Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/490CDADA42F211EBB34A1A60C4F9AE02.roa
File: 490CDADA42F211EBB34A1A60C4F9AE02.roa (raw, json)
Hash identifier: wjZ0YgvtoWlpyPvhaN8mY7U+C0ND4/mjAVT23llbh94=
Subject key identifier: 8D:43:CC:D8:F0:46:6D:E9:2B:08:27:28:48:35:16:B5:44:7D:27:BE
Certificate issuer: /CN=A9116BB8/serialNumber=8AE9CDE10BE0B77F091B0D38EBC1967C8BC0919E
Certificate serial: 07C1
Authority key identifier: 8A:E9:CD:E1:0B:E0:B7:7F:09:1B:0D:38:EB:C1:96:7C:8B:C0:91:9E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iunN4Qvgt38JGw0468GWfIvAkZ4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/490CDADA42F211EBB34A1A60C4F9AE02.roa
Signing time: Sun 01 Mar 2026 17:36:11 +0000
ROA not before: Fri 07 Nov 2025 09:03:53 +0000
ROA not after: Wed 30 Dec 2026 00:00:00 +0000
asID: 138995
IP address blocks: 45.125.216.0/24 maxlen: 24
45.125.217.0/24 maxlen: 24
45.125.218.0/24 maxlen: 24
45.125.219.0/24 maxlen: 24
103.86.64.0/24 maxlen: 24
103.86.65.0/24 maxlen: 24
103.86.66.0/24 maxlen: 24
103.86.67.0/24 maxlen: 24
103.93.46.0/24 maxlen: 24
103.98.112.0/24 maxlen: 24
103.98.114.0/24 maxlen: 24
103.98.115.0/24 maxlen: 24
103.108.185.0/24 maxlen: 24
103.116.132.0/24 maxlen: 24
103.116.133.0/24 maxlen: 24
103.142.244.0/24 maxlen: 24
103.142.245.0/24 maxlen: 24
103.194.104.0/24 maxlen: 24
103.194.105.0/24 maxlen: 24
103.194.106.0/24 maxlen: 24
103.194.107.0/24 maxlen: 24
116.204.176.0/24 maxlen: 24
116.204.177.0/24 maxlen: 24
116.204.178.0/24 maxlen: 24
116.204.179.0/24 maxlen: 24
2001:df1:5f80::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/iunN4Qvgt38JGw0468GWfIvAkZ4.crl
rsync://rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/iunN4Qvgt38JGw0468GWfIvAkZ4.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iunN4Qvgt38JGw0468GWfIvAkZ4.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 29 Mar 2026 21:08:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1985 (0x7c1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9116BB8, serialNumber=8AE9CDE10BE0B77F091B0D38EBC1967C8BC0919E
Validity
Not Before: Nov 7 09:03:53 2025 GMT
Not After : Dec 30 00:00:00 2026 GMT
Subject: CN=69a4790a-417d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:a4:f0:65:af:bb:a3:d3:b3:c1:2c:dd:ce:6f:
74:6d:be:3f:5e:06:f0:44:bc:aa:9c:a8:19:64:1b:
fd:51:0c:1c:f5:e7:fd:7d:b7:06:ee:c8:74:94:06:
0a:2f:6e:0b:7a:0f:83:67:f8:40:d7:b5:ed:f3:f4:
c2:c0:36:f3:ca:fd:45:b1:a6:0d:86:4d:d9:9a:fc:
4c:91:d2:9d:a7:bd:fa:67:f2:d8:4d:a3:79:03:47:
b7:a9:e4:bd:c0:70:7f:c8:f8:3f:94:95:e2:b6:7e:
1e:a5:3f:96:b8:07:e4:69:24:dd:83:40:e3:55:e7:
9e:8e:db:5a:10:fe:be:9e:8f:21:cf:9c:24:82:f2:
6a:23:54:31:01:28:6a:33:41:58:cc:63:ef:eb:76:
93:14:8d:7a:e2:ba:d8:15:47:8b:bc:d7:d6:c1:9c:
93:08:21:bc:59:d9:86:29:37:9d:ed:9f:2f:c5:3e:
1b:2a:c9:2d:5b:df:dd:1a:d5:b5:28:d4:0c:b1:b4:
a4:5a:ad:35:0f:44:a9:39:24:a3:7c:bc:31:d9:60:
d9:2d:4c:39:1d:75:ee:68:96:76:68:a0:60:aa:42:
cc:8f:d6:e6:9a:15:09:24:9f:25:f1:2b:e3:46:0b:
52:df:50:76:d7:e3:8d:14:10:d4:ab:71:84:97:2c:
83:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:43:CC:D8:F0:46:6D:E9:2B:08:27:28:48:35:16:B5:44:7D:27:BE
X509v3 Authority Key Identifier:
keyid:8A:E9:CD:E1:0B:E0:B7:7F:09:1B:0D:38:EB:C1:96:7C:8B:C0:91:9E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/iunN4Qvgt38JGw0468GWfIvAkZ4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iunN4Qvgt38JGw0468GWfIvAkZ4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/490CDADA42F211EBB34A1A60C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
45.125.216.0/22
103.86.64.0/22
103.93.46.0/24
103.98.112.0/24
103.98.114.0/23
103.108.185.0/24
103.116.132.0/23
103.142.244.0/23
103.194.104.0/22
116.204.176.0/22
IPv6:
2001:df1:5f80::/48
Signature Algorithm: sha256WithRSAEncryption
37:84:d6:5f:d2:97:a1:66:04:da:b5:96:9d:be:d0:03:0f:cc:
4f:02:08:20:50:1e:af:59:2d:b0:c7:a1:7e:9c:1a:b5:ef:d0:
df:61:06:e8:51:46:a4:10:87:bf:04:76:fa:2d:0b:83:f9:2c:
e8:ab:c8:22:64:72:a6:bd:7f:f5:97:be:7e:c2:27:3b:a9:42:
9c:17:e7:dd:fa:c0:9a:48:90:32:8b:9f:0a:5c:93:3c:f7:44:
11:a6:e0:7a:b4:4a:63:0f:09:16:f2:14:f2:47:a6:92:04:79:
37:89:01:62:dd:87:c1:1e:10:57:9b:94:3a:38:2a:8a:2b:fa:
ae:57:d2:6c:78:32:e2:fb:d4:ff:33:46:b9:88:1b:07:5c:9f:
f0:14:4f:45:b1:b8:de:9a:65:dd:7a:77:cd:1d:64:ee:0a:d2:
c2:53:2a:c8:76:b6:1f:2a:17:ce:47:44:ee:83:eb:d4:6a:f7:
ac:61:6f:a9:d1:29:b8:b1:61:0b:e8:5c:82:9f:b7:b8:4e:28:
49:5a:28:43:25:5b:eb:87:5b:a5:62:63:c5:1e:56:e3:0f:e3:
71:86:81:4f:f9:fa:02:2b:6f:64:11:87:eb:ae:c6:60:77:da:
6e:a0:42:2a:d2:8e:51:91:b1:17:71:b0:35:94:e3:1e:ea:7a:
12:78:b0:0c
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICB8EwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTZCQjgxMTAvBgNVBAUTKDhBRTlDREUxMEJFMEI3N0YwOTFCMEQzOEVCQzE5NjdD
OEJDMDkxOUUwHhcNMjUxMTA3MDkwMzUzWhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NzkwYS00MTdkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1qTwZa+7o9OzwSzdzm90bb4/XgbwRLyqnKgZZBv9UQwc9ef9fbcG7sh0lAYK
L24Leg+DZ/hA17Xt8/TCwDbzyv1FsaYNhk3ZmvxMkdKdp736Z/LYTaN5A0e3qeS9
wHB/yPg/lJXitn4epT+WuAfkaSTdg0DjVeeejttaEP6+no8hz5wkgvJqI1QxAShq
M0FYzGPv63aTFI164rrYFUeLvNfWwZyTCCG8WdmGKTed7Z8vxT4bKsktW9/dGtW1
KNQMsbSkWq01D0SpOSSjfLwx2WDZLUw5HXXuaJZ2aKBgqkLMj9bmmhUJJJ8l8Svj
RgtS31B21+ONFBDUq3GElyyDJQIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFI1DzNjw
Rm3pKwgnKEg1FrVEfSe+MB8GA1UdIwQYMBaAFIrpzeEL4Ld/CRsNOOvBlnyLwJGe
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExNkJCOC8zOURDRjc1NDQy
RjAxMUVCOEEwOUM3NUFDNEY5QUUwMi9pdW5ONFF2Z3QzOEpHdzA0NjhHV2ZJdkFr
WjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2l1bk40UXZndDM4Skd3MDQ2OEdXZkl2QWtaNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTZCQjgvMzlEQ0Y3NTQ0MkYwMTFFQjhBMDlDNzVBQzRGOUFFMDIvNDkwQ0RBREE0
MkYyMTFFQkIzNEExQTYwQzRGOUFFMDIucm9hMGYGCCsGAQUFBwEHAQH/BFcwVTBC
BAIAATA8AwQCLX3YAwQCZ1ZAAwQAZ10uAwQAZ2JwAwQBZ2JyAwQAZ2y5AwQBZ3SE
AwQBZ470AwQCZ8JoAwQCdMywMA8EAgACMAkDBwAgAQ3xX4AwDQYJKoZIhvcNAQEL
BQADggEBADeE1l/Sl6FmBNq1lp2+0AMPzE8CCCBQHq9ZLbDHoX6cGrXv0N9hBuhR
RqQQh78EdvotC4P5LOiryCJkcqa9f/WXvn7CJzupQpwX5936wJpIkDKLnwpckzz3
RBGm4Hq0SmMPCRbyFPJHppIEeTeJAWLdh8EeEFeblDo4Koor+q5X0mx4MuL71P8z
RrmIGwdcn/AUT0WxuN6aZd16d80dZO4K0sJTKsh2th8qF85HRO6D69Rq96xhb6nR
KbixYQvoXIKft7hOKElaKEMlW+uHW6ViY8UeVuMP43GGgU/5+gIrb2QRh+uuxmB3
2m6gQirSjlGRsRdxsDWU4x7qehJ4sAw=
-----END CERTIFICATE-----
Generated at Mon Mar 23 23:46:19 2026 by rpki-client