Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/002DDDC22B9D11EA92F3094CC4F9AE02.roa
File: 002DDDC22B9D11EA92F3094CC4F9AE02.roa (raw, json)
Hash identifier: bcFMpQtRC/rqeGP9esVeD25xYCU2sXQbGEoW2r6Fpqw=
Subject key identifier: 7C:5E:86:CB:9F:EB:7D:32:6A:3F:59:49:47:C3:F7:69:8F:FA:D0:78
Certificate issuer: /CN=A91722A3/serialNumber=7085B5B4549ACDB5B6C2704C85BA788760F88A27
Certificate serial: 0C28
Authority key identifier: 70:85:B5:B4:54:9A:CD:B5:B6:C2:70:4C:85:BA:78:87:60:F8:8A:27
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cIW1tFSazbW2wnBMhbp4h2D4iic.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/002DDDC22B9D11EA92F3094CC4F9AE02.roa
Signing time: Tue 31 Mar 2026 19:23:45 +0000
ROA not before: Tue 31 Mar 2026 19:23:45 +0000
ROA not after: Fri 28 May 2027 00:00:00 +0000
asID: 133421
IP address blocks: 45.117.236.0/22 maxlen: 22
45.117.236.0/24 maxlen: 24
45.117.237.0/24 maxlen: 24
45.117.238.0/24 maxlen: 24
45.117.239.0/24 maxlen: 24
101.78.16.0/20 maxlen: 20
101.78.16.0/24 maxlen: 24
101.78.17.0/24 maxlen: 24
101.78.18.0/24 maxlen: 24
101.78.19.0/24 maxlen: 24
101.78.20.0/24 maxlen: 24
101.78.21.0/24 maxlen: 24
101.78.22.0/24 maxlen: 24
101.78.23.0/24 maxlen: 24
101.78.24.0/24 maxlen: 24
101.78.25.0/24 maxlen: 24
101.78.26.0/24 maxlen: 24
101.78.27.0/24 maxlen: 24
101.78.28.0/24 maxlen: 24
101.78.29.0/24 maxlen: 24
101.78.30.0/24 maxlen: 24
101.78.31.0/24 maxlen: 24
103.228.56.0/22 maxlen: 22
103.228.56.0/24 maxlen: 24
103.228.57.0/24 maxlen: 24
103.228.58.0/24 maxlen: 24
103.228.59.0/24 maxlen: 24
2403:1380::/32 maxlen: 32
2403:1380:1::/48 maxlen: 48
2403:1380:2::/48 maxlen: 48
2403:1380:3::/48 maxlen: 48
2403:1380:11::/48 maxlen: 48
2403:1380:12::/48 maxlen: 48
2403:1380:1380::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/cIW1tFSazbW2wnBMhbp4h2D4iic.crl
rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/cIW1tFSazbW2wnBMhbp4h2D4iic.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cIW1tFSazbW2wnBMhbp4h2D4iic.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 11 Apr 2026 18:37:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3112 (0xc28)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91722A3, serialNumber=7085B5B4549ACDB5B6C2704C85BA788760F88A27
Validity
Not Before: Mar 31 19:23:45 2026 GMT
Not After : May 28 00:00:00 2027 GMT
Subject: CN=69cc1f40-dd02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:0f:53:37:56:9f:7a:61:ee:ef:38:96:aa:c5:
86:7c:a5:e8:12:56:f6:4b:82:2b:47:3e:97:b6:3a:
31:9d:f3:00:e3:ef:a7:04:3c:66:0e:d2:a1:26:c4:
f5:09:35:00:34:52:87:ae:e9:a4:47:a1:d6:28:05:
d1:ca:b5:9e:e8:ec:4e:4c:d0:df:e1:09:37:ee:4a:
19:a8:e9:0f:0e:97:99:8a:63:00:1f:c1:01:07:01:
0c:46:65:a5:b6:4a:9b:5a:82:f9:01:d4:a2:5e:2c:
ed:ec:e6:f9:e6:f9:24:e9:01:fd:bb:71:2b:2f:07:
e1:c9:22:c1:38:7b:38:71:ac:a8:b3:8d:80:4a:d1:
c3:97:cc:06:fd:c1:06:a1:9b:92:a1:d6:b3:ce:4d:
c2:d3:22:38:22:0a:48:61:65:1b:d8:24:20:33:cf:
14:86:30:18:e2:8f:a0:43:1e:03:41:ca:56:a7:b8:
26:9d:0a:9b:88:7b:4e:33:31:b1:4b:e9:91:43:e6:
e7:0d:75:4a:de:67:bb:2b:5f:13:ef:2e:00:08:cd:
05:85:59:ba:d3:74:1d:60:a9:46:d5:c3:8d:16:f5:
b8:c1:a7:44:ee:48:58:b6:f5:d8:b0:61:77:bc:6d:
e7:19:02:f9:25:8f:b5:57:0f:4d:82:80:8b:b0:b5:
35:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:5E:86:CB:9F:EB:7D:32:6A:3F:59:49:47:C3:F7:69:8F:FA:D0:78
X509v3 Authority Key Identifier:
keyid:70:85:B5:B4:54:9A:CD:B5:B6:C2:70:4C:85:BA:78:87:60:F8:8A:27
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/cIW1tFSazbW2wnBMhbp4h2D4iic.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cIW1tFSazbW2wnBMhbp4h2D4iic.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91722A3/C02D85DE2B9B11EA972CDF46C4F9AE02/002DDDC22B9D11EA92F3094CC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
45.117.236.0/22
101.78.16.0/20
103.228.56.0/22
IPv6:
2403:1380::/32
Signature Algorithm: sha256WithRSAEncryption
c9:ae:7c:dd:ba:d4:d2:bd:16:bf:c9:61:f5:fc:1d:f9:04:c7:
a4:13:74:cf:c9:8f:05:8c:62:9b:ca:0e:80:50:b8:03:a9:77:
a5:72:60:72:52:ca:b4:b1:bc:f7:d1:ea:41:27:1b:0c:f3:cb:
0f:cd:6f:84:01:eb:bf:d1:2f:9e:e9:52:64:c7:29:de:cf:1f:
42:6b:e3:a0:a7:92:5f:bd:70:80:c4:b9:cb:02:1b:a7:d5:4d:
93:41:c1:de:5f:68:99:d1:fb:06:d5:79:d5:8e:7c:e6:4d:da:
d2:63:ea:cb:ba:7c:2e:f3:a1:12:40:50:27:a4:d2:e2:c7:4c:
ea:16:3a:3f:94:8e:ce:04:b2:70:9f:bf:45:bd:71:00:2d:d7:
2f:54:05:65:49:e2:6a:4b:dc:d4:f7:98:66:ab:1b:68:24:a9:
8a:d7:be:b1:8c:e7:95:d6:bd:00:c2:73:48:99:15:72:e5:5c:
0f:6d:f1:e0:63:2c:15:f1:24:67:da:27:8c:bd:dc:ab:a0:d4:
b3:b9:c7:5d:fe:29:8b:8e:27:7e:ec:b0:a9:98:95:71:4e:a9:
ec:04:df:6f:b3:be:28:bf:2a:27:c8:59:a3:de:4a:2d:c0:07:
8e:a2:bc:c2:ac:34:ed:b5:e2:62:48:38:97:89:64:44:55:8e:
9a:67:2c:1d
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgICDCgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzIyQTMxMTAvBgNVBAUTKDcwODVCNUI0NTQ5QUNEQjVCNkMyNzA0Qzg1QkE3ODg3
NjBGODhBMjcwHhcNMjYwMzMxMTkyMzQ1WhcNMjcwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OWNjMWY0MC1kZDAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzA9TN1afemHu7ziWqsWGfKXoElb2S4IrRz6XtjoxnfMA4++nBDxmDtKhJsT1
CTUANFKHrumkR6HWKAXRyrWe6OxOTNDf4Qk37koZqOkPDpeZimMAH8EBBwEMRmWl
tkqbWoL5AdSiXizt7Ob55vkk6QH9u3ErLwfhySLBOHs4cayos42AStHDl8wG/cEG
oZuSodazzk3C0yI4IgpIYWUb2CQgM88UhjAY4o+gQx4DQcpWp7gmnQqbiHtOMzGx
S+mRQ+bnDXVK3me7K18T7y4ACM0FhVm603QdYKlG1cONFvW4wadE7khYtvXYsGF3
vG3nGQL5JY+1Vw9NgoCLsLU1/QIDAQABo4ICezCCAncwHQYDVR0OBBYEFHxehsuf
630yaj9ZSUfD92mP+tB4MB8GA1UdIwQYMBaAFHCFtbRUms21tsJwTIW6eIdg+Ion
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MjJBMy9DMDJEODVERTJC
OUIxMUVBOTcyQ0RGNDZDNEY5QUUwMi9jSVcxdEZTYXpiVzJ3bkJNaGJwNGgyRDRp
aWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NJVzF0RlNhemJXMnduQk1oYnA0aDJENGlpYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzIyQTMvQzAyRDg1REUyQjlCMTFFQTk3MkNERjQ2QzRGOUFFMDIvMDAyREREQzIy
QjlEMTFFQTkyRjMwOTRDQzRGOUFFMDIucm9hMDoGCCsGAQUFBwEHAQH/BCswKTAY
BAIAATASAwQCLXXsAwQEZU4QAwQCZ+Q4MA0EAgACMAcDBQAkAxOAMA0GCSqGSIb3
DQEBCwUAA4IBAQDJrnzdutTSvRa/yWH1/B35BMekE3TPyY8FjGKbyg6AULgDqXel
cmByUsq0sbz30epBJxsM88sPzW+EAeu/0S+e6VJkxynezx9Ca+Ogp5JfvXCAxLnL
Ahun1U2TQcHeX2iZ0fsG1XnVjnzmTdrSY+rLunwu86ESQFAnpNLix0zqFjo/lI7O
BLJwn79FvXEALdcvVAVlSeJqS9zU95hmqxtoJKmK176xjOeV1r0AwnNImRVy5VwP
bfHgYywV8SRn2ieMvdyroNSzucdd/imLjid+7LCpmJVxTqnsBN9vs74ovyonyFmj
3kotwAeOorzCrDTtteJiSDiXiWREVY6aZywd
-----END CERTIFICATE-----
Generated at Sun Apr 5 21:10:26 2026 by rpki-client