Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9158EC4/45064790E5B111EE9E35C333C4F9AE02/2805F2D6E5B511EEB34EF35AC4F9AE02.roa
File: 2805F2D6E5B511EEB34EF35AC4F9AE02.roa (raw, json)
Hash identifier: xQmsVP4QLFQ4i3YXyMm0tpulZSIAm9nn/IhZaNrB5cU=
Subject key identifier: B5:9F:E8:82:B2:6F:FE:53:26:DD:4B:9F:86:78:0C:F1:01:3C:0A:C3
Certificate issuer: /CN=A9158EC4/serialNumber=5324065A613D2D1078179C6216371CCC6A77507A
Certificate serial: 0175
Authority key identifier: 53:24:06:5A:61:3D:2D:10:78:17:9C:62:16:37:1C:CC:6A:77:50:7A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UyQGWmE9LRB4F5xiFjcczGp3UHo.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9158EC4/45064790E5B111EE9E35C333C4F9AE02/2805F2D6E5B511EEB34EF35AC4F9AE02.roa
Signing time: Mon 02 Mar 2026 14:58:39 +0000
ROA not before: Mon 05 May 2025 04:41:22 +0000
ROA not after: Thu 30 Jul 2026 00:00:00 +0000
asID: 7131
IP address blocks: 43.247.60.0/22 maxlen: 22
43.247.60.0/24 maxlen: 24
43.247.61.0/24 maxlen: 24
43.247.62.0/24 maxlen: 24
43.247.63.0/24 maxlen: 24
103.3.240.0/22 maxlen: 22
103.3.240.0/24 maxlen: 24
103.3.241.0/24 maxlen: 24
103.3.242.0/24 maxlen: 24
103.3.243.0/24 maxlen: 24
202.123.128.0/19 maxlen: 19
202.123.128.0/24 maxlen: 24
202.123.129.0/24 maxlen: 24
202.123.130.0/24 maxlen: 24
202.123.131.0/24 maxlen: 24
202.123.132.0/24 maxlen: 24
202.123.133.0/24 maxlen: 24
202.123.134.0/24 maxlen: 24
202.123.135.0/24 maxlen: 24
202.123.136.0/24 maxlen: 24
202.123.137.0/24 maxlen: 24
202.123.138.0/24 maxlen: 24
202.123.139.0/24 maxlen: 24
202.123.140.0/24 maxlen: 24
202.123.141.0/24 maxlen: 24
202.123.142.0/24 maxlen: 24
202.123.143.0/24 maxlen: 24
202.123.144.0/24 maxlen: 24
202.123.145.0/24 maxlen: 24
202.123.146.0/24 maxlen: 24
202.123.147.0/24 maxlen: 24
202.123.148.0/24 maxlen: 24
202.123.149.0/24 maxlen: 24
202.123.150.0/24 maxlen: 24
202.123.151.0/24 maxlen: 24
202.123.152.0/24 maxlen: 24
202.123.153.0/24 maxlen: 24
202.123.154.0/24 maxlen: 24
202.123.155.0/24 maxlen: 24
202.123.156.0/24 maxlen: 24
202.123.157.0/24 maxlen: 24
202.123.158.0/24 maxlen: 24
202.123.159.0/24 maxlen: 24
2401:58c0::/32 maxlen: 32
2401:58c0::/36 maxlen: 36
2401:58c0:1000::/36 maxlen: 36
2401:58c0:2000::/36 maxlen: 36
2401:58c0:3000::/36 maxlen: 36
2401:58c0:4000::/36 maxlen: 36
2401:58c0:5000::/36 maxlen: 36
2401:58c0:6000::/36 maxlen: 36
2401:58c0:7000::/36 maxlen: 36
2401:58c0:8000::/36 maxlen: 36
2401:58c0:9000::/36 maxlen: 36
2401:58c0:a000::/36 maxlen: 36
2401:58c0:b000::/36 maxlen: 36
2401:58c0:c000::/36 maxlen: 36
2401:58c0:d000::/36 maxlen: 36
2401:58c0:e000::/36 maxlen: 36
2401:58c0:f000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9158EC4/45064790E5B111EE9E35C333C4F9AE02/UyQGWmE9LRB4F5xiFjcczGp3UHo.crl
rsync://rpki.apnic.net/member_repository/A9158EC4/45064790E5B111EE9E35C333C4F9AE02/UyQGWmE9LRB4F5xiFjcczGp3UHo.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UyQGWmE9LRB4F5xiFjcczGp3UHo.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 30 Mar 2026 03:51:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 373 (0x175)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9158EC4, serialNumber=5324065A613D2D1078179C6216371CCC6A77507A
Validity
Not Before: May 5 04:41:22 2025 GMT
Not After : Jul 30 00:00:00 2026 GMT
Subject: CN=69a5a59f-672b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:ba:30:44:98:91:39:f1:23:24:e8:73:3e:4c:
c3:91:5b:f0:96:3e:7e:e5:a2:78:7b:6e:c4:13:5f:
5b:40:88:99:f7:de:6c:40:49:61:9c:ab:a4:3c:4b:
3e:03:09:4c:e1:1f:36:26:a3:b8:ef:e8:80:a3:64:
35:44:03:e0:14:52:1a:e0:01:6e:94:c7:69:e4:c1:
03:ed:3e:7c:53:88:c7:80:d6:7c:61:fd:d2:75:f1:
de:00:9a:65:39:17:97:c3:59:9a:b5:81:22:12:74:
11:cb:23:f4:50:b0:75:31:86:2a:c3:ef:17:3e:6d:
4f:e2:03:22:14:1e:16:c9:8a:33:d7:67:e0:12:3a:
17:ea:db:48:34:c8:29:7d:eb:b0:b7:a3:6e:fe:5d:
9c:e1:de:b1:be:18:87:9d:8c:ff:99:f6:5e:2e:3a:
4f:ff:9e:af:1f:94:6f:7f:83:5e:21:14:ee:00:76:
b6:14:0b:45:e6:77:bb:cd:2c:01:c0:ee:dc:02:9b:
6f:69:f7:ff:26:fa:31:fa:49:aa:f1:48:21:48:3b:
bb:4f:e1:11:3a:da:a7:53:03:08:92:1e:b7:88:76:
a4:b0:63:30:9e:3e:57:ac:41:0f:2d:a8:04:93:29:
87:2f:d6:c4:08:84:d6:66:af:28:81:c3:0f:13:19:
56:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:9F:E8:82:B2:6F:FE:53:26:DD:4B:9F:86:78:0C:F1:01:3C:0A:C3
X509v3 Authority Key Identifier:
keyid:53:24:06:5A:61:3D:2D:10:78:17:9C:62:16:37:1C:CC:6A:77:50:7A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9158EC4/45064790E5B111EE9E35C333C4F9AE02/UyQGWmE9LRB4F5xiFjcczGp3UHo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UyQGWmE9LRB4F5xiFjcczGp3UHo.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9158EC4/45064790E5B111EE9E35C333C4F9AE02/2805F2D6E5B511EEB34EF35AC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
43.247.60.0/22
103.3.240.0/22
202.123.128.0/19
IPv6:
2401:58c0::/32
Signature Algorithm: sha256WithRSAEncryption
c0:37:c6:e4:90:f2:80:3b:ec:c8:9f:aa:89:64:13:7f:d5:99:
9a:7b:ca:c1:a6:84:27:63:c8:5c:21:74:56:3c:8f:d6:4c:5b:
ef:fe:44:55:95:19:ca:6f:10:c2:0b:24:2c:b7:dd:3d:74:b3:
8a:b5:fa:d6:de:9e:06:59:f6:f5:97:3e:43:71:b5:ab:f3:42:
91:be:1a:63:06:57:1d:8a:9a:c6:79:77:6f:2d:8b:80:d4:b3:
79:54:9d:ef:46:2c:85:1d:2a:6f:44:e9:14:99:11:de:ef:a4:
ee:0b:f8:8a:53:1c:6a:9b:7d:e5:26:fd:de:49:79:3b:80:26:
e8:36:99:1b:a7:32:04:91:13:a5:11:fa:9a:96:30:0b:ff:c1:
48:2e:e5:ad:c3:02:36:92:fc:f4:d4:4c:af:45:0b:aa:65:be:
81:a7:17:72:6f:40:ef:e9:16:49:67:a2:55:00:13:79:9b:1a:
87:66:e6:d6:79:61:d3:64:17:6f:10:12:ba:68:c5:ff:59:4f:
52:f0:45:27:fb:e9:d2:52:fb:14:38:41:8f:30:e8:40:b6:93:
d6:18:7b:e8:f5:cf:0b:1c:25:82:35:bd:88:c1:11:ab:35:5e:
5f:19:02:36:f8:21:da:78:69:fd:3b:e7:4b:4b:7a:b5:a4:c6:
b5:35:ca:e7
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgICAXUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NThFQzQxMTAvBgNVBAUTKDUzMjQwNjVBNjEzRDJEMTA3ODE3OUM2MjE2MzcxQ0ND
NkE3NzUwN0EwHhcNMjUwNTA1MDQ0MTIyWhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE1YTU5Zi02NzJiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtrowRJiROfEjJOhzPkzDkVvwlj5+5aJ4e27EE19bQIiZ995sQElhnKukPEs+
AwlM4R82JqO47+iAo2Q1RAPgFFIa4AFulMdp5MED7T58U4jHgNZ8Yf3SdfHeAJpl
OReXw1matYEiEnQRyyP0ULB1MYYqw+8XPm1P4gMiFB4WyYoz12fgEjoX6ttINMgp
feuwt6Nu/l2c4d6xvhiHnYz/mfZeLjpP/56vH5Rvf4NeIRTuAHa2FAtF5ne7zSwB
wO7cAptvaff/Jvox+kmq8UghSDu7T+EROtqnUwMIkh63iHaksGMwnj5XrEEPLagE
kymHL9bECITWZq8ogcMPExlWeQIDAQABo4ICezCCAncwHQYDVR0OBBYEFLWf6IKy
b/5TJt1Ln4Z4DPEBPArDMB8GA1UdIwQYMBaAFFMkBlphPS0QeBecYhY3HMxqd1B6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1OEVDNC80NTA2NDc5MEU1
QjExMUVFOUUzNUMzMzNDNEY5QUUwMi9VeVFHV21FOUxSQjRGNXhpRmpjY3pHcDNV
SG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1V5UUdXbUU5TFJCNEY1eGlGamNjekdwM1VIby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NThFQzQvNDUwNjQ3OTBFNUIxMTFFRTlFMzVDMzMzQzRGOUFFMDIvMjgwNUYyRDZF
NUI1MTFFRUIzNEVGMzVBQzRGOUFFMDIucm9hMDoGCCsGAQUFBwEHAQH/BCswKTAY
BAIAATASAwQCK/c8AwQCZwPwAwQFynuAMA0EAgACMAcDBQAkAVjAMA0GCSqGSIb3
DQEBCwUAA4IBAQDAN8bkkPKAO+zIn6qJZBN/1Zmae8rBpoQnY8hcIXRWPI/WTFvv
/kRVlRnKbxDCCyQst909dLOKtfrW3p4GWfb1lz5DcbWr80KRvhpjBlcdiprGeXdv
LYuA1LN5VJ3vRiyFHSpvROkUmRHe76TuC/iKUxxqm33lJv3eSXk7gCboNpkbpzIE
kROlEfqaljAL/8FILuWtwwI2kvz01EyvRQuqZb6Bpxdyb0Dv6RZJZ6JVABN5mxqH
ZubWeWHTZBdvEBK6aMX/WU9S8EUn++nSUvsUOEGPMOhAtpPWGHvo9c8LHCWCNb2I
wRGrNV5fGQI2+CHaeGn9O+dLS3q1pMa1Ncrn
-----END CERTIFICATE-----
Generated at Tue Mar 24 11:17:26 2026 by rpki-client