Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa
File: 24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa (raw, json)
Hash identifier: E2CQi6oTfKgWGUq+5LhIiRMa0J8bfUlXMa7YQA5fKvE=
Subject key identifier: A7:A7:56:E4:99:45:81:1B:A4:B0:89:4A:16:4C:3E:0D:EC:C0:66:0C
Certificate issuer: /CN=A9123E38/serialNumber=D54BF399BE1B659B132314B821933A20BA38B96A
Certificate serial: 1797
Authority key identifier: D5:4B:F3:99:BE:1B:65:9B:13:23:14:B8:21:93:3A:20:BA:38:B9:6A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa
Signing time: Thu 28 May 2026 17:19:51 +0000
ROA not before: Thu 28 May 2026 17:19:51 +0000
ROA not after: Fri 30 Jul 2027 00:00:00 +0000
asID: 24337
IP address blocks: 103.228.252.0/24 maxlen: 24
103.228.253.0/24 maxlen: 24
103.228.254.0/24 maxlen: 24
103.228.255.0/24 maxlen: 24
139.5.156.0/22 maxlen: 22
139.5.156.0/24 maxlen: 24
139.5.157.0/24 maxlen: 24
139.5.158.0/24 maxlen: 24
139.5.159.0/24 maxlen: 24
141.164.96.0/20 maxlen: 20
141.164.96.0/24 maxlen: 24
141.164.97.0/24 maxlen: 24
141.164.98.0/24 maxlen: 24
141.164.99.0/24 maxlen: 24
141.164.103.0/24 maxlen: 24
141.164.104.0/24 maxlen: 24
141.164.105.0/24 maxlen: 24
141.164.107.0/24 maxlen: 24
141.164.108.0/24 maxlen: 24
141.164.109.0/24 maxlen: 24
141.164.110.0/24 maxlen: 24
141.164.111.0/24 maxlen: 24
202.123.176.0/21 maxlen: 21
202.123.176.0/24 maxlen: 24
202.123.177.0/24 maxlen: 24
202.123.178.0/24 maxlen: 24
202.123.179.0/24 maxlen: 24
202.123.180.0/24 maxlen: 24
202.123.181.0/24 maxlen: 24
202.123.182.0/24 maxlen: 24
202.123.183.0/24 maxlen: 24
2400:c180::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.crl
rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 09 Jun 2026 15:18:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6039 (0x1797)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9123E38, serialNumber=D54BF399BE1B659B132314B821933A20BA38B96A
Validity
Not Before: May 28 17:19:51 2026 GMT
Not After : Jul 30 00:00:00 2027 GMT
Subject: CN=6a187937-c096
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:01:2a:4f:ab:b8:62:99:9e:25:c6:9d:15:d6:
99:a9:e5:a8:15:4b:2e:7f:66:14:fa:94:d8:21:ae:
0b:1b:ec:4d:ca:47:4b:05:3d:3a:f5:77:11:8e:9e:
8e:95:7a:cc:e4:59:66:3a:69:50:32:11:7b:35:dc:
c3:52:78:85:07:e9:df:7a:a7:d0:d9:78:55:af:e6:
ed:2e:04:13:e1:6b:9c:40:1f:60:27:b4:ca:56:89:
3b:dd:41:80:23:17:75:6d:d5:27:80:9f:28:81:72:
14:a8:95:42:4c:28:9b:d2:f9:f8:94:63:30:e3:5e:
26:ef:22:20:4b:af:5f:e3:74:1b:0f:89:c7:19:9f:
98:d1:61:8e:05:f5:ae:7c:bf:5d:c5:c9:5e:94:84:
f5:f0:09:a2:19:6d:ea:ba:92:2a:3c:19:03:8d:af:
61:ad:68:7e:bb:4d:77:9c:b1:f7:c8:02:6a:6f:da:
4a:a1:37:e6:ca:76:34:3f:2f:98:c3:6d:f9:78:b5:
85:18:5d:aa:b1:bf:53:b9:3b:5b:d6:01:44:36:2a:
ad:b1:80:83:31:96:ff:ef:04:2f:c5:de:9f:ec:15:
c9:bd:1b:da:1d:39:be:ab:d2:19:f5:98:91:9a:50:
a5:d9:b1:c0:84:33:3e:27:60:a0:78:d9:08:e8:fc:
93:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:A7:56:E4:99:45:81:1B:A4:B0:89:4A:16:4C:3E:0D:EC:C0:66:0C
X509v3 Authority Key Identifier:
keyid:D5:4B:F3:99:BE:1B:65:9B:13:23:14:B8:21:93:3A:20:BA:38:B9:6A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1Uvzmb4bZZsTIxS4IZM6ILo4uWo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9123E38/A1087D3600EA11E8BC93B16BC4F9AE02/24CFDABE00EC11E8AAC4DD6EC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
103.228.252.0/22
139.5.156.0/22
141.164.96.0/20
202.123.176.0/21
IPv6:
2400:c180::/32
Signature Algorithm: sha256WithRSAEncryption
28:3d:2c:9d:8f:6d:10:de:50:75:ca:d2:6f:b7:83:87:a1:02:
2e:00:62:24:00:13:1b:be:79:eb:6e:06:c6:0c:10:93:e9:9e:
8e:7f:46:9a:e4:34:48:1b:4a:43:e5:ad:ff:7f:b8:32:dd:20:
9c:8f:93:4d:04:32:c3:c4:68:8a:f2:96:95:67:9f:38:59:dc:
de:78:7c:85:fe:7a:e2:f6:79:84:f8:1c:67:e3:84:72:d6:25:
09:75:49:06:d3:e1:92:69:7a:ae:0d:98:4e:c5:6d:1b:11:3a:
2c:ca:a7:a2:a6:58:5b:d8:f1:a1:e5:12:a6:47:c5:58:dd:e6:
ca:b1:56:79:6d:4c:60:99:77:5c:91:f9:b6:32:1b:cf:8a:95:
0a:a1:7f:ea:db:16:ab:b4:ac:4e:75:32:4c:22:25:13:4d:34:
c2:63:e3:2e:75:3d:f1:0a:07:96:97:e4:e2:2c:15:e8:27:4f:
5f:4e:58:bd:8c:5c:18:1f:94:93:ed:65:61:ea:87:f1:08:06:
27:06:14:1f:89:5b:15:5c:61:35:c8:88:24:56:93:ea:5a:0a:
16:1c:ae:4d:6e:1a:64:ac:85:4d:9f:9a:39:cb:9a:a3:05:06:
9a:98:c8:73:19:3d:25:3d:97:cc:99:77:9c:ae:e8:2d:b5:c0:
63:d6:71:76
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgICF5cwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjNFMzgxMTAvBgNVBAUTKEQ1NEJGMzk5QkUxQjY1OUIxMzIzMTRCODIxOTMzQTIw
QkEzOEI5NkEwHhcNMjYwNTI4MTcxOTUxWhcNMjcwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTE4NzkzNy1jMDk2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzQEqT6u4YpmeJcadFdaZqeWoFUsuf2YU+pTYIa4LG+xNykdLBT069XcRjp6O
lXrM5FlmOmlQMhF7NdzDUniFB+nfeqfQ2XhVr+btLgQT4WucQB9gJ7TKVok73UGA
Ixd1bdUngJ8ogXIUqJVCTCib0vn4lGMw414m7yIgS69f43QbD4nHGZ+Y0WGOBfWu
fL9dxclelIT18AmiGW3qupIqPBkDja9hrWh+u013nLH3yAJqb9pKoTfmynY0Py+Y
w235eLWFGF2qsb9TuTtb1gFENiqtsYCDMZb/7wQvxd6f7BXJvRvaHTm+q9IZ9ZiR
mlCl2bHAhDM+J2CgeNkI6PyTGwIDAQABo4ICgTCCAn0wHQYDVR0OBBYEFKenVuSZ
RYEbpLCJShZMPg3swGYMMB8GA1UdIwQYMBaAFNVL85m+G2WbEyMUuCGTOiC6OLlq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyM0UzOC9BMTA4N0QzNjAw
RUExMUU4QkM5M0IxNkJDNEY5QUUwMi8xVXZ6bWI0Ylpac1RJeFM0SVpNNklMbzR1
V28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzFVdnptYjRiWlpzVEl4UzRJWk02SUxvNHVXby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjNFMzgvQTEwODdEMzYwMEVBMTFFOEJDOTNCMTZCQzRGOUFFMDIvMjRDRkRBQkUw
MEVDMTFFOEFBQzRERDZFQzRGOUFFMDIucm9hMEAGCCsGAQUFBwEHAQH/BDEwLzAe
BAIAATAYAwQCZ+T8AwQCiwWcAwQEjaRgAwQDynuwMA0EAgACMAcDBQAkAMGAMA0G
CSqGSIb3DQEBCwUAA4IBAQAoPSydj20Q3lB1ytJvt4OHoQIuAGIkABMbvnnrbgbG
DBCT6Z6Of0aa5DRIG0pD5a3/f7gy3SCcj5NNBDLDxGiK8paVZ584WdzeeHyF/nri
9nmE+Bxn44Ry1iUJdUkG0+GSaXquDZhOxW0bETosyqeiplhb2PGh5RKmR8VY3ebK
sVZ5bUxgmXdckfm2MhvPipUKoX/q2xartKxOdTJMIiUTTTTCY+MudT3xCgeWl+Ti
LBXoJ09fTli9jFwYH5ST7WVh6ofxCAYnBhQfiVsVXGE1yIgkVpPqWgoWHK5Nbhpk
rIVNn5o5y5qjBQaamMhzGT0lPZfMmXecrugttcBj1nF2
-----END CERTIFICATE-----
Generated at Tue Jun 2 22:09:44 2026 by rpki-client