Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E7363/FF8B4B6C1D8411E28CD33DDB08B02CD2/2CDDCAB868AC11EDAA6C8F2AC4F9AE02.roa
File: 2CDDCAB868AC11EDAA6C8F2AC4F9AE02.roa (raw, json)
Hash identifier: 0I1ZGIqAAsf0JHxziEVwF7z6ync1D5L/6afgE/1iVog=
Subject key identifier: F5:47:6B:EF:05:24:1A:76:A2:26:54:AE:FF:A1:7F:CE:45:D6:C4:4F
Certificate issuer: /CN=A91E7363/serialNumber=A897C04DE12F0A6F59C1AD1509F0B209FA5438B3
Certificate serial: 3575
Authority key identifier: A8:97:C0:4D:E1:2F:0A:6F:59:C1:AD:15:09:F0:B2:09:FA:54:38:B3
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qJfATeEvCm9Zwa0VCfCyCfpUOLM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E7363/FF8B4B6C1D8411E28CD33DDB08B02CD2/2CDDCAB868AC11EDAA6C8F2AC4F9AE02.roa
Signing time: Fri 30 Jan 2026 15:10:22 +0000
ROA not before: Fri 30 Jan 2026 15:10:22 +0000
ROA not after: Wed 31 Mar 2027 00:00:00 +0000
asID: 9329
IP address blocks: 112.134.0.0/15 maxlen: 15
112.134.0.0/19 maxlen: 24
112.134.32.0/19 maxlen: 24
112.134.64.0/19 maxlen: 24
112.134.96.0/19 maxlen: 24
112.134.128.0/19 maxlen: 24
112.134.160.0/19 maxlen: 24
112.134.192.0/19 maxlen: 24
112.134.224.0/19 maxlen: 24
112.135.0.0/19 maxlen: 24
112.135.32.0/19 maxlen: 24
112.135.64.0/19 maxlen: 24
112.135.96.0/19 maxlen: 24
112.135.128.0/19 maxlen: 24
112.135.160.0/19 maxlen: 24
112.135.192.0/19 maxlen: 24
112.135.224.0/19 maxlen: 24
119.235.4.0/24 maxlen: 24
119.235.5.0/24 maxlen: 24
119.235.6.0/24 maxlen: 24
119.235.7.0/24 maxlen: 24
119.235.8.0/24 maxlen: 24
119.235.9.0/24 maxlen: 24
119.235.10.0/24 maxlen: 24
119.235.12.0/24 maxlen: 24
124.43.0.0/16 maxlen: 16
124.43.0.0/17 maxlen: 17
124.43.0.0/19 maxlen: 24
124.43.32.0/19 maxlen: 24
124.43.64.0/18 maxlen: 18
124.43.64.0/19 maxlen: 24
124.43.96.0/19 maxlen: 24
124.43.128.0/17 maxlen: 17
124.43.128.0/18 maxlen: 18
124.43.128.0/19 maxlen: 24
124.43.160.0/19 maxlen: 24
124.43.192.0/19 maxlen: 24
124.43.224.0/19 maxlen: 24
203.81.99.0/24 maxlen: 24
203.81.100.0/24 maxlen: 24
203.81.101.0/24 maxlen: 24
203.81.102.0/24 maxlen: 24
203.94.64.0/18 maxlen: 18
203.94.65.0/24 maxlen: 24
203.94.69.0/24 maxlen: 24
203.94.70.0/24 maxlen: 24
203.94.71.0/24 maxlen: 24
203.94.72.0/24 maxlen: 24
203.94.74.0/24 maxlen: 24
203.94.84.0/24 maxlen: 24
203.94.89.0/24 maxlen: 24
203.94.95.0/24 maxlen: 24
203.115.0.0/18 maxlen: 18
203.115.0.0/24 maxlen: 24
203.115.11.0/24 maxlen: 24
203.115.21.0/24 maxlen: 24
203.115.28.0/24 maxlen: 24
203.115.31.0/24 maxlen: 24
220.247.192.0/18 maxlen: 23
220.247.192.0/19 maxlen: 24
220.247.224.0/24 maxlen: 24
220.247.226.0/23 maxlen: 24
220.247.228.0/22 maxlen: 24
220.247.232.0/21 maxlen: 24
220.247.240.0/20 maxlen: 24
222.165.128.0/18 maxlen: 24
2402:d000::/32 maxlen: 40
2402:d000:20::/48 maxlen: 48
2402:d000:21::/48 maxlen: 48
2402:d000:140::/48 maxlen: 48
2402:d000:141::/48 maxlen: 48
2402:d000:142::/48 maxlen: 48
2402:d000:100c::/48 maxlen: 48
2402:d000:1060::/48 maxlen: 48
2402:d000:1064::/48 maxlen: 48
2402:d000:1068::/48 maxlen: 48
2402:d000:106c::/48 maxlen: 48
2402:d000:1074::/48 maxlen: 48
2402:d000:1088::/48 maxlen: 48
2402:d000:7000::/48 maxlen: 48
2402:d000:8100::/48 maxlen: 48
2402:d000:8104::/48 maxlen: 48
2402:d000:8108::/48 maxlen: 48
2402:d000:810c::/48 maxlen: 48
2402:d000:8110::/48 maxlen: 48
2402:d000:8114::/48 maxlen: 48
2402:d000:8118::/48 maxlen: 48
2402:d000:811c::/48 maxlen: 48
2402:d000:8120::/48 maxlen: 48
2402:d000:8124::/48 maxlen: 48
2402:d000:8128::/48 maxlen: 48
2402:d000:812c::/48 maxlen: 48
2402:d000:8130::/48 maxlen: 48
2402:d000:8134::/48 maxlen: 48
2402:d000:8138::/48 maxlen: 48
2402:d000:813c::/48 maxlen: 48
2402:d000:8140::/48 maxlen: 48
2402:d000:8f00::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91E7363/FF8B4B6C1D8411E28CD33DDB08B02CD2/qJfATeEvCm9Zwa0VCfCyCfpUOLM.crl
rsync://rpki.apnic.net/member_repository/A91E7363/FF8B4B6C1D8411E28CD33DDB08B02CD2/qJfATeEvCm9Zwa0VCfCyCfpUOLM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qJfATeEvCm9Zwa0VCfCyCfpUOLM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 25 Feb 2026 14:24:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13685 (0x3575)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E7363, serialNumber=A897C04DE12F0A6F59C1AD1509F0B209FA5438B3
Validity
Not Before: Jan 30 15:10:22 2026 GMT
Not After : Mar 31 00:00:00 2027 GMT
Subject: CN=697cc9de-07f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:6d:4c:70:97:e8:6d:4e:ca:e4:5d:cd:5b:2a:
e1:f1:e1:95:8f:b9:6e:e3:c6:dd:b5:5b:e0:95:a4:
ea:d0:56:02:b3:51:56:6c:a3:d1:78:f1:9f:f6:72:
eb:ea:82:6a:31:a3:5b:e1:b4:64:76:d9:7a:9f:4d:
ca:84:bb:f5:04:b1:11:6e:46:24:1d:94:31:6b:d6:
78:de:b0:36:cc:a8:3d:c7:67:30:20:ce:d9:24:02:
28:e0:7f:d1:be:78:bd:d9:12:90:86:b4:9c:a2:89:
d5:c0:15:48:d1:63:e3:04:0a:e8:78:fb:60:ac:d9:
8e:d7:51:81:c5:4a:d3:b9:d0:30:b9:59:c1:23:72:
2a:c3:fe:30:80:3f:4d:d7:0d:07:82:b2:2c:14:dd:
53:6b:6c:fc:46:67:8d:56:b6:49:bf:be:4d:37:15:
f0:be:36:ce:c6:cb:c3:65:03:e9:2b:40:cb:dc:89:
36:50:b4:cc:c3:50:56:00:aa:cc:57:a7:76:02:33:
99:9a:f2:b6:e3:bd:7d:15:05:ea:4c:88:47:0b:bd:
6a:2b:99:7c:59:14:a4:88:fd:40:9f:a5:b8:18:8b:
1b:f1:a2:1f:26:c5:90:de:6b:af:02:eb:8c:1b:5b:
83:ad:d4:a7:46:91:91:39:89:fd:2e:1b:3d:60:27:
e4:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:47:6B:EF:05:24:1A:76:A2:26:54:AE:FF:A1:7F:CE:45:D6:C4:4F
X509v3 Authority Key Identifier:
keyid:A8:97:C0:4D:E1:2F:0A:6F:59:C1:AD:15:09:F0:B2:09:FA:54:38:B3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E7363/FF8B4B6C1D8411E28CD33DDB08B02CD2/qJfATeEvCm9Zwa0VCfCyCfpUOLM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qJfATeEvCm9Zwa0VCfCyCfpUOLM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E7363/FF8B4B6C1D8411E28CD33DDB08B02CD2/2CDDCAB868AC11EDAA6C8F2AC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
112.134.0.0/15
119.235.4.0-119.235.10.255
119.235.12.0/24
124.43.0.0/16
203.81.99.0-203.81.102.255
203.94.64.0/18
203.115.0.0/18
220.247.192.0/18
222.165.128.0/18
IPv6:
2402:d000::/32
Signature Algorithm: sha256WithRSAEncryption
2f:e3:ac:7c:ee:29:15:a6:86:91:c4:39:bb:a4:fb:3a:21:7a:
ea:de:08:81:aa:06:85:45:b5:bf:39:2b:d0:66:e6:89:6c:91:
12:b6:e1:c2:40:83:a9:8d:f1:c3:6c:b4:48:68:2e:88:46:68:
5d:e7:35:f9:a5:91:61:45:23:92:74:54:12:34:c7:0c:ed:f8:
c5:71:cc:4c:37:0a:fa:c3:67:52:18:10:94:5f:8f:c7:05:b5:
1f:bc:4d:bf:a2:e4:f6:19:6e:52:15:ac:ae:a5:57:20:90:4e:
ef:81:c8:3d:7a:53:22:8f:69:a2:72:06:7b:93:8f:88:7f:47:
16:5e:cc:aa:dd:e7:3b:7c:7b:7b:47:73:8b:ca:63:43:c5:3b:
9e:8c:82:1f:4a:b4:9f:7d:83:35:4a:6f:cc:93:f8:8c:9a:1b:
b3:32:a9:4a:9b:6c:1b:9e:cd:e9:a7:92:ef:45:af:12:d1:51:
0c:ae:d1:8c:e7:dd:aa:22:2b:63:40:5b:4d:13:d9:65:56:0c:
d6:03:61:03:aa:09:83:2f:e2:54:2e:98:19:9b:f2:ab:27:8d:
c8:65:07:ab:50:8e:d3:ad:d1:4f:fb:65:ec:f9:f6:c4:fb:08:
54:7b:d7:4c:a1:fd:5b:75:f0:7c:4b:c0:b1:11:8b:c0:72:60:
52:b0:48:32
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgICNXUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAwwIQTkx
RTczNjMxMTAvBgNVBAUTKEE4OTdDMDRERTEyRjBBNkY1OUMxQUQxNTA5RjBCMjA5
RkE1NDM4QjMwHhcNMjYwMTMwMTUxMDIyWhcNMjcwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDDA02OTdjYzlkZS0wN2YzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqG1McJfobU7K5F3NWyrh8eGVj7lu48bdtVvglaTq0FYCs1FWbKPRePGf9nLr
6oJqMaNb4bRkdtl6n03KhLv1BLERbkYkHZQxa9Z43rA2zKg9x2cwIM7ZJAIo4H/R
vni92RKQhrScoonVwBVI0WPjBAroePtgrNmO11GBxUrTudAwuVnBI3Iqw/4wgD9N
1w0HgrIsFN1Ta2z8RmeNVrZJv75NNxXwvjbOxsvDZQPpK0DL3Ik2ULTMw1BWAKrM
V6d2AjOZmvK24719FQXqTIhHC71qK5l8WRSkiP1An6W4GIsb8aIfJsWQ3muvAuuM
G1uDrdSnRpGROYn9Lhs9YCfkJQIDAQABo4IC4jCCAt4wHQYDVR0OBBYEFPVHa+8F
JBp2oiZUrv+hf85F1sRPMB8GA1UdIwQYMBaAFKiXwE3hLwpvWcGtFQnwsgn6VDiz
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNzM2My9GRjhCNEI2QzFE
ODQxMUUyOENEMzNEREIwOEIwMkNEMi9xSmZBVGVFdkNtOVp3YTBWQ2ZDeUNmcFVP
TE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FKZkFUZUV2Q205WndhMFZDZkN5Q2ZwVU9MTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTczNjMvRkY4QjRCNkMxRDg0MTFFMjhDRDMzRERCMDhCMDJDRDIvMkNERENBQjg2
OEFDMTFFREFBNkM4RjJBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbAYIKwYBBQUHAQcBAf8E
XTBbMEoEAgABMEQDAwFwhjAMAwQCd+sEAwQAd+sKAwQAd+sMAwMAfCswDAMEAMtR
YwMEAMtRZgMEBsteQAMEBstzAAMEBtz3wAMEBt6lgDANBAIAAjAHAwUAJALQADAN
BgkqhkiG9w0BAQsFAAOCAQEAL+OsfO4pFaaGkcQ5u6T7OiF66t4IgaoGhUW1vzkr
0GbmiWyRErbhwkCDqY3xw2y0SGguiEZoXec1+aWRYUUjknRUEjTHDO34xXHMTDcK
+sNnUhgQlF+PxwW1H7xNv6Lk9hluUhWsrqVXIJBO74HIPXpTIo9ponIGe5OPiH9H
Fl7Mqt3nO3x7e0dzi8pjQ8U7noyCH0q0n32DNUpvzJP4jJobszKpSptsG57N6aeS
70WvEtFRDK7RjOfdqiIrY0BbTRPZZVYM1gNhA6oJgy/iVC6YGZvyqyeNyGUHq1CO
063RT/tl7Pn2xPsIVHvXTKH9W3XwfEvAsRGLwHJgUrBIMg==
-----END CERTIFICATE-----
Generated at Fri Feb 20 00:10:50 2026 by rpki-client