Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B96D3BB2767311F0B208256DC4F9AE02.roa
File: B96D3BB2767311F0B208256DC4F9AE02.roa (raw, json)
Hash identifier: soXlJy36qfAzO01kVl94Rr1VMr9csr8mXAfBSkN6ffc=
Subject key identifier: 8C:5E:76:D0:F3:E0:8E:A6:E0:CA:D6:A4:DF:26:0A:D9:46:7A:4D:4F
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: DC83
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B96D3BB2767311F0B208256DC4F9AE02.roa
Signing time: Tue 24 Mar 2026 10:34:31 +0000
ROA not before: Tue 24 Mar 2026 10:34:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9498
IP address blocks: 45.121.44.0/22 maxlen: 24
45.124.224.0/22 maxlen: 24
45.124.228.0/22 maxlen: 24
45.124.232.0/22 maxlen: 24
45.124.236.0/22 maxlen: 24
103.29.197.0/24 maxlen: 24
103.61.132.0/22 maxlen: 24
103.68.220.0/23 maxlen: 24
103.147.90.0/24 maxlen: 24
103.161.50.0/23 maxlen: 24
103.171.87.0/24 maxlen: 24
103.209.96.0/23 maxlen: 24
192.12.109.0/24 maxlen: 24
202.53.87.0/24 maxlen: 24
202.58.102.0/23 maxlen: 24
202.65.141.0/24 maxlen: 24
202.65.142.0/24 maxlen: 24
223.29.220.0/24 maxlen: 24
2405:a700::/32 maxlen: 32
2405:a700:14::/48 maxlen: 48
2405:a700:15::/48 maxlen: 48
2405:a700:1b::/48 maxlen: 48
2405:a700:1c::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 02 Apr 2026 14:54:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 56451 (0xdc83)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Mar 24 10:34:31 2026 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=69c268b7-9958
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:91:8e:d2:6d:07:ef:16:30:be:75:56:30:5d:
8c:ef:20:5a:7e:ac:6f:51:33:6b:ec:a5:8c:a6:e5:
b1:bf:c5:a2:63:27:08:dd:f1:d8:c5:63:3f:87:ee:
66:19:38:bf:0d:d2:ea:ef:82:da:0f:b2:c2:49:0c:
ef:bc:32:ce:bb:06:ae:bd:06:b3:c8:09:3c:07:0d:
88:a7:e7:dd:30:b5:b1:94:4a:5e:9c:3c:02:72:16:
d3:6a:b2:2f:d3:4b:fa:87:04:74:ec:93:27:e3:f1:
f4:8c:5a:88:20:d6:50:ae:38:f1:8a:8c:18:a6:66:
40:58:13:57:b0:2e:9d:95:9b:cc:85:f5:00:a9:f3:
90:58:85:29:3d:7e:1a:3c:32:a0:b6:7b:38:cc:8a:
35:ee:f2:bd:a4:ea:34:bb:e0:01:6a:11:fd:3c:4f:
84:ce:0e:89:e6:d1:05:c8:71:2d:10:b4:70:a2:4a:
d3:f7:c7:a2:cf:ac:43:7d:3d:ad:4e:c3:d7:b3:c8:
9c:10:fe:bc:31:54:47:8d:d4:64:4c:a5:c3:e9:34:
a9:00:f0:2e:cf:c7:55:13:43:d6:b3:3d:3d:73:9f:
21:8b:e8:45:0f:7e:cf:b3:31:12:de:e6:ac:ed:e9:
c5:35:10:cb:07:68:ec:8e:70:92:0e:31:43:4d:e8:
ea:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:5E:76:D0:F3:E0:8E:A6:E0:CA:D6:A4:DF:26:0A:D9:46:7A:4D:4F
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/B96D3BB2767311F0B208256DC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
45.121.44.0/22
45.124.224.0/20
103.29.197.0/24
103.61.132.0/22
103.68.220.0/23
103.147.90.0/24
103.161.50.0/23
103.171.87.0/24
103.209.96.0/23
192.12.109.0/24
202.53.87.0/24
202.58.102.0/23
202.65.141.0-202.65.142.255
223.29.220.0/24
IPv6:
2405:a700::/32
Signature Algorithm: sha256WithRSAEncryption
a5:ca:00:c4:a4:eb:f1:6c:a1:1d:01:00:20:07:93:c7:ab:d6:
bf:37:00:32:1c:2f:64:4d:e0:f4:7d:e1:5a:61:ff:59:f0:1a:
22:4d:b9:f3:8d:5d:c0:51:d2:70:c8:81:a8:c2:ec:38:ba:04:
b5:c7:da:0a:69:58:e5:ae:73:f0:50:47:c8:86:4f:d5:b3:a7:
5f:4e:ee:c1:b9:20:3e:c7:95:f0:28:5d:1b:5b:dd:a2:53:fe:
91:95:cf:00:05:72:17:16:fb:10:bf:7d:6d:47:5f:26:3b:ff:
69:1f:8d:a3:d1:96:29:96:ad:2c:f6:61:ef:c5:86:90:c5:2d:
48:85:23:74:03:a9:f9:91:c8:a8:52:56:05:97:64:c2:ac:89:
91:12:ea:a0:d1:99:ee:3f:42:21:ad:3c:70:24:66:3b:7a:e5:
17:63:85:8a:c1:e5:44:0e:96:9b:36:c6:4a:56:32:bf:98:49:
a7:ab:8b:26:6b:85:08:cf:6a:c3:3b:d8:e8:fc:09:78:16:60:
34:7f:17:4f:51:dd:75:11:64:ba:24:95:26:f6:9c:78:15:de:
ff:f2:f9:62:83:27:a1:08:c4:3c:4e:93:18:f1:89:5f:88:9d:
73:57:ac:e0:47:47:a8:31:40:76:02:e4:b8:1b:5d:76:4a:1f:
35:37:dd:0f
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgIDANyDMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI2MDMyNDEwMzQzMVoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjljMjY4YjctOTk1ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJCRjtJtB+8WML51VjBdjO8gWn6sb1Eza+yljKblsb/FomMnCN3x2MVjP4fu
Zhk4vw3S6u+C2g+ywkkM77wyzrsGrr0Gs8gJPAcNiKfn3TC1sZRKXpw8AnIW02qy
L9NL+ocEdOyTJ+Px9IxaiCDWUK448YqMGKZmQFgTV7AunZWbzIX1AKnzkFiFKT1+
GjwyoLZ7OMyKNe7yvaTqNLvgAWoR/TxPhM4OiebRBchxLRC0cKJK0/fHos+sQ309
rU7D17PInBD+vDFUR43UZEylw+k0qQDwLs/HVRND1rM9PXOfIYvoRQ9+z7MxEt7m
rO3pxTUQywdo7I5wkg4xQ03o6usCAwEAAaOCAsYwggLCMB0GA1UdDgQWBBSMXnbQ
8+COpuDK1qTfJgrZRnpNTzAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBlgYIKwYBBQUHAQsEgYkwgYYwgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwL0I5NkQzQkIy
NzY3MzExRjBCMjA4MjU2REM0RjlBRTAyLnJvYTCBhAYIKwYBBQUHAQcBAf8EdTBz
MGIEAgABMFwDBAIteSwDBAQtfOADBABnHcUDBAJnPYQDBAFnRNwDBABnk1oDBAFn
oTIDBABnq1cDBAFn0WADBADADG0DBADKNVcDBAHKOmYwDAMEAMpBjQMEAMpBjgME
AN8d3DANBAIAAjAHAwUAJAWnADANBgkqhkiG9w0BAQsFAAOCAQEApcoAxKTr8Wyh
HQEAIAeTx6vWvzcAMhwvZE3g9H3hWmH/WfAaIk25841dwFHScMiBqMLsOLoEtcfa
CmlY5a5z8FBHyIZP1bOnX07uwbkgPseV8ChdG1vdolP+kZXPAAVyFxb7EL99bUdf
Jjv/aR+No9GWKZatLPZh78WGkMUtSIUjdAOp+ZHIqFJWBZdkwqyJkRLqoNGZ7j9C
Ia08cCRmO3rlF2OFisHlRA6WmzbGSlYyv5hJp6uLJmuFCM9qwzvY6PwJeBZgNH8X
T1HddRFkuiSVJvaceBXe//L5YoMnoQjEPE6TGPGJX4idc1es4EdHqDFAdgLkuBtd
dkofNTfdDw==
-----END CERTIFICATE-----
Generated at Thu Mar 26 18:26:15 2026 by rpki-client