Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/0351889A90C511EFBAE1BD70C4F9AE02.roa
File: 0351889A90C511EFBAE1BD70C4F9AE02.roa (raw, json)
Hash identifier: qwFwplU43G/hNJT02NNQ4dEUqw5/rgD0dEX0nQo6jl4=
Subject key identifier: AE:48:12:63:C5:0F:95:C0:65:15:A4:33:6E:35:E0:F5:14:03:A3:51
Certificate issuer: /CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Certificate serial: 19D5
Authority key identifier: C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/0351889A90C511EFBAE1BD70C4F9AE02.roa
Signing time: Sun 01 Mar 2026 18:50:48 +0000
ROA not before: Fri 20 Feb 2026 17:14:56 +0000
ROA not after: Sat 01 May 2027 00:00:00 +0000
asID: 38809
IP address blocks: 121.200.224.0/20 maxlen: 20
121.200.228.0/23 maxlen: 23
121.200.230.0/24 maxlen: 24
121.200.231.0/24 maxlen: 24
121.200.232.0/23 maxlen: 23
121.200.234.0/24 maxlen: 24
121.200.235.0/24 maxlen: 24
121.200.236.0/23 maxlen: 23
121.200.238.0/24 maxlen: 24
121.200.239.0/24 maxlen: 24
150.207.0.0/16 maxlen: 16
150.207.134.0/23 maxlen: 23
150.207.136.0/23 maxlen: 23
150.207.138.0/23 maxlen: 23
150.207.144.0/22 maxlen: 22
150.207.150.0/23 maxlen: 23
150.207.152.0/22 maxlen: 22
150.207.156.0/22 maxlen: 22
150.207.168.0/21 maxlen: 21
203.19.141.0/24 maxlen: 24
203.161.8.0/21 maxlen: 21
203.161.8.0/24 maxlen: 24
203.161.9.0/24 maxlen: 24
203.161.10.0/23 maxlen: 23
203.161.12.0/24 maxlen: 24
203.161.13.0/24 maxlen: 24
203.161.14.0/24 maxlen: 24
203.161.15.0/24 maxlen: 24
203.176.96.0/20 maxlen: 20
203.176.98.0/24 maxlen: 24
203.176.99.0/24 maxlen: 24
203.176.100.0/24 maxlen: 24
203.176.102.0/24 maxlen: 24
203.176.103.0/24 maxlen: 24
203.176.104.0/24 maxlen: 24
203.176.105.0/24 maxlen: 24
203.176.106.0/23 maxlen: 23
203.176.108.0/24 maxlen: 24
203.176.111.0/24 maxlen: 24
2401:1c00::/32 maxlen: 32
2401:1c00:2000::/40 maxlen: 40
2401:1c00:3000::/40 maxlen: 40
2401:1c00:4000::/40 maxlen: 40
2401:1c00:5000::/40 maxlen: 40
2401:1c00:6000::/40 maxlen: 40
2401:1c00:7000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.crl
rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 08 Mar 2026 23:45:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6613 (0x19d5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91EAE3D, serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Validity
Not Before: Feb 20 17:14:56 2026 GMT
Not After : May 1 00:00:00 2027 GMT
Subject: CN=69a48a88-a868
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:96:d2:2b:d0:16:ba:67:7b:83:f3:f6:df:1f:
18:87:1c:e2:81:65:e8:62:1a:3d:57:ed:d6:ba:dc:
6a:fb:fb:3f:7a:b3:68:7d:4b:f1:90:88:22:c6:65:
86:ef:99:87:63:de:28:a0:8d:b8:89:08:27:9d:ae:
97:80:b2:8a:c2:0e:e1:c9:c6:e9:95:33:ed:59:ef:
af:14:d2:4d:7f:7f:9d:aa:57:85:c8:b7:52:f8:1d:
7a:1f:15:a0:1b:26:88:ff:0f:43:42:06:be:a1:23:
55:f8:ae:49:b0:e0:41:97:25:d2:2d:02:17:a8:9e:
a3:08:60:8b:98:1c:75:fa:0f:4e:89:db:f2:50:c4:
30:6a:ad:58:ef:a0:85:a2:b4:dd:63:53:1b:09:a3:
99:cb:aa:76:63:b7:85:57:08:b0:81:8a:5c:b1:a9:
cb:f0:3b:26:c5:e6:2c:c8:c0:f5:cd:57:7b:0d:46:
6c:a1:8e:e2:1a:14:c5:71:c5:d0:d4:28:5d:7b:c2:
ef:12:5f:43:e6:2f:39:6b:0b:4e:93:cf:a0:3e:3d:
f4:40:87:c3:32:32:d7:4b:64:a2:2e:0d:55:43:f4:
e5:c1:ea:2f:f5:2a:23:92:21:0b:b1:09:1a:15:ab:
6b:d7:20:21:3c:b4:40:d9:fa:33:b9:7b:fc:21:4b:
19:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:48:12:63:C5:0F:95:C0:65:15:A4:33:6E:35:E0:F5:14:03:A3:51
X509v3 Authority Key Identifier:
keyid:C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/0351889A90C511EFBAE1BD70C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
121.200.224.0/20
150.207.0.0/16
203.19.141.0/24
203.161.8.0/21
203.176.96.0/20
IPv6:
2401:1c00::/32
Signature Algorithm: sha256WithRSAEncryption
10:05:47:83:02:c8:2d:2c:91:ff:30:86:55:5c:84:d3:d3:51:
36:94:6a:e6:6a:d5:28:68:e9:bd:af:43:20:4c:05:92:53:3d:
49:93:af:7f:0e:b7:fb:21:cf:d9:56:53:3d:3a:2f:68:3c:5c:
95:91:f9:57:d3:9a:8e:63:17:eb:0d:ef:35:81:62:42:26:91:
3b:73:d8:18:4b:1d:33:4c:ff:b7:33:43:a6:63:62:ec:50:13:
b8:b6:20:29:41:8a:c5:9d:63:79:e4:1a:89:bc:8b:e0:b9:a8:
b4:49:a5:27:93:3b:fd:d3:26:ce:a3:60:a8:6a:0a:35:59:58:
cd:c2:f6:1f:72:7d:55:25:64:58:d1:f3:c3:05:9b:c8:69:44:
5a:d4:64:4c:29:98:f1:cc:cf:30:2b:4c:6b:ec:9c:f9:7c:90:
31:63:05:fb:06:8e:dd:12:b5:ef:c0:fd:2d:74:2b:08:c8:38:
c8:98:58:aa:c2:2b:2b:7f:25:d2:13:30:0e:51:98:c8:2e:c7:
c2:30:60:72:c2:de:e6:3e:af:58:a5:61:d3:41:c5:53:ba:9c:
58:e5:fa:bd:e4:de:81:08:47:68:b5:0a:a7:d5:26:fd:4d:b5:
6a:c6:5b:f2:9e:f5:40:8c:e4:7a:ec:c7:a3:d9:84:f8:5e:7d:
6c:7a:45:5c
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgICGdUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUFFM0QxMTAvBgNVBAUTKEM3MjY5QjEyNEM0MjBDNTVFMjlGQjUxRDNDMUIwRDlE
NDc2Q0JEMDAwHhcNMjYwMjIwMTcxNDU2WhcNMjcwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0OGE4OC1hODY4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx5bSK9AWumd7g/P23x8YhxzigWXoYho9V+3Wutxq+/s/erNofUvxkIgixmWG
75mHY94ooI24iQgnna6XgLKKwg7hycbplTPtWe+vFNJNf3+dqleFyLdS+B16HxWg
GyaI/w9DQga+oSNV+K5JsOBBlyXSLQIXqJ6jCGCLmBx1+g9OidvyUMQwaq1Y76CF
orTdY1MbCaOZy6p2Y7eFVwiwgYpcsanL8DsmxeYsyMD1zVd7DUZsoY7iGhTFccXQ
1Chde8LvEl9D5i85awtOk8+gPj30QIfDMjLXS2SiLg1VQ/Tlweov9SojkiELsQka
Fatr1yAhPLRA2fozuXv8IUsZ+QIDAQABo4IChjCCAoIwHQYDVR0OBBYEFK5IEmPF
D5XAZRWkM2414PUUA6NRMB8GA1UdIwQYMBaAFMcmmxJMQgxV4p+1HTwbDZ1HbL0A
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQUUzRC85N0I2RTBDRTc1
REUxMUU4QjcwNEEyNDZDNEY5QUUwMi94eWFiRWt4Q0RGWGluN1VkUEJzTm5VZHN2
UUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3h5YWJFa3hDREZYaW43VWRQQnNOblVkc3ZRQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUFFM0QvOTdCNkUwQ0U3NURFMTFFOEI3MDRBMjQ2QzRGOUFFMDIvMDM1MTg4OUE5
MEM1MTFFRkJBRTFCRDcwQzRGOUFFMDIucm9hMEUGCCsGAQUFBwEHAQH/BDYwNDAj
BAIAATAdAwQEecjgAwMAls8DBADLE40DBAPLoQgDBATLsGAwDQQCAAIwBwMFACQB
HAAwDQYJKoZIhvcNAQELBQADggEBABAFR4MCyC0skf8whlVchNPTUTaUauZq1Sho
6b2vQyBMBZJTPUmTr38Ot/shz9lWUz06L2g8XJWR+VfTmo5jF+sN7zWBYkImkTtz
2BhLHTNM/7czQ6ZjYuxQE7i2IClBisWdY3nkGom8i+C5qLRJpSeTO/3TJs6jYKhq
CjVZWM3C9h9yfVUlZFjR88MFm8hpRFrUZEwpmPHMzzArTGvsnPl8kDFjBfsGjt0S
te/A/S10KwjIOMiYWKrCKyt/JdITMA5RmMgux8IwYHLC3uY+r1ilYdNBxVO6nFjl
+r3k3oEIR2i1CqfVJv1NtWrGW/Ke9UCM5Hrsx6PZhPhefWx6RVw=
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:45:35 2026 by rpki-client