Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/236D4FF0FD9D11EC868CDF5DC4F9AE02.roa
File: 236D4FF0FD9D11EC868CDF5DC4F9AE02.roa (raw, json)
Hash identifier: MYhon/bKVvfbESU7PH3/suSb5/+YVeHAdnZ0m09ZYpE=
Subject key identifier: 01:CC:11:A1:E3:83:EC:D7:80:04:36:66:43:A5:1F:B7:84:6E:FE:E3
Certificate issuer: /CN=A91F33A5/serialNumber=C4F638C09E372046C01DF4604C281164F6AC1622
Certificate serial: 03C5
Authority key identifier: C4:F6:38:C0:9E:37:20:46:C0:1D:F4:60:4C:28:11:64:F6:AC:16:22
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xPY4wJ43IEbAHfRgTCgRZPasFiI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/236D4FF0FD9D11EC868CDF5DC4F9AE02.roa
Signing time: Sun 01 Mar 2026 14:26:02 +0000
ROA not before: Fri 05 Sep 2025 01:37:57 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 6262
IP address blocks: 150.229.0.0/16 maxlen: 24
202.6.3.0/24 maxlen: 24
202.6.4.0/24 maxlen: 24
202.6.82.0/23 maxlen: 24
202.8.32.0/21 maxlen: 24
202.9.0.0/20 maxlen: 24
202.12.120.0/23 maxlen: 24
202.14.0.0/22 maxlen: 24
203.0.88.0/24 maxlen: 24
203.0.100.0/24 maxlen: 24
203.6.255.0/24 maxlen: 24
203.7.128.0/24 maxlen: 24
203.7.170.0/24 maxlen: 24
203.12.40.0/23 maxlen: 24
203.18.60.0/23 maxlen: 24
203.25.92.0/22 maxlen: 24
203.143.160.0/20 maxlen: 24
221.199.208.0/20 maxlen: 24
2402:1800::/32 maxlen: 40
2405:b000::/32 maxlen: 40
2405:b000:410::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/xPY4wJ43IEbAHfRgTCgRZPasFiI.crl
rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/xPY4wJ43IEbAHfRgTCgRZPasFiI.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xPY4wJ43IEbAHfRgTCgRZPasFiI.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 00:04:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 965 (0x3c5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91F33A5, serialNumber=C4F638C09E372046C01DF4604C281164F6AC1622
Validity
Not Before: Sep 5 01:37:57 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=69a44c7a-5023
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:03:a3:2c:a0:83:63:83:4a:19:aa:d2:c7:4e:
b3:c1:89:71:6f:e1:17:17:98:98:e0:a3:93:6b:69:
9d:cc:08:75:2a:47:ea:c3:db:61:72:51:fd:34:0f:
de:2c:1c:9d:d9:9b:49:ee:9e:fd:6a:80:e4:0b:4c:
8f:7f:18:8d:2d:07:da:c5:3f:9c:66:3c:3f:ac:4a:
31:db:5b:e4:7a:78:ae:fd:3a:44:4b:0d:b9:4e:75:
fd:28:54:91:25:f9:49:28:71:29:ed:27:97:d8:47:
72:ac:31:d2:77:8c:1e:47:a1:d5:0b:5f:70:81:d8:
fc:73:eb:73:22:f0:fc:90:98:b1:1c:66:c8:bb:ef:
54:51:85:63:f2:50:27:33:f7:64:30:45:e6:55:f8:
1c:a6:f1:e1:13:b7:48:d9:19:77:53:b9:fd:9d:aa:
f6:57:fe:e0:5d:7f:48:77:de:bc:c3:a4:e7:f8:37:
c1:80:e6:3e:8d:61:94:93:5d:08:da:4e:00:5e:7a:
8e:d5:46:dd:6a:87:fd:e2:fa:62:5d:3d:5a:1a:3d:
cb:2c:b3:89:e0:e5:16:f4:f4:05:d9:ad:c3:d7:33:
69:ac:5c:2f:45:d2:b8:31:39:f0:c8:9a:ce:89:7f:
4d:88:72:eb:f3:14:58:a8:f1:88:07:63:f6:a6:a5:
9b:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:CC:11:A1:E3:83:EC:D7:80:04:36:66:43:A5:1F:B7:84:6E:FE:E3
X509v3 Authority Key Identifier:
keyid:C4:F6:38:C0:9E:37:20:46:C0:1D:F4:60:4C:28:11:64:F6:AC:16:22
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/xPY4wJ43IEbAHfRgTCgRZPasFiI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xPY4wJ43IEbAHfRgTCgRZPasFiI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F33A5/1C0E706AD4D811ECA4245F10C4F9AE02/236D4FF0FD9D11EC868CDF5DC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
150.229.0.0/16
202.6.3.0-202.6.4.255
202.6.82.0/23
202.8.32.0/21
202.9.0.0/20
202.12.120.0/23
202.14.0.0/22
203.0.88.0/24
203.0.100.0/24
203.6.255.0/24
203.7.128.0/24
203.7.170.0/24
203.12.40.0/23
203.18.60.0/23
203.25.92.0/22
203.143.160.0/20
221.199.208.0/20
IPv6:
2402:1800::/32
2405:b000::/32
Signature Algorithm: sha256WithRSAEncryption
15:cf:e6:cd:05:9a:dc:e2:6f:f1:8f:87:e7:36:29:a4:81:10:
8d:c2:0b:0d:1b:b1:ae:25:84:38:13:06:55:d3:c5:9c:db:15:
16:6b:8a:b2:b6:48:1f:5a:e0:79:fc:c8:c1:db:43:78:4d:0d:
ad:eb:21:b7:00:8d:bc:c5:c8:45:9c:70:04:ec:a6:86:00:53:
21:43:fa:31:b9:eb:2d:73:ef:cc:19:e9:5e:d4:c5:f8:6f:71:
5c:14:8c:60:a3:31:40:19:f3:d0:be:cf:49:55:25:2e:ce:16:
07:fd:77:9b:b7:36:05:61:52:ff:10:ab:44:50:63:23:f9:b6:
d9:de:6b:df:66:7b:53:64:1f:02:4e:1f:ec:be:78:b4:37:60:
e3:b8:50:02:ba:e1:d7:32:bc:d0:01:37:cd:4e:cf:f4:2d:06:
cb:3c:3c:78:cf:e6:33:70:89:51:12:25:aa:09:d6:14:88:2d:
10:09:58:6c:9f:0a:0a:9f:b0:a2:2b:e3:c7:97:72:3a:b4:20:
c7:82:af:a5:9b:59:93:0a:f6:3e:be:2c:4c:a1:7e:0e:4f:de:
ef:e8:c9:aa:ea:cc:19:b6:99:29:74:09:7c:04:a4:88:24:c0:
38:01:0f:38:ef:70:c1:59:e2:af:28:88:98:df:a4:ad:7f:52:
17:bd:0f:b9
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgICA8UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjMzQTUxMTAvBgNVBAUTKEM0RjYzOEMwOUUzNzIwNDZDMDFERjQ2MDRDMjgxMTY0
RjZBQzE2MjIwHhcNMjUwOTA1MDEzNzU3WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NGM3YS01MDIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtgOjLKCDY4NKGarSx06zwYlxb+EXF5iY4KOTa2mdzAh1Kkfqw9thclH9NA/e
LByd2ZtJ7p79aoDkC0yPfxiNLQfaxT+cZjw/rEox21vkeniu/TpESw25TnX9KFSR
JflJKHEp7SeX2EdyrDHSd4weR6HVC19wgdj8c+tzIvD8kJixHGbIu+9UUYVj8lAn
M/dkMEXmVfgcpvHhE7dI2Rl3U7n9nar2V/7gXX9Id968w6Tn+DfBgOY+jWGUk10I
2k4AXnqO1Ubdaof94vpiXT1aGj3LLLOJ4OUW9PQF2a3D1zNprFwvRdK4MTnwyJrO
iX9NiHLr8xRYqPGIB2P2pqWb1wIDAQABo4IC4DCCAtwwHQYDVR0OBBYEFAHMEaHj
g+zXgAQ2ZkOlH7eEbv7jMB8GA1UdIwQYMBaAFMT2OMCeNyBGwB30YEwoEWT2rBYi
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGMzNBNS8xQzBFNzA2QUQ0
RDgxMUVDQTQyNDVGMTBDNEY5QUUwMi94UFk0d0o0M0lFYkFIZlJnVENnUlpQYXNG
aUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hQWTR3SjQzSUViQUhmUmdUQ2dSWlBhc0ZpSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjMzQTUvMUMwRTcwNkFENEQ4MTFFQ0E0MjQ1RjEwQzRGOUFFMDIvMjM2RDRGRjBG
RDlEMTFFQzg2OENERjVEQzRGOUFFMDIucm9hMIGeBggrBgEFBQcBBwEB/wSBjjCB
izBzBAIAATBtAwMAluUwDAMEAMoGAwMEAMoGBAMEAcoGUgMEA8oIIAMEBMoJAAME
AcoMeAMEAsoOAAMEAMsAWAMEAMsAZAMEAMsG/wMEAMsHgAMEAMsHqgMEAcsMKAME
AcsSPAMEAssZXAMEBMuPoAMEBN3H0DAUBAIAAjAOAwUAJAIYAAMFACQFsAAwDQYJ
KoZIhvcNAQELBQADggEBABXP5s0Fmtzib/GPh+c2KaSBEI3CCw0bsa4lhDgTBlXT
xZzbFRZrirK2SB9a4Hn8yMHbQ3hNDa3rIbcAjbzFyEWccATspoYAUyFD+jG56y1z
78wZ6V7UxfhvcVwUjGCjMUAZ89C+z0lVJS7OFgf9d5u3NgVhUv8Qq0RQYyP5ttne
a99me1NkHwJOH+y+eLQ3YOO4UAK64dcyvNABN81Oz/QtBss8PHjP5jNwiVESJaoJ
1hSILRAJWGyfCgqfsKIr48eXcjq0IMeCr6WbWZMK9j6+LEyhfg5P3u/oyarqzBm2
mSl0CXwEpIgkwDgBDzjvcMFZ4q8oiJjfpK1/Uhe9D7k=
-----END CERTIFICATE-----
Generated at Mon Mar 2 05:30:40 2026 by rpki-client