Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/59F4A758BD2F11EBB84EE532C4F9AE02.roa
File: 59F4A758BD2F11EBB84EE532C4F9AE02.roa (raw, json)
Hash identifier: m731XVB6b1xAGYHDb9IkvhodV8wFo5nHOoj74jQNmhY=
Subject key identifier: B8:4E:3D:4E:9A:83:6C:19:DF:44:B8:5F:7B:C9:68:C3:AE:4A:F8:C0
Certificate issuer: /CN=A91EA958/serialNumber=FD1607186373E81F44D137B2A0E96957E62AB8A1
Certificate serial: 355C
Authority key identifier: FD:16:07:18:63:73:E8:1F:44:D1:37:B2:A0:E9:69:57:E6:2A:B8:A1
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_RYHGGNz6B9E0TeyoOlpV-YquKE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/59F4A758BD2F11EBB84EE532C4F9AE02.roa
Signing time: Sun 01 Mar 2026 15:52:36 +0000
ROA not before: Wed 02 Jul 2025 15:21:08 +0000
ROA not after: Wed 30 Sep 2026 00:00:00 +0000
asID: 131207
IP address blocks: 43.245.202.0/23 maxlen: 23
43.245.202.0/24 maxlen: 24
43.245.203.0/24 maxlen: 24
103.14.248.0/23 maxlen: 23
103.14.248.0/24 maxlen: 24
103.14.249.0/24 maxlen: 24
103.14.250.0/23 maxlen: 23
103.14.250.0/24 maxlen: 24
103.14.251.0/24 maxlen: 24
180.178.126.0/23 maxlen: 23
180.178.126.0/24 maxlen: 24
180.178.127.0/24 maxlen: 24
203.217.168.0/23 maxlen: 23
203.217.168.0/24 maxlen: 24
203.217.169.0/24 maxlen: 24
203.217.170.0/23 maxlen: 23
203.217.170.0/24 maxlen: 24
203.217.171.0/24 maxlen: 24
2404:b300:1::/48 maxlen: 48
2404:b300:2::/48 maxlen: 48
2404:b300:11::/48 maxlen: 48
2404:b300:12::/48 maxlen: 48
2404:b300:100::/48 maxlen: 48
2404:b300:101::/48 maxlen: 48
2404:b300:133::/48 maxlen: 48
2404:b300:400::/48 maxlen: 48
2404:b300:1000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/_RYHGGNz6B9E0TeyoOlpV-YquKE.crl
rsync://rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/_RYHGGNz6B9E0TeyoOlpV-YquKE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_RYHGGNz6B9E0TeyoOlpV-YquKE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 15:06:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13660 (0x355c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EA958, serialNumber=FD1607186373E81F44D137B2A0E96957E62AB8A1
Validity
Not Before: Jul 2 15:21:08 2025 GMT
Not After : Sep 30 00:00:00 2026 GMT
Subject: CN=69a460c4-2bd1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:f5:1c:ab:50:5a:20:46:00:bf:63:a7:9a:aa:
75:30:4d:5c:b6:82:de:73:05:a7:d8:b0:66:5a:b8:
9b:20:2c:51:20:72:ef:4a:63:bb:4d:d6:b6:b8:41:
fa:e6:d6:b3:e9:40:da:2c:9f:fd:d1:22:8e:aa:34:
6a:2d:b0:33:78:7f:cf:f4:2c:50:a6:0b:0c:60:25:
c0:bb:32:1b:16:40:05:a3:f1:f8:6d:df:a7:36:1e:
ef:47:de:b0:63:bc:30:f3:11:9f:51:18:a6:78:62:
4e:f1:19:17:56:b7:7f:0c:27:00:92:50:c8:16:4b:
47:dc:8f:49:cf:42:e2:4a:d2:f1:48:b4:28:0f:93:
f4:57:b7:74:11:27:dc:93:85:1f:11:8a:2b:7d:a5:
8f:28:cc:42:a5:7b:2a:6d:7e:33:fb:ef:c9:5e:f6:
0d:12:f3:18:ca:55:8f:ed:ca:24:5e:0d:4e:da:7e:
72:b0:6b:1c:97:79:51:53:fe:40:3e:3c:27:70:dd:
82:11:bd:7a:cd:2d:c5:0c:39:9e:5b:28:75:f4:af:
36:20:69:27:96:e7:66:66:fa:34:dc:e7:e0:46:0f:
b7:71:af:b5:f3:d1:8a:e6:b2:73:64:a9:21:67:7a:
5e:3a:22:a8:6f:f3:73:e3:07:4c:1a:0c:f5:41:57:
cf:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:4E:3D:4E:9A:83:6C:19:DF:44:B8:5F:7B:C9:68:C3:AE:4A:F8:C0
X509v3 Authority Key Identifier:
keyid:FD:16:07:18:63:73:E8:1F:44:D1:37:B2:A0:E9:69:57:E6:2A:B8:A1
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/_RYHGGNz6B9E0TeyoOlpV-YquKE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_RYHGGNz6B9E0TeyoOlpV-YquKE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EA958/5AE197F41D9F11E2BCBFF78F08B02CD2/59F4A758BD2F11EBB84EE532C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
43.245.202.0/23
103.14.248.0/22
180.178.126.0/23
203.217.168.0/22
IPv6:
2404:b300:1::-2404:b300:2:ffff:ffff:ffff:ffff:ffff
2404:b300:11::-2404:b300:12:ffff:ffff:ffff:ffff:ffff
2404:b300:100::/47
2404:b300:133::/48
2404:b300:400::/48
2404:b300:1000::/48
Signature Algorithm: sha256WithRSAEncryption
6c:05:b3:cb:50:a2:2e:ed:c0:27:98:64:03:c0:31:5e:d2:be:
90:51:91:d3:c2:49:1d:c4:b7:3e:0a:18:5e:c2:b4:e0:12:42:
5a:86:05:25:04:8e:21:2d:e2:86:bb:53:d9:81:b0:43:e9:0e:
fd:15:84:f1:dd:ef:8b:28:40:b3:1a:52:0d:a8:02:0e:0e:67:
5f:a6:11:6b:77:c6:20:75:81:9c:d4:d0:27:cf:59:ae:b5:cb:
b6:dc:14:8e:1a:6d:88:d8:53:c7:3c:9a:db:c8:09:76:53:e5:
e6:09:27:ed:7e:93:69:4e:3b:d0:42:1d:f1:d7:a7:9c:0b:05:
b1:a4:95:be:71:9d:03:5a:dc:fa:38:09:c1:e9:3f:04:85:39:
f0:56:d7:16:79:03:b0:cd:ee:9c:f8:d8:a1:7f:6a:e4:ff:e3:
8c:81:ce:cd:c0:55:a9:16:b3:da:1e:93:77:79:0f:6a:1e:89:
eb:8b:fc:80:5e:43:8a:96:a4:ad:f1:fb:73:23:81:2a:4f:15:
df:59:39:6c:df:a5:5b:c9:7f:72:48:2c:e0:00:8f:87:e2:83:
73:3d:41:a1:b4:a8:c3:3a:a2:4c:bf:42:5d:ed:79:04:84:a5:
85:03:0c:e1:86:11:ea:e5:80:76:79:34:9d:3c:4c:e9:09:f4:
32:8c:9d:06
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgICNVwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUE5NTgxMTAvBgNVBAUTKEZEMTYwNzE4NjM3M0U4MUY0NEQxMzdCMkEwRTk2OTU3
RTYyQUI4QTEwHhcNMjUwNzAyMTUyMTA4WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NjBjNC0yYmQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArPUcq1BaIEYAv2Onmqp1ME1ctoLecwWn2LBmWribICxRIHLvSmO7Tda2uEH6
5taz6UDaLJ/90SKOqjRqLbAzeH/P9CxQpgsMYCXAuzIbFkAFo/H4bd+nNh7vR96w
Y7ww8xGfURimeGJO8RkXVrd/DCcAklDIFktH3I9Jz0LiStLxSLQoD5P0V7d0ESfc
k4UfEYorfaWPKMxCpXsqbX4z++/JXvYNEvMYylWP7cokXg1O2n5ysGscl3lRU/5A
PjwncN2CEb16zS3FDDmeWyh19K82IGknludmZvo03OfgRg+3ca+189GK5rJzZKkh
Z3peOiKob/Nz4wdMGgz1QVfPaQIDAQABo4ICxzCCAsMwHQYDVR0OBBYEFLhOPU6a
g2wZ30S4X3vJaMOuSvjAMB8GA1UdIwQYMBaAFP0WBxhjc+gfRNE3sqDpaVfmKrih
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQTk1OC81QUUxOTdGNDFE
OUYxMUUyQkNCRkY3OEYwOEIwMkNEMi9fUllIR0dOejZCOUUwVGV5b09scFYtWXF1
S0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19SWUhHR056NkI5RTBUZXlvT2xwVi1ZcXVLRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUE5NTgvNUFFMTk3RjQxRDlGMTFFMkJDQkZGNzhGMDhCMDJDRDIvNTlGNEE3NThC
RDJGMTFFQkI4NEVFNTMyQzRGOUFFMDIucm9hMIGFBggrBgEFBQcBBwEB/wR2MHQw
HgQCAAEwGAMEASv1ygMEAmcO+AMEAbSyfgMEAsvZqDBSBAIAAjBMMBIDBwAkBLMA
AAEDBwAkBLMAAAIwEgMHACQEswAAEQMHACQEswAAEgMHASQEswABAAMHACQEswAB
MwMHACQEswAEAAMHACQEswAQADANBgkqhkiG9w0BAQsFAAOCAQEAbAWzy1CiLu3A
J5hkA8AxXtK+kFGR08JJHcS3PgoYXsK04BJCWoYFJQSOIS3ihrtT2YGwQ+kO/RWE
8d3viyhAsxpSDagCDg5nX6YRa3fGIHWBnNTQJ89ZrrXLttwUjhptiNhTxzya28gJ
dlPl5gkn7X6TaU470EId8dennAsFsaSVvnGdA1rc+jgJwek/BIU58FbXFnkDsM3u
nPjYoX9q5P/jjIHOzcBVqRaz2h6Td3kPah6J64v8gF5DipakrfH7cyOBKk8V31k5
bN+lW8l/ckgs4ACPh+KDcz1BobSowzqiTL9CXe15BISlhQMM4YYR6uWAdnk0nTxM
6Qn0MoydBg==
-----END CERTIFICATE-----
Generated at Mon Mar 2 23:10:20 2026 by rpki-client