Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/208652BA35F911EEB45F8B44C4F9AE02.roa
File: 208652BA35F911EEB45F8B44C4F9AE02.roa (raw, json)
Hash identifier: h9+rV5KTh8hiz/Mh+8LSh/6EazAt2Pe7IWwQzS6Asp8=
Subject key identifier: 05:A6:8B:E4:EF:9A:83:FB:29:C4:F7:50:CB:51:F8:27:F5:54:73:C8
Certificate issuer: /CN=A9148D53/serialNumber=FDBD4C0D34492F5CEAE4879E4762796E527007EB
Certificate serial: 026F
Authority key identifier: FD:BD:4C:0D:34:49:2F:5C:EA:E4:87:9E:47:62:79:6E:52:70:07:EB
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_b1MDTRJL1zq5IeeR2J5blJwB-s.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/208652BA35F911EEB45F8B44C4F9AE02.roa
Signing time: Wed 11 Mar 2026 02:37:36 +0000
ROA not before: Wed 11 Mar 2026 02:37:36 +0000
ROA not after: Sat 01 May 2027 00:00:00 +0000
asID: 43519
IP address blocks: 43.230.48.0/24 maxlen: 24
43.230.49.0/24 maxlen: 24
43.230.50.0/24 maxlen: 24
43.230.51.0/24 maxlen: 24
103.49.80.0/24 maxlen: 24
103.49.81.0/24 maxlen: 24
103.49.82.0/24 maxlen: 24
103.49.83.0/24 maxlen: 24
2401:fd80:101::/48 maxlen: 48
2401:fd80:102::/48 maxlen: 48
2401:fd80:103::/48 maxlen: 48
2401:fd80:104::/48 maxlen: 48
2401:fd80:105::/48 maxlen: 48
2401:fd80:106::/48 maxlen: 48
2401:fd80:107::/48 maxlen: 48
2401:fd80:108::/48 maxlen: 48
2401:fd80:1fd::/48 maxlen: 48
2401:fd80:200::/48 maxlen: 48
2401:fd80:2ff::/48 maxlen: 48
2401:fd80:400::/48 maxlen: 48
2401:fd80:401::/48 maxlen: 48
2401:fd80:402::/48 maxlen: 48
2401:fd80:403::/48 maxlen: 48
2401:fd80:404::/48 maxlen: 48
2401:fd80:405::/48 maxlen: 48
2401:fd80:406::/48 maxlen: 48
2401:fd80:407::/48 maxlen: 48
2401:fd80:408::/48 maxlen: 48
2401:fd80:409::/48 maxlen: 48
2401:fd80:4ff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/_b1MDTRJL1zq5IeeR2J5blJwB-s.crl
rsync://rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/_b1MDTRJL1zq5IeeR2J5blJwB-s.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_b1MDTRJL1zq5IeeR2J5blJwB-s.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 01 Apr 2026 02:35:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 623 (0x26f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9148D53, serialNumber=FDBD4C0D34492F5CEAE4879E4762796E527007EB
Validity
Not Before: Mar 11 02:37:36 2026 GMT
Not After : May 1 00:00:00 2027 GMT
Subject: CN=69b0d570-4769
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:66:ce:f6:bb:04:59:5c:09:fa:45:4c:f4:75:
90:1c:31:27:6f:f5:e7:b6:ea:5f:10:0d:95:68:67:
b5:d3:da:49:8f:37:5c:a2:84:33:b8:42:45:92:25:
41:9b:bc:00:89:47:c2:76:0d:57:63:fc:78:44:3d:
eb:f0:8a:c2:c3:ca:52:36:11:ae:d9:0c:67:b8:81:
47:9f:67:a2:e5:19:10:ce:4c:5d:ca:41:94:d6:09:
e7:05:f2:74:ea:63:3c:52:75:f0:b7:9d:cf:e6:d9:
11:ce:9f:bb:5d:7b:3e:12:d7:bb:25:7c:8e:9a:63:
51:24:30:30:08:da:2d:f0:2e:5d:88:43:6e:0b:13:
56:7c:6c:2d:07:38:d4:77:24:6d:af:2f:31:45:a2:
af:da:1a:a0:19:76:c1:25:3d:3e:a9:9e:92:67:ad:
1c:b6:7e:df:7d:1b:71:63:93:a8:62:ab:36:d0:cf:
af:2c:72:0b:5a:ef:33:bb:15:7b:73:ea:0b:c1:65:
b5:06:01:48:99:b6:77:26:da:f7:96:3c:df:21:bc:
8d:12:df:29:ad:48:da:b7:bb:c6:51:36:fc:b1:a0:
d6:db:ba:71:93:dd:3d:49:25:c9:d6:e2:05:46:74:
e4:6a:ca:6d:27:45:44:92:62:5f:e2:71:e6:55:02:
50:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:A6:8B:E4:EF:9A:83:FB:29:C4:F7:50:CB:51:F8:27:F5:54:73:C8
X509v3 Authority Key Identifier:
keyid:FD:BD:4C:0D:34:49:2F:5C:EA:E4:87:9E:47:62:79:6E:52:70:07:EB
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/_b1MDTRJL1zq5IeeR2J5blJwB-s.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_b1MDTRJL1zq5IeeR2J5blJwB-s.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/208652BA35F911EEB45F8B44C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
43.230.48.0/22
103.49.80.0/22
IPv6:
2401:fd80:101::-2401:fd80:108:ffff:ffff:ffff:ffff:ffff
2401:fd80:1fd::/48
2401:fd80:200::/48
2401:fd80:2ff::/48
2401:fd80:400::-2401:fd80:409:ffff:ffff:ffff:ffff:ffff
2401:fd80:4ff::/48
Signature Algorithm: sha256WithRSAEncryption
9f:2f:85:97:10:81:db:50:2f:78:9a:ca:50:dc:60:cb:1e:e3:
c1:57:87:30:79:b4:83:e9:2b:e1:3a:46:97:02:d9:4e:3e:eb:
ce:b0:93:87:69:90:81:fe:c9:67:f8:72:25:9a:02:b1:07:57:
aa:e3:13:d8:e2:fc:1b:6b:a8:a8:d2:1d:ad:3b:21:40:a1:f5:
e9:48:ad:c9:03:12:9a:02:66:a5:1a:6f:ad:13:4a:88:c7:e9:
43:36:fd:e1:74:1d:d5:0e:89:44:e0:e7:d7:11:1c:4b:10:5e:
71:41:38:66:cf:38:26:34:bf:02:7e:a1:c8:31:45:70:47:29:
9f:e8:a2:d3:48:4c:b4:4f:c7:a8:66:c1:ca:29:db:0f:1e:2e:
12:90:21:e0:46:13:ca:60:01:93:60:2a:13:64:95:df:3d:18:
c0:1a:96:1e:6d:8e:bc:ce:9b:65:06:6f:81:9c:cf:8c:fd:fa:
aa:c9:e5:9a:6c:49:6e:fb:ed:91:43:b7:cc:c7:e7:92:f7:08:
dd:dc:83:63:44:93:54:f0:d0:20:ec:c7:6c:37:c6:27:1c:a6:
d9:da:0b:52:d7:a8:b0:aa:61:f2:8d:ff:49:5a:d4:9f:d7:04:
64:b3:f3:f3:df:83:ac:e8:f9:8b:f8:86:db:41:b6:7d:2b:80:
eb:ae:20:18
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgICAm8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhENTMxMTAvBgNVBAUTKEZEQkQ0QzBEMzQ0OTJGNUNFQUU0ODc5RTQ3NjI3OTZF
NTI3MDA3RUIwHhcNMjYwMzExMDIzNzM2WhcNMjcwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWIwZDU3MC00NzY5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAm2bO9rsEWVwJ+kVM9HWQHDEnb/XntupfEA2VaGe109pJjzdcooQzuEJFkiVB
m7wAiUfCdg1XY/x4RD3r8IrCw8pSNhGu2QxnuIFHn2ei5RkQzkxdykGU1gnnBfJ0
6mM8UnXwt53P5tkRzp+7XXs+Ete7JXyOmmNRJDAwCNot8C5diENuCxNWfGwtBzjU
dyRtry8xRaKv2hqgGXbBJT0+qZ6SZ60ctn7ffRtxY5OoYqs20M+vLHILWu8zuxV7
c+oLwWW1BgFImbZ3Jtr3ljzfIbyNEt8prUjat7vGUTb8saDW27pxk909SSXJ1uIF
RnTkasptJ0VEkmJf4nHmVQJQ2QIDAQABo4ICuTCCArUwHQYDVR0OBBYEFAWmi+Tv
moP7KcT3UMtR+Cf1VHPIMB8GA1UdIwQYMBaAFP29TA00SS9c6uSHnkdieW5ScAfr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEQ1My9ENTg2RjhGMDMw
NzExMUVFODU0NkEzMkZDNEY5QUUwMi9fYjFNRFRSSkwxenE1SWVlUjJKNWJsSndC
LXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19iMU1EVFJKTDF6cTVJZWVSMko1YmxKd0Itcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhENTMvRDU4NkY4RjAzMDcxMTFFRTg1NDZBMzJGQzRGOUFFMDIvMjA4NjUyQkEz
NUY5MTFFRUI0NUY4QjQ0QzRGOUFFMDIucm9hMHgGCCsGAQUFBwEHAQH/BGkwZzAS
BAIAATAMAwQCK+YwAwQCZzFQMFEEAgACMEswEgMHACQB/YABAQMHACQB/YABCAMH
ACQB/YAB/QMHACQB/YACAAMHACQB/YAC/zARAwYCJAH9gAQDBwEkAf2ABAgDBwAk
Af2ABP8wDQYJKoZIhvcNAQELBQADggEBAJ8vhZcQgdtQL3iaylDcYMse48FXhzB5
tIPpK+E6RpcC2U4+686wk4dpkIH+yWf4ciWaArEHV6rjE9ji/BtrqKjSHa07IUCh
9elIrckDEpoCZqUab60TSojH6UM2/eF0HdUOiUTg59cRHEsQXnFBOGbPOCY0vwJ+
ocgxRXBHKZ/ootNITLRPx6hmwcop2w8eLhKQIeBGE8pgAZNgKhNkld89GMAalh5t
jrzOm2UGb4Gcz4z9+qrJ5ZpsSW777ZFDt8zH55L3CN3cg2NEk1Tw0CDsx2w3xicc
ptnaC1LXqLCqYfKN/0la1J/XBGSz8/Pfg6zo+Yv4httBtn0rgOuuIBg=
-----END CERTIFICATE-----
Generated at Wed Mar 25 13:38:12 2026 by rpki-client