Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/29F7413CBB6011EEB59E5D81C4F9AE02.roa
File: 29F7413CBB6011EEB59E5D81C4F9AE02.roa (raw, json)
Hash identifier: UKXFh7gTm0rXHnOIQY0kDYmGOiQsiOQkbThjpV/y9Uk=
Subject key identifier: A5:3B:D2:E9:B0:EA:4B:E6:7B:5B:A6:91:9B:6B:6A:34:77:29:8A:13
Certificate issuer: /CN=A91CE978/serialNumber=6A1E4F72847EB3699522C93D26773F0DF8396EBE
Certificate serial: 35DA
Authority key identifier: 6A:1E:4F:72:84:7E:B3:69:95:22:C9:3D:26:77:3F:0D:F8:39:6E:BE
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/29F7413CBB6011EEB59E5D81C4F9AE02.roa
Signing time: Sun 01 Mar 2026 15:26:44 +0000
ROA not before: Thu 10 Apr 2025 15:20:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 45459
IP address blocks: 103.14.40.0/22 maxlen: 23
103.14.40.0/24 maxlen: 24
103.14.41.0/24 maxlen: 24
103.14.42.0/24 maxlen: 24
103.14.43.0/24 maxlen: 24
112.109.64.0/21 maxlen: 24
112.109.72.0/23 maxlen: 24
112.109.75.0/24 maxlen: 24
112.109.76.0/22 maxlen: 24
112.109.80.0/24 maxlen: 24
112.109.85.0/24 maxlen: 24
112.109.86.0/23 maxlen: 24
119.47.116.0/24 maxlen: 24
119.47.120.0/23 maxlen: 24
119.47.125.0/24 maxlen: 24
119.47.126.0/23 maxlen: 24
202.174.116.0/24 maxlen: 24
210.79.48.0/22 maxlen: 23
210.79.49.0/24 maxlen: 24
210.79.50.0/23 maxlen: 24
210.79.52.0/24 maxlen: 24
210.79.53.0/24 maxlen: 24
210.79.54.0/24 maxlen: 24
210.79.55.0/24 maxlen: 24
2404:3800::/48 maxlen: 48
2404:3800:1::/48 maxlen: 48
2404:3800:8::/46 maxlen: 46
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.crl
rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 29 Mar 2026 14:50:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13786 (0x35da)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91CE978, serialNumber=6A1E4F72847EB3699522C93D26773F0DF8396EBE
Validity
Not Before: Apr 10 15:20:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=69a45ab4-6b25
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:42:da:e0:4c:83:6b:5b:32:44:57:73:38:89:
5e:0a:75:8d:a5:6e:81:88:43:99:29:a7:1e:61:00:
81:9a:ac:e1:9d:93:e8:cd:41:25:86:19:3a:cd:aa:
0a:b4:33:2e:e9:be:7e:a7:9c:9e:b5:52:8e:4c:2f:
c7:0d:42:a5:2c:9b:a0:cb:94:fe:70:cd:1c:0e:09:
f8:57:80:d6:31:5c:bd:54:91:10:4b:e8:ce:3a:8f:
ba:e5:f7:e5:bf:b2:b3:b4:87:8d:a8:20:7e:63:86:
3a:21:fc:55:35:80:8c:78:fe:74:db:87:4a:9f:72:
2c:de:b4:b8:01:05:b8:ec:85:2e:3e:97:ae:f5:b8:
11:af:73:a2:24:b2:b9:e2:a4:87:e1:f5:66:64:14:
0f:a1:3b:f1:1e:03:3e:22:38:e0:db:57:92:50:e3:
cd:2e:a6:06:50:29:46:bf:fd:c9:d7:6a:f5:9c:26:
b0:ba:d5:3f:f2:e5:c9:10:31:a0:08:36:30:80:35:
d6:9a:5e:67:e0:3e:fa:a9:9a:bf:65:26:5b:7c:8e:
69:a2:88:55:10:13:b6:97:6f:bc:c3:ac:dd:58:c4:
5a:1b:4c:7c:49:38:15:cd:30:1a:d4:e2:27:9a:75:
1c:57:74:6b:62:6b:87:a8:95:3b:e9:3e:d9:ac:7e:
70:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:3B:D2:E9:B0:EA:4B:E6:7B:5B:A6:91:9B:6B:6A:34:77:29:8A:13
X509v3 Authority Key Identifier:
keyid:6A:1E:4F:72:84:7E:B3:69:95:22:C9:3D:26:77:3F:0D:F8:39:6E:BE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/29F7413CBB6011EEB59E5D81C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
103.14.40.0/22
112.109.64.0-112.109.73.255
112.109.75.0-112.109.80.255
112.109.85.0-112.109.87.255
119.47.116.0/24
119.47.120.0/23
119.47.125.0-119.47.127.255
202.174.116.0/24
210.79.48.0/21
IPv6:
2404:3800::/47
2404:3800:8::/46
Signature Algorithm: sha256WithRSAEncryption
8c:e3:6d:02:10:39:1e:2c:9d:2b:65:f3:bb:97:56:ce:9e:e4:
c2:b5:33:9f:a7:7a:8d:3b:19:7a:12:a1:20:ad:89:0e:58:7a:
99:5b:88:b9:79:2e:40:f4:6d:b9:be:9c:eb:75:b5:8c:45:9f:
4a:4d:7c:5b:d0:20:7a:02:2d:cb:4b:98:3a:f8:9c:bf:c5:dd:
23:ba:b3:d3:34:86:65:d4:bb:24:a9:4e:56:11:1d:f3:6b:50:
85:e4:df:43:0e:84:ed:15:04:af:7f:25:e8:24:5c:6d:cf:b1:
d4:e4:d4:79:4d:93:e0:cd:66:9f:70:89:41:02:a8:ec:51:98:
2f:1b:7b:86:88:88:42:98:6c:97:8a:5a:c8:8a:73:b2:d4:d9:
d8:9a:58:52:db:45:96:0a:9c:1c:ea:c7:69:17:33:5e:fa:14:
9d:17:c3:2b:21:25:70:ab:d1:a0:10:75:03:c0:7c:88:31:ce:
f7:4a:b0:4c:d1:55:91:bc:47:70:b9:10:e7:de:1e:4b:f9:2f:
97:bc:86:24:b8:b0:29:31:57:59:71:93:d1:13:83:97:74:f8:
3c:1a:05:89:08:76:40:f9:bb:c5:52:59:9f:2d:0e:90:0c:4b:
73:f5:78:0f:27:11:09:84:77:df:9e:71:25:3f:cb:41:cc:93:
58:00:64:dd
-----BEGIN CERTIFICATE-----
MIIFpzCCBI+gAwIBAgICNdowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0U5NzgxMTAvBgNVBAUTKDZBMUU0RjcyODQ3RUIzNjk5NTIyQzkzRDI2NzczRjBE
RjgzOTZFQkUwHhcNMjUwNDEwMTUyMDU1WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NWFiNC02YjI1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArULa4EyDa1syRFdzOIleCnWNpW6BiEOZKaceYQCBmqzhnZPozUElhhk6zaoK
tDMu6b5+p5yetVKOTC/HDUKlLJugy5T+cM0cDgn4V4DWMVy9VJEQS+jOOo+65ffl
v7KztIeNqCB+Y4Y6IfxVNYCMeP5024dKn3Is3rS4AQW47IUuPpeu9bgRr3OiJLK5
4qSH4fVmZBQPoTvxHgM+Ijjg21eSUOPNLqYGUClGv/3J12r1nCawutU/8uXJEDGg
CDYwgDXWml5n4D76qZq/ZSZbfI5poohVEBO2l2+8w6zdWMRaG0x8STgVzTAa1OIn
mnUcV3RrYmuHqJU76T7ZrH5wsQIDAQABo4ICyzCCAscwHQYDVR0OBBYEFKU70umw
6kvme1umkZtrajR3KYoTMB8GA1UdIwQYMBaAFGoeT3KEfrNplSLJPSZ3Pw34OW6+
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRTk3OC8zMjIzRjM1RTFE
OTgxMUUyOEE4QzJFODIwOEIwMkNEMi9haDVQY29SLXMybVZJc2s5Sm5jX0RmZzVi
cjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2FoNVBjb1ItczJtVklzazlKbmNfRGZnNWJyNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0U5NzgvMzIyM0YzNUUxRDk4MTFFMjhBOEMyRTgyMDhCMDJDRDIvMjlGNzQxM0NC
QjYwMTFFRUI1OUU1RDgxQzRGOUFFMDIucm9hMIGJBggrBgEFBQcBBwEB/wR6MHgw
XAQCAAEwVgMEAmcOKDAMAwQGcG1AAwQBcG1IMAwDBABwbUsDBABwbVAwDAMEAHBt
VQMEA3BtUAMEAHcvdAMEAXcveDAMAwQAdy99AwQHdy8AAwQAyq50AwQD0k8wMBgE
AgACMBIDBwEkBDgAAAADBwIkBDgAAAgwDQYJKoZIhvcNAQELBQADggEBAIzjbQIQ
OR4snStl87uXVs6e5MK1M5+neo07GXoSoSCtiQ5YeplbiLl5LkD0bbm+nOt1tYxF
n0pNfFvQIHoCLctLmDr4nL/F3SO6s9M0hmXUuySpTlYRHfNrUIXk30MOhO0VBK9/
JegkXG3PsdTk1HlNk+DNZp9wiUECqOxRmC8be4aIiEKYbJeKWsiKc7LU2diaWFLb
RZYKnBzqx2kXM176FJ0XwyshJXCr0aAQdQPAfIgxzvdKsEzRVZG8R3C5EOfeHkv5
L5e8hiS4sCkxV1lxk9ETg5d0+DwaBYkIdkD5u8VSWZ8tDpAMS3P1eA8nEQmEd9+e
cSU/y0HMk1gAZN0=
-----END CERTIFICATE-----
Generated at Sun Mar 22 20:15:01 2026 by rpki-client