Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/E9DBE7221E8411F0A85F5565C4F9AE02.roa
File: E9DBE7221E8411F0A85F5565C4F9AE02.roa (raw, json)
Hash identifier: ZGwp2uV7Xsyexrui5H/f7Gc56oJr131rF+8SMowUNJQ=
Subject key identifier: 80:18:60:B7:2C:E4:E6:79:46:DB:07:51:8D:5D:7C:76:16:2A:F4:C7
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: DCFB
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/E9DBE7221E8411F0A85F5565C4F9AE02.roa
Signing time: Sat 28 Mar 2026 10:47:56 +0000
ROA not before: Sat 28 Mar 2026 10:47:56 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 132770
IP address blocks: 43.227.20.0/22 maxlen: 24
43.228.72.0/22 maxlen: 24
43.241.24.0/22 maxlen: 24
45.119.57.0/24 maxlen: 24
45.119.58.0/24 maxlen: 24
45.119.59.0/24 maxlen: 24
45.252.72.0/22 maxlen: 24
103.59.104.0/24 maxlen: 24
103.81.36.0/22 maxlen: 24
103.93.240.0/24 maxlen: 24
103.93.241.0/24 maxlen: 24
103.93.242.0/24 maxlen: 24
103.93.243.0/24 maxlen: 24
103.94.56.0/22 maxlen: 23
103.94.57.0/24 maxlen: 24
103.94.59.0/24 maxlen: 24
103.125.72.0/23 maxlen: 24
103.126.68.0/22 maxlen: 24
103.178.206.0/23 maxlen: 24
103.184.86.0/24 maxlen: 24
103.184.87.0/24 maxlen: 24
103.204.36.0/22 maxlen: 24
103.211.60.0/24 maxlen: 24
103.211.61.0/24 maxlen: 24
103.211.62.0/24 maxlen: 24
103.211.63.0/24 maxlen: 24
103.221.72.0/22 maxlen: 24
103.239.84.0/22 maxlen: 24
103.241.80.0/22 maxlen: 24
103.243.112.0/22 maxlen: 24
103.249.240.0/22 maxlen: 24
103.251.208.0/22 maxlen: 24
103.254.52.0/22 maxlen: 24
150.129.128.0/22 maxlen: 24
150.129.156.0/22 maxlen: 24
163.53.200.0/22 maxlen: 24
202.136.68.0/22 maxlen: 24
2401:73e0::/32 maxlen: 32
2404:4980::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 13 Apr 2026 10:05:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 56571 (0xdcfb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Mar 28 10:47:56 2026 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=69c7b1dc-7df0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:9c:a3:08:9d:54:86:12:a3:1c:c1:58:1e:ca:
b7:1e:1f:d0:09:08:0f:f7:ba:cf:71:90:1a:bf:06:
ca:c6:0f:3a:7e:9c:3a:b8:0e:e5:8a:86:b0:ae:e3:
32:a3:15:d9:fe:ad:bb:af:e5:3a:2f:ea:f6:23:3e:
38:16:4c:90:36:bd:0c:88:4b:fd:97:20:63:a0:3e:
49:51:d9:bb:a0:35:e3:ab:73:ca:81:9c:dc:1e:ce:
e3:4c:54:dd:9b:3f:32:cb:3f:17:d9:6c:dd:54:63:
0c:0a:a2:d0:15:ee:cf:cb:7a:25:58:01:91:6f:5e:
0f:5a:25:1d:69:9c:de:c4:36:9e:50:5c:14:76:da:
a9:07:94:04:e2:c9:db:9a:07:26:48:30:87:cb:c5:
9d:4b:6c:a2:90:a9:e1:bd:c7:62:81:3b:3e:41:04:
6b:ca:21:48:07:4a:9f:b4:1b:5e:86:a8:58:21:51:
0e:a7:15:ee:8f:37:5f:c3:a0:0e:b2:fc:e1:61:2e:
43:46:08:26:3e:cd:38:8f:e6:1d:f1:aa:4e:b5:0e:
3d:51:8e:9a:3d:fe:c6:9b:ee:d4:b9:c1:41:86:66:
23:1f:d3:e1:9f:59:95:c2:b6:c1:68:7a:56:dd:7b:
46:cd:6e:b2:85:33:31:0b:95:66:4b:4c:83:db:da:
77:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:18:60:B7:2C:E4:E6:79:46:DB:07:51:8D:5D:7C:76:16:2A:F4:C7
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/E9DBE7221E8411F0A85F5565C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
43.227.20.0/22
43.228.72.0/22
43.241.24.0/22
45.119.57.0-45.119.59.255
45.252.72.0/22
103.59.104.0/24
103.81.36.0/22
103.93.240.0/22
103.94.56.0/22
103.125.72.0/23
103.126.68.0/22
103.178.206.0/23
103.184.86.0/23
103.204.36.0/22
103.211.60.0/22
103.221.72.0/22
103.239.84.0/22
103.241.80.0/22
103.243.112.0/22
103.249.240.0/22
103.251.208.0/22
103.254.52.0/22
150.129.128.0/22
150.129.156.0/22
163.53.200.0/22
202.136.68.0/22
IPv6:
2401:73e0::/32
2404:4980::/32
Signature Algorithm: sha256WithRSAEncryption
98:e1:cf:8f:23:c3:ee:99:6c:dc:70:a4:68:33:eb:0a:2d:0d:
a2:d4:86:9d:1b:24:27:67:04:7e:58:db:f6:46:c3:66:69:ab:
38:c9:22:4a:df:c3:f6:06:6a:44:1d:ea:0a:90:7c:f5:ca:3c:
e8:ce:46:f5:d4:d7:75:4d:14:a6:ef:94:c7:b3:4e:1a:7f:25:
13:25:87:88:8f:7a:bc:24:f4:a0:0f:5d:1b:9c:1f:e1:71:b2:
6b:5b:c6:e8:5a:d5:ba:29:53:cf:81:d6:05:e7:a7:52:86:28:
35:56:6b:ec:47:05:d7:70:e6:73:91:3f:56:45:ec:aa:d7:36:
4d:7a:5e:4d:7d:47:87:34:17:11:2f:22:d8:62:5d:e5:23:e2:
ce:a7:a6:6b:bd:94:b7:5f:50:d8:a6:3f:ae:34:1f:56:d0:32:
fe:57:df:8e:6e:be:0f:89:7e:06:41:96:b9:56:2a:9c:6f:e8:
30:04:c6:23:71:d7:46:c3:cd:f5:76:ef:20:78:51:78:f6:c5:
9c:91:9c:b1:ff:7d:04:cb:76:36:f8:eb:b8:4d:b7:30:93:7c:
7d:35:3c:55:d8:ac:34:8b:dc:aa:27:29:7a:f2:18:80:69:87:
89:ba:7f:a8:05:3b:34:c8:0c:a7:80:d7:67:bd:3b:cd:fb:1a:
e9:2c:99:c4
-----BEGIN CERTIFICATE-----
MIIF9jCCBN6gAwIBAgIDANz7MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI2MDMyODEwNDc1NloXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjljN2IxZGMtN2RmMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIycowidVIYSoxzBWB7Ktx4f0AkID/e6z3GQGr8GysYPOn6cOrgO5YqGsK7j
MqMV2f6tu6/lOi/q9iM+OBZMkDa9DIhL/ZcgY6A+SVHZu6A146tzyoGc3B7O40xU
3Zs/Mss/F9ls3VRjDAqi0BXuz8t6JVgBkW9eD1olHWmc3sQ2nlBcFHbaqQeUBOLJ
25oHJkgwh8vFnUtsopCp4b3HYoE7PkEEa8ohSAdKn7QbXoaoWCFRDqcV7o83X8Og
DrL84WEuQ0YIJj7NOI/mHfGqTrUOPVGOmj3+xpvu1LnBQYZmIx/T4Z9ZlcK2wWh6
Vt17Rs1usoUzMQuVZktMg9vad3ECAwEAAaOCAxkwggMVMB0GA1UdDgQWBBSAGGC3
LOTmeUbbB1GNXXx2Fir0xzAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBlgYIKwYBBQUHAQsEgYkwgYYwgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0U5REJFNzIy
MUU4NDExRjBBODVGNTU2NUM0RjlBRTAyLnJvYTCB1wYIKwYBBQUHAQcBAf8Egccw
gcQwgasEAgABMIGkAwQCK+MUAwQCK+RIAwQCK/EYMAwDBAAtdzkDBAItdzgDBAIt
/EgDBABnO2gDBAJnUSQDBAJnXfADBAJnXjgDBAFnfUgDBAJnfkQDBAFnss4DBAFn
uFYDBAJnzCQDBAJn0zwDBAJn3UgDBAJn71QDBAJn8VADBAJn83ADBAJn+fADBAJn
+9ADBAJn/jQDBAKWgYADBAKWgZwDBAKjNcgDBALKiEQwFAQCAAIwDgMFACQBc+AD
BQAkBEmAMA0GCSqGSIb3DQEBCwUAA4IBAQCY4c+PI8PumWzccKRoM+sKLQ2i1Iad
GyQnZwR+WNv2RsNmaas4ySJK38P2BmpEHeoKkHz1yjzozkb11Nd1TRSm75THs04a
fyUTJYeIj3q8JPSgD10bnB/hcbJrW8boWtW6KVPPgdYF56dShig1VmvsRwXXcOZz
kT9WReyq1zZNel5NfUeHNBcRLyLYYl3lI+LOp6ZrvZS3X1DYpj+uNB9W0DL+V9+O
br4PiX4GQZa5Viqcb+gwBMYjcddGw831du8geFF49sWckZyx/30Ey3Y2+Ou4Tbcw
k3x9NTxV2Kw0i9yqJyl68hiAaYeJun+oBTs0yAyngNdnvTvN+xrpLJnE
-----END CERTIFICATE-----
Generated at Mon Apr 6 12:33:13 2026 by rpki-client