Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A912AFA4/B67862FAAB9511EAB2559C5BC4F9AE02/C1D6AD981EA111F1B2DD47B2123D8C67.roa
File: C1D6AD981EA111F1B2DD47B2123D8C67.roa (raw, json)
Hash identifier: t7Va3DBJIf7NqIYUpRn9OjFokUb0h7zcGhor8Wmv+E4=
Subject key identifier: 80:C3:E9:A8:A4:78:3E:98:AF:CD:D2:D0:68:E1:DB:D7:D7:5C:96:FE
Certificate issuer: /CN=A912AFA4/serialNumber=51942D25EDBCA51DFA56CE09ED361EB7A26DBD25
Certificate serial: 0A1E
Authority key identifier: 51:94:2D:25:ED:BC:A5:1D:FA:56:CE:09:ED:36:1E:B7:A2:6D:BD:25
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UZQtJe28pR36Vs4J7TYet6JtvSU.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A912AFA4/B67862FAAB9511EAB2559C5BC4F9AE02/C1D6AD981EA111F1B2DD47B2123D8C67.roa
Signing time: Fri 13 Mar 2026 06:02:24 +0000
ROA not before: Fri 13 Mar 2026 06:02:24 +0000
ROA not after: Sat 01 May 2027 00:00:00 +0000
asID: 135060
IP address blocks: 103.93.150.0/24 maxlen: 24
103.93.151.0/24 maxlen: 24
103.152.128.0/24 maxlen: 24
103.152.129.0/24 maxlen: 24
103.208.4.0/22 maxlen: 22
103.208.4.0/24 maxlen: 24
103.208.5.0/24 maxlen: 24
103.208.6.0/24 maxlen: 24
103.208.7.0/24 maxlen: 24
116.206.128.0/24 maxlen: 24
116.206.129.0/24 maxlen: 24
123.100.140.0/23 maxlen: 24
123.100.143.0/24 maxlen: 24
123.100.144.0/24 maxlen: 24
123.100.145.0/24 maxlen: 24
123.100.146.0/24 maxlen: 24
123.100.147.0/24 maxlen: 24
123.100.148.0/22 maxlen: 22
123.100.148.0/24 maxlen: 24
123.100.149.0/24 maxlen: 24
123.100.150.0/24 maxlen: 24
123.100.151.0/24 maxlen: 24
123.100.152.0/24 maxlen: 24
123.253.192.0/24 maxlen: 24
123.253.193.0/24 maxlen: 24
123.253.194.0/24 maxlen: 24
202.86.52.0/24 maxlen: 24
202.86.53.0/24 maxlen: 24
202.86.54.0/24 maxlen: 24
202.86.55.0/24 maxlen: 24
2404:6a80::/41 maxlen: 41
2404:6a80:200::/41 maxlen: 41
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A912AFA4/B67862FAAB9511EAB2559C5BC4F9AE02/UZQtJe28pR36Vs4J7TYet6JtvSU.crl
rsync://rpki.apnic.net/member_repository/A912AFA4/B67862FAAB9511EAB2559C5BC4F9AE02/UZQtJe28pR36Vs4J7TYet6JtvSU.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UZQtJe28pR36Vs4J7TYet6JtvSU.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 31 Mar 2026 19:48:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2590 (0xa1e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A912AFA4, serialNumber=51942D25EDBCA51DFA56CE09ED361EB7A26DBD25
Validity
Not Before: Mar 13 06:02:24 2026 GMT
Not After : May 1 00:00:00 2027 GMT
Subject: CN=69b3a870-9fbf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:18:56:67:51:60:d0:4a:21:d2:d6:7f:2f:03:
8e:0f:c6:b2:12:9d:8e:69:77:ec:93:47:00:4c:90:
a2:b9:de:e4:e1:9a:7f:f8:8a:7f:bf:08:a0:79:ce:
57:69:b2:5e:f0:f0:71:2f:bd:83:9c:a3:32:36:90:
01:35:f7:40:ec:ab:fc:54:9f:17:5f:c1:56:8b:52:
44:5f:fa:62:36:c4:e5:fa:17:02:d6:4c:08:ca:b1:
52:3b:f0:76:f0:20:c3:50:ee:79:cc:f8:54:53:7d:
9f:96:40:f7:b5:45:cb:b0:a0:c3:c9:1a:01:3c:06:
f0:8a:27:48:a7:14:46:fc:b6:e3:7b:e7:fa:18:cc:
6b:88:bf:d4:18:5d:29:61:5c:8a:2b:aa:ff:c5:7a:
06:59:4c:64:de:2f:7b:3c:c2:cf:3f:77:43:b1:e5:
af:02:dd:19:8e:88:13:ea:12:19:9b:5e:fc:70:ab:
aa:bb:b4:0b:58:a3:10:ce:9e:c7:7c:ea:81:69:83:
e4:98:d9:a2:fb:70:d1:45:8b:76:2b:31:8d:4a:44:
d0:53:07:35:d2:af:22:b6:d2:a1:12:55:af:5d:a9:
ed:49:3f:80:13:17:1b:12:00:5a:d1:d4:c4:61:40:
54:1a:da:e4:f5:d4:1c:a0:3f:0f:82:92:b1:1f:d2:
cc:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:C3:E9:A8:A4:78:3E:98:AF:CD:D2:D0:68:E1:DB:D7:D7:5C:96:FE
X509v3 Authority Key Identifier:
keyid:51:94:2D:25:ED:BC:A5:1D:FA:56:CE:09:ED:36:1E:B7:A2:6D:BD:25
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A912AFA4/B67862FAAB9511EAB2559C5BC4F9AE02/UZQtJe28pR36Vs4J7TYet6JtvSU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UZQtJe28pR36Vs4J7TYet6JtvSU.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912AFA4/B67862FAAB9511EAB2559C5BC4F9AE02/C1D6AD981EA111F1B2DD47B2123D8C67.roa
sbgp-ipAddrBlock: critical
IPv4:
103.93.150.0/23
103.152.128.0/23
103.208.4.0/22
116.206.128.0/23
123.100.140.0/23
123.100.143.0-123.100.152.255
123.253.192.0-123.253.194.255
202.86.52.0/22
IPv6:
2404:6a80::/41
2404:6a80:200::/41
Signature Algorithm: sha256WithRSAEncryption
21:b9:10:5a:ad:ec:8d:8b:69:d1:36:e8:10:fb:f2:96:81:f2:
8f:aa:0f:16:b6:9f:74:c3:63:77:f3:a8:b7:fa:aa:2c:a1:20:
7d:7f:a7:66:e8:e4:92:d2:a2:68:21:9b:9d:35:a1:a2:a6:01:
8a:98:26:e4:20:28:37:49:52:7e:73:71:b3:05:c6:3e:31:d3:
66:ae:60:33:fb:0a:f7:07:ed:8e:fc:48:64:da:34:cb:68:4f:
61:7e:2c:ef:bb:c9:68:e7:0c:2e:c2:f3:69:58:e8:fa:d7:8a:
0b:4b:91:0f:ab:68:2d:b3:22:a3:23:a7:90:b2:e3:19:c9:9e:
ac:29:4c:99:80:b9:12:06:8c:02:08:31:44:f0:8f:33:98:a0:
84:05:26:87:8f:e4:64:30:29:ad:d4:90:de:8a:cc:26:1b:a6:
7f:a5:9a:7b:f9:42:60:8a:5b:39:d7:3e:49:7a:01:63:71:76:
22:00:12:52:00:73:b9:11:47:a5:a0:fa:23:d3:b4:ed:30:ff:
72:ff:ee:48:c8:4b:26:3f:44:41:08:22:20:e7:94:6e:1c:f4:
5f:fe:62:8c:38:53:75:2f:69:21:d3:6d:e7:a5:64:5b:c1:f4:
db:f4:91:b6:c7:b0:2a:38:bb:29:18:2d:69:0c:e6:8e:dd:08:
66:03:72:5c
-----BEGIN CERTIFICATE-----
MIIFkDCCBHigAwIBAgICCh4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkFGQTQxMTAvBgNVBAUTKDUxOTQyRDI1RURCQ0E1MURGQTU2Q0UwOUVEMzYxRUI3
QTI2REJEMjUwHhcNMjYwMzEzMDYwMjI0WhcNMjcwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWIzYTg3MC05ZmJmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApxhWZ1Fg0Eoh0tZ/LwOOD8ayEp2OaXfsk0cATJCiud7k4Zp/+Ip/vwigec5X
abJe8PBxL72DnKMyNpABNfdA7Kv8VJ8XX8FWi1JEX/piNsTl+hcC1kwIyrFSO/B2
8CDDUO55zPhUU32flkD3tUXLsKDDyRoBPAbwiidIpxRG/Lbje+f6GMxriL/UGF0p
YVyKK6r/xXoGWUxk3i97PMLPP3dDseWvAt0ZjogT6hIZm178cKuqu7QLWKMQzp7H
fOqBaYPkmNmi+3DRRYt2KzGNSkTQUwc10q8ittKhElWvXantST+AExcbEgBa0dTE
YUBUGtrk9dQcoD8PgpKxH9LMuwIDAQABo4ICtDCCArAwHQYDVR0OBBYEFIDD6aik
eD6Yr83S0Gjh29fXXJb+MB8GA1UdIwQYMBaAFFGULSXtvKUd+lbOCe02Hreibb0l
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyQUZBNC9CNjc4NjJGQUFC
OTUxMUVBQjI1NTlDNUJDNEY5QUUwMi9VWlF0SmUyOHBSMzZWczRKN1RZZXQ2SnR2
U1UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1VaUXRKZTI4cFIzNlZzNEo3VFlldDZKdHZTVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkFGQTQvQjY3ODYyRkFBQjk1MTFFQUIyNTU5QzVCQzRGOUFFMDIvQzFENkFEOTgx
RUExMTFGMUIyREQ0N0IyMTIzRDhDNjcucm9hMHMGCCsGAQUFBwEHAQH/BGQwYjBG
BAIAATBAAwQBZ12WAwQBZ5iAAwQCZ9AEAwQBdM6AAwQBe2SMMAwDBAB7ZI8DBAB7
ZJgwDAMEBnv9wAMEAHv9wgMEAspWNDAYBAIAAjASAwcHJARqgAAAAwcHJARqgAIA
MA0GCSqGSIb3DQEBCwUAA4IBAQAhuRBareyNi2nRNugQ+/KWgfKPqg8Wtp90w2N3
86i3+qosoSB9f6dm6OSS0qJoIZudNaGipgGKmCbkICg3SVJ+c3GzBcY+MdNmrmAz
+wr3B+2O/Ehk2jTLaE9hfizvu8lo5wwuwvNpWOj614oLS5EPq2gtsyKjI6eQsuMZ
yZ6sKUyZgLkSBowCCDFE8I8zmKCEBSaHj+RkMCmt1JDeiswmG6Z/pZp7+UJgils5
1z5JegFjcXYiABJSAHO5EUeloPoj07TtMP9y/+5IyEsmP0RBCCIg55RuHPRf/mKM
OFN1L2kh023npWRbwfTb9JG2x7AqOLspGC1pDOaO3QhmA3Jc
-----END CERTIFICATE-----
Generated at Thu Mar 26 08:44:47 2026 by rpki-client