Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/4A749E58172211F189FDCC9B0A3D8C67.roa
File: 4A749E58172211F189FDCC9B0A3D8C67.roa (raw, json)
Hash identifier: RzcmoRDXH4lUW30+jkbpA1M2gdPby4cOnD/HlxW7YUo=
Subject key identifier: E3:63:B3:3D:AA:ED:8E:C5:23:89:DB:09:8B:D1:F5:06:2E:C3:49:96
Certificate issuer: /CN=A915D03A/serialNumber=615ED84C44E657F7095E0212AFEA052C542A0D91
Certificate serial: 1A7C
Authority key identifier: 61:5E:D8:4C:44:E6:57:F7:09:5E:02:12:AF:EA:05:2C:54:2A:0D:91
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YV7YTETmV_cJXgISr-oFLFQqDZE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/4A749E58172211F189FDCC9B0A3D8C67.roa
Signing time: Tue 03 Mar 2026 16:59:07 +0000
ROA not before: Tue 03 Mar 2026 16:59:07 +0000
ROA not after: Tue 02 Mar 2027 00:00:00 +0000
asID: 20940
IP address blocks: 43.254.120.0/22 maxlen: 22
59.151.128.0/18 maxlen: 18
60.254.128.0/18 maxlen: 18
60.254.143.0/24 maxlen: 24
60.254.148.0/24 maxlen: 24
60.254.173.0/24 maxlen: 24
103.238.148.0/22 maxlen: 22
118.214.0.0/16 maxlen: 16
118.214.1.0/24 maxlen: 24
118.214.167.0/24 maxlen: 24
118.214.171.0/24 maxlen: 24
118.214.178.0/24 maxlen: 24
118.214.181.0/24 maxlen: 24
118.214.185.0/24 maxlen: 24
118.214.186.0/24 maxlen: 24
118.214.187.0/24 maxlen: 24
118.214.188.0/23 maxlen: 23
118.214.190.0/24 maxlen: 24
118.215.0.0/17 maxlen: 17
118.215.128.0/18 maxlen: 18
122.252.32.0/19 maxlen: 19
122.252.128.0/20 maxlen: 20
125.56.184.0/24 maxlen: 24
125.56.185.0/24 maxlen: 24
125.56.186.0/24 maxlen: 24
125.56.205.0/24 maxlen: 24
125.56.219.0/24 maxlen: 24
125.56.222.0/24 maxlen: 24
125.252.192.0/18 maxlen: 18
125.252.224.0/24 maxlen: 24
2405:9600::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/YV7YTETmV_cJXgISr-oFLFQqDZE.crl
rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/YV7YTETmV_cJXgISr-oFLFQqDZE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YV7YTETmV_cJXgISr-oFLFQqDZE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 13 Mar 2026 16:17:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6780 (0x1a7c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A915D03A, serialNumber=615ED84C44E657F7095E0212AFEA052C542A0D91
Validity
Not Before: Mar 3 16:59:07 2026 GMT
Not After : Mar 2 00:00:00 2027 GMT
Subject: CN=69a7135b-250b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:0b:c1:6d:9e:a7:2b:42:16:e9:ad:62:87:28:
16:ee:15:3a:10:4c:ec:e7:f6:b1:f2:e4:d4:a8:d3:
0e:07:88:f6:97:75:d2:9d:bb:fe:82:85:d1:1a:73:
71:8d:2e:60:8b:2b:48:e9:43:86:21:79:7a:95:d3:
b0:eb:a2:c4:0f:69:5d:1b:cc:2d:8a:ad:cf:79:e1:
db:9b:e4:e7:19:bf:2c:f3:b4:f8:69:8e:26:21:a1:
32:e7:d8:b4:53:98:2a:04:0b:25:06:68:44:32:fe:
38:5a:53:00:22:10:3f:a0:94:2b:a0:ad:08:50:b3:
bf:d1:70:3c:04:58:70:e5:dc:ec:81:2c:f8:31:8c:
b9:a3:4a:bc:49:3b:ae:99:c2:1b:f9:8b:83:f8:c7:
48:b7:fd:65:74:d0:fa:e2:53:72:0c:55:6b:8e:1b:
6f:62:8f:fe:19:61:67:a3:d4:1c:8b:55:64:a4:6c:
ad:f1:8e:1f:56:be:af:1f:28:7e:9c:69:c3:93:1c:
a1:b6:b5:07:47:28:0f:50:66:1a:68:53:7f:b7:3f:
e0:9d:54:39:eb:01:15:d7:00:ab:7a:b8:a4:1f:0d:
b0:83:f5:ff:6e:fe:d2:9b:56:18:1d:34:00:9c:6a:
6c:05:a7:4c:a8:23:78:f5:36:48:8e:f9:98:a7:f0:
c9:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:63:B3:3D:AA:ED:8E:C5:23:89:DB:09:8B:D1:F5:06:2E:C3:49:96
X509v3 Authority Key Identifier:
keyid:61:5E:D8:4C:44:E6:57:F7:09:5E:02:12:AF:EA:05:2C:54:2A:0D:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/YV7YTETmV_cJXgISr-oFLFQqDZE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YV7YTETmV_cJXgISr-oFLFQqDZE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915D03A/1B647710924611E79AAEBE10C4F9AE02/4A749E58172211F189FDCC9B0A3D8C67.roa
sbgp-ipAddrBlock: critical
IPv4:
43.254.120.0/22
59.151.128.0/18
60.254.128.0/18
103.238.148.0/22
118.214.0.0-118.215.191.255
122.252.32.0/19
122.252.128.0/20
125.56.184.0-125.56.186.255
125.56.205.0/24
125.56.219.0/24
125.56.222.0/24
125.252.192.0/18
IPv6:
2405:9600::/32
Signature Algorithm: sha256WithRSAEncryption
79:02:f7:17:cb:69:d7:dc:f6:94:eb:a0:dd:e0:d8:e9:e5:37:
61:75:26:79:3a:e7:6d:2c:89:7b:18:51:3e:df:83:82:6e:27:
35:0f:0f:38:27:8a:d4:e7:b9:09:31:64:32:52:25:bf:db:62:
86:c6:f0:a0:f0:81:cf:f6:93:90:3f:70:ca:c7:73:80:b9:e8:
ab:f4:71:1a:e8:ad:30:61:27:ad:24:93:76:d4:93:70:a9:c0:
d1:82:be:f9:cd:32:69:f4:3e:1a:e5:68:03:11:94:0c:88:a5:
c2:b9:6d:64:ba:9c:6d:f1:40:bc:69:d2:e6:ec:64:92:88:3f:
cb:cf:be:1a:11:2e:f6:ae:5a:ec:aa:e3:12:94:f7:fc:ad:62:
ed:99:65:f3:0b:4b:fd:20:be:37:fc:9f:1a:30:22:a3:7d:38:
14:4f:a0:3f:b9:c4:b6:1b:62:8d:68:0d:5c:80:56:dc:fa:39:
dd:76:a6:69:a2:90:50:1e:b0:2a:f6:15:79:c0:38:aa:e2:65:
49:cb:a4:28:3b:b5:de:7b:b4:8f:bb:2f:0b:ea:9a:13:1b:1b:
03:7f:84:bb:0f:bd:7e:df:08:b5:66:79:eb:0a:30:42:ae:6e:
8f:96:b9:46:7f:23:e8:f2:5a:d4:0e:b0:e9:b5:0e:4a:9a:92:
0f:4a:f2:69
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgICGnwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUQwM0ExMTAvBgNVBAUTKDYxNUVEODRDNDRFNjU3RjcwOTVFMDIxMkFGRUEwNTJD
NTQyQTBEOTEwHhcNMjYwMzAzMTY1OTA3WhcNMjcwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE3MTM1Yi0yNTBiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArAvBbZ6nK0IW6a1ihygW7hU6EEzs5/ax8uTUqNMOB4j2l3XSnbv+goXRGnNx
jS5giytI6UOGIXl6ldOw66LED2ldG8wtiq3PeeHbm+TnGb8s87T4aY4mIaEy59i0
U5gqBAslBmhEMv44WlMAIhA/oJQroK0IULO/0XA8BFhw5dzsgSz4MYy5o0q8STuu
mcIb+YuD+MdIt/1ldND64lNyDFVrjhtvYo/+GWFno9Qci1VkpGyt8Y4fVr6vHyh+
nGnDkxyhtrUHRygPUGYaaFN/tz/gnVQ56wEV1wCrerikHw2wg/X/bv7Sm1YYHTQA
nGpsBadMqCN49TZIjvmYp/DJiQIDAQABo4ICwDCCArwwHQYDVR0OBBYEFONjsz2q
7Y7FI4nbCYvR9QYuw0mWMB8GA1UdIwQYMBaAFGFe2ExE5lf3CV4CEq/qBSxUKg2R
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1RDAzQS8xQjY0NzcxMDky
NDYxMUU3OUFBRUJFMTBDNEY5QUUwMi9ZVjdZVEVUbVZfY0pYZ0lTci1vRkxGUXFE
WkUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1lWN1lURVRtVl9jSlhnSVNyLW9GTEZRcURaRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUQwM0EvMUI2NDc3MTA5MjQ2MTFFNzlBQUVCRTEwQzRGOUFFMDIvNEE3NDlFNTgx
NzIyMTFGMTg5RkRDQzlCMEEzRDhDNjcucm9hMH8GCCsGAQUFBwEHAQH/BHAwbjBd
BAIAATBXAwQCK/54AwQGO5eAAwQGPP6AAwQCZ+6UMAsDAwF21gMEBnbXgAMEBXr8
IAMEBHr8gDAMAwQDfTi4AwQAfTi6AwQAfTjNAwQAfTjbAwQAfTjeAwQGffzAMA0E
AgACMAcDBQAkBZYAMA0GCSqGSIb3DQEBCwUAA4IBAQB5AvcXy2nX3PaU66Dd4Njp
5TdhdSZ5OudtLIl7GFE+34OCbic1Dw84J4rU57kJMWQyUiW/22KGxvCg8IHP9pOQ
P3DKx3OAueir9HEa6K0wYSetJJN21JNwqcDRgr75zTJp9D4a5WgDEZQMiKXCuW1k
upxt8UC8adLm7GSSiD/Lz74aES72rlrsquMSlPf8rWLtmWXzC0v9IL43/J8aMCKj
fTgUT6A/ucS2G2KNaA1cgFbc+jnddqZpopBQHrAq9hV5wDiq4mVJy6QoO7Xee7SP
uy8L6poTGxsDf4S7D71+3wi1ZnnrCjBCrm6PlrlGfyPo8lrUDrDptQ5KmpIPSvJp
-----END CERTIFICATE-----
Generated at Sat Mar 7 08:37:26 2026 by rpki-client