Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/490CDADA42F211EBB34A1A60C4F9AE02.roa
File: 490CDADA42F211EBB34A1A60C4F9AE02.roa (raw, json)
Hash identifier: TOFHXUN9aXdZJc1sMfYrjjU0UsBkt0mn0EED+VHmuTo=
Subject key identifier: 83:9C:D8:65:29:14:31:5F:3F:FA:39:E3:6D:6D:BB:92:BF:D3:1D:6E
Certificate issuer: /CN=A9116BB8/serialNumber=8AE9CDE10BE0B77F091B0D38EBC1967C8BC0919E
Certificate serial: 07D5
Authority key identifier: 8A:E9:CD:E1:0B:E0:B7:7F:09:1B:0D:38:EB:C1:96:7C:8B:C0:91:9E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iunN4Qvgt38JGw0468GWfIvAkZ4.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/490CDADA42F211EBB34A1A60C4F9AE02.roa
Signing time: Wed 25 Mar 2026 11:01:12 +0000
ROA not before: Wed 25 Mar 2026 11:01:12 +0000
ROA not after: Wed 30 Dec 2026 00:00:00 +0000
asID: 138995
IP address blocks: 45.125.216.0/24 maxlen: 24
45.125.217.0/24 maxlen: 24
45.125.218.0/24 maxlen: 24
45.125.219.0/24 maxlen: 24
103.86.64.0/24 maxlen: 24
103.86.65.0/24 maxlen: 24
103.86.66.0/24 maxlen: 24
103.86.67.0/24 maxlen: 24
103.93.46.0/24 maxlen: 24
103.98.112.0/24 maxlen: 24
103.98.114.0/24 maxlen: 24
103.98.115.0/24 maxlen: 24
103.108.185.0/24 maxlen: 24
103.116.132.0/24 maxlen: 24
103.116.133.0/24 maxlen: 24
103.142.244.0/24 maxlen: 24
103.142.245.0/24 maxlen: 24
103.194.104.0/24 maxlen: 24
103.194.105.0/24 maxlen: 24
103.194.106.0/24 maxlen: 24
103.194.107.0/24 maxlen: 24
116.204.176.0/24 maxlen: 24
116.204.177.0/24 maxlen: 24
116.204.178.0/24 maxlen: 24
116.204.179.0/24 maxlen: 24
2001:df1:5f80::/48 maxlen: 48
2001:dff::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/iunN4Qvgt38JGw0468GWfIvAkZ4.crl
rsync://rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/iunN4Qvgt38JGw0468GWfIvAkZ4.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iunN4Qvgt38JGw0468GWfIvAkZ4.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 01 Apr 2026 11:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2005 (0x7d5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9116BB8, serialNumber=8AE9CDE10BE0B77F091B0D38EBC1967C8BC0919E
Validity
Not Before: Mar 25 11:01:12 2026 GMT
Not After : Dec 30 00:00:00 2026 GMT
Subject: CN=69c3c078-76e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:c0:97:09:77:62:34:75:37:c0:3f:44:a6:03:
46:80:e9:c4:a0:79:74:d1:1a:e7:6f:1a:2d:ad:ed:
fe:ff:fa:c4:5b:20:11:62:db:62:77:00:8b:85:cd:
f3:b2:eb:12:62:c4:92:30:bb:86:2d:16:bc:0d:ec:
2e:f9:f9:da:d6:81:08:88:94:5b:18:d7:77:85:00:
fc:76:82:b9:24:a8:8e:64:a1:29:c9:30:a7:09:8d:
75:ed:7c:38:a5:05:06:38:5e:ef:ca:83:8b:a9:bc:
5b:22:25:87:1a:58:7b:aa:88:08:40:b1:30:45:76:
50:a5:37:b7:02:36:25:0e:07:10:d6:f7:98:87:90:
64:1e:d6:d5:c6:f2:7b:ad:99:3f:5a:b7:96:02:ad:
f9:71:43:26:26:c8:a1:8d:38:cd:90:6f:20:76:33:
14:a4:db:dd:fe:a5:a1:0d:a6:e6:4f:21:23:ab:28:
c6:0b:c1:e4:96:80:a2:48:fe:7f:2b:6d:69:5a:eb:
d2:b3:7b:3a:86:cd:27:46:73:47:ea:93:b4:d7:b2:
22:da:9c:c1:56:6b:1c:32:e2:74:73:ae:e9:16:d5:
36:d5:89:c1:98:d9:f3:db:17:c3:e1:79:e2:50:40:
9c:e5:a7:43:a7:4d:7e:4f:1a:f4:80:75:4e:90:80:
1a:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:9C:D8:65:29:14:31:5F:3F:FA:39:E3:6D:6D:BB:92:BF:D3:1D:6E
X509v3 Authority Key Identifier:
keyid:8A:E9:CD:E1:0B:E0:B7:7F:09:1B:0D:38:EB:C1:96:7C:8B:C0:91:9E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/iunN4Qvgt38JGw0468GWfIvAkZ4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iunN4Qvgt38JGw0468GWfIvAkZ4.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9116BB8/39DCF75442F011EB8A09C75AC4F9AE02/490CDADA42F211EBB34A1A60C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
45.125.216.0/22
103.86.64.0/22
103.93.46.0/24
103.98.112.0/24
103.98.114.0/23
103.108.185.0/24
103.116.132.0/23
103.142.244.0/23
103.194.104.0/22
116.204.176.0/22
IPv6:
2001:df1:5f80::/48
2001:dff::/32
Signature Algorithm: sha256WithRSAEncryption
61:fa:0d:61:f2:3f:7f:61:ff:3f:a6:66:5f:9e:7b:26:bb:75:
8f:9f:11:ec:a5:66:9b:25:79:a3:ec:ad:23:18:14:f5:7e:4c:
22:20:56:6c:52:5b:15:31:fb:4d:dc:7d:7c:c7:8f:58:ad:dc:
74:ba:aa:e7:52:36:11:7f:bf:3e:1c:84:10:29:fc:d5:2e:a6:
f8:51:f0:f8:2b:e9:b9:06:2a:84:3e:8f:2d:1b:5b:31:ef:f6:
ba:cd:0b:c8:3e:19:67:a8:c0:aa:5e:7c:f1:c3:98:f9:6b:01:
f0:0d:8a:fc:3e:23:0e:02:c8:1b:6c:d7:f3:35:ee:71:97:df:
ba:c9:77:76:11:03:71:29:8c:3b:9d:d1:6e:5a:c0:b5:4e:3c:
2f:3a:48:e0:e7:30:36:03:fb:46:76:d1:a3:04:40:bb:46:a0:
54:d6:36:81:1d:41:6f:f2:ca:80:71:a9:b2:76:cf:09:de:82:
21:a3:87:67:a6:80:a5:ae:e5:04:71:d6:95:cf:47:3d:6d:b4:
67:6b:29:9a:c7:57:70:e8:18:8c:a6:a3:4d:08:2a:3e:70:3c:
47:a5:df:ab:a3:f5:d5:65:e1:06:4e:8b:dd:e8:b2:5e:bc:1e:
de:c5:16:6a:3a:07:71:3e:ad:c5:d8:91:73:21:09:b2:46:9e:
1a:c5:29:7b
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgICB9UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTZCQjgxMTAvBgNVBAUTKDhBRTlDREUxMEJFMEI3N0YwOTFCMEQzOEVCQzE5NjdD
OEJDMDkxOUUwHhcNMjYwMzI1MTEwMTEyWhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWMzYzA3OC03NmUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA18CXCXdiNHU3wD9EpgNGgOnEoHl00Rrnbxotre3+//rEWyARYttidwCLhc3z
susSYsSSMLuGLRa8Dewu+fna1oEIiJRbGNd3hQD8doK5JKiOZKEpyTCnCY117Xw4
pQUGOF7vyoOLqbxbIiWHGlh7qogIQLEwRXZQpTe3AjYlDgcQ1veYh5BkHtbVxvJ7
rZk/WreWAq35cUMmJsihjTjNkG8gdjMUpNvd/qWhDabmTyEjqyjGC8HkloCiSP5/
K21pWuvSs3s6hs0nRnNH6pO017Ii2pzBVmscMuJ0c67pFtU21YnBmNnz2xfD4Xni
UECc5adDp01+Txr0gHVOkIAaOwIDAQABo4ICrjCCAqowHQYDVR0OBBYEFIOc2GUp
FDFfP/o5421tu5K/0x1uMB8GA1UdIwQYMBaAFIrpzeEL4Ld/CRsNOOvBlnyLwJGe
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExNkJCOC8zOURDRjc1NDQy
RjAxMUVCOEEwOUM3NUFDNEY5QUUwMi9pdW5ONFF2Z3QzOEpHdzA0NjhHV2ZJdkFr
WjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2l1bk40UXZndDM4Skd3MDQ2OEdXZkl2QWtaNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTZCQjgvMzlEQ0Y3NTQ0MkYwMTFFQjhBMDlDNzVBQzRGOUFFMDIvNDkwQ0RBREE0
MkYyMTFFQkIzNEExQTYwQzRGOUFFMDIucm9hMG0GCCsGAQUFBwEHAQH/BF4wXDBC
BAIAATA8AwQCLX3YAwQCZ1ZAAwQAZ10uAwQAZ2JwAwQBZ2JyAwQAZ2y5AwQBZ3SE
AwQBZ470AwQCZ8JoAwQCdMywMBYEAgACMBADBwAgAQ3xX4ADBQAgAQ3/MA0GCSqG
SIb3DQEBCwUAA4IBAQBh+g1h8j9/Yf8/pmZfnnsmu3WPnxHspWabJXmj7K0jGBT1
fkwiIFZsUlsVMftN3H18x49Yrdx0uqrnUjYRf78+HIQQKfzVLqb4UfD4K+m5BiqE
Po8tG1sx7/a6zQvIPhlnqMCqXnzxw5j5awHwDYr8PiMOAsgbbNfzNe5xl9+6yXd2
EQNxKYw7ndFuWsC1TjwvOkjg5zA2A/tGdtGjBEC7RqBU1jaBHUFv8sqAcamyds8J
3oIho4dnpoClruUEcdaVz0c9bbRnaymax1dw6BiMpqNNCCo+cDxHpd+ro/XVZeEG
Tovd6LJevB7exRZqOgdxPq3F2JFzIQmyRp4axSl7
-----END CERTIFICATE-----
Generated at Thu Mar 26 19:38:37 2026 by rpki-client