Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91BA9CE/54F15DA4011111EABD4F0A49C4F9AE02/843F754669EA11EE90D6585BC4F9AE02.roa
File: 843F754669EA11EE90D6585BC4F9AE02.roa (raw, json)
Hash identifier: WI26tucy3cSYO4sE9GmP72fSFg+gB2AzQ5GmMyowLBY=
Subject key identifier: 35:F1:A9:B0:32:78:2A:D7:77:27:66:AD:F8:3E:2A:89:97:35:AC:C1
Certificate issuer: /CN=A91BA9CE/serialNumber=E9690BBB9F36C09D4C2ED4F66CF55DC35275FB72
Certificate serial: 0D1B
Authority key identifier: E9:69:0B:BB:9F:36:C0:9D:4C:2E:D4:F6:6C:F5:5D:C3:52:75:FB:72
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6WkLu582wJ1MLtT2bPVdw1J1-3I.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91BA9CE/54F15DA4011111EABD4F0A49C4F9AE02/843F754669EA11EE90D6585BC4F9AE02.roa
Signing time: Sun 01 Mar 2026 17:01:51 +0000
ROA not before: Wed 04 Jun 2025 18:41:52 +0000
ROA not after: Mon 31 Aug 2026 00:00:00 +0000
asID: 132829
IP address blocks: 43.239.100.0/24 maxlen: 24
103.248.132.0/24 maxlen: 24
103.248.133.0/24 maxlen: 24
103.248.134.0/23 maxlen: 24
2406:f900::/32 maxlen: 32
2406:f900::/48 maxlen: 48
2406:f900:1::/48 maxlen: 48
2406:f900:2::/48 maxlen: 48
2406:f900:3::/48 maxlen: 48
2406:f900:4::/48 maxlen: 48
2406:f900:5::/48 maxlen: 48
2406:f900:6::/48 maxlen: 48
2406:f900:7::/48 maxlen: 48
2406:f900:8::/48 maxlen: 48
2406:f900:9::/48 maxlen: 48
2406:f900:14::/48 maxlen: 48
2406:f900:15::/48 maxlen: 48
2406:f900:16::/48 maxlen: 48
2406:f900:17::/48 maxlen: 48
2406:f900:18::/48 maxlen: 48
2406:f900:19::/48 maxlen: 48
2406:f900:1a::/48 maxlen: 48
2406:f900:1b::/48 maxlen: 48
2406:f900:1c::/48 maxlen: 48
2406:f900:1d::/48 maxlen: 48
2406:f900:28::/48 maxlen: 48
2406:f900:29::/48 maxlen: 48
2406:f900:2a::/48 maxlen: 48
2406:f900:2b::/48 maxlen: 48
2406:f900:2c::/48 maxlen: 48
2406:f900:2d::/48 maxlen: 48
2406:f900:2e::/48 maxlen: 48
2406:f900:2f::/48 maxlen: 48
2406:f900:30::/48 maxlen: 48
2406:f900:31::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91BA9CE/54F15DA4011111EABD4F0A49C4F9AE02/6WkLu582wJ1MLtT2bPVdw1J1-3I.crl
rsync://rpki.apnic.net/member_repository/A91BA9CE/54F15DA4011111EABD4F0A49C4F9AE02/6WkLu582wJ1MLtT2bPVdw1J1-3I.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6WkLu582wJ1MLtT2bPVdw1J1-3I.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 00:24:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3355 (0xd1b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91BA9CE, serialNumber=E9690BBB9F36C09D4C2ED4F66CF55DC35275FB72
Validity
Not Before: Jun 4 18:41:52 2025 GMT
Not After : Aug 31 00:00:00 2026 GMT
Subject: CN=69a470ff-0c6e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:21:2e:4b:95:21:4c:79:74:d1:eb:1c:08:87:
cf:65:44:28:54:76:f3:98:1e:3e:28:51:4c:60:eb:
6d:1d:1a:9b:be:44:fb:66:37:48:76:c0:b9:7e:52:
e8:64:b6:61:96:6f:5b:b8:eb:29:55:1a:c4:44:eb:
ef:5c:dc:0f:d8:71:15:d7:e1:99:04:7f:32:51:27:
c4:b6:ae:db:b3:2e:89:f6:dd:ad:43:7e:6d:7a:e0:
cb:aa:e8:92:e0:ce:82:e7:81:fe:81:ce:19:86:cf:
4e:64:c5:6b:07:09:c4:9d:d7:3b:ea:2b:42:34:d1:
bd:68:7f:2f:29:97:42:7b:b5:36:4a:1b:dd:f6:54:
f5:10:07:ba:8d:bb:73:e3:20:6f:57:6a:7f:34:a8:
24:3d:5e:a2:1d:87:99:bf:ff:5a:5f:e4:e4:a0:12:
8c:31:58:13:73:9b:82:a8:c7:5c:f4:fa:c8:d2:26:
c3:88:e7:25:1f:4f:80:d7:d6:84:2b:6c:1f:66:44:
41:e7:0a:0e:75:35:d0:b4:a1:91:5c:e3:be:70:c9:
70:a8:b9:b0:ee:67:d8:1a:ba:7a:87:15:cb:f5:22:
95:b3:59:2d:0c:36:c7:bb:e8:61:b8:cf:47:b2:35:
3d:48:a2:e5:9f:fe:50:f6:ad:f0:98:b9:f5:11:ac:
e7:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:F1:A9:B0:32:78:2A:D7:77:27:66:AD:F8:3E:2A:89:97:35:AC:C1
X509v3 Authority Key Identifier:
keyid:E9:69:0B:BB:9F:36:C0:9D:4C:2E:D4:F6:6C:F5:5D:C3:52:75:FB:72
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91BA9CE/54F15DA4011111EABD4F0A49C4F9AE02/6WkLu582wJ1MLtT2bPVdw1J1-3I.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6WkLu582wJ1MLtT2bPVdw1J1-3I.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BA9CE/54F15DA4011111EABD4F0A49C4F9AE02/843F754669EA11EE90D6585BC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
43.239.100.0/24
103.248.132.0/22
IPv6:
2406:f900::/32
Signature Algorithm: sha256WithRSAEncryption
3d:ae:9d:d1:30:74:c1:af:e3:c5:b7:78:d3:34:c3:74:7b:15:
49:c6:71:88:66:49:46:3d:a6:4f:f8:75:69:cb:90:35:80:0c:
1f:29:fc:fe:1c:2d:77:f2:5b:a7:96:32:a5:24:a6:04:0c:30:
50:ae:88:54:9f:9b:a8:7f:e8:a8:29:e1:82:0f:c4:ca:40:a5:
d6:39:20:2d:96:d6:13:be:94:d1:d7:e3:b2:45:31:fe:13:7d:
c4:90:c5:09:6e:ed:e2:7c:d1:c8:d8:b1:9f:57:ae:95:33:86:
36:0c:c6:1c:f9:71:34:99:cb:7e:17:ca:3b:5d:12:48:72:38:
7d:25:3b:a9:83:da:f2:a9:8d:68:59:58:92:5b:16:40:11:86:
49:a9:0a:3f:df:9e:24:c6:d6:06:2f:19:47:fb:2f:85:ac:73:
23:36:5a:ad:56:42:77:86:ed:54:9a:03:3e:f3:cd:65:27:b0:
3a:6a:ab:c1:93:c5:72:67:3b:4b:59:00:cc:92:42:34:cd:68:
2b:e8:d3:9b:99:f9:45:ba:a4:72:0c:87:7c:4c:64:8e:92:2f:
61:03:13:1a:4b:45:e2:1d:d2:21:ff:89:48:03:15:77:6a:97:
17:b2:38:86:d3:d4:e9:bc:6f:06:71:0e:bd:76:74:c1:1e:11:
a5:75:8f:f3
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgICDRswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkE5Q0UxMTAvBgNVBAUTKEU5NjkwQkJCOUYzNkMwOUQ0QzJFRDRGNjZDRjU1REMz
NTI3NUZCNzIwHhcNMjUwNjA0MTg0MTUyWhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NzBmZi0wYzZlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtiEuS5UhTHl00escCIfPZUQoVHbzmB4+KFFMYOttHRqbvkT7ZjdIdsC5flLo
ZLZhlm9buOspVRrEROvvXNwP2HEV1+GZBH8yUSfEtq7bsy6J9t2tQ35teuDLquiS
4M6C54H+gc4Zhs9OZMVrBwnEndc76itCNNG9aH8vKZdCe7U2Shvd9lT1EAe6jbtz
4yBvV2p/NKgkPV6iHYeZv/9aX+TkoBKMMVgTc5uCqMdc9PrI0ibDiOclH0+A19aE
K2wfZkRB5woOdTXQtKGRXOO+cMlwqLmw7mfYGrp6hxXL9SKVs1ktDDbHu+hhuM9H
sjU9SKLln/5Q9q3wmLn1EaznQQIDAQABo4ICdTCCAnEwHQYDVR0OBBYEFDXxqbAy
eCrXdydmrfg+KomXNazBMB8GA1UdIwQYMBaAFOlpC7ufNsCdTC7U9mz1XcNSdfty
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCQTlDRS81NEYxNURBNDAx
MTExMUVBQkQ0RjBBNDlDNEY5QUUwMi82V2tMdTU4MndKMU1MdFQyYlBWZHcxSjEt
M0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzZXa0x1NTgyd0oxTUx0VDJiUFZkdzFKMS0zSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkE5Q0UvNTRGMTVEQTQwMTExMTFFQUJENEYwQTQ5QzRGOUFFMDIvODQzRjc1NDY2
OUVBMTFFRTkwRDY1ODVCQzRGOUFFMDIucm9hMDQGCCsGAQUFBwEHAQH/BCUwIzAS
BAIAATAMAwQAK+9kAwQCZ/iEMA0EAgACMAcDBQAkBvkAMA0GCSqGSIb3DQEBCwUA
A4IBAQA9rp3RMHTBr+PFt3jTNMN0exVJxnGIZklGPaZP+HVpy5A1gAwfKfz+HC13
8lunljKlJKYEDDBQrohUn5uof+ioKeGCD8TKQKXWOSAtltYTvpTR1+OyRTH+E33E
kMUJbu3ifNHI2LGfV66VM4Y2DMYc+XE0mct+F8o7XRJIcjh9JTupg9ryqY1oWViS
WxZAEYZJqQo/354kxtYGLxlH+y+FrHMjNlqtVkJ3hu1UmgM+881lJ7A6aqvBk8Vy
ZztLWQDMkkI0zWgr6NObmflFuqRyDId8TGSOki9hAxMaS0XiHdIh/4lIAxV3apcX
sjiG09TpvG8GcQ69dnTBHhGldY/z
-----END CERTIFICATE-----
Generated at Mon Mar 2 09:16:40 2026 by rpki-client