Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/AB20F8C0DD3311EF8B8A711FC4F9AE02.roa
File: AB20F8C0DD3311EF8B8A711FC4F9AE02.roa (raw, json)
Hash identifier: BoL9UlNE8f39H5zPW1byPvXmDiZbS/dSQi7Q0NywADo=
Subject key identifier: 43:B4:E2:F8:CF:3D:09:3A:99:E3:19:C9:AC:56:3B:23:86:F0:39:77
Certificate issuer: /CN=A9148C7B/serialNumber=7F79665E63BF3CD56DC24A0A70D57F9A942DD1B8
Certificate serial: 0929
Authority key identifier: 7F:79:66:5E:63:BF:3C:D5:6D:C2:4A:0A:70:D5:7F:9A:94:2D:D1:B8
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/f3lmXmO_PNVtwkoKcNV_mpQt0bg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/AB20F8C0DD3311EF8B8A711FC4F9AE02.roa
Signing time: Mon 23 Mar 2026 11:03:32 +0000
ROA not before: Mon 23 Mar 2026 11:03:32 +0000
ROA not after: Wed 30 Dec 2026 00:00:00 +0000
asID: 38742
IP address blocks: 23.88.194.0/24 maxlen: 24
23.88.195.0/24 maxlen: 24
23.88.196.0/24 maxlen: 24
23.88.197.0/24 maxlen: 24
23.88.198.0/24 maxlen: 24
23.88.199.0/24 maxlen: 24
23.88.200.0/24 maxlen: 24
23.88.201.0/24 maxlen: 24
23.88.202.0/24 maxlen: 24
23.88.203.0/24 maxlen: 24
23.88.204.0/24 maxlen: 24
23.88.205.0/24 maxlen: 24
23.88.206.0/24 maxlen: 24
23.88.207.0/24 maxlen: 24
23.88.208.0/24 maxlen: 24
23.88.209.0/24 maxlen: 24
23.88.210.0/24 maxlen: 24
23.88.211.0/24 maxlen: 24
23.88.212.0/22 maxlen: 22
23.88.212.0/24 maxlen: 24
23.88.213.0/24 maxlen: 24
23.88.214.0/24 maxlen: 24
23.88.215.0/24 maxlen: 24
23.88.216.0/22 maxlen: 22
23.88.216.0/24 maxlen: 24
23.88.217.0/24 maxlen: 24
23.88.218.0/24 maxlen: 24
23.88.219.0/24 maxlen: 24
23.88.220.0/22 maxlen: 22
23.88.220.0/24 maxlen: 24
23.88.221.0/24 maxlen: 24
23.88.222.0/24 maxlen: 24
23.88.223.0/24 maxlen: 24
152.36.194.0/24 maxlen: 24
152.36.195.0/24 maxlen: 24
152.36.200.0/24 maxlen: 24
152.36.202.0/24 maxlen: 24
152.36.206.0/24 maxlen: 24
152.36.207.0/24 maxlen: 24
152.36.209.0/24 maxlen: 24
152.36.210.0/24 maxlen: 24
152.36.214.0/24 maxlen: 24
152.36.216.0/24 maxlen: 24
152.36.217.0/24 maxlen: 24
152.36.218.0/24 maxlen: 24
152.36.219.0/24 maxlen: 24
152.36.220.0/24 maxlen: 24
152.36.221.0/24 maxlen: 24
152.36.222.0/24 maxlen: 24
152.36.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/f3lmXmO_PNVtwkoKcNV_mpQt0bg.crl
rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/f3lmXmO_PNVtwkoKcNV_mpQt0bg.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/f3lmXmO_PNVtwkoKcNV_mpQt0bg.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 31 Mar 2026 14:45:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2345 (0x929)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9148C7B, serialNumber=7F79665E63BF3CD56DC24A0A70D57F9A942DD1B8
Validity
Not Before: Mar 23 11:03:32 2026 GMT
Not After : Dec 30 00:00:00 2026 GMT
Subject: CN=69c11e03-d606
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:69:bd:f4:b5:bc:25:fb:0a:8a:60:af:83:cf:
62:30:98:d0:2e:3b:d3:43:68:8a:9b:d4:7f:a6:5f:
59:41:38:51:d9:90:e7:10:c2:0d:78:21:f0:03:9a:
e7:99:34:b6:75:4c:be:5a:64:48:d4:19:5c:00:9e:
a9:81:de:d4:28:7e:65:40:7e:b0:7b:c4:79:45:68:
75:5c:21:4d:b5:ab:f9:ee:63:d4:c6:fa:48:d7:5d:
a9:74:9d:47:56:25:88:c0:8b:76:12:0b:5a:73:ba:
92:17:88:2a:8a:a3:d7:bc:68:42:a7:43:7c:cc:69:
c1:04:4f:b6:00:a6:b3:bc:a7:67:37:0f:6d:ac:14:
48:d9:94:f9:9a:e9:73:02:96:9b:00:d0:58:78:d8:
98:ac:32:e7:c6:2d:3e:54:a4:2f:a2:fe:8c:f6:df:
fd:8e:0d:7f:ff:1e:5a:ee:8a:87:76:b7:78:fe:34:
1a:bb:ff:e8:da:d3:1d:8a:8b:86:d1:70:9c:ea:fd:
b2:55:99:b4:ae:35:b6:26:31:6a:b4:09:b4:44:65:
c1:5e:57:b6:1b:17:ca:82:a1:02:6d:53:7c:07:04:
1e:c2:24:31:47:28:e3:e2:3c:04:05:bc:90:3c:c7:
18:18:eb:a8:d7:75:eb:c2:47:48:2e:bd:9a:ab:59:
88:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:B4:E2:F8:CF:3D:09:3A:99:E3:19:C9:AC:56:3B:23:86:F0:39:77
X509v3 Authority Key Identifier:
keyid:7F:79:66:5E:63:BF:3C:D5:6D:C2:4A:0A:70:D5:7F:9A:94:2D:D1:B8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/f3lmXmO_PNVtwkoKcNV_mpQt0bg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/f3lmXmO_PNVtwkoKcNV_mpQt0bg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148C7B/5BFCFF8CD63011EA940DA039C4F9AE02/AB20F8C0DD3311EF8B8A711FC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
23.88.194.0-23.88.223.255
152.36.194.0/23
152.36.200.0/24
152.36.202.0/24
152.36.206.0/23
152.36.209.0-152.36.210.255
152.36.214.0/24
152.36.216.0/21
Signature Algorithm: sha256WithRSAEncryption
3f:9e:e3:26:8b:d4:1c:11:b8:bc:ba:dd:7c:43:4c:e5:ab:bb:
d8:a1:01:44:97:1d:d7:f6:46:db:c2:34:e0:c4:fc:50:6a:4a:
4f:4e:af:10:76:43:ac:e5:26:01:8f:4c:d6:92:9c:98:3f:3f:
71:1c:03:c2:82:ed:f9:be:2a:61:e8:ff:ec:9d:7c:87:f4:f9:
f0:b7:bc:9f:6d:30:46:8f:ac:84:72:ad:7f:87:a1:9e:de:22:
63:d2:28:d3:e8:ab:c5:0f:a9:62:e3:c7:91:d5:25:92:f7:25:
2c:dd:19:21:3b:31:2b:a2:6d:c4:28:60:1f:f5:86:7f:b7:61:
24:15:0e:4c:f7:bc:c5:0c:1b:32:ff:65:8e:a8:07:d8:21:9d:
c6:28:54:64:05:db:a9:4a:7f:0a:c2:ee:44:f4:8e:45:63:d5:
57:78:5d:81:a4:da:b8:5c:22:a2:ce:9f:6e:99:39:7e:a1:63:
57:41:b4:c3:81:6e:55:21:75:ec:f9:02:e3:a5:da:9b:f8:25:
66:35:a2:f7:b2:cb:38:06:05:c6:46:36:e9:da:a8:f8:4f:f3:
88:65:c3:d9:ed:bb:f2:9d:d4:2a:b8:65:2a:4c:a8:61:5f:ce:
d4:7a:10:21:5d:7d:f5:09:6c:20:25:76:e9:ad:19:29:6b:ef:
d6:36:b2:41
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgICCSkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhDN0IxMTAvBgNVBAUTKDdGNzk2NjVFNjNCRjNDRDU2REMyNEEwQTcwRDU3RjlB
OTQyREQxQjgwHhcNMjYwMzIzMTEwMzMyWhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWMxMWUwMy1kNjA2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAm2m99LW8JfsKimCvg89iMJjQLjvTQ2iKm9R/pl9ZQThR2ZDnEMINeCHwA5rn
mTS2dUy+WmRI1BlcAJ6pgd7UKH5lQH6we8R5RWh1XCFNtav57mPUxvpI112pdJ1H
ViWIwIt2Egtac7qSF4gqiqPXvGhCp0N8zGnBBE+2AKazvKdnNw9trBRI2ZT5mulz
ApabANBYeNiYrDLnxi0+VKQvov6M9t/9jg1//x5a7oqHdrd4/jQau//o2tMdiouG
0XCc6v2yVZm0rjW2JjFqtAm0RGXBXle2GxfKgqECbVN8BwQewiQxRyjj4jwEBbyQ
PMcYGOuo13XrwkdILr2aq1mIfwIDAQABo4ICmjCCApYwHQYDVR0OBBYEFEO04vjP
PQk6meMZyaxWOyOG8Dl3MB8GA1UdIwQYMBaAFH95Zl5jvzzVbcJKCnDVf5qULdG4
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEM3Qi81QkZDRkY4Q0Q2
MzAxMUVBOTQwREEwMzlDNEY5QUUwMi9mM2xtWG1PX1BOVnR3a29LY05WX21wUXQw
YmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2YzbG1YbU9fUE5WdHdrb0tjTlZfbXBRdDBiZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhDN0IvNUJGQ0ZGOENENjMwMTFFQTk0MERBMDM5QzRGOUFFMDIvQUIyMEY4QzBE
RDMzMTFFRjhCOEE3MTFGQzRGOUFFMDIucm9hMFkGCCsGAQUFBwEHAQH/BEowSDBG
BAIAATBAMAwDBAEXWMIDBAUXWMADBAGYJMIDBACYJMgDBACYJMoDBAGYJM4wDAME
AJgk0QMEAJgk0gMEAJgk1gMEA5gk2DANBgkqhkiG9w0BAQsFAAOCAQEAP57jJovU
HBG4vLrdfENM5au72KEBRJcd1/ZG28I04MT8UGpKT06vEHZDrOUmAY9M1pKcmD8/
cRwDwoLt+b4qYej/7J18h/T58Le8n20wRo+shHKtf4ehnt4iY9Io0+irxQ+pYuPH
kdUlkvclLN0ZITsxK6JtxChgH/WGf7dhJBUOTPe8xQwbMv9ljqgH2CGdxihUZAXb
qUp/CsLuRPSORWPVV3hdgaTauFwios6fbpk5fqFjV0G0w4FuVSF17PkC46Xam/gl
ZjWi97LLOAYFxkY26dqo+E/ziGXD2e278p3UKrhlKkyoYV/O1HoQIV199QlsICV2
6a0ZKWvv1jayQQ==
-----END CERTIFICATE-----
Generated at Thu Mar 26 17:31:11 2026 by rpki-client