Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9171A5B/17E10102993B11E79ABB8181C4F9AE02/EC8BB4F2B2B411EF8B387C7CC4F9AE02.roa
File: EC8BB4F2B2B411EF8B387C7CC4F9AE02.roa (raw, json)
Hash identifier: 5YVfDGsH7nbs/ncOmwozCJkbnUwXDX/MkNtEAgEUsr0=
Subject key identifier: 9F:58:1C:1D:1D:20:77:C8:F7:11:C6:70:5E:20:24:F0:D8:11:80:21
Certificate issuer: /CN=A9171A5B/serialNumber=AB7D0BD5D2AB5DEE2F1CD696B829BAEF977F78CE
Certificate serial: 194B
Authority key identifier: AB:7D:0B:D5:D2:AB:5D:EE:2F:1C:D6:96:B8:29:BA:EF:97:7F:78:CE
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/q30L1dKrXe4vHNaWuCm675d_eM4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9171A5B/17E10102993B11E79ABB8181C4F9AE02/EC8BB4F2B2B411EF8B387C7CC4F9AE02.roa
Signing time: Fri 30 Jan 2026 17:14:01 +0000
ROA not before: Fri 30 Jan 2026 17:14:01 +0000
ROA not after: Tue 02 Jun 2026 00:00:00 +0000
asID: 18001
IP address blocks: 123.231.0.0/17 maxlen: 17
123.231.0.0/18 maxlen: 18
123.231.0.0/19 maxlen: 19
123.231.0.0/21 maxlen: 21
123.231.2.0/24 maxlen: 24
123.231.8.0/21 maxlen: 21
123.231.16.0/21 maxlen: 21
123.231.24.0/21 maxlen: 21
123.231.32.0/21 maxlen: 21
123.231.40.0/22 maxlen: 22
123.231.44.0/22 maxlen: 22
123.231.48.0/21 maxlen: 21
123.231.56.0/21 maxlen: 21
123.231.64.0/19 maxlen: 19
123.231.64.0/21 maxlen: 21
123.231.64.0/24 maxlen: 24
123.231.65.0/24 maxlen: 24
123.231.68.0/24 maxlen: 24
123.231.69.0/24 maxlen: 24
123.231.72.0/21 maxlen: 21
123.231.72.0/24 maxlen: 24
123.231.73.0/24 maxlen: 24
123.231.80.0/21 maxlen: 22
123.231.88.0/21 maxlen: 21
123.231.96.0/19 maxlen: 19
123.231.96.0/21 maxlen: 21
123.231.104.0/21 maxlen: 22
123.231.112.0/22 maxlen: 22
123.231.116.0/22 maxlen: 22
123.231.120.0/21 maxlen: 22
203.189.64.0/20 maxlen: 21
203.189.70.0/24 maxlen: 24
203.189.73.0/24 maxlen: 24
2405:4400::/32 maxlen: 44
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9171A5B/17E10102993B11E79ABB8181C4F9AE02/q30L1dKrXe4vHNaWuCm675d_eM4.crl
rsync://rpki.apnic.net/member_repository/A9171A5B/17E10102993B11E79ABB8181C4F9AE02/q30L1dKrXe4vHNaWuCm675d_eM4.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/q30L1dKrXe4vHNaWuCm675d_eM4.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 25 Feb 2026 16:14:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6475 (0x194b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9171A5B, serialNumber=AB7D0BD5D2AB5DEE2F1CD696B829BAEF977F78CE
Validity
Not Before: Jan 30 17:14:01 2026 GMT
Not After : Jun 2 00:00:00 2026 GMT
Subject: CN=697ce6d9-d2a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:b5:92:40:f4:e4:28:25:f0:b3:1a:11:6c:f6:
6a:fa:40:ed:be:d1:cd:94:82:9c:6c:96:3e:e0:24:
25:48:d4:93:59:82:50:8d:e0:36:02:29:f1:7f:15:
1d:e8:ee:51:9c:ea:a1:d0:8d:cc:fc:09:a7:9e:0f:
34:f9:48:79:98:bd:2a:be:c2:ea:05:3a:01:cd:1f:
2b:c8:50:29:0e:7d:3a:df:5b:cd:d4:50:eb:cc:f7:
f8:c5:fd:6a:ad:c8:20:fa:8f:8a:48:07:6a:0a:d2:
84:5f:67:db:4f:50:cd:69:c0:df:bc:f4:df:1d:50:
5c:9e:52:0d:9c:0b:c6:a5:af:a1:a6:e8:90:f9:eb:
6d:a1:b7:59:3a:1e:2d:54:71:76:49:22:98:1e:f2:
75:e9:bc:cc:db:72:ca:e8:f8:36:9d:0e:18:c7:47:
47:17:43:05:e2:a7:1e:39:f3:7d:38:30:40:32:04:
bc:ff:fe:d6:50:fc:8b:5f:c9:ed:90:78:e1:2d:d3:
1f:aa:c2:7c:ba:eb:c7:9b:2b:cb:36:11:8c:67:ae:
73:2f:52:35:7d:15:8f:7b:c4:82:99:e8:bb:2d:96:
c7:63:11:db:5a:41:4c:24:f5:35:78:ce:18:49:5c:
e0:35:85:45:c6:de:a8:3a:5a:44:63:9d:c8:40:fe:
9e:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:58:1C:1D:1D:20:77:C8:F7:11:C6:70:5E:20:24:F0:D8:11:80:21
X509v3 Authority Key Identifier:
keyid:AB:7D:0B:D5:D2:AB:5D:EE:2F:1C:D6:96:B8:29:BA:EF:97:7F:78:CE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9171A5B/17E10102993B11E79ABB8181C4F9AE02/q30L1dKrXe4vHNaWuCm675d_eM4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/q30L1dKrXe4vHNaWuCm675d_eM4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9171A5B/17E10102993B11E79ABB8181C4F9AE02/EC8BB4F2B2B411EF8B387C7CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
123.231.0.0/17
203.189.64.0/20
IPv6:
2405:4400::/32
Signature Algorithm: sha256WithRSAEncryption
43:a0:cd:38:48:20:7a:ee:63:7a:b9:0c:ac:02:53:7b:9e:51:
f1:f8:88:40:e1:c6:78:cd:a7:54:4b:21:52:2c:bf:01:eb:42:
6e:94:a4:fa:a3:c4:a3:aa:a6:71:2c:a5:a6:7b:0f:38:18:35:
08:b6:dc:dc:58:a4:6b:aa:e0:ac:8c:9f:32:2e:d5:3e:77:c0:
4b:27:fe:2d:4a:16:4a:0c:46:cf:dd:4b:58:62:a2:a3:50:86:
4c:62:89:2b:49:c8:9e:a7:bc:5c:98:af:fa:c3:de:3e:0b:0e:
52:f1:55:e4:d6:81:31:e8:06:67:79:5e:ea:6e:af:bf:dc:8f:
f9:8b:07:af:60:d0:f9:36:1f:78:95:2b:f4:b7:27:3d:35:a3:
f9:6b:7e:79:09:65:30:76:e7:49:06:58:4c:28:d9:94:c2:b6:
9a:ae:3c:1a:51:23:44:16:99:cc:68:2d:eb:ad:0e:c2:59:32:
03:71:a9:cd:28:b8:94:03:47:21:87:a1:51:97:3d:8a:00:a8:
12:5c:8f:9f:d6:82:a8:c6:4b:e3:1d:49:87:12:88:55:08:a1:
6b:e0:1b:cb:8a:af:8f:86:f2:19:73:75:53:92:6a:4b:95:d9:
a2:39:50:3f:23:97:ae:9c:1c:2f:d2:fb:69:0f:a8:a7:61:77:
dd:ee:e8:a3
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICGUswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAwwIQTkx
NzFBNUIxMTAvBgNVBAUTKEFCN0QwQkQ1RDJBQjVERUUyRjFDRDY5NkI4MjlCQUVG
OTc3Rjc4Q0UwHhcNMjYwMTMwMTcxNDAxWhcNMjYwNjAyMDAwMDAwWjAYMRYwFAYD
VQQDDA02OTdjZTZkOS1kMmE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuLWSQPTkKCXwsxoRbPZq+kDtvtHNlIKcbJY+4CQlSNSTWYJQjeA2AinxfxUd
6O5RnOqh0I3M/Amnng80+Uh5mL0qvsLqBToBzR8ryFApDn0631vN1FDrzPf4xf1q
rcgg+o+KSAdqCtKEX2fbT1DNacDfvPTfHVBcnlINnAvGpa+hpuiQ+ettobdZOh4t
VHF2SSKYHvJ16bzM23LK6Pg2nQ4Yx0dHF0MF4qceOfN9ODBAMgS8//7WUPyLX8nt
kHjhLdMfqsJ8uuvHmyvLNhGMZ65zL1I1fRWPe8SCmei7LZbHYxHbWkFMJPU1eM4Y
SVzgNYVFxt6oOlpEY53IQP6eoQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFJ9YHB0d
IHfI9xHGcF4gJPDYEYAhMB8GA1UdIwQYMBaAFKt9C9XSq13uLxzWlrgpuu+Xf3jO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MUE1Qi8xN0UxMDEwMjk5
M0IxMUU3OUFCQjgxODFDNEY5QUUwMi9xMzBMMWRLclhlNHZITmFXdUNtNjc1ZF9l
TTQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3EzMEwxZEtyWGU0dkhOYVd1Q202NzVkX2VNNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzFBNUIvMTdFMTAxMDI5OTNCMTFFNzlBQkI4MTgxQzRGOUFFMDIvRUM4QkI0RjJC
MkI0MTFFRjhCMzg3QzdDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAd75wADBATLvUAwDQQCAAIwBwMFACQFRAAwDQYJKoZIhvcN
AQELBQADggEBAEOgzThIIHruY3q5DKwCU3ueUfH4iEDhxnjNp1RLIVIsvwHrQm6U
pPqjxKOqpnEspaZ7DzgYNQi23NxYpGuq4KyMnzIu1T53wEsn/i1KFkoMRs/dS1hi
oqNQhkxiiStJyJ6nvFyYr/rD3j4LDlLxVeTWgTHoBmd5Xupur7/cj/mLB69g0Pk2
H3iVK/S3Jz01o/lrfnkJZTB250kGWEwo2ZTCtpquPBpRI0QWmcxoLeutDsJZMgNx
qc0ouJQDRyGHoVGXPYoAqBJcj5/WgqjGS+MdSYcSiFUIoWvgG8uKr4+G8hlzdVOS
akuV2aI5UD8jl66cHC/S+2kPqKdhd93u6KM=
-----END CERTIFICATE-----
Generated at Thu Feb 19 21:57:40 2026 by rpki-client