Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9186E8A/3148DC9E2DFF11EB868A9135C4F9AE02/9A2EC0AA6BF011F0A7327D86C4F9AE02.roa
File: 9A2EC0AA6BF011F0A7327D86C4F9AE02.roa (raw, json)
Hash identifier: VUsT3WhLr2UUwr4UuxggYtOUr91kn2k/gbUtrN14jIM=
Subject key identifier: B6:04:43:B0:9D:87:BC:92:34:8C:BA:B4:A7:7A:26:FA:C0:8E:E8:81
Certificate issuer: /CN=A9186E8A/serialNumber=BDD5E9A76F1AC4C8E51797ECE99E3DCEECEE7493
Certificate serial: 087B
Authority key identifier: BD:D5:E9:A7:6F:1A:C4:C8:E5:17:97:EC:E9:9E:3D:CE:EC:EE:74:93
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/vdXpp28axMjlF5fs6Z49zuzudJM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9186E8A/3148DC9E2DFF11EB868A9135C4F9AE02/9A2EC0AA6BF011F0A7327D86C4F9AE02.roa
Signing time: Fri 06 Mar 2026 21:28:30 +0000
ROA not before: Fri 06 Mar 2026 21:28:30 +0000
ROA not after: Fri 28 May 2027 00:00:00 +0000
asID: 62610
IP address blocks: 152.32.128.0/24 maxlen: 24
152.32.129.0/24 maxlen: 24
152.32.130.0/24 maxlen: 24
152.32.131.0/24 maxlen: 24
152.32.132.0/24 maxlen: 24
152.32.133.0/24 maxlen: 24
152.32.134.0/24 maxlen: 24
152.32.135.0/24 maxlen: 24
152.32.136.0/24 maxlen: 24
152.32.168.0/24 maxlen: 24
152.32.169.0/24 maxlen: 24
152.32.170.0/24 maxlen: 24
152.32.171.0/24 maxlen: 24
152.32.172.0/24 maxlen: 24
152.32.173.0/24 maxlen: 24
152.32.174.0/24 maxlen: 24
152.32.175.0/24 maxlen: 24
152.32.185.0/24 maxlen: 24
152.32.186.0/24 maxlen: 24
152.32.187.0/24 maxlen: 24
152.32.188.0/24 maxlen: 24
152.32.189.0/24 maxlen: 24
152.32.190.0/24 maxlen: 24
152.32.191.0/24 maxlen: 24
152.32.192.0/24 maxlen: 24
152.32.209.0/24 maxlen: 24
152.32.210.0/24 maxlen: 24
152.32.211.0/24 maxlen: 24
152.32.212.0/24 maxlen: 24
152.32.213.0/24 maxlen: 24
152.32.214.0/24 maxlen: 24
152.32.215.0/24 maxlen: 24
152.32.216.0/24 maxlen: 24
152.32.225.0/24 maxlen: 24
152.32.226.0/24 maxlen: 24
152.32.239.0/24 maxlen: 24
152.32.240.0/24 maxlen: 24
152.32.251.0/24 maxlen: 24
152.32.252.0/24 maxlen: 24
152.32.253.0/24 maxlen: 24
152.32.254.0/24 maxlen: 24
165.154.0.0/24 maxlen: 24
165.154.1.0/24 maxlen: 24
165.154.2.0/24 maxlen: 24
165.154.3.0/24 maxlen: 24
165.154.4.0/24 maxlen: 24
165.154.5.0/24 maxlen: 24
165.154.6.0/24 maxlen: 24
165.154.7.0/24 maxlen: 24
165.154.20.0/24 maxlen: 24
165.154.21.0/24 maxlen: 24
165.154.22.0/24 maxlen: 24
165.154.23.0/24 maxlen: 24
165.154.24.0/24 maxlen: 24
165.154.25.0/24 maxlen: 24
165.154.26.0/24 maxlen: 24
165.154.27.0/24 maxlen: 24
165.154.40.0/24 maxlen: 24
165.154.41.0/24 maxlen: 24
165.154.42.0/24 maxlen: 24
165.154.43.0/24 maxlen: 24
165.154.44.0/24 maxlen: 24
165.154.45.0/24 maxlen: 24
165.154.46.0/24 maxlen: 24
165.154.47.0/24 maxlen: 24
165.154.60.0/24 maxlen: 24
165.154.61.0/24 maxlen: 24
165.154.62.0/24 maxlen: 24
165.154.63.0/24 maxlen: 24
165.154.64.0/24 maxlen: 24
165.154.65.0/24 maxlen: 24
165.154.66.0/24 maxlen: 24
165.154.67.0/24 maxlen: 24
165.154.68.0/24 maxlen: 24
165.154.69.0/24 maxlen: 24
165.154.70.0/24 maxlen: 24
165.154.71.0/24 maxlen: 24
165.154.72.0/24 maxlen: 24
165.154.73.0/24 maxlen: 24
165.154.74.0/24 maxlen: 24
165.154.75.0/24 maxlen: 24
165.154.92.0/24 maxlen: 24
165.154.93.0/24 maxlen: 24
165.154.94.0/24 maxlen: 24
165.154.95.0/24 maxlen: 24
165.154.96.0/24 maxlen: 24
165.154.97.0/24 maxlen: 24
165.154.98.0/24 maxlen: 24
165.154.99.0/24 maxlen: 24
165.154.106.0/24 maxlen: 24
165.154.107.0/24 maxlen: 24
165.154.109.0/24 maxlen: 24
165.154.110.0/24 maxlen: 24
165.154.111.0/24 maxlen: 24
165.154.112.0/24 maxlen: 24
165.154.113.0/24 maxlen: 24
165.154.124.0/24 maxlen: 24
165.154.125.0/24 maxlen: 24
165.154.126.0/24 maxlen: 24
165.154.127.0/24 maxlen: 24
165.154.144.0/24 maxlen: 24
165.154.152.0/24 maxlen: 24
165.154.153.0/24 maxlen: 24
165.154.154.0/24 maxlen: 24
165.154.155.0/24 maxlen: 24
165.154.156.0/24 maxlen: 24
165.154.157.0/24 maxlen: 24
165.154.158.0/24 maxlen: 24
165.154.166.0/24 maxlen: 24
165.154.167.0/24 maxlen: 24
165.154.169.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9186E8A/3148DC9E2DFF11EB868A9135C4F9AE02/vdXpp28axMjlF5fs6Z49zuzudJM.crl
rsync://rpki.apnic.net/member_repository/A9186E8A/3148DC9E2DFF11EB868A9135C4F9AE02/vdXpp28axMjlF5fs6Z49zuzudJM.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/vdXpp28axMjlF5fs6Z49zuzudJM.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 31 Mar 2026 21:03:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2171 (0x87b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9186E8A, serialNumber=BDD5E9A76F1AC4C8E51797ECE99E3DCEECEE7493
Validity
Not Before: Mar 6 21:28:30 2026 GMT
Not After : May 28 00:00:00 2027 GMT
Subject: CN=69ab46fe-4a6c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:69:b3:2c:22:3b:47:06:5f:9a:3d:c7:f6:ff:
33:72:1e:13:e4:8f:03:cb:10:a0:08:0b:ea:c7:dc:
56:f4:a2:5f:33:11:1a:60:a2:54:bb:aa:61:d6:68:
a1:e4:57:03:be:99:13:6b:4f:21:20:3d:26:6f:60:
6a:4f:a0:8c:de:2c:42:86:ac:48:24:65:98:89:a6:
5a:17:77:c6:3f:65:ee:25:14:f8:7c:96:cb:90:65:
15:37:f9:78:f8:9b:66:13:15:0f:ff:bb:2d:e1:8d:
88:04:fd:8d:21:06:9d:d8:85:ed:81:8b:07:8f:77:
6e:7a:c3:93:76:57:83:0b:11:01:37:a2:f7:67:7e:
61:f4:3a:b6:60:7b:22:b5:73:c1:b2:85:a7:97:18:
71:aa:c1:8c:07:f9:f5:bb:74:ba:d5:1e:d9:2a:cb:
db:0a:cc:68:aa:cc:65:50:07:be:22:99:18:ad:c1:
d4:50:90:31:76:f5:92:68:dc:4e:8a:3d:ce:b8:09:
2f:df:5f:f2:44:35:b0:b4:e8:fb:0d:27:a6:08:a8:
49:c7:fd:ce:0a:ea:ab:77:76:3b:a3:19:9f:bc:00:
37:70:0e:da:d0:dd:ef:f4:c6:f9:bb:e1:f7:dd:57:
a4:0a:c8:07:ef:fd:d7:a7:ad:af:f1:5a:55:2d:30:
81:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:04:43:B0:9D:87:BC:92:34:8C:BA:B4:A7:7A:26:FA:C0:8E:E8:81
X509v3 Authority Key Identifier:
keyid:BD:D5:E9:A7:6F:1A:C4:C8:E5:17:97:EC:E9:9E:3D:CE:EC:EE:74:93
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9186E8A/3148DC9E2DFF11EB868A9135C4F9AE02/vdXpp28axMjlF5fs6Z49zuzudJM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/vdXpp28axMjlF5fs6Z49zuzudJM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9186E8A/3148DC9E2DFF11EB868A9135C4F9AE02/9A2EC0AA6BF011F0A7327D86C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
152.32.128.0-152.32.136.255
152.32.168.0/21
152.32.185.0-152.32.192.255
152.32.209.0-152.32.216.255
152.32.225.0-152.32.226.255
152.32.239.0-152.32.240.255
152.32.251.0-152.32.254.255
165.154.0.0/21
165.154.20.0-165.154.27.255
165.154.40.0/21
165.154.60.0-165.154.75.255
165.154.92.0-165.154.99.255
165.154.106.0/23
165.154.109.0-165.154.113.255
165.154.124.0/22
165.154.144.0/24
165.154.152.0-165.154.158.255
165.154.166.0/23
165.154.169.0/24
Signature Algorithm: sha256WithRSAEncryption
9f:9f:ba:e9:f5:8f:16:67:1a:a4:42:b1:26:58:f3:54:77:58:
04:7e:4d:bf:8b:d6:e3:a5:b6:65:50:42:a2:90:42:8f:ea:e6:
41:a9:4e:41:b3:86:ef:13:ca:ee:cd:df:8f:03:39:85:43:67:
48:1b:70:dc:29:36:26:00:f0:26:d5:d6:a0:0c:d5:ee:ed:1e:
9c:9a:4a:5b:8d:73:02:15:ae:9f:07:ea:d2:2c:0c:25:93:42:
b2:3f:48:4f:d1:63:15:3d:eb:43:94:58:11:e6:ba:f6:20:b5:
26:4d:93:1f:c0:da:a0:2a:01:7a:1a:d1:6d:90:72:60:29:64:
3e:da:7e:af:63:c8:2b:0d:0b:e0:c9:29:5b:e4:96:9d:df:b0:
63:14:45:18:02:22:74:c3:12:04:d5:de:4a:b1:ee:dd:b7:40:
5c:08:aa:df:8f:a1:7d:2c:8c:ca:94:fb:95:19:64:4a:20:b7:
67:4d:fc:e2:9a:13:a9:19:f8:87:7a:0f:4b:fd:d4:49:bf:bb:
9f:0e:6e:2a:f6:04:ab:02:fd:28:72:34:09:29:85:ed:b7:88:
2f:1f:6f:12:ea:61:25:33:f1:6f:03:fe:06:93:4c:de:c9:5e:
18:fe:23:9f:f6:fd:47:e9:fc:3c:8b:3e:53:89:08:19:5b:c0:
10:ee:30:12
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgICCHswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODZFOEExMTAvBgNVBAUTKEJERDVFOUE3NkYxQUM0QzhFNTE3OTdFQ0U5OUUzRENF
RUNFRTc0OTMwHhcNMjYwMzA2MjEyODMwWhcNMjcwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OWFiNDZmZS00YTZjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu2mzLCI7RwZfmj3H9v8zch4T5I8DyxCgCAvqx9xW9KJfMxEaYKJUu6ph1mih
5FcDvpkTa08hID0mb2BqT6CM3ixChqxIJGWYiaZaF3fGP2XuJRT4fJbLkGUVN/l4
+JtmExUP/7st4Y2IBP2NIQad2IXtgYsHj3duesOTdleDCxEBN6L3Z35h9Dq2YHsi
tXPBsoWnlxhxqsGMB/n1u3S61R7ZKsvbCsxoqsxlUAe+IpkYrcHUUJAxdvWSaNxO
ij3OuAkv31/yRDWwtOj7DSemCKhJx/3OCuqrd3Y7oxmfvAA3cA7a0N3v9Mb5u+H3
3VekCsgH7/3Xp62v8VpVLTCBfQIDAQABo4IDKTCCAyUwHQYDVR0OBBYEFLYEQ7Cd
h7ySNIy6tKd6JvrAjuiBMB8GA1UdIwQYMBaAFL3V6advGsTI5ReX7OmePc7s7nST
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NkU4QS8zMTQ4REM5RTJE
RkYxMUVCODY4QTkxMzVDNEY5QUUwMi92ZFhwcDI4YXhNamxGNWZzNlo0OXp1enVk
Sk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3ZkWHBwMjhheE1qbEY1ZnM2WjQ5enV6dWRKTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODZFOEEvMzE0OERDOUUyREZGMTFFQjg2OEE5MTM1QzRGOUFFMDIvOUEyRUMwQUE2
QkYwMTFGMEE3MzI3RDg2QzRGOUFFMDIucm9hMIHnBggrBgEFBQcBBwEB/wSB1zCB
1DCB0QQCAAEwgcowDAMEB5gggAMEAJggiAMEA5ggqDAMAwQAmCC5AwQAmCDAMAwD
BACYINEDBACYINgwDAMEAJgg4QMEAJgg4jAMAwQAmCDvAwQAmCDwMAwDBACYIPsD
BACYIP4DBAOlmgAwDAMEAqWaFAMEAqWaGAMEA6WaKDAMAwQCpZo8AwQCpZpIMAwD
BAKlmlwDBAKlmmADBAGlmmowDAMEAKWabQMEAaWacAMEAqWafAMEAKWakDAMAwQD
pZqYAwQApZqeAwQBpZqmAwQApZqpMA0GCSqGSIb3DQEBCwUAA4IBAQCfn7rp9Y8W
ZxqkQrEmWPNUd1gEfk2/i9bjpbZlUEKikEKP6uZBqU5Bs4bvE8ruzd+PAzmFQ2dI
G3DcKTYmAPAm1dagDNXu7R6cmkpbjXMCFa6fB+rSLAwlk0KyP0hP0WMVPetDlFgR
5rr2ILUmTZMfwNqgKgF6GtFtkHJgKWQ+2n6vY8grDQvgySlb5Jad37BjFEUYAiJ0
wxIE1d5Kse7dt0BcCKrfj6F9LIzKlPuVGWRKILdnTfzimhOpGfiHeg9L/dRJv7uf
Dm4q9gSrAv0ocjQJKYXtt4gvH28S6mElM/FvA/4Gk0zeyV4Y/iOf9v1H6fw8iz5T
iQgZW8AQ7jAS
-----END CERTIFICATE-----
Generated at Thu Mar 26 04:39:42 2026 by rpki-client