Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/815EF8B470DD11F08E727853C4F9AE02.roa
File: 815EF8B470DD11F08E727853C4F9AE02.roa (raw, json)
Hash identifier: 4s2g/ii9eaZCJDpNgvj9gN6fkndE9J1zfe+i0vICvTo=
Subject key identifier: 95:4D:25:0C:58:E6:8A:F1:86:5A:8C:6C:07:B5:10:ED:79:62:B6:04
Certificate issuer: /CN=A91406AA/serialNumber=315513E54AB0C99B8BCA84042E38358B60DB1B2C
Certificate serial: 087C
Authority key identifier: 31:55:13:E5:4A:B0:C9:9B:8B:CA:84:04:2E:38:35:8B:60:DB:1B:2C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/815EF8B470DD11F08E727853C4F9AE02.roa
Signing time: Sun 01 Mar 2026 18:44:31 +0000
ROA not before: Wed 08 Oct 2025 22:24:38 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 9790
IP address blocks: 60.234.0.0/16 maxlen: 20
101.98.0.0/16 maxlen: 20
101.100.128.0/19 maxlen: 24
103.224.128.0/22 maxlen: 24
103.237.40.0/22 maxlen: 24
110.44.16.0/22 maxlen: 24
118.148.0.0/15 maxlen: 15
118.148.64.0/20 maxlen: 24
118.148.80.0/20 maxlen: 24
118.148.96.0/20 maxlen: 24
118.148.112.0/20 maxlen: 24
118.149.64.0/20 maxlen: 24
118.149.80.0/20 maxlen: 24
118.149.96.0/20 maxlen: 24
118.149.112.0/20 maxlen: 24
119.224.0.0/18 maxlen: 22
119.224.64.0/19 maxlen: 22
119.224.128.0/20 maxlen: 20
121.98.0.0/15 maxlen: 20
202.50.170.0/24 maxlen: 24
202.53.176.0/20 maxlen: 20
202.180.64.0/18 maxlen: 20
202.189.160.0/20 maxlen: 20
202.191.32.0/20 maxlen: 20
203.184.0.0/18 maxlen: 20
2400:4800::/32 maxlen: 32
2402:6000::/32 maxlen: 32
2402:8200::/32 maxlen: 32
2404:4400::/28 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.crl
rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 19 Mar 2026 21:42:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2172 (0x87c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91406AA, serialNumber=315513E54AB0C99B8BCA84042E38358B60DB1B2C
Validity
Not Before: Oct 8 22:24:38 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=69a4890f-c5b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:89:88:da:4a:05:df:b6:a8:39:13:51:c5:af:
a7:41:71:4d:08:55:ae:26:de:3d:45:bd:1b:1b:cc:
71:44:25:71:3b:24:c9:61:01:af:5d:58:14:fe:99:
a8:b5:80:17:f0:8f:7d:4f:f6:6e:d2:5f:7a:bb:c5:
ed:8d:56:53:d2:ff:78:26:40:40:0a:e0:f5:0c:3c:
93:15:b9:5b:39:79:88:87:30:6f:ff:db:73:99:3d:
fd:a2:2f:4b:6c:ad:4d:e7:59:b2:6f:b5:60:a2:ba:
f8:83:e3:b9:18:30:c4:15:04:ce:4b:e6:8f:a9:b5:
f6:b1:79:7b:3e:ca:ef:a9:83:89:ad:23:23:1c:07:
ca:34:f8:20:4c:7e:cb:43:7b:12:e4:0a:fd:64:02:
33:99:66:51:ce:f8:5c:32:18:36:7a:77:d1:a6:21:
0e:6b:f8:3c:bd:95:e7:0e:c9:14:9f:49:99:8e:58:
df:96:79:aa:d5:34:ce:31:d3:9b:9a:7f:65:32:f8:
e9:53:2d:87:eb:0c:69:65:b2:57:0b:6f:cb:de:f8:
a4:b1:f9:e6:d5:5e:d9:1c:ed:be:3a:ec:ff:64:5a:
03:40:c6:12:63:eb:e2:05:52:6b:1b:cc:30:b2:1a:
9b:ef:80:65:9c:78:18:e9:02:c4:68:5f:e5:97:2f:
50:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:4D:25:0C:58:E6:8A:F1:86:5A:8C:6C:07:B5:10:ED:79:62:B6:04
X509v3 Authority Key Identifier:
keyid:31:55:13:E5:4A:B0:C9:9B:8B:CA:84:04:2E:38:35:8B:60:DB:1B:2C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/815EF8B470DD11F08E727853C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
60.234.0.0/16
101.98.0.0/16
101.100.128.0/19
103.224.128.0/22
103.237.40.0/22
110.44.16.0/22
118.148.0.0/15
119.224.0.0-119.224.95.255
119.224.128.0/20
121.98.0.0/15
202.50.170.0/24
202.53.176.0/20
202.180.64.0/18
202.189.160.0/20
202.191.32.0/20
203.184.0.0/18
IPv6:
2400:4800::/32
2402:6000::/32
2402:8200::/32
2404:4400::/28
Signature Algorithm: sha256WithRSAEncryption
3c:4f:35:d8:ce:a7:d5:d4:f4:38:ab:d5:c5:2e:4c:0d:4f:7d:
5e:3e:6e:47:36:44:a4:52:ce:9e:e0:2c:27:a0:47:12:86:0c:
df:5e:d8:18:f0:05:97:f5:8b:1f:aa:17:8b:4e:df:bb:37:01:
0e:75:3a:8b:c9:37:c3:4c:a2:d5:12:e5:b3:10:93:93:85:25:
bc:55:b9:63:7c:e3:d0:76:fa:5d:6f:c9:3e:06:b6:00:68:5d:
23:7c:8c:57:c3:ca:24:07:f3:44:05:3e:f7:35:e2:03:51:7a:
03:c4:d6:64:1b:e6:cc:1c:3b:c5:2f:40:c2:4b:71:e8:e5:44:
8f:39:48:3c:0e:0f:e1:79:e0:39:5f:9f:84:04:a5:dd:b6:79:
47:f4:74:f6:30:74:06:be:7b:2c:a7:be:b5:45:43:6d:b6:06:
48:f2:af:e4:1b:84:5e:80:4f:16:53:84:0e:6f:ac:ba:cf:03:
ac:1b:59:3d:ed:77:00:6b:80:a0:94:09:0b:3d:ad:fc:fd:87:
87:60:72:ae:23:2c:cd:ec:55:05:4a:3a:7d:c3:e0:39:0f:87:
b3:b8:6e:db:ae:2f:88:4d:aa:af:e4:7f:a5:f0:32:57:fd:f0:
1c:a8:c8:06:2a:43:8f:8c:e8:65:f8:d8:45:1e:f6:d5:28:a3:
d2:a9:af:40
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgICCHwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDA2QUExMTAvBgNVBAUTKDMxNTUxM0U1NEFCMEM5OUI4QkNBODQwNDJFMzgzNThC
NjBEQjFCMkMwHhcNMjUxMDA4MjIyNDM4WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0ODkwZi1jNWI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtomI2koF37aoORNRxa+nQXFNCFWuJt49Rb0bG8xxRCVxOyTJYQGvXVgU/pmo
tYAX8I99T/Zu0l96u8XtjVZT0v94JkBACuD1DDyTFblbOXmIhzBv/9tzmT39oi9L
bK1N51myb7Vgorr4g+O5GDDEFQTOS+aPqbX2sXl7PsrvqYOJrSMjHAfKNPggTH7L
Q3sS5Ar9ZAIzmWZRzvhcMhg2enfRpiEOa/g8vZXnDskUn0mZjljflnmq1TTOMdOb
mn9lMvjpUy2H6wxpZbJXC2/L3viksfnm1V7ZHO2+Ouz/ZFoDQMYSY+viBVJrG8ww
shqb74BlnHgY6QLEaF/lly9QXQIDAQABo4IC5DCCAuAwHQYDVR0OBBYEFJVNJQxY
5orxhlqMbAe1EO15YrYEMB8GA1UdIwQYMBaAFDFVE+VKsMmbi8qEBC44NYtg2xss
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MDZBQS84RjVCQjRGODg2
QzExMUVCQkFCMzE4NEJDNEY5QUUwMi9NVlVUNVVxd3ladUx5b1FFTGpnMWkyRGJH
eXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL01WVVQ1VXF3eVp1THlvUUVMamcxaTJEYkd5dy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDA2QUEvOEY1QkI0Rjg4NkMxMTFFQkJBQjMxODRCQzRGOUFFMDIvODE1RUY4QjQ3
MEREMTFGMDhFNzI3ODUzQzRGOUFFMDIucm9hMIGiBggrBgEFBQcBBwEB/wSBkjCB
jzBpBAIAATBjAwMAPOoDAwBlYgMEBWVkgAMEAmfggAMEAmftKAMEAm4sEAMDAXaU
MAsDAwV34AMEBXfgQAMEBHfggAMDAXliAwQAyjKqAwQEyjWwAwQGyrRAAwQEyr2g
AwQEyr8gAwQGy7gAMCIEAgACMBwDBQAkAEgAAwUAJAJgAAMFACQCggADBQQkBEQA
MA0GCSqGSIb3DQEBCwUAA4IBAQA8TzXYzqfV1PQ4q9XFLkwNT31ePm5HNkSkUs6e
4CwnoEcShgzfXtgY8AWX9YsfqheLTt+7NwEOdTqLyTfDTKLVEuWzEJOThSW8Vblj
fOPQdvpdb8k+BrYAaF0jfIxXw8okB/NEBT73NeIDUXoDxNZkG+bMHDvFL0DCS3Ho
5USPOUg8Dg/heeA5X5+EBKXdtnlH9HT2MHQGvnssp761RUNttgZI8q/kG4RegE8W
U4QOb6y6zwOsG1k97XcAa4CglAkLPa38/YeHYHKuIyzN7FUFSjp9w+A5D4ezuG7b
ri+ITaqv5H+l8DJX/fAcqMgGKkOPjOhl+NhFHvbVKKPSqa9A
-----END CERTIFICATE-----
Generated at Fri Mar 13 01:29:21 2026 by rpki-client