Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/CD1E94321A7D11F09A63C576C4F9AE02.roa
File: CD1E94321A7D11F09A63C576C4F9AE02.roa (raw, json)
Hash identifier: izTNp/JGEMDm9FjJb1Cp+fcuTZ2LOC/hwPNrIFeFyK4=
Subject key identifier: E0:D6:E9:D8:21:AC:8D:C3:FB:9A:2C:A4:1F:B0:91:D4:16:21:58:36
Certificate issuer: /CN=A91450A4/serialNumber=3D1D6A332AEA4EC502037A0909F4CC19D42DB198
Certificate serial: 08E0
Authority key identifier: 3D:1D:6A:33:2A:EA:4E:C5:02:03:7A:09:09:F4:CC:19:D4:2D:B1:98
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PR1qMyrqTsUCA3oJCfTMGdQtsZg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/CD1E94321A7D11F09A63C576C4F9AE02.roa
Signing time: Wed 06 May 2026 12:02:39 +0000
ROA not before: Wed 06 May 2026 12:02:39 +0000
ROA not after: Wed 31 Mar 2027 00:00:00 +0000
asID: 55766
IP address blocks: 43.243.238.0/23 maxlen: 24
43.252.96.0/22 maxlen: 24
103.22.184.0/22 maxlen: 24
103.24.242.0/23 maxlen: 24
103.27.152.0/22 maxlen: 24
103.224.210.0/24 maxlen: 24
103.226.36.0/22 maxlen: 24
115.165.172.0/24 maxlen: 24
118.107.144.0/24 maxlen: 24
118.107.148.0/23 maxlen: 24
118.107.151.0/24 maxlen: 24
175.184.192.0/24 maxlen: 24
175.184.194.0/24 maxlen: 24
175.184.198.0/24 maxlen: 24
175.184.218.0/24 maxlen: 24
175.184.219.0/24 maxlen: 24
175.184.220.0/24 maxlen: 24
202.146.6.0/23 maxlen: 24
203.148.94.0/23 maxlen: 24
223.29.240.0/22 maxlen: 24
2400:f280::/32 maxlen: 40
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/PR1qMyrqTsUCA3oJCfTMGdQtsZg.crl
rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/PR1qMyrqTsUCA3oJCfTMGdQtsZg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PR1qMyrqTsUCA3oJCfTMGdQtsZg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 19 May 2026 20:57:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2272 (0x8e0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91450A4, serialNumber=3D1D6A332AEA4EC502037A0909F4CC19D42DB198
Validity
Not Before: May 6 12:02:39 2026 GMT
Not After : Mar 31 00:00:00 2027 GMT
Subject: CN=69fb2ddf-751e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:bc:d0:cf:09:c6:b6:53:12:d6:77:31:7a:64:
4d:3d:db:70:b6:ce:21:04:73:c3:f5:e3:39:fa:27:
f7:68:8d:a7:d5:05:38:ac:cb:8e:e2:41:01:c4:24:
ef:a8:fc:a2:aa:a5:b4:dd:0b:5a:5d:72:c9:1b:d2:
60:1b:6a:42:8a:76:cf:8e:91:cf:8f:8a:95:fd:1d:
bd:9e:27:32:d2:fe:7a:f5:3a:ea:ee:b4:b2:31:af:
48:a8:19:b8:00:2c:13:e0:af:65:8a:1b:08:1e:e0:
4e:dd:2c:72:4d:8d:35:76:94:e4:8d:2e:23:85:ce:
32:35:7b:3c:3e:42:85:e7:08:63:03:c0:c6:08:e1:
af:65:01:1a:29:40:81:8a:9f:27:0c:8f:c7:68:d5:
88:1e:7a:d1:43:9e:9c:a7:4a:97:c5:6a:33:3f:05:
42:ae:1b:a9:05:4e:50:6a:7f:8b:08:80:78:ae:2c:
58:8a:e2:bc:25:5a:df:d3:8f:43:54:3d:03:16:1f:
83:a1:ad:d5:65:73:77:e6:03:39:31:45:75:1b:d5:
51:dd:9a:9d:f8:3e:9e:25:61:f6:d8:93:a1:24:a7:
43:86:20:6a:b4:c1:0a:dc:8a:05:e7:56:44:48:14:
66:38:ba:e9:b6:b4:aa:bc:7d:48:7e:f1:50:81:f0:
ef:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:D6:E9:D8:21:AC:8D:C3:FB:9A:2C:A4:1F:B0:91:D4:16:21:58:36
X509v3 Authority Key Identifier:
keyid:3D:1D:6A:33:2A:EA:4E:C5:02:03:7A:09:09:F4:CC:19:D4:2D:B1:98
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/PR1qMyrqTsUCA3oJCfTMGdQtsZg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PR1qMyrqTsUCA3oJCfTMGdQtsZg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91450A4/DD4736980C3611EBA4E49E21C4F9AE02/CD1E94321A7D11F09A63C576C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
43.243.238.0/23
43.252.96.0/22
103.22.184.0/22
103.24.242.0/23
103.27.152.0/22
103.224.210.0/24
103.226.36.0/22
115.165.172.0/24
118.107.144.0/24
118.107.148.0/23
118.107.151.0/24
175.184.192.0/24
175.184.194.0/24
175.184.198.0/24
175.184.218.0-175.184.220.255
202.146.6.0/23
203.148.94.0/23
223.29.240.0/22
IPv6:
2400:f280::/32
Signature Algorithm: sha256WithRSAEncryption
00:47:dc:0c:a2:55:df:45:ed:23:35:a1:56:c4:89:d3:5e:40:
85:21:0e:75:c3:5e:6c:ad:c7:fd:2c:a5:5f:1b:12:2a:81:aa:
1b:fb:a1:b6:43:05:b0:a1:0d:55:25:85:f5:6a:23:02:0d:28:
80:dc:f1:57:64:49:24:5f:81:58:ae:f0:d1:1c:8e:95:16:0b:
c0:11:20:2e:9c:9e:12:01:e1:1c:f0:12:7c:8b:ee:e8:f2:12:
e3:fe:8d:40:9a:38:46:84:e5:da:66:e0:ac:63:cc:11:64:c7:
61:d5:26:11:ba:a1:40:92:08:3b:63:2e:36:b5:cf:84:79:4f:
68:27:88:d8:90:f5:1d:f9:ee:a0:6b:ec:dd:8f:33:86:40:b1:
4d:ef:45:df:93:5e:73:6a:89:03:41:a8:44:d2:6a:f1:04:0b:
5d:0f:33:82:1f:cb:5b:2d:e1:3c:53:1e:33:d8:8a:68:82:4c:
13:b3:9f:51:3f:f0:ef:59:75:d5:65:6b:a1:0f:dd:41:a2:0e:
1f:7e:83:37:e9:36:63:44:ba:c6:86:e1:dd:e6:e9:b0:83:12:
3d:26:df:08:d7:2a:a4:41:bd:8c:71:d4:d4:a6:e7:a6:56:b8:
ea:0d:f4:10:6a:b7:a7:8a:da:dd:1e:4d:be:07:85:2a:6e:26:
f1:53:98:1f
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgICCOAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDUwQTQxMTAvBgNVBAUTKDNEMUQ2QTMzMkFFQTRFQzUwMjAzN0EwOTA5RjRDQzE5
RDQyREIxOTgwHhcNMjYwNTA2MTIwMjM5WhcNMjcwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWZiMmRkZi03NTFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0bzQzwnGtlMS1ncxemRNPdtwts4hBHPD9eM5+if3aI2n1QU4rMuO4kEBxCTv
qPyiqqW03QtaXXLJG9JgG2pCinbPjpHPj4qV/R29nicy0v569Trq7rSyMa9IqBm4
ACwT4K9lihsIHuBO3SxyTY01dpTkjS4jhc4yNXs8PkKF5whjA8DGCOGvZQEaKUCB
ip8nDI/HaNWIHnrRQ56cp0qXxWozPwVCrhupBU5Qan+LCIB4rixYiuK8JVrf049D
VD0DFh+Doa3VZXN35gM5MUV1G9VR3Zqd+D6eJWH22JOhJKdDhiBqtMEK3IoF51ZE
SBRmOLrptrSqvH1IfvFQgfDvhQIDAQABo4IC4DCCAtwwHQYDVR0OBBYEFODW6dgh
rI3D+5ospB+wkdQWIVg2MB8GA1UdIwQYMBaAFD0dajMq6k7FAgN6CQn0zBnULbGY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NTBBNC9ERDQ3MzY5ODBD
MzYxMUVCQTRFNDlFMjFDNEY5QUUwMi9QUjFxTXlycVRzVUNBM29KQ2ZUTUdkUXRz
WmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BSMXFNeXJxVHNVQ0Ezb0pDZlRNR2RRdHNaZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDUwQTQvREQ0NzM2OTgwQzM2MTFFQkE0RTQ5RTIxQzRGOUFFMDIvQ0QxRTk0MzIx
QTdEMTFGMDlBNjNDNTc2QzRGOUFFMDIucm9hMIGeBggrBgEFBQcBBwEB/wSBjjCB
izB6BAIAATB0AwQBK/PuAwQCK/xgAwQCZxa4AwQBZxjyAwQCZxuYAwQAZ+DSAwQC
Z+IkAwQAc6WsAwQAdmuQAwQBdmuUAwQAdmuXAwQAr7jAAwQAr7jCAwQAr7jGMAwD
BAGvuNoDBACvuNwDBAHKkgYDBAHLlF4DBALfHfAwDQQCAAIwBwMFACQA8oAwDQYJ
KoZIhvcNAQELBQADggEBAABH3AyiVd9F7SM1oVbEidNeQIUhDnXDXmytx/0spV8b
EiqBqhv7obZDBbChDVUlhfVqIwINKIDc8VdkSSRfgViu8NEcjpUWC8ARIC6cnhIB
4RzwEnyL7ujyEuP+jUCaOEaE5dpm4KxjzBFkx2HVJhG6oUCSCDtjLja1z4R5T2gn
iNiQ9R357qBr7N2PM4ZAsU3vRd+TXnNqiQNBqETSavEEC10PM4Ify1st4TxTHjPY
imiCTBOzn1E/8O9ZddVla6EP3UGiDh9+gzfpNmNEusaG4d3m6bCDEj0m3wjXKqRB
vYxx1NSm56ZWuOoN9BBqt6eK2t0eTb4HhSpuJvFTmB8=
-----END CERTIFICATE-----
Generated at Wed May 13 07:25:07 2026 by rpki-client