpbQrWeD7xECctKAcrx/CmAu
mO/CBEIOCQ6/PBHM
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:45:26 2026 by rpki-client