Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/2A7B4C14C51511F0B6CAF70BC4F9AE02.roa
File: 2A7B4C14C51511F0B6CAF70BC4F9AE02.roa (raw, json)
Hash identifier: TIwZi18b1r7T7Jcwx4mxXvA5li7L1pqj6+p14JyCGxc=
Subject key identifier: 6C:30:A3:05:3B:8E:89:71:83:95:12:85:94:22:6B:DB:2C:54:8E:E5
Certificate issuer: /CN=A91D41AC/serialNumber=BF98688E98B01E84D7366F67864CE8F3EBBD4377
Certificate serial: 0118
Authority key identifier: BF:98:68:8E:98:B0:1E:84:D7:36:6F:67:86:4C:E8:F3:EB:BD:43:77
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/v5hojpiwHoTXNm9nhkzo8-u9Q3c.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/2A7B4C14C51511F0B6CAF70BC4F9AE02.roa
Signing time: Wed 15 Apr 2026 06:40:47 +0000
ROA not before: Wed 15 Apr 2026 06:40:47 +0000
ROA not after: Fri 28 May 2027 00:00:00 +0000
asID: 9336
IP address blocks: 27.113.240.0/21 maxlen: 24
43.252.124.0/22 maxlen: 22
43.252.124.0/23 maxlen: 23
43.252.124.0/24 maxlen: 24
43.252.125.0/24 maxlen: 24
43.252.126.0/23 maxlen: 23
43.252.126.0/24 maxlen: 24
43.252.127.0/24 maxlen: 24
45.64.56.0/22 maxlen: 24
45.113.244.0/22 maxlen: 24
103.18.124.0/22 maxlen: 24
103.53.200.0/22 maxlen: 24
103.233.224.0/22 maxlen: 24
118.127.96.0/19 maxlen: 24
121.200.208.0/22 maxlen: 24
121.200.214.0/24 maxlen: 24
202.90.48.0/21 maxlen: 21
203.153.192.0/20 maxlen: 24
218.185.232.0/21 maxlen: 24
2403:3600::/32 maxlen: 33
2403:3600::/33 maxlen: 40
2403:3600:8000::/34 maxlen: 34
2403:3600:8000::/35 maxlen: 37
2403:3600:8000::/36 maxlen: 40
2403:3600:9000::/37 maxlen: 40
2403:3600:9800::/38 maxlen: 38
2403:3600:9800::/39 maxlen: 39
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/v5hojpiwHoTXNm9nhkzo8-u9Q3c.crl
rsync://rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/v5hojpiwHoTXNm9nhkzo8-u9Q3c.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/v5hojpiwHoTXNm9nhkzo8-u9Q3c.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 24 Apr 2026 06:16:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 280 (0x118)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91D41AC, serialNumber=BF98688E98B01E84D7366F67864CE8F3EBBD4377
Validity
Not Before: Apr 15 06:40:47 2026 GMT
Not After : May 28 00:00:00 2027 GMT
Subject: CN=69df32ef-2da8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:70:de:a6:dc:fb:ea:31:a8:6f:c8:d6:f4:cc:
6b:94:01:05:eb:31:1b:11:b9:1f:ee:a2:41:dc:d4:
4e:f4:05:96:ff:8a:7a:f0:cb:0b:e0:85:e7:ca:ea:
47:47:11:0b:3b:e8:74:29:13:20:9e:95:90:45:41:
1b:b7:8e:25:3a:4f:da:08:59:e7:a0:a6:36:2c:34:
2b:41:67:73:00:d9:04:64:0d:d2:f3:db:7e:76:2b:
31:c0:bc:c2:67:36:2b:18:5c:1e:f4:e2:fd:e2:43:
6e:cf:13:6e:21:92:31:6f:d5:91:8b:01:92:27:21:
1c:88:6b:02:df:58:d1:da:99:3f:1f:75:d6:45:2b:
d0:f1:44:35:95:f3:43:2c:83:be:34:ad:ff:d3:0a:
31:d3:a8:22:73:dd:2d:4e:8e:c2:70:fc:4b:17:b9:
56:98:74:de:90:c0:dc:93:7e:93:f8:be:fe:40:ac:
96:86:cf:82:59:75:a9:3f:0b:c1:eb:be:39:48:b4:
e3:90:2a:cb:0a:15:00:56:88:cb:14:79:b2:92:21:
2a:4e:dd:55:48:f1:13:44:a9:38:d0:57:ee:cc:56:
23:20:d5:a9:b9:3a:d0:e3:cd:9c:51:18:84:04:0e:
e9:ad:f4:e7:cd:fc:3a:8c:3b:4a:6a:19:84:d8:b3:
83:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:30:A3:05:3B:8E:89:71:83:95:12:85:94:22:6B:DB:2C:54:8E:E5
X509v3 Authority Key Identifier:
keyid:BF:98:68:8E:98:B0:1E:84:D7:36:6F:67:86:4C:E8:F3:EB:BD:43:77
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/v5hojpiwHoTXNm9nhkzo8-u9Q3c.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/v5hojpiwHoTXNm9nhkzo8-u9Q3c.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D41AC/2445BCE2E93F11EF8DF1E035C4F9AE02/2A7B4C14C51511F0B6CAF70BC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
27.113.240.0/21
43.252.124.0/22
45.64.56.0/22
45.113.244.0/22
103.18.124.0/22
103.53.200.0/22
103.233.224.0/22
118.127.96.0/19
121.200.208.0/22
121.200.214.0/24
202.90.48.0/21
203.153.192.0/20
218.185.232.0/21
IPv6:
2403:3600::/32
Signature Algorithm: sha256WithRSAEncryption
69:85:b8:fc:95:de:0d:9c:34:96:c0:ec:c4:21:fd:4e:7c:42:
6b:40:bf:cf:7a:21:53:48:c5:27:d5:bb:e6:8f:96:00:74:cf:
9c:46:0e:a0:8e:a9:f9:63:67:44:37:0f:7f:9b:6c:f8:1c:76:
dc:64:06:ec:d4:0f:a7:33:4f:cf:38:5c:a0:f3:c1:2c:22:38:
29:63:1f:af:8e:f7:3b:ee:7c:bc:e5:79:c1:88:80:6e:c3:7b:
5f:7b:38:62:09:33:89:a4:8b:23:ee:ba:b9:eb:01:01:65:0d:
d0:a6:ab:f2:46:12:88:ef:d2:25:a5:26:84:43:52:36:01:5c:
bf:fd:83:db:1b:f4:d4:4c:fa:5b:90:8a:dd:47:87:1b:98:a0:
91:c0:1c:8b:db:f0:3b:47:fa:b6:13:18:d4:3f:9f:23:69:0e:
15:fb:5e:33:ca:69:70:45:fa:10:26:ce:1e:26:bf:76:e5:fb:
b3:00:87:bc:43:1d:5f:c1:46:8b:2b:b8:e8:2a:43:99:09:7c:
d4:4c:27:de:01:ad:f7:de:36:81:55:71:74:cb:2a:c7:cc:ad:
b6:d0:90:ae:43:e1:69:c1:d8:a5:66:36:c2:d2:fd:eb:07:58:
29:5f:bd:b3:5d:20:42:d4:30:16:73:3e:40:90:2e:13:dc:f3:
65:77:d3:21
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgICARgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDQxQUMxMTAvBgNVBAUTKEJGOTg2ODhFOThCMDFFODRENzM2NkY2Nzg2NENFOEYz
RUJCRDQzNzcwHhcNMjYwNDE1MDY0MDQ3WhcNMjcwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OWRmMzJlZi0yZGE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAmnDeptz76jGob8jW9MxrlAEF6zEbEbkf7qJB3NRO9AWW/4p68MsL4IXnyupH
RxELO+h0KRMgnpWQRUEbt44lOk/aCFnnoKY2LDQrQWdzANkEZA3S89t+disxwLzC
ZzYrGFwe9OL94kNuzxNuIZIxb9WRiwGSJyEciGsC31jR2pk/H3XWRSvQ8UQ1lfND
LIO+NK3/0wox06gic90tTo7CcPxLF7lWmHTekMDck36T+L7+QKyWhs+CWXWpPwvB
6745SLTjkCrLChUAVojLFHmykiEqTt1VSPETRKk40FfuzFYjINWpuTrQ482cURiE
BA7prfTnzfw6jDtKahmE2LODdwIDAQABo4ICtzCCArMwHQYDVR0OBBYEFGwwowU7
jolxg5UShZQia9ssVI7lMB8GA1UdIwQYMBaAFL+YaI6YsB6E1zZvZ4ZM6PPrvUN3
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENDFBQy8yNDQ1QkNFMkU5
M0YxMUVGOERGMUUwMzVDNEY5QUUwMi92NWhvanBpd0hvVFhObTluaGt6bzgtdTlR
M2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3Y1aG9qcGl3SG9UWE5tOW5oa3pvOC11OVEzYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDQxQUMvMjQ0NUJDRTJFOTNGMTFFRjhERjFFMDM1QzRGOUFFMDIvMkE3QjRDMTRD
NTE1MTFGMEI2Q0FGNzBCQzRGOUFFMDIucm9hMHYGCCsGAQUFBwEHAQH/BGcwZTBU
BAIAATBOAwQDG3HwAwQCK/x8AwQCLUA4AwQCLXH0AwQCZxJ8AwQCZzXIAwQCZ+ng
AwQFdn9gAwQCecjQAwQAecjWAwQDylowAwQEy5nAAwQD2rnoMA0EAgACMAcDBQAk
AzYAMA0GCSqGSIb3DQEBCwUAA4IBAQBphbj8ld4NnDSWwOzEIf1OfEJrQL/PeiFT
SMUn1bvmj5YAdM+cRg6gjqn5Y2dENw9/m2z4HHbcZAbs1A+nM0/POFyg88EsIjgp
Yx+vjvc77ny85XnBiIBuw3tfezhiCTOJpIsj7rq56wEBZQ3QpqvyRhKI79IlpSaE
Q1I2AVy//YPbG/TUTPpbkIrdR4cbmKCRwByL2/A7R/q2ExjUP58jaQ4V+14zymlw
RfoQJs4eJr925fuzAIe8Qx1fwUaLK7joKkOZCXzUTCfeAa333jaBVXF0yyrHzK22
0JCuQ+FpwdilZjbC0v3rB1gpX72zXSBC1DAWcz5AkC4T3PNld9Mh
-----END CERTIFICATE-----
Generated at Fri Apr 17 16:38:39 2026 by rpki-client