Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9158E3F/C24322BA544611EA8C05651DC4F9AE02/CB67A9DC8D1311EF9895E61CC4F9AE02.roa
File: CB67A9DC8D1311EF9895E61CC4F9AE02.roa (raw, json)
Hash identifier: whrOto6YdWxD5nUJi5RhnyhfSKeLupBw4gHNI11xyhI=
Subject key identifier: 9F:8D:2A:65:E3:62:4B:49:BF:68:7C:3D:6B:FF:9E:AF:D0:57:B3:60
Certificate issuer: /CN=A9158E3F/serialNumber=7E313AB7FF26E783E03C07851612751881AE4918
Certificate serial: 0CB8
Authority key identifier: 7E:31:3A:B7:FF:26:E7:83:E0:3C:07:85:16:12:75:18:81:AE:49:18
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fjE6t_8m54PgPAeFFhJ1GIGuSRg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9158E3F/C24322BA544611EA8C05651DC4F9AE02/CB67A9DC8D1311EF9895E61CC4F9AE02.roa
Signing time: Mon 02 Mar 2026 13:27:42 +0000
ROA not before: Sat 16 Aug 2025 19:30:02 +0000
ROA not after: Sat 31 Oct 2026 00:00:00 +0000
asID: 15830
IP address blocks: 27.111.128.0/22 maxlen: 22
36.255.39.0/24 maxlen: 24
103.8.176.0/22 maxlen: 22
103.8.180.0/22 maxlen: 22
103.8.180.0/24 maxlen: 24
103.8.182.0/23 maxlen: 23
119.27.0.0/19 maxlen: 19
119.27.32.0/20 maxlen: 20
119.27.50.0/23 maxlen: 23
119.27.52.0/22 maxlen: 22
119.27.56.0/22 maxlen: 22
119.27.60.0/23 maxlen: 23
122.50.64.0/19 maxlen: 19
122.50.104.0/21 maxlen: 21
122.50.112.0/22 maxlen: 22
122.50.120.0/21 maxlen: 21
180.189.0.0/20 maxlen: 20
180.189.0.0/21 maxlen: 21
180.189.8.0/21 maxlen: 21
180.189.8.0/22 maxlen: 22
180.189.13.0/24 maxlen: 24
180.189.14.0/23 maxlen: 23
180.189.32.0/20 maxlen: 20
180.189.48.0/22 maxlen: 22
180.189.56.0/21 maxlen: 21
183.177.0.0/20 maxlen: 20
183.177.16.0/20 maxlen: 20
183.177.32.0/20 maxlen: 20
202.167.224.0/23 maxlen: 23
202.167.227.0/24 maxlen: 24
202.167.230.0/23 maxlen: 23
202.167.232.0/24 maxlen: 24
202.167.234.0/23 maxlen: 23
202.167.236.0/22 maxlen: 22
202.167.240.0/22 maxlen: 22
202.167.244.0/22 maxlen: 22
202.167.248.0/23 maxlen: 23
202.167.252.0/23 maxlen: 23
202.167.254.0/24 maxlen: 24
202.167.255.0/24 maxlen: 24
202.177.192.0/24 maxlen: 24
202.177.193.0/24 maxlen: 24
202.177.195.0/24 maxlen: 24
202.177.196.0/23 maxlen: 23
202.177.198.0/24 maxlen: 24
202.177.199.0/24 maxlen: 24
202.177.200.0/23 maxlen: 23
202.177.202.0/23 maxlen: 23
202.177.204.0/23 maxlen: 23
202.177.207.0/24 maxlen: 24
203.190.224.0/23 maxlen: 23
203.190.226.0/24 maxlen: 24
203.190.228.0/23 maxlen: 23
203.190.232.0/22 maxlen: 22
203.190.232.0/24 maxlen: 24
203.190.236.0/22 maxlen: 22
2407:b000::/32 maxlen: 32
2407:b001::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9158E3F/C24322BA544611EA8C05651DC4F9AE02/fjE6t_8m54PgPAeFFhJ1GIGuSRg.crl
rsync://rpki.apnic.net/member_repository/A9158E3F/C24322BA544611EA8C05651DC4F9AE02/fjE6t_8m54PgPAeFFhJ1GIGuSRg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fjE6t_8m54PgPAeFFhJ1GIGuSRg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 31 Mar 2026 19:02:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3256 (0xcb8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9158E3F, serialNumber=7E313AB7FF26E783E03C07851612751881AE4918
Validity
Not Before: Aug 16 19:30:02 2025 GMT
Not After : Oct 31 00:00:00 2026 GMT
Subject: CN=69a5904e-a3be
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:c1:f9:d7:7a:ed:a6:58:c3:b3:70:29:4c:39:
f5:d3:8a:b7:ea:b0:76:4a:9b:bd:14:d0:cc:7b:df:
f5:85:56:07:56:e5:50:68:3f:1f:4a:6e:58:c2:1a:
75:45:3a:4e:8b:31:0b:82:2b:91:d3:a1:a0:9d:02:
7f:19:fe:eb:b5:8e:88:1d:14:89:ac:9a:96:85:38:
a2:9c:af:c8:17:0c:b9:50:b3:08:08:a7:e1:0b:73:
dd:dc:69:7c:4c:e3:f1:1b:9c:93:cf:6f:c7:81:c0:
64:e3:b5:b2:8a:6d:0c:61:2b:c2:2f:7a:3a:34:12:
58:f3:d5:fb:e2:9f:05:2b:3a:07:a8:a6:43:7c:7d:
9e:e2:22:9a:fc:59:92:77:7e:25:8d:78:3a:3a:1a:
3b:ff:13:ea:72:fe:40:bf:c5:35:14:14:49:f0:62:
ed:51:95:47:60:f7:54:0e:be:1b:7d:d4:d0:00:db:
a2:e8:da:66:37:1d:b9:f6:f0:a4:52:bb:64:7b:3f:
40:d5:64:09:01:86:a0:2b:0d:09:7c:1a:77:bf:d5:
4b:2c:c9:c0:67:4e:ee:00:16:dc:a1:a8:1b:98:55:
f8:28:96:00:9b:4b:05:73:f4:88:ed:d5:22:b2:00:
36:ca:29:d3:eb:44:ae:00:b9:8d:95:bf:0e:7b:ee:
e9:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:8D:2A:65:E3:62:4B:49:BF:68:7C:3D:6B:FF:9E:AF:D0:57:B3:60
X509v3 Authority Key Identifier:
keyid:7E:31:3A:B7:FF:26:E7:83:E0:3C:07:85:16:12:75:18:81:AE:49:18
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9158E3F/C24322BA544611EA8C05651DC4F9AE02/fjE6t_8m54PgPAeFFhJ1GIGuSRg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fjE6t_8m54PgPAeFFhJ1GIGuSRg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9158E3F/C24322BA544611EA8C05651DC4F9AE02/CB67A9DC8D1311EF9895E61CC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
27.111.128.0/22
36.255.39.0/24
103.8.176.0/21
119.27.0.0-119.27.47.255
119.27.50.0-119.27.61.255
122.50.64.0/19
122.50.104.0-122.50.115.255
122.50.120.0/21
180.189.0.0/20
180.189.32.0-180.189.51.255
180.189.56.0/21
183.177.0.0-183.177.47.255
202.167.224.0/23
202.167.227.0/24
202.167.230.0-202.167.232.255
202.167.234.0-202.167.249.255
202.167.252.0/22
202.177.192.0/23
202.177.195.0-202.177.205.255
202.177.207.0/24
203.190.224.0-203.190.226.255
203.190.228.0/23
203.190.232.0/21
IPv6:
2407:b000::/31
Signature Algorithm: sha256WithRSAEncryption
52:28:6b:f4:20:8c:48:90:f5:c0:d0:c2:07:34:ee:ac:ea:d2:
dc:b3:cd:b6:95:2b:78:09:c1:56:46:fd:ae:fa:54:bf:05:54:
43:00:ac:3a:65:2d:58:58:88:7c:10:97:98:e0:49:e3:99:71:
a1:fa:2c:2c:9f:fe:12:17:79:4e:ee:e8:c9:b0:cd:ad:ab:38:
e2:86:dc:57:5d:6c:2e:cc:35:50:46:af:c2:36:45:eb:ec:a4:
46:a7:98:f1:30:4c:7a:6e:55:90:c4:e6:15:ab:1b:fa:73:27:
d2:72:cc:17:7a:26:3f:34:1f:7e:f1:c6:e1:9b:a1:6e:a0:a3:
ca:2e:41:9c:ca:36:d9:52:88:bc:8e:92:5d:6d:08:98:9f:96:
52:44:72:58:3b:3a:fe:44:b6:ac:7e:d3:49:01:16:c2:69:8a:
d9:d9:b0:4a:20:42:16:33:16:37:d8:c9:f1:39:33:df:64:99:
cc:d9:77:93:95:e4:39:ad:7b:ce:3b:b3:16:39:a2:86:40:a1:
81:8a:31:85:66:05:4b:b9:9c:cc:d9:50:ff:8a:e3:ae:7e:a7:
3b:6b:cd:a7:92:ba:2f:d7:3c:8a:51:4b:05:87:93:ad:9e:1f:
b8:18:4c:69:a2:3a:be:98:14:07:4f:c6:02:82:7e:8d:6f:0e:
9a:58:20:95
-----BEGIN CERTIFICATE-----
MIIGGjCCBQKgAwIBAgICDLgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NThFM0YxMTAvBgNVBAUTKDdFMzEzQUI3RkYyNkU3ODNFMDNDMDc4NTE2MTI3NTE4
ODFBRTQ5MTgwHhcNMjUwODE2MTkzMDAyWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE1OTA0ZS1hM2JlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArMH513rtpljDs3ApTDn104q36rB2Spu9FNDMe9/1hVYHVuVQaD8fSm5Ywhp1
RTpOizELgiuR06GgnQJ/Gf7rtY6IHRSJrJqWhTiinK/IFwy5ULMICKfhC3Pd3Gl8
TOPxG5yTz2/HgcBk47Wyim0MYSvCL3o6NBJY89X74p8FKzoHqKZDfH2e4iKa/FmS
d34ljXg6Oho7/xPqcv5Av8U1FBRJ8GLtUZVHYPdUDr4bfdTQANui6NpmNx259vCk
Urtkez9A1WQJAYagKw0JfBp3v9VLLMnAZ07uABbcoagbmFX4KJYAm0sFc/SI7dUi
sgA2yinT60SuALmNlb8Oe+7pNQIDAQABo4IDPjCCAzowHQYDVR0OBBYEFJ+NKmXj
YktJv2h8PWv/nq/QV7NgMB8GA1UdIwQYMBaAFH4xOrf/JueD4DwHhRYSdRiBrkkY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1OEUzRi9DMjQzMjJCQTU0
NDYxMUVBOEMwNTY1MURDNEY5QUUwMi9makU2dF84bTU0UGdQQWVGRmhKMUdJR3VT
UmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2ZqRTZ0XzhtNTRQZ1BBZUZGaEoxR0lHdVNSZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NThFM0YvQzI0MzIyQkE1NDQ2MTFFQThDMDU2NTFEQzRGOUFFMDIvQ0I2N0E5REM4
RDEzMTFFRjk4OTVFNjFDQzRGOUFFMDIucm9hMIH8BggrBgEFBQcBBwEB/wSB7DCB
6TCB1wQCAAEwgdADBAIbb4ADBAAk/ycDBANnCLAwCwMDAHcbAwQEdxsgMAwDBAF3
GzIDBAF3GzwDBAV6MkAwDAMEA3oyaAMEAnoycAMEA3oyeAMEBLS9ADAMAwQFtL0g
AwQCtL0wAwQDtL04MAsDAwC3sQMEBLexIAMEAcqn4AMEAMqn4zAMAwQByqfmAwQA
yqfoMAwDBAHKp+oDBAHKp/gDBALKp/wDBAHKscAwDAMEAMqxwwMEAcqxzAMEAMqx
zzAMAwQFy77gAwQAy77iAwQBy77kAwQDy77oMA0EAgACMAcDBQEkB7AAMA0GCSqG
SIb3DQEBCwUAA4IBAQBSKGv0IIxIkPXA0MIHNO6s6tLcs822lSt4CcFWRv2u+lS/
BVRDAKw6ZS1YWIh8EJeY4EnjmXGh+iwsn/4SF3lO7ujJsM2tqzjihtxXXWwuzDVQ
Rq/CNkXr7KRGp5jxMEx6blWQxOYVqxv6cyfScswXeiY/NB9+8cbhm6FuoKPKLkGc
yjbZUoi8jpJdbQiYn5ZSRHJYOzr+RLasftNJARbCaYrZ2bBKIEIWMxY32MnxOTPf
ZJnM2XeTleQ5rXvOO7MWOaKGQKGBijGFZgVLuZzM2VD/iuOufqc7a82nkrov1zyK
UUsFh5Otnh+4GExpojq+mBQHT8YCgn6Nbw6aWCCV
-----END CERTIFICATE-----
Generated at Thu Mar 26 09:23:53 2026 by rpki-client