Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9152D08/F9C333921D8711EAA9C5B170C4F9AE02/2F3FBD86F3E511EA871E451AC4F9AE02.roa
File: 2F3FBD86F3E511EA871E451AC4F9AE02.roa (raw, json)
Hash identifier: NSiN19F9DGVfcYUbFN/rQVIydHg095Sn7LaHiUWQ8m4=
Subject key identifier: 48:57:EA:53:20:DE:A5:A6:9B:DF:AD:44:A0:0E:72:FD:74:C3:9D:87
Certificate issuer: /CN=A9152D08/serialNumber=34DC20129EAD6F41A7CA2D99C9BD3E7E6033CB88
Certificate serial: 0D0D
Authority key identifier: 34:DC:20:12:9E:AD:6F:41:A7:CA:2D:99:C9:BD:3E:7E:60:33:CB:88
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NNwgEp6tb0Gnyi2Zyb0-fmAzy4g.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9152D08/F9C333921D8711EAA9C5B170C4F9AE02/2F3FBD86F3E511EA871E451AC4F9AE02.roa
Signing time: Mon 02 Mar 2026 14:36:25 +0000
ROA not before: Fri 14 Mar 2025 19:19:08 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 45839
IP address blocks: 101.99.64.0/21 maxlen: 21
101.99.64.0/24 maxlen: 24
101.99.65.0/24 maxlen: 24
101.99.66.0/24 maxlen: 24
101.99.67.0/24 maxlen: 24
101.99.68.0/24 maxlen: 24
101.99.69.0/24 maxlen: 24
101.99.70.0/24 maxlen: 24
101.99.71.0/24 maxlen: 24
101.99.72.0/23 maxlen: 23
101.99.72.0/24 maxlen: 24
101.99.73.0/24 maxlen: 24
101.99.74.0/24 maxlen: 24
101.99.75.0/24 maxlen: 24
101.99.76.0/24 maxlen: 24
101.99.77.0/24 maxlen: 24
101.99.78.0/24 maxlen: 24
101.99.79.0/24 maxlen: 24
101.99.80.0/21 maxlen: 21
101.99.80.0/24 maxlen: 24
101.99.81.0/24 maxlen: 24
101.99.82.0/24 maxlen: 24
101.99.83.0/24 maxlen: 24
101.99.84.0/24 maxlen: 24
101.99.85.0/24 maxlen: 24
101.99.86.0/24 maxlen: 24
101.99.87.0/24 maxlen: 24
101.99.88.0/23 maxlen: 23
101.99.88.0/24 maxlen: 24
101.99.89.0/24 maxlen: 24
101.99.90.0/23 maxlen: 23
101.99.90.0/24 maxlen: 24
101.99.91.0/24 maxlen: 24
101.99.92.0/24 maxlen: 24
101.99.93.0/24 maxlen: 24
101.99.94.0/24 maxlen: 24
101.99.95.0/24 maxlen: 24
103.155.92.0/24 maxlen: 24
103.155.93.0/24 maxlen: 24
111.90.128.0/21 maxlen: 21
111.90.128.0/24 maxlen: 24
111.90.129.0/24 maxlen: 24
111.90.130.0/24 maxlen: 24
111.90.131.0/24 maxlen: 24
111.90.132.0/24 maxlen: 24
111.90.133.0/24 maxlen: 24
111.90.134.0/24 maxlen: 24
111.90.135.0/24 maxlen: 24
111.90.136.0/23 maxlen: 23
111.90.136.0/24 maxlen: 24
111.90.137.0/24 maxlen: 24
111.90.138.0/23 maxlen: 23
111.90.138.0/24 maxlen: 24
111.90.139.0/24 maxlen: 24
111.90.140.0/23 maxlen: 23
111.90.140.0/24 maxlen: 24
111.90.141.0/24 maxlen: 24
111.90.142.0/23 maxlen: 23
111.90.142.0/24 maxlen: 24
111.90.143.0/24 maxlen: 24
111.90.144.0/21 maxlen: 21
111.90.144.0/24 maxlen: 24
111.90.145.0/24 maxlen: 24
111.90.146.0/24 maxlen: 24
111.90.147.0/24 maxlen: 24
111.90.148.0/24 maxlen: 24
111.90.149.0/24 maxlen: 24
111.90.150.0/24 maxlen: 24
111.90.151.0/24 maxlen: 24
111.90.152.0/22 maxlen: 22
111.90.152.0/24 maxlen: 24
111.90.153.0/24 maxlen: 24
111.90.154.0/24 maxlen: 24
111.90.155.0/24 maxlen: 24
111.90.156.0/24 maxlen: 24
111.90.158.0/23 maxlen: 23
111.90.158.0/24 maxlen: 24
111.90.159.0/24 maxlen: 24
124.217.224.0/21 maxlen: 21
124.217.224.0/24 maxlen: 24
124.217.225.0/24 maxlen: 24
124.217.226.0/24 maxlen: 24
124.217.227.0/24 maxlen: 24
124.217.228.0/24 maxlen: 24
124.217.229.0/24 maxlen: 24
124.217.230.0/24 maxlen: 24
124.217.231.0/24 maxlen: 24
124.217.232.0/24 maxlen: 24
124.217.233.0/24 maxlen: 24
124.217.234.0/24 maxlen: 24
124.217.235.0/24 maxlen: 24
124.217.236.0/23 maxlen: 23
124.217.236.0/24 maxlen: 24
124.217.237.0/24 maxlen: 24
124.217.238.0/24 maxlen: 24
124.217.239.0/24 maxlen: 24
124.217.240.0/20 maxlen: 20
124.217.240.0/24 maxlen: 24
124.217.241.0/24 maxlen: 24
124.217.242.0/24 maxlen: 24
124.217.243.0/24 maxlen: 24
124.217.244.0/24 maxlen: 24
124.217.245.0/24 maxlen: 24
124.217.246.0/24 maxlen: 24
124.217.247.0/24 maxlen: 24
124.217.248.0/24 maxlen: 24
124.217.249.0/24 maxlen: 24
124.217.250.0/24 maxlen: 24
124.217.251.0/24 maxlen: 24
124.217.252.0/24 maxlen: 24
124.217.253.0/24 maxlen: 24
124.217.254.0/24 maxlen: 24
124.217.255.0/24 maxlen: 24
2407:6c00:18::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9152D08/F9C333921D8711EAA9C5B170C4F9AE02/NNwgEp6tb0Gnyi2Zyb0-fmAzy4g.crl
rsync://rpki.apnic.net/member_repository/A9152D08/F9C333921D8711EAA9C5B170C4F9AE02/NNwgEp6tb0Gnyi2Zyb0-fmAzy4g.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NNwgEp6tb0Gnyi2Zyb0-fmAzy4g.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 23 Mar 2026 18:23:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3341 (0xd0d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9152D08, serialNumber=34DC20129EAD6F41A7CA2D99C9BD3E7E6033CB88
Validity
Not Before: Mar 14 19:19:08 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=69a5a069-13f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:ce:a7:17:59:f3:cf:4b:cb:70:94:91:2d:aa:
b9:dd:56:e8:df:be:12:1b:96:45:78:a3:9f:e7:69:
a2:d2:e7:b2:e3:e0:71:98:33:87:33:a7:ad:d2:aa:
e8:13:21:43:8e:33:23:a3:43:7d:17:d7:18:27:63:
db:7d:71:f6:8f:8b:bc:7a:40:57:36:c7:23:a6:28:
0c:e7:f4:77:32:4c:e5:aa:65:05:c2:3c:0a:be:23:
6f:d7:3c:e8:8c:3c:ee:9e:2e:8c:09:71:75:69:5a:
d9:26:94:5f:73:56:08:ae:79:97:b2:4c:05:a1:5f:
8c:d3:d8:e4:25:46:ec:c1:ca:d0:00:2e:c4:f8:62:
fb:f3:bb:a4:f9:e6:6b:4c:45:e6:e2:1f:be:ab:da:
a8:3b:30:a3:1b:ef:b1:45:58:ea:98:5e:71:75:ce:
f4:5c:91:62:a2:fb:19:ad:77:1a:87:5a:38:9f:08:
98:04:81:ca:4f:7c:59:96:a1:59:58:02:c2:5b:a1:
26:5a:04:e7:c7:ff:fa:3d:81:09:14:20:eb:c6:fe:
cc:a6:f2:87:35:ee:a4:61:49:cb:a0:cb:c6:e6:00:
7b:c1:db:44:08:26:b7:f6:c7:aa:77:50:9b:77:b1:
c6:b0:29:d8:5d:02:ae:26:62:88:23:d2:01:6d:42:
a2:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:57:EA:53:20:DE:A5:A6:9B:DF:AD:44:A0:0E:72:FD:74:C3:9D:87
X509v3 Authority Key Identifier:
keyid:34:DC:20:12:9E:AD:6F:41:A7:CA:2D:99:C9:BD:3E:7E:60:33:CB:88
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9152D08/F9C333921D8711EAA9C5B170C4F9AE02/NNwgEp6tb0Gnyi2Zyb0-fmAzy4g.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NNwgEp6tb0Gnyi2Zyb0-fmAzy4g.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9152D08/F9C333921D8711EAA9C5B170C4F9AE02/2F3FBD86F3E511EA871E451AC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
101.99.64.0/19
103.155.92.0/23
111.90.128.0-111.90.156.255
111.90.158.0/23
124.217.224.0/19
IPv6:
2407:6c00:18::/48
Signature Algorithm: sha256WithRSAEncryption
87:49:a3:c4:90:47:72:af:eb:4e:b6:cf:8d:ac:dd:e6:64:f6:
c7:c3:90:bd:ec:0b:65:dd:e9:1c:25:f1:71:b7:fb:ad:ce:94:
82:a9:e4:58:63:45:3f:7e:f3:15:d6:a3:7c:c3:2c:8e:00:08:
70:25:9c:9c:36:68:9f:4e:29:ed:9f:fd:46:d2:a4:c3:e7:9e:
42:ff:3a:bb:5f:0d:29:c4:24:71:d7:5d:c9:da:7b:a7:66:cb:
e3:d7:f7:66:92:43:01:7c:2c:d5:1c:ad:d2:1e:0e:5a:4d:7f:
69:66:ca:7d:14:3b:29:00:a2:36:b4:bd:53:92:8a:b9:71:cd:
63:b2:33:94:cb:c1:77:59:39:7f:41:aa:28:16:1d:04:08:b7:
02:26:62:da:e2:8c:58:9e:1f:60:10:2b:05:81:7c:56:88:56:
88:0f:0a:05:b2:73:4e:dd:32:4a:65:03:69:88:4b:b9:b3:f1:
ca:13:a3:c6:dd:ed:94:80:44:e5:ae:9d:a1:b8:b3:ef:84:73:
e7:c3:50:0f:f1:da:ee:ce:e2:ed:35:68:1f:c1:f1:65:4b:d8:
34:e2:5f:da:af:bb:06:32:33:ed:9c:58:b8:df:ac:ec:ba:e0:
60:5a:3b:39:d3:1c:f6:ef:0f:7d:fb:e9:ae:46:de:18:9b:c2:
dc:8d:d2:d0
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgICDQ0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTJEMDgxMTAvBgNVBAUTKDM0REMyMDEyOUVBRDZGNDFBN0NBMkQ5OUM5QkQzRTdF
NjAzM0NCODgwHhcNMjUwMzE0MTkxOTA4WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE1YTA2OS0xM2YxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAp86nF1nzz0vLcJSRLaq53Vbo374SG5ZFeKOf52mi0uey4+BxmDOHM6et0qro
EyFDjjMjo0N9F9cYJ2PbfXH2j4u8ekBXNscjpigM5/R3MkzlqmUFwjwKviNv1zzo
jDzuni6MCXF1aVrZJpRfc1YIrnmXskwFoV+M09jkJUbswcrQAC7E+GL787uk+eZr
TEXm4h++q9qoOzCjG++xRVjqmF5xdc70XJFiovsZrXcah1o4nwiYBIHKT3xZlqFZ
WALCW6EmWgTnx//6PYEJFCDrxv7MpvKHNe6kYUnLoMvG5gB7wdtECCa39seqd1Cb
d7HGsCnYXQKuJmKII9IBbUKibwIDAQABo4ICkTCCAo0wHQYDVR0OBBYEFEhX6lMg
3qWmm9+tRKAOcv10w52HMB8GA1UdIwQYMBaAFDTcIBKerW9Bp8otmcm9Pn5gM8uI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MkQwOC9GOUMzMzM5MjFE
ODcxMUVBQTlDNUIxNzBDNEY5QUUwMi9OTndnRXA2dGIwR255aTJaeWIwLWZtQXp5
NGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL05Od2dFcDZ0YjBHbnlpMlp5YjAtZm1Benk0Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTJEMDgvRjlDMzMzOTIxRDg3MTFFQUE5QzVCMTcwQzRGOUFFMDIvMkYzRkJEODZG
M0U1MTFFQTg3MUU0NTFBQzRGOUFFMDIucm9hMFAGCCsGAQUFBwEHAQH/BEEwPzAs
BAIAATAmAwQFZWNAAwQBZ5tcMAwDBAdvWoADBABvWpwDBAFvWp4DBAV82eAwDwQC
AAIwCQMHACQHbAAAGDANBgkqhkiG9w0BAQsFAAOCAQEAh0mjxJBHcq/rTrbPjazd
5mT2x8OQvewLZd3pHCXxcbf7rc6UgqnkWGNFP37zFdajfMMsjgAIcCWcnDZon04p
7Z/9RtKkw+eeQv86u18NKcQkcdddydp7p2bL49f3ZpJDAXws1Ryt0h4OWk1/aWbK
fRQ7KQCiNrS9U5KKuXHNY7IzlMvBd1k5f0GqKBYdBAi3AiZi2uKMWJ4fYBArBYF8
VohWiA8KBbJzTt0ySmUDaYhLubPxyhOjxt3tlIBE5a6dobiz74Rz58NQD/Ha7s7i
7TVoH8HxZUvYNOJf2q+7BjIz7ZxYuN+s7LrgYFo7OdMc9u8PffvprkbeGJvC3I3S
0A==
-----END CERTIFICATE-----
Generated at Wed Mar 18 00:37:45 2026 by rpki-client