Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/2A7B4C14C51511F0B6CAF70BC4F9AE02.roa
File: 2A7B4C14C51511F0B6CAF70BC4F9AE02.roa (raw, json)
Hash identifier: 7ocVSkJLMfumreyRimFvvrUkd5e8I9F7QO2kr8uE2Oc=
Subject key identifier: B4:87:FC:89:E0:52:AD:2C:B2:BE:9C:FF:B2:74:FC:3C:37:52:B4:93
Certificate issuer: /CN=A91D41AC/serialNumber=BF98688E98B01E84D7366F67864CE8F3EBBD4377
Certificate serial: F6
Authority key identifier: BF:98:68:8E:98:B0:1E:84:D7:36:6F:67:86:4C:E8:F3:EB:BD:43:77
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/v5hojpiwHoTXNm9nhkzo8-u9Q3c.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/2A7B4C14C51511F0B6CAF70BC4F9AE02.roa
Signing time: Sun 01 Mar 2026 18:14:06 +0000
ROA not before: Thu 27 Nov 2025 03:53:44 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 9336
IP address blocks: 27.113.240.0/21 maxlen: 24
43.252.124.0/22 maxlen: 22
43.252.124.0/23 maxlen: 23
43.252.124.0/24 maxlen: 24
43.252.125.0/24 maxlen: 24
43.252.126.0/23 maxlen: 23
43.252.126.0/24 maxlen: 24
43.252.127.0/24 maxlen: 24
45.64.56.0/22 maxlen: 24
45.113.244.0/22 maxlen: 24
103.18.124.0/22 maxlen: 24
103.53.200.0/22 maxlen: 24
103.233.224.0/22 maxlen: 24
118.127.96.0/19 maxlen: 24
121.200.208.0/22 maxlen: 24
121.200.214.0/24 maxlen: 24
202.90.48.0/21 maxlen: 21
203.153.192.0/20 maxlen: 24
218.185.232.0/21 maxlen: 24
2403:3600::/32 maxlen: 33
2403:3600::/33 maxlen: 40
2403:3600:8000::/34 maxlen: 34
2403:3600:8000::/35 maxlen: 37
2403:3600:8000::/36 maxlen: 40
2403:3600:9000::/37 maxlen: 40
2403:3600:9800::/38 maxlen: 38
2403:3600:9800::/39 maxlen: 39
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/v5hojpiwHoTXNm9nhkzo8-u9Q3c.crl
rsync://rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/v5hojpiwHoTXNm9nhkzo8-u9Q3c.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/v5hojpiwHoTXNm9nhkzo8-u9Q3c.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 02:36:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 246 (0xf6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91D41AC, serialNumber=BF98688E98B01E84D7366F67864CE8F3EBBD4377
Validity
Not Before: Nov 27 03:53:44 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=69a481ee-ee3e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:70:34:c1:77:f2:60:84:21:21:b9:27:2f:15:
b1:c1:8f:01:70:45:2f:24:a6:df:40:47:88:cc:ec:
35:05:78:cd:da:a3:5c:be:27:d4:e0:a2:dc:ab:32:
ec:94:04:62:ba:4e:55:cd:bc:8c:58:05:16:be:8f:
d1:50:f2:41:9b:e7:2a:e7:bf:a9:4f:ec:67:6d:bd:
de:db:3d:23:05:0b:bb:5e:73:26:b8:64:2c:6d:65:
30:69:7b:d4:fc:d1:4e:e0:be:d7:13:96:68:d3:e8:
6e:26:ff:2a:62:97:3f:bf:13:1c:5e:49:1e:90:03:
84:61:bb:51:2e:85:0a:23:21:15:64:66:fa:14:3f:
04:2f:cc:f6:62:d0:79:13:ed:bb:48:bf:50:c0:a4:
cf:8c:d6:45:ca:57:1a:82:6f:ce:bc:0b:b8:61:c7:
f1:d1:0f:2d:32:65:96:e8:ab:d0:41:cc:a8:87:d5:
f4:b9:80:68:26:21:10:0b:c5:1f:63:ed:55:e5:58:
71:ec:fe:dc:ff:93:44:70:d5:94:09:c9:ca:07:35:
86:74:c1:7f:7e:8f:d9:cf:ba:84:23:94:9f:ce:27:
ce:10:e5:4f:9c:f6:12:93:6f:8e:f3:a4:99:3d:1b:
cc:c3:e8:df:98:9e:92:94:88:5f:50:66:61:14:e5:
37:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:87:FC:89:E0:52:AD:2C:B2:BE:9C:FF:B2:74:FC:3C:37:52:B4:93
X509v3 Authority Key Identifier:
keyid:BF:98:68:8E:98:B0:1E:84:D7:36:6F:67:86:4C:E8:F3:EB:BD:43:77
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/v5hojpiwHoTXNm9nhkzo8-u9Q3c.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/v5hojpiwHoTXNm9nhkzo8-u9Q3c.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/2A7B4C14C51511F0B6CAF70BC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
27.113.240.0/21
43.252.124.0/22
45.64.56.0/22
45.113.244.0/22
103.18.124.0/22
103.53.200.0/22
103.233.224.0/22
118.127.96.0/19
121.200.208.0/22
121.200.214.0/24
202.90.48.0/21
203.153.192.0/20
218.185.232.0/21
IPv6:
2403:3600::/32
Signature Algorithm: sha256WithRSAEncryption
07:67:c9:81:3f:7a:98:b2:6f:18:36:0b:de:22:25:73:ba:9e:
40:b7:50:60:8c:f9:3a:aa:71:81:c8:44:3f:ce:ba:55:d8:f1:
56:c4:8e:88:ad:b0:0a:fb:58:4d:4a:de:66:93:85:93:fb:42:
86:16:e7:de:04:a8:4e:d3:b2:1e:4a:fe:ec:da:91:2e:cc:1c:
2d:8b:70:03:82:a2:e3:29:27:fc:be:bb:b0:7d:51:a6:bc:9a:
f3:ab:2c:bb:6c:96:22:10:d4:38:db:09:0d:a3:93:9e:5f:e1:
61:83:2b:c6:fc:91:90:43:1b:b0:ca:7a:75:11:0b:2c:e5:6f:
5c:d4:0e:85:f3:91:5f:b7:38:5d:7c:1e:46:35:1d:4b:71:36:
f0:39:b7:66:d6:83:81:b9:51:ea:3c:6d:eb:96:0f:77:39:bf:
c5:4a:1e:25:2b:d6:7c:55:6e:05:95:bf:e5:5c:56:db:35:fd:
b0:45:a8:93:45:19:e4:ff:d6:66:6b:53:f2:01:93:b3:8c:8c:
e2:4d:63:ac:d4:11:fd:af:4a:b3:99:b6:63:1c:1a:73:bb:21:
e0:b9:b8:4c:36:e9:64:57:37:f8:b8:48:d5:e6:8f:b2:61:b3:
fb:f3:30:9b:26:d3:8f:7d:87:dc:91:74:a7:21:1a:e9:6d:8c:
d7:aa:70:df
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgICAPYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDQxQUMxMTAvBgNVBAUTKEJGOTg2ODhFOThCMDFFODRENzM2NkY2Nzg2NENFOEYz
RUJCRDQzNzcwHhcNMjUxMTI3MDM1MzQ0WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0ODFlZS1lZTNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqXA0wXfyYIQhIbknLxWxwY8BcEUvJKbfQEeIzOw1BXjN2qNcvifU4KLcqzLs
lARiuk5VzbyMWAUWvo/RUPJBm+cq57+pT+xnbb3e2z0jBQu7XnMmuGQsbWUwaXvU
/NFO4L7XE5Zo0+huJv8qYpc/vxMcXkkekAOEYbtRLoUKIyEVZGb6FD8EL8z2YtB5
E+27SL9QwKTPjNZFylcagm/OvAu4Ycfx0Q8tMmWW6KvQQcyoh9X0uYBoJiEQC8Uf
Y+1V5Vhx7P7c/5NEcNWUCcnKBzWGdMF/fo/Zz7qEI5SfzifOEOVPnPYSk2+O86SZ
PRvMw+jfmJ6SlIhfUGZhFOU3kwIDAQABo4ICtzCCArMwHQYDVR0OBBYEFLSH/Ing
Uq0ssr6c/7J0/Dw3UrSTMB8GA1UdIwQYMBaAFL+YaI6YsB6E1zZvZ4ZM6PPrvUN3
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENDFBQy8yNDQ1QkNFMkU5
M0YxMUVGOERGMUUwMzVDNEY5QUUwMi92NWhvanBpd0hvVFhObTluaGt6bzgtdTlR
M2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3Y1aG9qcGl3SG9UWE5tOW5oa3pvOC11OVEzYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDQxQUMvMjQ0NUJDRTJFOTNGMTFFRjhERjFFMDM1QzRGOUFFMDIvMkE3QjRDMTRD
NTE1MTFGMEI2Q0FGNzBCQzRGOUFFMDIucm9hMHYGCCsGAQUFBwEHAQH/BGcwZTBU
BAIAATBOAwQDG3HwAwQCK/x8AwQCLUA4AwQCLXH0AwQCZxJ8AwQCZzXIAwQCZ+ng
AwQFdn9gAwQCecjQAwQAecjWAwQDylowAwQEy5nAAwQD2rnoMA0EAgACMAcDBQAk
AzYAMA0GCSqGSIb3DQEBCwUAA4IBAQAHZ8mBP3qYsm8YNgveIiVzup5At1BgjPk6
qnGByEQ/zrpV2PFWxI6IrbAK+1hNSt5mk4WT+0KGFufeBKhO07IeSv7s2pEuzBwt
i3ADgqLjKSf8vruwfVGmvJrzqyy7bJYiENQ42wkNo5OeX+FhgyvG/JGQQxuwynp1
EQss5W9c1A6F85FftzhdfB5GNR1LcTbwObdm1oOBuVHqPG3rlg93Ob/FSh4lK9Z8
VW4Flb/lXFbbNf2wRaiTRRnk/9Zma1PyAZOzjIziTWOs1BH9r0qzmbZjHBpzuyHg
ubhMNulkVzf4uEjV5o+yYbP78zCbJtOPfYfckXSnIRrpbYzXqnDf
-----END CERTIFICATE-----
Generated at Mon Mar 2 15:50:45 2026 by rpki-client