Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/398848523A0011EFB7007939C4F9AE02.roa
File: 398848523A0011EFB7007939C4F9AE02.roa (raw, json)
Hash identifier: RuZgiCZxEAf3Xl/8VUs7ZvEmESPbH1fM/aP5m0qwSvI=
Subject key identifier: DB:32:91:E6:AC:10:8A:2B:68:61:35:CA:B2:E9:B2:C2:FE:2D:51:57
Certificate issuer: /CN=A91C4003/serialNumber=038A86F362B2557F94BE772EE0C5FD31845FE263
Certificate serial: 0C83
Authority key identifier: 03:8A:86:F3:62:B2:55:7F:94:BE:77:2E:E0:C5:FD:31:84:5F:E2:63
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A4qG82KyVX-Uvncu4MX9MYRf4mM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/398848523A0011EFB7007939C4F9AE02.roa
Signing time: Sun 01 Mar 2026 13:55:07 +0000
ROA not before: Wed 30 Jul 2025 19:28:52 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 38835
IP address blocks: 43.231.68.0/22 maxlen: 24
43.245.36.0/22 maxlen: 24
43.251.52.0/22 maxlen: 24
103.18.252.0/22 maxlen: 24
103.21.132.0/22 maxlen: 24
103.24.47.0/24 maxlen: 24
103.42.140.0/22 maxlen: 24
103.205.246.0/23 maxlen: 24
103.206.28.0/24 maxlen: 24
103.232.196.0/22 maxlen: 24
113.21.32.0/20 maxlen: 23
113.21.32.0/22 maxlen: 24
113.21.37.0/24 maxlen: 24
113.21.38.0/23 maxlen: 24
113.21.40.0/21 maxlen: 24
113.61.96.0/21 maxlen: 23
113.61.96.0/22 maxlen: 24
113.61.100.0/23 maxlen: 24
113.61.102.0/24 maxlen: 24
163.47.64.0/22 maxlen: 24
182.161.44.0/22 maxlen: 24
183.81.144.0/21 maxlen: 24
203.31.34.0/23 maxlen: 24
203.160.8.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/A4qG82KyVX-Uvncu4MX9MYRf4mM.crl
rsync://rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/A4qG82KyVX-Uvncu4MX9MYRf4mM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A4qG82KyVX-Uvncu4MX9MYRf4mM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 03:11:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3203 (0xc83)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91C4003, serialNumber=038A86F362B2557F94BE772EE0C5FD31845FE263
Validity
Not Before: Jul 30 19:28:52 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=69a4453b-1f0d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:d9:69:67:68:35:5d:63:ba:1e:ba:fc:88:df:
b0:16:a2:08:46:5b:35:39:58:5b:14:34:9e:ea:1d:
f6:18:10:5c:32:ff:9c:2b:93:ae:f8:0b:16:24:b9:
12:fc:ca:18:62:2d:0d:1b:7e:69:c6:da:e3:06:92:
70:ea:1e:71:0d:8a:20:77:0f:aa:91:bf:fc:6c:c3:
c5:df:e6:03:b9:f2:4f:ac:e5:61:f1:57:78:c5:6e:
aa:96:72:04:40:ab:65:2a:d5:d7:71:1d:d4:02:3b:
bb:ff:35:87:40:8d:a4:b3:08:b7:9b:2f:61:94:a5:
bc:b0:58:b5:cf:b7:60:44:eb:64:8f:96:fe:56:b9:
04:46:47:32:41:dc:0e:20:b6:b2:27:ae:e9:6e:66:
0b:d9:83:d3:9b:16:f8:20:dd:69:4d:65:65:dc:d5:
0a:95:a1:e3:e4:8b:73:fc:8d:8a:1f:6c:04:19:0e:
a7:80:e7:99:6e:79:f7:27:f3:97:fa:91:29:4c:2f:
42:e1:89:f2:f0:c2:a0:c6:ed:50:6b:57:32:4f:0d:
07:82:cc:7e:22:71:a6:7a:31:45:d4:4a:af:61:6f:
39:7a:5e:21:fb:4f:37:35:1d:a4:c5:23:c6:31:8b:
11:42:7f:52:de:5d:f3:fc:e3:08:e9:ac:06:d9:22:
48:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:32:91:E6:AC:10:8A:2B:68:61:35:CA:B2:E9:B2:C2:FE:2D:51:57
X509v3 Authority Key Identifier:
keyid:03:8A:86:F3:62:B2:55:7F:94:BE:77:2E:E0:C5:FD:31:84:5F:E2:63
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/A4qG82KyVX-Uvncu4MX9MYRf4mM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A4qG82KyVX-Uvncu4MX9MYRf4mM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C4003/B8E8AD721AD811EA82E74B2FC4F9AE02/398848523A0011EFB7007939C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
43.231.68.0/22
43.245.36.0/22
43.251.52.0/22
103.18.252.0/22
103.21.132.0/22
103.24.47.0/24
103.42.140.0/22
103.205.246.0/23
103.206.28.0/24
103.232.196.0/22
113.21.32.0/20
113.61.96.0/21
163.47.64.0/22
182.161.44.0/22
183.81.144.0/21
203.31.34.0/23
203.160.8.0/21
Signature Algorithm: sha256WithRSAEncryption
2a:6b:5d:ba:a1:99:f4:2f:02:de:ac:93:03:9f:f6:ff:38:a2:
3a:98:c3:c6:c5:4d:d9:dd:fa:46:99:54:84:86:9c:f8:62:3d:
3c:e5:dd:e2:9b:01:35:0b:7d:a9:8f:8d:b1:49:7d:1b:ed:8b:
75:c2:95:bc:bc:4c:9c:d4:f6:8b:88:f2:c7:19:1f:c2:93:b0:
26:16:88:af:4e:b6:f9:38:24:44:fc:d8:90:05:1d:9d:08:41:
88:a8:fd:2f:21:50:7b:8d:9f:ad:e6:04:d1:31:48:09:20:c7:
7d:5f:a4:77:32:8a:cd:b2:6d:6f:b6:da:4d:21:be:34:e7:41:
40:f5:c9:35:6c:7a:73:60:02:f9:51:dd:a9:bd:7e:13:b1:36:
c9:74:7c:72:c4:04:cc:c7:d4:3d:9d:2e:e4:ac:d1:a9:98:3c:
58:2a:7a:d5:31:94:1b:2e:5d:d0:72:c2:03:ef:f9:b6:ac:fe:
c4:1b:5c:b3:4d:32:f6:66:12:15:47:34:91:33:39:0e:be:80:
e9:ce:4e:a2:99:97:75:80:2d:7e:16:ea:b7:79:2a:a0:3d:df:
b4:a8:65:2f:63:d2:fe:73:94:b3:d8:d4:e8:12:59:c4:77:46:
16:85:0a:c1:37:b9:8a:d5:ff:98:77:5b:47:e0:52:bf:67:e5:
ee:e1:69:a6
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgICDIMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzQwMDMxMTAvBgNVBAUTKDAzOEE4NkYzNjJCMjU1N0Y5NEJFNzcyRUUwQzVGRDMx
ODQ1RkUyNjMwHhcNMjUwNzMwMTkyODUyWhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NDUzYi0xZjBkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu9lpZ2g1XWO6Hrr8iN+wFqIIRls1OVhbFDSe6h32GBBcMv+cK5Ou+AsWJLkS
/MoYYi0NG35pxtrjBpJw6h5xDYogdw+qkb/8bMPF3+YDufJPrOVh8Vd4xW6qlnIE
QKtlKtXXcR3UAju7/zWHQI2kswi3my9hlKW8sFi1z7dgROtkj5b+VrkERkcyQdwO
ILayJ67pbmYL2YPTmxb4IN1pTWVl3NUKlaHj5Itz/I2KH2wEGQ6ngOeZbnn3J/OX
+pEpTC9C4Yny8MKgxu1Qa1cyTw0Hgsx+InGmejFF1EqvYW85el4h+083NR2kxSPG
MYsRQn9S3l3z/OMI6awG2SJIFwIDAQABo4ICwDCCArwwHQYDVR0OBBYEFNsykeas
EIoraGE1yrLpssL+LVFXMB8GA1UdIwQYMBaAFAOKhvNislV/lL53LuDF/TGEX+Jj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDNDAwMy9COEU4QUQ3MjFB
RDgxMUVBODJFNzRCMkZDNEY5QUUwMi9BNHFHODJLeVZYLVV2bmN1NE1YOU1ZUmY0
bU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0E0cUc4Mkt5VlgtVXZuY3U0TVg5TVlSZjRtTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzQwMDMvQjhFOEFENzIxQUQ4MTFFQTgyRTc0QjJGQzRGOUFFMDIvMzk4ODQ4NTIz
QTAwMTFFRkI3MDA3OTM5QzRGOUFFMDIucm9hMH8GCCsGAQUFBwEHAQH/BHAwbjBs
BAIAATBmAwQCK+dEAwQCK/UkAwQCK/s0AwQCZxL8AwQCZxWEAwQAZxgvAwQCZyqM
AwQBZ832AwQAZ84cAwQCZ+jEAwQEcRUgAwQDcT1gAwQCoy9AAwQCtqEsAwQDt1GQ
AwQByx8iAwQDy6AIMA0GCSqGSIb3DQEBCwUAA4IBAQAqa126oZn0LwLerJMDn/b/
OKI6mMPGxU3Z3fpGmVSEhpz4Yj085d3imwE1C32pj42xSX0b7Yt1wpW8vEyc1PaL
iPLHGR/Ck7AmFoivTrb5OCRE/NiQBR2dCEGIqP0vIVB7jZ+t5gTRMUgJIMd9X6R3
MorNsm1vttpNIb4050FA9ck1bHpzYAL5Ud2pvX4TsTbJdHxyxATMx9Q9nS7krNGp
mDxYKnrVMZQbLl3QcsID7/m2rP7EG1yzTTL2ZhIVRzSRMzkOvoDpzk6imZd1gC1+
Fuq3eSqgPd+0qGUvY9L+c5Sz2NToElnEd0YWhQrBN7mK1f+Yd1tH4FK/Z+Xu4Wmm
-----END CERTIFICATE-----
Generated at Mon Mar 2 08:18:21 2026 by rpki-client