Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/09D19E4C0D4511EBA34AF263C4F9AE02.roa
File: 09D19E4C0D4511EBA34AF263C4F9AE02.roa (raw, json)
Hash identifier: Q8JvrnHiZThbODS3IqFr+YEtOoZ3K6+jgjnxdfsNIYw=
Subject key identifier: BF:A0:8E:55:B1:4E:BE:AD:29:E4:CA:95:DD:D0:E7:24:C3:B5:1E:E8
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: EB51
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/09D19E4C0D4511EBA34AF263C4F9AE02.roa
Signing time: Sun 31 May 2026 17:51:13 +0000
ROA not before: Sun 31 May 2026 17:51:13 +0000
ROA not after: Thu 01 Oct 2026 00:00:00 +0000
asID: 45775
IP address blocks: 27.131.208.0/21 maxlen: 24
43.226.28.0/22 maxlen: 24
43.231.240.0/22 maxlen: 24
43.251.88.0/22 maxlen: 24
45.113.100.0/22 maxlen: 24
45.123.108.0/22 maxlen: 24
45.124.4.0/22 maxlen: 24
45.250.48.0/22 maxlen: 24
103.17.84.0/22 maxlen: 24
103.42.124.0/22 maxlen: 24
103.42.156.0/22 maxlen: 24
103.42.172.0/22 maxlen: 24
103.44.172.0/22 maxlen: 24
103.51.56.0/22 maxlen: 24
103.52.252.0/22 maxlen: 24
103.94.106.0/23 maxlen: 24
103.170.8.0/23 maxlen: 24
103.192.116.0/22 maxlen: 24
103.214.136.0/22 maxlen: 24
103.219.44.0/22 maxlen: 24
110.172.52.0/22 maxlen: 24
113.21.64.0/20 maxlen: 24
139.5.228.0/22 maxlen: 24
180.94.18.0/23 maxlen: 24
223.223.128.0/19 maxlen: 24
2400:85c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 11 Jun 2026 06:09:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 60241 (0xeb51)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 31 17:51:13 2026 GMT
Not After : Oct 1 00:00:00 2026 GMT
Subject: CN=6a1c7511-b1d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:b0:96:f3:1d:cf:45:98:ea:7a:cb:80:71:ac:
73:91:f5:e8:97:91:c2:ce:56:d3:dc:a6:4e:7c:8e:
cb:8d:18:0f:25:d0:2d:7f:b9:94:57:f1:6d:50:ed:
4e:d5:f5:29:c3:bf:b2:da:a2:4b:e6:94:12:4f:00:
ab:9e:a0:ad:3b:a9:99:fd:9a:24:6a:e2:22:2e:4c:
99:61:89:5c:cc:98:d8:35:4b:2a:d5:5e:df:4f:74:
fb:0a:17:f0:c9:cc:7c:3d:fb:c9:2c:7e:19:28:a5:
06:09:30:13:42:ec:25:f8:7d:03:36:ac:49:e1:4c:
2f:e7:4e:37:9f:c5:a5:09:bf:34:21:66:8f:31:da:
13:ee:44:cb:1f:98:c3:d6:13:ce:e1:56:55:4e:25:
6f:cd:2c:6f:bd:cd:ba:89:57:e4:3b:a6:5b:98:54:
e7:27:f0:4d:8d:2a:10:06:dd:7a:a9:7f:be:26:c1:
11:3e:9c:85:ba:af:90:81:00:43:a6:e3:4d:06:64:
aa:3e:12:c4:56:fe:6f:13:af:25:17:3b:60:0e:b9:
05:66:b5:cb:c1:05:85:7d:5a:1c:63:dc:2a:5d:d8:
34:3d:dd:ab:4a:72:0f:19:1f:97:d9:a9:6c:d1:d3:
00:61:07:00:65:ff:66:8d:32:a3:b2:1a:00:f2:75:
7c:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:A0:8E:55:B1:4E:BE:AD:29:E4:CA:95:DD:D0:E7:24:C3:B5:1E:E8
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/09D19E4C0D4511EBA34AF263C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
27.131.208.0/21
43.226.28.0/22
43.231.240.0/22
43.251.88.0/22
45.113.100.0/22
45.123.108.0/22
45.124.4.0/22
45.250.48.0/22
103.17.84.0/22
103.42.124.0/22
103.42.156.0/22
103.42.172.0/22
103.44.172.0/22
103.51.56.0/22
103.52.252.0/22
103.94.106.0/23
103.170.8.0/23
103.192.116.0/22
103.214.136.0/22
103.219.44.0/22
110.172.52.0/22
113.21.64.0/20
139.5.228.0/22
180.94.18.0/23
223.223.128.0/19
IPv6:
2400:85c0::/32
Signature Algorithm: sha256WithRSAEncryption
48:88:a4:6b:49:ae:b2:5f:e2:d6:7c:70:ed:06:c5:03:4f:48:
94:96:61:59:65:f5:86:e0:ed:1a:bb:87:b1:01:1c:14:71:ce:
69:d0:20:b9:49:4f:d6:47:b0:21:e7:72:fc:b6:cb:1f:fa:f7:
6c:bf:15:38:7c:a6:a0:ab:ef:89:49:bc:c5:c0:29:aa:4b:83:
93:9d:64:65:25:e6:a3:75:1b:6a:c4:3a:ee:2b:6e:2d:12:80:
4b:43:bf:dd:3e:c0:bd:55:46:27:2a:a0:98:50:9d:77:89:a6:
98:f3:f8:86:08:d1:bd:6e:b7:da:af:93:f1:d9:0d:ef:82:c7:
88:c5:6f:e0:d5:c6:37:2a:e1:91:1b:f7:70:04:c8:82:59:c3:
41:3e:58:80:34:7a:6a:7e:8e:c2:ac:b4:b8:8b:c6:0f:50:04:
07:04:05:60:3d:90:b3:73:50:56:c5:86:f1:93:f9:2e:1c:a2:
52:c7:7b:9a:11:d5:7b:84:4b:04:79:6f:7e:02:2d:90:bf:66:
97:b1:79:1c:67:fa:bc:20:f0:b5:41:e3:e1:db:86:a3:7a:b4:
00:db:c4:b4:b0:23:a7:60:21:e8:94:d8:0a:d0:5a:d4:a1:8f:
8d:e6:0b:64:80:0c:92:f5:6c:a8:a8:0a:49:40:fa:71:96:86:
bd:02:72:0c
-----BEGIN CERTIFICATE-----
MIIF4TCCBMmgAwIBAgIDAOtRMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI2MDUzMTE3NTExM1oXDTI2MTAwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNmExYzc1MTEtYjFkODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALOwlvMdz0WY6nrLgHGsc5H16JeRws5W09ymTnyOy40YDyXQLX+5lFfxbVDt
TtX1KcO/stqiS+aUEk8Aq56grTupmf2aJGriIi5MmWGJXMyY2DVLKtVe3090+woX
8MnMfD37ySx+GSilBgkwE0LsJfh9AzasSeFML+dON5/FpQm/NCFmjzHaE+5Eyx+Y
w9YTzuFWVU4lb80sb73NuolX5DumW5hU5yfwTY0qEAbdeql/vibBET6chbqvkIEA
Q6bjTQZkqj4SxFb+bxOvJRc7YA65BWa1y8EFhX1aHGPcKl3YND3dq0pyDxkfl9mp
bNHTAGEHAGX/Zo0yo7IaAPJ1fMMCAwEAAaOCAwQwggMAMB0GA1UdDgQWBBS/oI5V
sU6+rSnkypXd0Ockw7Ue6DAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBlgYIKwYBBQUHAQsEgYkwgYYwgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzA5RDE5RTRD
MEQ0NTExRUJBMzRBRjI2M0M0RjlBRTAyLnJvYTCBwgYIKwYBBQUHAQcBAf8EgbIw
ga8wgZ0EAgABMIGWAwQDG4PQAwQCK+IcAwQCK+fwAwQCK/tYAwQCLXFkAwQCLXts
AwQCLXwEAwQCLfowAwQCZxFUAwQCZyp8AwQCZyqcAwQCZyqsAwQCZyysAwQCZzM4
AwQCZzT8AwQBZ15qAwQBZ6oIAwQCZ8B0AwQCZ9aIAwQCZ9ssAwQCbqw0AwQEcRVA
AwQCiwXkAwQBtF4SAwQF39+AMA0EAgACMAcDBQAkAIXAMA0GCSqGSIb3DQEBCwUA
A4IBAQBIiKRrSa6yX+LWfHDtBsUDT0iUlmFZZfWG4O0au4exARwUcc5p0CC5SU/W
R7Ah53L8tssf+vdsvxU4fKagq++JSbzFwCmqS4OTnWRlJeajdRtqxDruK24tEoBL
Q7/dPsC9VUYnKqCYUJ13iaaY8/iGCNG9brfar5Px2Q3vgseIxW/g1cY3KuGRG/dw
BMiCWcNBPliANHpqfo7CrLS4i8YPUAQHBAVgPZCzc1BWxYbxk/kuHKJSx3uaEdV7
hEsEeW9+Ai2Qv2aXsXkcZ/q8IPC1QePh24ajerQA28S0sCOnYCHolNgK0FrUoY+N
5gtkgAyS9WyoqApJQPpxloa9AnIM
-----END CERTIFICATE-----
Generated at Thu Jun 4 10:06:23 2026 by rpki-client