Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/FE049DEA388A11F183CE8CB4BD833773.roa
File: FE049DEA388A11F183CE8CB4BD833773.roa (raw, json)
Hash identifier: QOIemw/HISMf7K7R7L6ExA4QboBl+gtPbctyFK4ASoo=
Subject key identifier: 5B:0E:52:CC:CB:AF:32:31:A2:E7:0E:4F:D2:B5:FB:D1:23:64:05:17
Certificate issuer: /CN=A91406AA/serialNumber=315513E54AB0C99B8BCA84042E38358B60DB1B2C
Certificate serial: 08A9
Authority key identifier: 31:55:13:E5:4A:B0:C9:9B:8B:CA:84:04:2E:38:35:8B:60:DB:1B:2C
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/FE049DEA388A11F183CE8CB4BD833773.roa
Signing time: Tue 28 Apr 2026 03:25:25 +0000
ROA not before: Tue 28 Apr 2026 03:25:25 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 9790
IP address blocks: 60.234.0.0/16 maxlen: 20
101.98.0.0/16 maxlen: 20
101.100.128.0/19 maxlen: 24
103.224.128.0/22 maxlen: 24
103.237.40.0/22 maxlen: 24
110.44.16.0/22 maxlen: 24
118.148.0.0/15 maxlen: 15
118.148.64.0/20 maxlen: 24
118.148.80.0/20 maxlen: 24
118.148.96.0/20 maxlen: 24
118.148.112.0/20 maxlen: 24
118.148.128.0/21 maxlen: 24
118.148.136.0/22 maxlen: 24
118.148.192.0/22 maxlen: 24
118.149.64.0/20 maxlen: 24
118.149.80.0/20 maxlen: 24
118.149.96.0/20 maxlen: 24
118.149.112.0/20 maxlen: 24
119.224.0.0/18 maxlen: 22
119.224.64.0/19 maxlen: 22
119.224.128.0/20 maxlen: 20
121.98.0.0/15 maxlen: 20
202.50.170.0/24 maxlen: 24
202.53.176.0/20 maxlen: 20
202.180.64.0/18 maxlen: 20
202.189.160.0/20 maxlen: 20
202.191.32.0/20 maxlen: 20
203.184.0.0/18 maxlen: 20
2400:4800::/32 maxlen: 32
2402:6000::/32 maxlen: 32
2402:8200::/32 maxlen: 32
2404:4400::/28 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.crl
rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 05 May 2026 22:25:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2217 (0x8a9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91406AA, serialNumber=315513E54AB0C99B8BCA84042E38358B60DB1B2C
Validity
Not Before: Apr 28 03:25:25 2026 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=69f028a5-0d69
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:9a:f0:43:71:b3:4f:fe:09:d3:f3:42:ed:66:
41:f9:94:52:1d:f7:28:b6:29:0a:3f:cb:56:0a:e6:
61:14:ea:d0:80:fc:7c:e1:b6:05:e0:a4:22:c8:db:
87:c5:94:3a:32:b7:8a:d1:ad:14:05:cf:a9:17:cc:
8c:c3:91:23:b1:5d:35:57:42:04:be:0e:1e:1e:2a:
d5:51:b1:9d:6a:34:6a:06:bb:77:73:d9:4c:73:d2:
a5:ad:9d:9e:0a:05:d2:68:01:9c:86:82:0b:36:22:
e5:57:1b:6e:6d:25:46:e0:37:25:0d:1d:94:3b:a5:
d2:cf:77:1a:82:0f:0f:29:18:79:22:d9:90:f6:43:
bf:86:ea:69:41:c9:c6:2e:83:05:44:8d:42:c9:10:
68:5c:ff:17:a9:60:b0:25:6e:8a:45:14:9b:c6:6b:
bd:cb:a5:06:2f:09:ea:9b:d3:59:a8:bc:6f:df:ff:
2e:46:96:6c:1f:1b:75:4e:2f:7c:2c:74:22:f6:05:
f0:a9:15:9c:26:c6:33:02:b9:1f:f4:5b:c0:11:2e:
96:49:ee:3b:4e:a7:ba:c8:ad:3f:51:ec:a9:ba:8b:
34:60:da:f8:ce:a1:99:05:fe:d3:d4:0f:f6:11:da:
34:07:ae:02:9c:f7:f6:4f:dd:f7:d5:6b:ac:76:f0:
06:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:0E:52:CC:CB:AF:32:31:A2:E7:0E:4F:D2:B5:FB:D1:23:64:05:17
X509v3 Authority Key Identifier:
keyid:31:55:13:E5:4A:B0:C9:9B:8B:CA:84:04:2E:38:35:8B:60:DB:1B:2C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/FE049DEA388A11F183CE8CB4BD833773.roa
sbgp-ipAddrBlock: critical
IPv4:
60.234.0.0/16
101.98.0.0/16
101.100.128.0/19
103.224.128.0/22
103.237.40.0/22
110.44.16.0/22
118.148.0.0/15
119.224.0.0-119.224.95.255
119.224.128.0/20
121.98.0.0/15
202.50.170.0/24
202.53.176.0/20
202.180.64.0/18
202.189.160.0/20
202.191.32.0/20
203.184.0.0/18
IPv6:
2400:4800::/32
2402:6000::/32
2402:8200::/32
2404:4400::/28
Signature Algorithm: sha256WithRSAEncryption
55:54:af:d9:ef:2e:7f:7f:75:d0:93:90:3e:4a:28:01:5d:66:
4f:22:a3:d2:e3:b2:0c:61:b1:3d:a5:09:16:d0:a0:a9:7a:3c:
38:5c:3b:a4:40:7b:b1:e4:ae:bf:08:d7:c4:1d:10:14:5b:58:
59:c7:82:14:0f:8c:52:35:c0:8d:c3:3d:09:43:41:4f:a6:58:
0c:a0:2e:65:43:6d:bd:fe:49:76:f3:88:85:16:76:7b:3d:7f:
af:fa:d7:82:ca:48:cc:d9:ef:29:ac:3c:4b:db:8c:de:7e:32:
44:0b:1b:22:97:35:61:eb:6f:62:11:35:34:f1:04:25:e2:3f:
22:53:d8:7d:4f:90:fd:b7:71:9f:18:8d:5d:60:5d:fb:f9:c0:
39:d9:b4:d2:7a:2a:7f:ad:ca:74:45:45:7d:74:9f:e6:6e:8d:
84:e4:96:53:0d:c7:39:89:46:bc:b4:7b:75:65:4f:61:57:7c:
18:6f:d7:84:dc:e0:56:d5:fb:83:88:6a:1a:d5:3d:e4:49:c3:
b8:67:77:2c:b5:a9:00:95:bf:bb:8e:ac:2d:19:b0:f6:b6:52:
20:36:16:0b:b3:d8:3c:67:55:47:91:67:fc:52:6a:a9:01:fd:
be:1c:86:89:48:4b:a3:fc:86:65:dc:18:3f:31:69:7e:a1:64:
b9:46:2b:f5
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgICCKkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDA2QUExMTAvBgNVBAUTKDMxNTUxM0U1NEFCMEM5OUI4QkNBODQwNDJFMzgzNThC
NjBEQjFCMkMwHhcNMjYwNDI4MDMyNTI1WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWYwMjhhNS0wZDY5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0JrwQ3GzT/4J0/NC7WZB+ZRSHfcotikKP8tWCuZhFOrQgPx84bYF4KQiyNuH
xZQ6MreK0a0UBc+pF8yMw5EjsV01V0IEvg4eHirVUbGdajRqBrt3c9lMc9KlrZ2e
CgXSaAGchoILNiLlVxtubSVG4DclDR2UO6XSz3cagg8PKRh5ItmQ9kO/huppQcnG
LoMFRI1CyRBoXP8XqWCwJW6KRRSbxmu9y6UGLwnqm9NZqLxv3/8uRpZsHxt1Ti98
LHQi9gXwqRWcJsYzArkf9FvAES6WSe47Tqe6yK0/Ueypuos0YNr4zqGZBf7T1A/2
Edo0B64CnPf2T9331WusdvAG9QIDAQABo4IC5DCCAuAwHQYDVR0OBBYEFFsOUszL
rzIxoucOT9K1+9EjZAUXMB8GA1UdIwQYMBaAFDFVE+VKsMmbi8qEBC44NYtg2xss
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MDZBQS84RjVCQjRGODg2
QzExMUVCQkFCMzE4NEJDNEY5QUUwMi9NVlVUNVVxd3ladUx5b1FFTGpnMWkyRGJH
eXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL01WVVQ1VXF3eVp1THlvUUVMamcxaTJEYkd5dy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDA2QUEvOEY1QkI0Rjg4NkMxMTFFQkJBQjMxODRCQzRGOUFFMDIvRkUwNDlERUEz
ODhBMTFGMTgzQ0U4Q0I0QkQ4MzM3NzMucm9hMIGiBggrBgEFBQcBBwEB/wSBkjCB
jzBpBAIAATBjAwMAPOoDAwBlYgMEBWVkgAMEAmfggAMEAmftKAMEAm4sEAMDAXaU
MAsDAwV34AMEBXfgQAMEBHfggAMDAXliAwQAyjKqAwQEyjWwAwQGyrRAAwQEyr2g
AwQEyr8gAwQGy7gAMCIEAgACMBwDBQAkAEgAAwUAJAJgAAMFACQCggADBQQkBEQA
MA0GCSqGSIb3DQEBCwUAA4IBAQBVVK/Z7y5/f3XQk5A+SigBXWZPIqPS47IMYbE9
pQkW0KCpejw4XDukQHux5K6/CNfEHRAUW1hZx4IUD4xSNcCNwz0JQ0FPplgMoC5l
Q229/kl284iFFnZ7PX+v+teCykjM2e8prDxL24zefjJECxsilzVh629iETU08QQl
4j8iU9h9T5D9t3GfGI1dYF37+cA52bTSeip/rcp0RUV9dJ/mbo2E5JZTDcc5iUa8
tHt1ZU9hV3wYb9eE3OBW1fuDiGoa1T3kScO4Z3cstakAlb+7jqwtGbD2tlIgNhYL
s9g8Z1VHkWf8UmqpAf2+HIaJSEuj/IZl3Bg/MWl+oWS5Riv1
-----END CERTIFICATE-----
Generated at Wed Apr 29 11:14:59 2026 by rpki-client