Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/DE0ECF302D4011EF874DEA36C4F9AE02.roa
File: DE0ECF302D4011EF874DEA36C4F9AE02.roa (raw, json)
Hash identifier: wJ9yTnGGIJWdFWMx/9xlzlzFp4967eEXZyEAcksveps=
Subject key identifier: 70:8C:E3:77:0C:BB:59:3B:83:FD:16:82:F9:9E:95:E0:76:F3:0F:9E
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: E35A
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/DE0ECF302D4011EF874DEA36C4F9AE02.roa
Signing time: Sun 31 May 2026 16:44:48 +0000
ROA not before: Sun 31 May 2026 16:44:48 +0000
ROA not after: Thu 01 Oct 2026 00:00:00 +0000
asID: 134877
IP address blocks: 103.91.60.0/24 maxlen: 24
103.110.236.0/22 maxlen: 24
103.124.152.0/23 maxlen: 24
103.143.108.0/24 maxlen: 24
103.148.33.0/24 maxlen: 24
103.153.10.0/23 maxlen: 24
103.154.35.0/24 maxlen: 24
103.154.204.0/23 maxlen: 24
103.154.238.0/23 maxlen: 24
103.155.32.0/23 maxlen: 24
103.156.170.0/23 maxlen: 24
103.163.232.0/23 maxlen: 24
103.168.182.0/23 maxlen: 24
103.180.223.0/24 maxlen: 24
103.207.0.0/22 maxlen: 24
103.213.1.0/24 maxlen: 24
103.213.2.0/23 maxlen: 24
103.231.116.0/22 maxlen: 24
113.30.168.0/22 maxlen: 24
210.16.84.0/22 maxlen: 24
2404:d940::/32 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 11 Jun 2026 06:09:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 58202 (0xe35a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: May 31 16:44:48 2026 GMT
Not After : Oct 1 00:00:00 2026 GMT
Subject: CN=6a1c6580-a5f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:6b:50:18:02:b1:cd:03:d1:a9:52:cd:6b:d3:
83:b6:84:a6:13:9c:37:52:ff:bb:2c:ce:45:02:cc:
3f:30:3c:83:4a:08:9e:1e:35:3f:99:68:2b:6e:2f:
4d:0b:84:a2:e2:f9:ea:97:a5:2e:29:0a:24:a0:c7:
84:d3:ff:92:7f:87:20:f9:13:e4:0f:be:0b:a7:fd:
1f:72:8c:d6:66:f5:f4:d1:c7:4e:f4:66:c9:23:e3:
d5:83:53:d9:dd:24:35:7c:63:f0:ad:16:d0:42:09:
b6:3b:a7:76:c8:e2:cb:28:06:95:88:d7:11:ce:b1:
9a:07:bd:14:98:c9:54:9f:bf:17:1f:29:ef:34:1b:
48:b0:41:77:ba:a5:2d:dd:2d:5f:d4:36:11:d2:81:
81:6e:69:c5:8d:59:db:3b:6f:d8:57:2c:9d:7e:1f:
f4:bb:99:89:be:04:b2:44:71:95:42:97:33:0c:29:
7d:e6:44:ed:3d:87:16:7d:00:d4:bc:b4:ba:14:a8:
d0:ec:9a:44:41:eb:9c:f1:0c:ad:c5:b5:0a:22:0b:
d3:99:6e:61:f0:99:87:f2:f4:3d:85:08:2a:23:ef:
4b:cd:83:be:a5:99:12:ea:e1:e5:7a:44:6e:da:50:
f1:11:aa:34:20:a1:51:45:be:f6:1e:a0:ca:db:3b:
5a:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:8C:E3:77:0C:BB:59:3B:83:FD:16:82:F9:9E:95:E0:76:F3:0F:9E
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/DE0ECF302D4011EF874DEA36C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
103.91.60.0/24
103.110.236.0/22
103.124.152.0/23
103.143.108.0/24
103.148.33.0/24
103.153.10.0/23
103.154.35.0/24
103.154.204.0/23
103.154.238.0/23
103.155.32.0/23
103.156.170.0/23
103.163.232.0/23
103.168.182.0/23
103.180.223.0/24
103.207.0.0/22
103.213.1.0-103.213.3.255
103.231.116.0/22
113.30.168.0/22
210.16.84.0/22
IPv6:
2404:d940::/32
Signature Algorithm: sha256WithRSAEncryption
5d:62:30:e7:1d:37:c9:34:0c:25:69:14:b6:9d:53:fe:1f:9e:
7a:a0:7b:02:6f:b6:0d:a4:96:fa:1f:31:8c:d0:9a:a2:ff:21:
ce:45:cf:10:b0:fe:3b:b4:bf:0b:0a:50:2d:cf:72:b7:4c:85:
ca:91:8b:3e:a8:40:2d:25:ae:79:68:34:d4:98:42:53:0b:d5:
7a:03:ff:8f:f7:97:22:b5:4e:79:a2:64:94:0b:3c:31:ad:84:
f6:61:c6:a7:71:0d:16:0f:15:e7:2c:e4:9c:e3:3a:df:37:78:
87:be:82:0d:e3:20:af:c0:44:06:86:06:71:9c:1d:b9:4e:d1:
6e:5f:4a:ad:20:4d:88:65:32:84:2a:bb:6e:11:c4:fd:a4:d0:
11:df:0d:4c:64:dc:a2:c5:64:8c:7b:ae:cf:2a:57:7a:94:4c:
4a:fa:1a:c5:df:6d:73:40:60:ef:2c:2f:63:ee:ac:22:f0:5e:
02:d3:c2:bd:ed:c9:0a:48:29:c0:cf:90:6c:90:69:e3:ff:63:
44:50:c3:a9:8c:1f:ae:11:b4:f7:f9:b8:93:9d:cd:9e:5f:43:
73:8a:62:98:39:1a:69:b1:ef:e0:87:2b:d9:91:9b:cc:23:fa:
fb:2e:87:1c:65:78:1d:ff:bb:56:26:21:66:fb:37:a4:bc:b1:
a4:11:d8:44
-----BEGIN CERTIFICATE-----
MIIFxDCCBKygAwIBAgIDAONaMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI2MDUzMTE2NDQ0OFoXDTI2MTAwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNmExYzY1ODAtYTVmOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKRrUBgCsc0D0alSzWvTg7aEphOcN1L/uyzORQLMPzA8g0oInh41P5loK24v
TQuEouL56pelLikKJKDHhNP/kn+HIPkT5A++C6f9H3KM1mb19NHHTvRmySPj1YNT
2d0kNXxj8K0W0EIJtjundsjiyygGlYjXEc6xmge9FJjJVJ+/Fx8p7zQbSLBBd7ql
Ld0tX9Q2EdKBgW5pxY1Z2ztv2FcsnX4f9LuZib4EskRxlUKXMwwpfeZE7T2HFn0A
1Ly0uhSo0OyaREHrnPEMrcW1CiIL05luYfCZh/L0PYUIKiPvS82DvqWZEurh5XpE
btpQ8RGqNCChUUW+9h6gyts7Wn0CAwEAAaOCAucwggLjMB0GA1UdDgQWBBRwjON3
DLtZO4P9FoL5npXgdvMPnjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBlgYIKwYBBQUHAQsEgYkwgYYwgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0RFMEVDRjMw
MkQ0MDExRUY4NzRERUEzNkM0RjlBRTAyLnJvYTCBpQYIKwYBBQUHAQcBAf8EgZUw
gZIwgYAEAgABMHoDBABnWzwDBAJnbuwDBAFnfJgDBABnj2wDBABnlCEDBAFnmQoD
BABnmiMDBAFnmswDBAFnmu4DBAFnmyADBAFnnKoDBAFno+gDBAFnqLYDBABntN8D
BAJnzwAwDAMEAGfVAQMEAmfVAAMEAmfndAMEAnEeqAMEAtIQVDANBAIAAjAHAwUA
JATZQDANBgkqhkiG9w0BAQsFAAOCAQEAXWIw5x03yTQMJWkUtp1T/h+eeqB7Am+2
DaSW+h8xjNCaov8hzkXPELD+O7S/CwpQLc9yt0yFypGLPqhALSWueWg01JhCUwvV
egP/j/eXIrVOeaJklAs8Ma2E9mHGp3ENFg8V5yzknOM63zd4h76CDeMgr8BEBoYG
cZwduU7Rbl9KrSBNiGUyhCq7bhHE/aTQEd8NTGTcosVkjHuuzypXepRMSvoaxd9t
c0Bg7ywvY+6sIvBeAtPCve3JCkgpwM+QbJBp4/9jRFDDqYwfrhG09/m4k53Nnl9D
c4pimDkaabHv4Icr2ZGbzCP6+y6HHGV4Hf+7ViYhZvs3pLyxpBHYRA==
-----END CERTIFICATE-----
Generated at Thu Jun 4 09:09:29 2026 by rpki-client