Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9196E6C/426E3DBA1D8D11E293C4DAEA08B02CD2/DD5C8412E84511EB87AD6B49C4F9AE02.roa
File: DD5C8412E84511EB87AD6B49C4F9AE02.roa (raw, json)
Hash identifier: qclWXVlBnstyYKCXuampSC0Gl802Drh3emJ7c8YgQUQ=
Subject key identifier: B8:A7:83:84:61:05:90:22:82:DC:1C:3D:08:88:52:79:47:3A:95:95
Certificate issuer: /CN=A9196E6C/serialNumber=8F31602F4EBE455E099C0049BB7B0066558B9D89
Certificate serial: 3539
Authority key identifier: 8F:31:60:2F:4E:BE:45:5E:09:9C:00:49:BB:7B:00:66:55:8B:9D:89
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jzFgL06-RV4JnABJu3sAZlWLnYk.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9196E6C/426E3DBA1D8D11E293C4DAEA08B02CD2/DD5C8412E84511EB87AD6B49C4F9AE02.roa
Signing time: Sun 01 Mar 2026 12:11:03 +0000
ROA not before: Wed 02 Apr 2025 14:40:59 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 24028
IP address blocks: 43.251.136.0/22 maxlen: 22
43.251.136.0/23 maxlen: 24
43.251.139.0/24 maxlen: 24
103.21.152.0/22 maxlen: 24
182.54.192.0/19 maxlen: 23
182.54.192.0/20 maxlen: 24
182.54.208.0/21 maxlen: 24
182.54.217.0/24 maxlen: 24
182.54.218.0/23 maxlen: 24
182.54.220.0/22 maxlen: 24
202.46.112.0/20 maxlen: 24
203.142.32.0/19 maxlen: 24
2405:7c00:1000::/36 maxlen: 36
2405:7c00:2000::/36 maxlen: 36
2405:7c00:3000::/36 maxlen: 36
2405:7c00:4000::/36 maxlen: 36
2405:7c00:5000::/36 maxlen: 36
2405:7c00:6000::/36 maxlen: 36
2405:7c00:7000::/36 maxlen: 36
2405:7c00:8000::/36 maxlen: 36
2405:7c00:9000::/36 maxlen: 36
2405:7c00:b000::/36 maxlen: 36
2405:7c00:c000::/36 maxlen: 36
2405:7c00:d000::/36 maxlen: 36
2405:7c00:e000::/36 maxlen: 36
2405:7c00:f000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9196E6C/426E3DBA1D8D11E293C4DAEA08B02CD2/jzFgL06-RV4JnABJu3sAZlWLnYk.crl
rsync://rpki.apnic.net/member_repository/A9196E6C/426E3DBA1D8D11E293C4DAEA08B02CD2/jzFgL06-RV4JnABJu3sAZlWLnYk.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jzFgL06-RV4JnABJu3sAZlWLnYk.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 31 Mar 2026 14:37:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13625 (0x3539)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9196E6C, serialNumber=8F31602F4EBE455E099C0049BB7B0066558B9D89
Validity
Not Before: Apr 2 14:40:59 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=69a42cd7-d19d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:7f:f5:e3:6b:1c:a9:59:5b:47:de:ee:f8:95:
b3:01:f9:d0:08:3e:a9:2c:9b:0f:c0:cb:f5:19:0f:
0a:e4:0e:9b:7d:f5:3e:84:7e:5d:f5:14:56:72:1a:
1d:41:1f:34:bc:a2:7f:42:e6:30:81:7f:66:8f:22:
35:53:1e:f6:46:ae:ed:53:56:3b:ce:48:27:04:d7:
a0:f4:05:7e:a7:a9:a6:ad:7e:eb:2b:d2:84:56:a3:
80:02:d7:11:6c:a3:02:c6:c4:d2:dd:c2:3f:d3:b1:
73:6c:03:b0:dd:60:d4:90:e2:a4:e5:e0:2e:9e:d1:
a6:d3:f4:dd:3e:fe:5a:1f:78:01:8a:19:d1:43:d9:
5d:cb:dc:2e:c9:84:9e:bb:36:36:ce:cc:2b:f4:e0:
ea:77:01:f4:9c:1b:90:51:5d:8f:e7:67:5b:a0:6d:
f5:12:90:29:23:7d:21:d4:77:53:2e:24:ba:aa:05:
49:eb:b4:7a:5d:c0:ce:07:37:61:d8:dc:ab:8f:d9:
b2:3e:64:29:ec:c0:31:ec:2d:c5:51:b3:ba:d7:b8:
31:43:7d:53:ce:a1:ae:a4:45:71:5e:61:d6:5d:2f:
4e:23:24:a8:a8:0f:0a:9d:d6:33:ea:b2:27:2b:77:
37:41:e4:69:5a:2b:f6:9c:c4:3a:09:fb:ff:60:c0:
65:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:A7:83:84:61:05:90:22:82:DC:1C:3D:08:88:52:79:47:3A:95:95
X509v3 Authority Key Identifier:
keyid:8F:31:60:2F:4E:BE:45:5E:09:9C:00:49:BB:7B:00:66:55:8B:9D:89
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9196E6C/426E3DBA1D8D11E293C4DAEA08B02CD2/jzFgL06-RV4JnABJu3sAZlWLnYk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jzFgL06-RV4JnABJu3sAZlWLnYk.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9196E6C/426E3DBA1D8D11E293C4DAEA08B02CD2/DD5C8412E84511EB87AD6B49C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
43.251.136.0/22
103.21.152.0/22
182.54.192.0/19
202.46.112.0/20
203.142.32.0/19
IPv6:
2405:7c00:1000::-2405:7c00:9fff:ffff:ffff:ffff:ffff:ffff
2405:7c00:b000::-2405:7c00:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
62:28:3c:e0:e7:08:34:7a:7b:ec:ee:b0:07:8c:f3:24:75:e9:
fa:7f:e6:cf:da:e6:13:0f:7b:44:ea:77:f5:2c:ad:4f:19:5d:
97:32:1d:cb:dd:ec:6a:28:80:0c:60:f1:c3:79:36:9e:dd:d1:
c6:8b:00:a0:15:c1:5a:4b:11:98:0e:8e:fd:95:24:24:d5:5e:
fd:3c:ea:10:d0:a2:9f:9e:49:42:bc:67:a7:31:f3:2d:07:63:
42:91:39:a8:21:1a:e2:cd:5d:31:22:cf:41:96:15:dd:73:cc:
dd:3e:a2:87:26:7f:b3:b2:3b:e3:dd:d4:f5:1e:d7:a5:c1:fa:
82:16:92:fe:cf:c7:15:6d:b2:41:2a:e9:e6:8a:f8:cb:be:e7:
85:3b:9f:85:11:28:f1:e8:39:1c:0c:c9:a2:f0:8f:aa:91:c3:
fd:f4:23:60:0c:b4:de:51:41:a3:1c:0b:e4:bf:7c:39:1f:c6:
4d:89:c3:61:70:fe:6f:e3:f7:f3:1f:25:da:7c:92:5a:22:85:
49:96:9d:31:3d:39:e3:ca:d2:b4:21:34:89:77:fe:86:b4:6a:
27:44:e0:d8:4d:62:26:a7:9f:c6:89:7c:0f:52:08:67:2f:e8:
2e:8c:34:44:49:b1:7e:1a:79:6d:4f:c3:eb:09:1b:f5:c9:5f:
5a:cf:aa:29
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICNTkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTZFNkMxMTAvBgNVBAUTKDhGMzE2MDJGNEVCRTQ1NUUwOTlDMDA0OUJCN0IwMDY2
NTU4QjlEODkwHhcNMjUwNDAyMTQ0MDU5WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0MmNkNy1kMTlkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvH/142scqVlbR97u+JWzAfnQCD6pLJsPwMv1GQ8K5A6bffU+hH5d9RRWchod
QR80vKJ/QuYwgX9mjyI1Ux72Rq7tU1Y7zkgnBNeg9AV+p6mmrX7rK9KEVqOAAtcR
bKMCxsTS3cI/07FzbAOw3WDUkOKk5eAuntGm0/TdPv5aH3gBihnRQ9ldy9wuyYSe
uzY2zswr9ODqdwH0nBuQUV2P52dboG31EpApI30h1HdTLiS6qgVJ67R6XcDOBzdh
2Nyrj9myPmQp7MAx7C3FUbO617gxQ31TzqGupEVxXmHWXS9OIySoqA8KndYz6rIn
K3c3QeRpWiv2nMQ6Cfv/YMBlPwIDAQABo4ICozCCAp8wHQYDVR0OBBYEFLing4Rh
BZAigtwcPQiIUnlHOpWVMB8GA1UdIwQYMBaAFI8xYC9OvkVeCZwASbt7AGZVi52J
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NkU2Qy80MjZFM0RCQTFE
OEQxMUUyOTNDNERBRUEwOEIwMkNEMi9qekZnTDA2LVJWNEpuQUJKdTNzQVpsV0xu
WWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2p6RmdMMDYtUlY0Sm5BQkp1M3NBWmxXTG5Zay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTZFNkMvNDI2RTNEQkExRDhEMTFFMjkzQzREQUVBMDhCMDJDRDIvREQ1Qzg0MTJF
ODQ1MTFFQjg3QUQ2QjQ5QzRGOUFFMDIucm9hMGIGCCsGAQUFBwEHAQH/BFMwUTAk
BAIAATAeAwQCK/uIAwQCZxWYAwQFtjbAAwQEyi5wAwQFy44gMCkEAgACMCMwEAMG
BCQFfAAQAwYFJAV8AIAwDwMGBCQFfACwAwUAJAV8ADANBgkqhkiG9w0BAQsFAAOC
AQEAYig84OcINHp77O6wB4zzJHXp+n/mz9rmEw97ROp39SytTxldlzIdy93saiiA
DGDxw3k2nt3RxosAoBXBWksRmA6O/ZUkJNVe/TzqENCin55JQrxnpzHzLQdjQpE5
qCEa4s1dMSLPQZYV3XPM3T6ihyZ/s7I7493U9R7XpcH6ghaS/s/HFW2yQSrp5or4
y77nhTufhREo8eg5HAzJovCPqpHD/fQjYAy03lFBoxwL5L98OR/GTYnDYXD+b+P3
8x8l2nySWiKFSZadMT0548rStCE0iXf+hrRqJ0Tg2E1iJqefxol8D1IIZy/oLow0
REmxfhp5bU/D6wkb9clfWs+qKQ==
-----END CERTIFICATE-----
Generated at Thu Mar 26 12:55:35 2026 by rpki-client