Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/C2F7AE40C03111EA9777314AC4F9AE02.roa
File: C2F7AE40C03111EA9777314AC4F9AE02.roa (raw, json)
Hash identifier: qS3A01P8uOdoqKyhJXV/pi4f7G58gnxBlL/J7xIzD5A=
Subject key identifier: 42:E3:73:D3:2E:90:F3:B6:87:B7:55:63:FD:A5:69:26:EB:B8:F3:19
Certificate issuer: /CN=A91577DD/serialNumber=95D1BEF3900B416584164BB74631771302291688
Certificate serial: 3518
Authority key identifier: 95:D1:BE:F3:90:0B:41:65:84:16:4B:B7:46:31:77:13:02:29:16:88
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ldG-85ALQWWEFku3RjF3EwIpFog.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/C2F7AE40C03111EA9777314AC4F9AE02.roa
Signing time: Sat 10 Jan 2026 15:10:53 +0000
ROA not before: Sat 10 Jan 2026 15:10:53 +0000
ROA not after: Tue 02 Mar 2027 00:00:00 +0000
asID: 132196
IP address blocks: 43.254.76.0/22 maxlen: 22
43.254.76.0/24 maxlen: 24
43.254.77.0/24 maxlen: 24
43.254.78.0/24 maxlen: 24
43.254.79.0/24 maxlen: 24
103.238.124.0/22 maxlen: 22
103.238.124.0/24 maxlen: 24
103.238.125.0/24 maxlen: 24
103.238.126.0/24 maxlen: 24
103.238.127.0/24 maxlen: 24
120.50.48.0/20 maxlen: 20
120.50.48.0/24 maxlen: 24
120.50.49.0/24 maxlen: 24
120.50.50.0/24 maxlen: 24
120.50.51.0/24 maxlen: 24
120.50.52.0/24 maxlen: 24
120.50.53.0/24 maxlen: 24
120.50.54.0/24 maxlen: 24
120.50.55.0/24 maxlen: 24
120.50.56.0/24 maxlen: 24
120.50.57.0/24 maxlen: 24
120.50.58.0/24 maxlen: 24
120.50.59.0/24 maxlen: 24
120.50.60.0/24 maxlen: 24
120.50.61.0/24 maxlen: 24
120.50.62.0/24 maxlen: 24
120.50.63.0/24 maxlen: 24
202.176.13.0/24 maxlen: 24
2404:99c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/ldG-85ALQWWEFku3RjF3EwIpFog.crl
rsync://rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/ldG-85ALQWWEFku3RjF3EwIpFog.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ldG-85ALQWWEFku3RjF3EwIpFog.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 25 Feb 2026 14:47:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13592 (0x3518)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91577DD, serialNumber=95D1BEF3900B416584164BB74631771302291688
Validity
Not Before: Jan 10 15:10:53 2026 GMT
Not After : Mar 2 00:00:00 2027 GMT
Subject: CN=69626bfd-3e3e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:16:2a:62:cc:6a:08:53:83:30:2a:da:ff:c1:
e7:c7:55:68:d1:5d:b0:26:8e:7d:e4:ac:97:60:cc:
27:bf:2a:ae:8b:37:15:2a:21:60:9f:90:b0:25:86:
72:60:99:0e:80:d9:74:dc:fa:e9:82:33:37:fc:96:
d1:0c:35:9d:73:e0:2b:f6:32:7f:17:26:9f:b3:e1:
6a:a3:9f:7f:33:43:4b:69:6f:47:2a:91:ea:3c:7c:
d2:07:21:a7:cf:ad:55:86:b1:b7:54:5b:a9:c0:93:
45:ee:a7:8a:15:29:da:8d:20:25:0a:5c:de:56:c5:
73:73:bb:5d:b8:4b:5a:fb:8c:c3:dd:06:82:9e:98:
1e:91:bd:c7:e4:13:f5:ba:0e:d0:0b:f0:ed:85:42:
61:fc:b7:71:ec:31:e3:4f:f3:59:01:23:36:82:2a:
5a:24:1d:05:db:8a:83:c8:d6:f3:ae:e2:5c:60:85:
46:41:62:65:f7:9c:2d:30:27:ca:a8:ba:89:24:43:
9c:2a:94:ca:8e:20:eb:8b:18:16:0a:d6:ed:9f:fb:
55:f5:c8:52:86:31:83:eb:33:18:a0:5b:68:da:d2:
14:af:06:68:5e:56:c2:a9:bf:a0:99:f3:24:b5:59:
35:db:32:e4:7e:f8:66:61:40:5c:b0:9f:a9:14:48:
0d:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:E3:73:D3:2E:90:F3:B6:87:B7:55:63:FD:A5:69:26:EB:B8:F3:19
X509v3 Authority Key Identifier:
keyid:95:D1:BE:F3:90:0B:41:65:84:16:4B:B7:46:31:77:13:02:29:16:88
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/ldG-85ALQWWEFku3RjF3EwIpFog.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ldG-85ALQWWEFku3RjF3EwIpFog.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91577DD/D1C5B02A1D9611E2A1CAB47F08B02CD2/C2F7AE40C03111EA9777314AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.254.76.0/22
103.238.124.0/22
120.50.48.0/20
202.176.13.0/24
IPv6:
2404:99c0::/32
Signature Algorithm: sha256WithRSAEncryption
3c:ed:2c:7a:e9:2f:3e:bd:bb:6b:8b:5a:cc:92:42:9a:2f:6a:
80:26:e0:62:8b:f1:2a:84:cd:ef:a5:f1:61:bc:ca:66:a7:39:
fc:97:a8:40:cf:ea:95:94:a6:46:68:62:65:51:e0:74:85:57:
76:13:21:74:2c:6d:fa:3b:5a:4d:28:45:44:73:c5:aa:cf:66:
e8:70:c0:9c:e3:c9:11:b0:88:d6:bc:e3:6c:b7:02:93:3b:c9:
a1:6b:ef:96:42:0d:80:11:e1:0e:b9:63:72:1f:ed:14:84:b8:
01:75:79:50:8e:7e:58:76:43:69:c8:ad:a3:2a:43:74:ba:2b:
5a:4d:02:7b:76:0a:f1:a5:c8:5a:ef:5f:d4:ab:45:a5:64:6a:
81:b1:bd:dc:09:35:64:c5:84:51:61:83:a8:ee:1a:65:4d:4c:
e5:3a:04:12:25:e6:2b:a3:b6:f1:86:50:9f:3a:8e:86:1a:dd:
a9:85:56:c4:6c:40:6e:24:69:67:fb:5d:c9:ab:ea:55:1d:5f:
1f:95:67:74:1b:46:91:d9:e0:7d:45:18:33:53:10:57:c3:cd:
98:e3:57:94:12:64:2e:d7:3a:95:11:49:e8:a8:3a:c2:b3:91:
e3:10:fa:5b:59:98:91:5d:08:4e:75:ff:cc:d8:a2:b2:af:ba:
dd:66:af:e7
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICNRgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAwwIQTkx
NTc3REQxMTAvBgNVBAUTKDk1RDFCRUYzOTAwQjQxNjU4NDE2NEJCNzQ2MzE3NzEz
MDIyOTE2ODgwHhcNMjYwMTEwMTUxMDUzWhcNMjcwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDDA02OTYyNmJmZC0zZTNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAjxYqYsxqCFODMCra/8Hnx1Vo0V2wJo595KyXYMwnvyquizcVKiFgn5CwJYZy
YJkOgNl03PrpgjM3/JbRDDWdc+Ar9jJ/Fyafs+Fqo59/M0NLaW9HKpHqPHzSByGn
z61VhrG3VFupwJNF7qeKFSnajSAlClzeVsVzc7tduEta+4zD3QaCnpgekb3H5BP1
ug7QC/DthUJh/Ldx7DHjT/NZASM2gipaJB0F24qDyNbzruJcYIVGQWJl95wtMCfK
qLqJJEOcKpTKjiDrixgWCtbtn/tV9chShjGD6zMYoFto2tIUrwZoXlbCqb+gmfMk
tVk12zLkfvhmYUBcsJ+pFEgNOwIDAQABo4ICtjCCArIwHQYDVR0OBBYEFELjc9Mu
kPO2h7dVY/2laSbruPMZMB8GA1UdIwQYMBaAFJXRvvOQC0FlhBZLt0YxdxMCKRaI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1NzdERC9EMUM1QjAyQTFE
OTYxMUUyQTFDQUI0N0YwOEIwMkNEMi9sZEctODVBTFFXV0VGa3UzUmpGM0V3SXBG
b2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2xkRy04NUFMUVdXRUZrdTNSakYzRXdJcEZvZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTc3REQvRDFDNUIwMkExRDk2MTFFMkExQ0FCNDdGMDhCMDJDRDIvQzJGN0FFNDBD
MDMxMTFFQTk3NzczMTRBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAIr/kwDBAJn7nwDBAR4MjADBADKsA0wDQQCAAIwBwMFACQE
mcAwDQYJKoZIhvcNAQELBQADggEBADztLHrpLz69u2uLWsySQpovaoAm4GKL8SqE
ze+l8WG8ymanOfyXqEDP6pWUpkZoYmVR4HSFV3YTIXQsbfo7Wk0oRURzxarPZuhw
wJzjyRGwiNa842y3ApM7yaFr75ZCDYAR4Q65Y3If7RSEuAF1eVCOflh2Q2nIraMq
Q3S6K1pNAnt2CvGlyFrvX9SrRaVkaoGxvdwJNWTFhFFhg6juGmVNTOU6BBIl5iuj
tvGGUJ86joYa3amFVsRsQG4kaWf7Xcmr6lUdXx+VZ3QbRpHZ4H1FGDNTEFfDzZjj
V5QSZC7XOpURSeioOsKzkeMQ+ltZmJFdCE51/8zYorKvut1mr+c=
-----END CERTIFICATE-----
Generated at Thu Feb 19 21:50:31 2026 by rpki-client