Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/A508D320BBC711ED8DF23C40C4F9AE02.roa
File: A508D320BBC711ED8DF23C40C4F9AE02.roa (raw, json)
Hash identifier: XiGYQotdStfaaRLDXTyJEgN5O2tsmcN7Z7VvHBR9Ytg=
Subject key identifier: B1:C2:D7:43:D4:8A:75:36:18:2B:39:F6:93:F1:A7:79:CE:A1:DD:C4
Certificate issuer: /CN=A91A57F8/serialNumber=9F64FE50992537FB0B40E52F9CFAC310CA271918
Certificate serial: 028D
Authority key identifier: 9F:64:FE:50:99:25:37:FB:0B:40:E5:2F:9C:FA:C3:10:CA:27:19:18
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n2T-UJklN_sLQOUvnPrDEMonGRg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/A508D320BBC711ED8DF23C40C4F9AE02.roa
Signing time: Sun 29 Mar 2026 02:37:33 +0000
ROA not before: Sun 29 Mar 2026 02:37:33 +0000
ROA not after: Fri 28 May 2027 00:00:00 +0000
asID: 136000
IP address blocks: 103.114.190.0/23 maxlen: 23
103.117.166.0/23 maxlen: 23
103.117.228.0/22 maxlen: 22
103.134.20.0/22 maxlen: 22
103.196.240.0/22 maxlen: 22
103.209.12.0/22 maxlen: 22
118.91.179.0/24 maxlen: 24
118.91.188.0/24 maxlen: 24
124.198.224.0/20 maxlen: 20
202.14.177.0/24 maxlen: 24
202.62.240.0/22 maxlen: 22
202.73.30.0/23 maxlen: 23
203.14.201.0/24 maxlen: 24
203.18.242.0/23 maxlen: 23
203.22.206.0/24 maxlen: 24
203.23.53.0/24 maxlen: 24
203.24.148.0/23 maxlen: 23
203.28.160.0/24 maxlen: 24
203.29.91.0/24 maxlen: 24
203.32.98.0/23 maxlen: 23
203.33.103.0/24 maxlen: 24
203.55.150.0/24 maxlen: 24
203.56.119.0/24 maxlen: 24
203.57.252.0/24 maxlen: 24
203.98.90.0/24 maxlen: 24
203.168.216.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/n2T-UJklN_sLQOUvnPrDEMonGRg.crl
rsync://rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/n2T-UJklN_sLQOUvnPrDEMonGRg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n2T-UJklN_sLQOUvnPrDEMonGRg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 12 Apr 2026 01:58:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 653 (0x28d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91A57F8, serialNumber=9F64FE50992537FB0B40E52F9CFAC310CA271918
Validity
Not Before: Mar 29 02:37:33 2026 GMT
Not After : May 28 00:00:00 2027 GMT
Subject: CN=69c8906d-bd46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:74:48:02:18:2d:00:a7:18:a6:be:5d:1e:f8:
36:c0:fb:69:a5:58:a6:39:d9:fd:88:d8:74:f7:f0:
d1:29:2b:18:02:c8:41:fb:4e:40:1c:6c:86:30:5a:
ed:60:df:37:36:39:8c:63:d6:2f:ed:2e:7e:c0:59:
5c:ec:cb:f0:f0:88:fd:d9:85:ef:51:56:c2:2a:c7:
a0:a4:fd:ff:1e:c0:72:ed:e6:c6:1c:9d:81:be:57:
44:b1:f0:bb:16:19:e6:0c:7e:bf:b1:de:7b:2a:65:
02:5b:4a:23:11:7f:66:c0:f9:3b:da:59:c4:af:87:
97:21:e3:b1:3e:8f:92:bd:7f:44:2d:9e:e2:37:3d:
b3:b6:ca:9e:f6:66:98:f1:ae:dd:5c:e7:0d:82:29:
fb:04:1a:cc:7c:d6:be:7a:e8:8d:32:36:26:b9:b0:
3c:4d:93:6e:c0:b7:dd:f6:83:96:5a:38:a8:5c:57:
3e:fc:ac:c9:ae:6f:e4:a3:20:04:18:a0:41:cb:72:
60:02:51:40:78:5e:c7:a1:e4:e7:14:b8:1b:db:3b:
12:34:c6:8b:bc:06:fa:6a:28:26:ca:be:87:6d:40:
c7:37:e8:c0:f2:9f:34:9a:b4:c9:7f:65:82:29:51:
50:22:bc:d3:92:05:ab:7a:4b:3d:d5:83:a9:54:df:
25:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:C2:D7:43:D4:8A:75:36:18:2B:39:F6:93:F1:A7:79:CE:A1:DD:C4
X509v3 Authority Key Identifier:
keyid:9F:64:FE:50:99:25:37:FB:0B:40:E5:2F:9C:FA:C3:10:CA:27:19:18
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/n2T-UJklN_sLQOUvnPrDEMonGRg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n2T-UJklN_sLQOUvnPrDEMonGRg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A57F8/34509400B97511ED8040DE22C4F9AE02/A508D320BBC711ED8DF23C40C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
103.114.190.0/23
103.117.166.0/23
103.117.228.0/22
103.134.20.0/22
103.196.240.0/22
103.209.12.0/22
118.91.179.0/24
118.91.188.0/24
124.198.224.0/20
202.14.177.0/24
202.62.240.0/22
202.73.30.0/23
203.14.201.0/24
203.18.242.0/23
203.22.206.0/24
203.23.53.0/24
203.24.148.0/23
203.28.160.0/24
203.29.91.0/24
203.32.98.0/23
203.33.103.0/24
203.55.150.0/24
203.56.119.0/24
203.57.252.0/24
203.98.90.0/24
203.168.216.0/22
Signature Algorithm: sha256WithRSAEncryption
4e:9d:22:70:d9:5c:de:db:0e:52:c9:ac:43:9a:57:2a:69:03:
75:5b:ac:ad:4b:f4:d9:a2:2e:cb:ea:42:51:7e:b7:54:f2:34:
cd:35:22:ec:72:9a:3c:44:46:da:b7:d7:f9:ba:1b:77:a6:ee:
49:0d:4f:75:c6:45:4d:e8:f3:70:6f:cd:fa:fa:5b:34:e3:e9:
ab:c0:a8:cf:0e:7d:2b:d9:12:93:6d:41:57:30:22:d1:15:50:
fa:73:1d:05:5d:ff:8f:20:ac:5a:9e:20:ec:04:ec:7c:c2:73:
63:c2:54:85:63:d8:fe:b3:d2:f9:14:26:e2:ad:f1:2a:1a:60:
07:1e:04:91:02:ec:51:34:20:7f:da:d8:f3:d2:b3:8f:8f:a4:
85:6b:25:db:48:3d:3f:5e:2b:47:3f:c8:21:d9:76:9b:6a:05:
e3:a9:2a:d7:34:d4:2e:e7:dd:26:e7:4a:c8:ea:c3:a8:9f:a7:
3a:99:08:a9:8b:9b:cf:27:14:75:98:1c:f9:a0:ce:b6:23:4f:
e9:95:33:40:72:ce:6c:c7:d1:eb:53:95:2c:cb:ab:55:0f:26:
16:2c:a3:a7:c7:fc:fd:ee:59:3e:94:d5:7c:9f:30:89:de:76:
23:f3:c7:ec:1a:d6:72:eb:f0:e9:53:ba:fe:4d:ac:e5:b9:88:
f7:d2:ad:c1
-----BEGIN CERTIFICATE-----
MIIF1zCCBL+gAwIBAgICAo0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU3RjgxMTAvBgNVBAUTKDlGNjRGRTUwOTkyNTM3RkIwQjQwRTUyRjlDRkFDMzEw
Q0EyNzE5MTgwHhcNMjYwMzI5MDIzNzMzWhcNMjcwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OWM4OTA2ZC1iZDQ2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAlHRIAhgtAKcYpr5dHvg2wPtppVimOdn9iNh09/DRKSsYAshB+05AHGyGMFrt
YN83NjmMY9Yv7S5+wFlc7Mvw8Ij92YXvUVbCKsegpP3/HsBy7ebGHJ2BvldEsfC7
FhnmDH6/sd57KmUCW0ojEX9mwPk72lnEr4eXIeOxPo+SvX9ELZ7iNz2ztsqe9maY
8a7dXOcNgin7BBrMfNa+euiNMjYmubA8TZNuwLfd9oOWWjioXFc+/KzJrm/koyAE
GKBBy3JgAlFAeF7HoeTnFLgb2zsSNMaLvAb6aigmyr6HbUDHN+jA8p80mrTJf2WC
KVFQIrzTkgWreks91YOpVN8lRwIDAQABo4IC+zCCAvcwHQYDVR0OBBYEFLHC10PU
inU2GCs59pPxp3nOod3EMB8GA1UdIwQYMBaAFJ9k/lCZJTf7C0DlL5z6wxDKJxkY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTdGOC8zNDUwOTQwMEI5
NzUxMUVEODA0MERFMjJDNEY5QUUwMi9uMlQtVUprbE5fc0xRT1V2blByREVNb25H
UmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL24yVC1VSmtsTl9zTFFPVXZuUHJERU1vbkdSZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU3RjgvMzQ1MDk0MDBCOTc1MTFFRDgwNDBERTIyQzRGOUFFMDIvQTUwOEQzMjBC
QkM3MTFFRDhERjIzQzQwQzRGOUFFMDIucm9hMIG5BggrBgEFBQcBBwEB/wSBqTCB
pjCBowQCAAEwgZwDBAFncr4DBAFndaYDBAJndeQDBAJnhhQDBAJnxPADBAJn0QwD
BAB2W7MDBAB2W7wDBAR8xuADBADKDrEDBALKPvADBAHKSR4DBADLDskDBAHLEvID
BADLFs4DBADLFzUDBAHLGJQDBADLHKADBADLHVsDBAHLIGIDBADLIWcDBADLN5YD
BADLOHcDBADLOfwDBADLYloDBALLqNgwDQYJKoZIhvcNAQELBQADggEBAE6dInDZ
XN7bDlLJrEOaVyppA3VbrK1L9NmiLsvqQlF+t1TyNM01IuxymjxERtq31/m6G3em
7kkNT3XGRU3o83Bvzfr6WzTj6avAqM8OfSvZEpNtQVcwItEVUPpzHQVd/48grFqe
IOwE7HzCc2PCVIVj2P6z0vkUJuKt8SoaYAceBJEC7FE0IH/a2PPSs4+PpIVrJdtI
PT9eK0c/yCHZdptqBeOpKtc01C7n3SbnSsjqw6ifpzqZCKmLm88nFHWYHPmgzrYj
T+mVM0ByzmzH0etTlSzLq1UPJhYso6fH/P3uWT6U1XyfMInediPzx+wa1nLr8OlT
uv5NrOW5iPfSrcE=
-----END CERTIFICATE-----
Generated at Sun Apr 5 23:51:59 2026 by rpki-client