Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A919D588/BF7D5E767BF311F0A05FAD82C4F9AE02/5C7DE69E7EFD11F0827C5F1DC4F9AE02.roa
File: 5C7DE69E7EFD11F0827C5F1DC4F9AE02.roa (raw, json)
Hash identifier: DLNHUZHuS4L6pQW1+bd0pYlrjjNIUCRkspT0sawq79s=
Subject key identifier: 2B:C6:1F:BF:B1:77:91:96:84:41:15:32:F6:2F:CB:A5:18:66:BE:20
Certificate issuer: /CN=A919D588/serialNumber=882859D52301F01571D9D4CF953F45E075E09A98
Certificate serial: 72
Authority key identifier: 88:28:59:D5:23:01:F0:15:71:D9:D4:CF:95:3F:45:E0:75:E0:9A:98
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iChZ1SMB8BVx2dTPlT9F4HXgmpg.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A919D588/BF7D5E767BF311F0A05FAD82C4F9AE02/5C7DE69E7EFD11F0827C5F1DC4F9AE02.roa
Signing time: Mon 02 Mar 2026 12:39:23 +0000
ROA not before: Fri 22 Aug 2025 02:11:49 +0000
ROA not after: Sat 31 Oct 2026 00:00:00 +0000
asID: 133736
IP address blocks: 43.245.132.0/22 maxlen: 22
43.245.132.0/24 maxlen: 24
43.245.133.0/24 maxlen: 24
43.245.134.0/24 maxlen: 24
43.245.135.0/24 maxlen: 24
103.31.88.0/22 maxlen: 22
103.31.88.0/24 maxlen: 24
103.31.89.0/24 maxlen: 24
103.31.90.0/24 maxlen: 24
103.31.91.0/24 maxlen: 24
103.47.0.0/24 maxlen: 24
103.55.134.0/23 maxlen: 24
103.61.128.0/24 maxlen: 24
103.61.130.0/24 maxlen: 24
103.79.172.0/22 maxlen: 22
144.48.232.0/22 maxlen: 22
144.48.232.0/24 maxlen: 24
144.48.233.0/24 maxlen: 24
144.48.234.0/24 maxlen: 24
144.48.235.0/24 maxlen: 24
202.179.144.0/22 maxlen: 22
202.179.144.0/24 maxlen: 24
202.179.145.0/24 maxlen: 24
202.179.146.0/24 maxlen: 24
202.179.147.0/24 maxlen: 24
203.166.216.0/24 maxlen: 24
203.189.124.0/22 maxlen: 22
203.189.124.0/24 maxlen: 24
203.189.125.0/24 maxlen: 24
203.189.126.0/24 maxlen: 24
203.189.127.0/24 maxlen: 24
2401:8140::/32 maxlen: 32
2401:8140::/35 maxlen: 35
2401:8140:2000::/35 maxlen: 35
2401:8140:4000::/35 maxlen: 35
2401:8140:6000::/35 maxlen: 35
2401:8140:8000::/35 maxlen: 35
2401:8140:a000::/35 maxlen: 35
2401:8140:c000::/35 maxlen: 35
2401:8140:e000::/35 maxlen: 35
2402:4c80::/32 maxlen: 32
2402:4c80::/35 maxlen: 35
2402:4c80:2000::/35 maxlen: 35
2402:4c80:4000::/35 maxlen: 35
2402:4c80:6000::/35 maxlen: 35
2402:4c80:8000::/35 maxlen: 35
2402:4c80:a000::/35 maxlen: 35
2402:4c80:c000::/35 maxlen: 35
2402:4c80:e000::/35 maxlen: 35
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A919D588/BF7D5E767BF311F0A05FAD82C4F9AE02/iChZ1SMB8BVx2dTPlT9F4HXgmpg.crl
rsync://rpki.apnic.net/member_repository/A919D588/BF7D5E767BF311F0A05FAD82C4F9AE02/iChZ1SMB8BVx2dTPlT9F4HXgmpg.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iChZ1SMB8BVx2dTPlT9F4HXgmpg.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 01 Apr 2026 07:01:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 114 (0x72)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A919D588, serialNumber=882859D52301F01571D9D4CF953F45E075E09A98
Validity
Not Before: Aug 22 02:11:49 2025 GMT
Not After : Oct 31 00:00:00 2026 GMT
Subject: CN=69a584fb-b7da
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:ab:ca:b2:60:c5:62:83:df:cd:7c:0a:f0:dc:
d2:3f:b7:b8:cb:ee:dc:19:e7:30:cb:19:6f:33:54:
ad:19:db:71:73:60:f2:4e:25:91:62:90:00:64:5e:
fa:98:fb:7c:74:84:86:74:e9:08:7b:ef:e4:8b:ff:
f4:42:16:60:6b:83:67:0b:f3:9b:4a:b7:08:b5:6f:
57:28:ca:43:d8:89:81:f8:fc:02:4f:a3:c4:0f:b9:
0e:35:47:72:30:f8:b5:12:f2:4b:0a:fd:a0:be:c5:
80:a0:6a:71:40:63:f8:17:68:a6:d1:3b:70:19:13:
64:bb:b9:91:7b:57:a1:fe:bc:a1:ce:3b:82:44:0f:
50:4f:ba:ce:d1:56:da:19:c1:a3:1f:c8:91:7d:5e:
f8:e6:35:56:2f:59:81:84:89:4f:c6:87:5b:10:64:
ea:f0:6b:a4:6b:a2:11:f9:e2:c0:7f:b7:24:af:ec:
bf:e6:9d:ab:a6:61:54:23:55:09:cd:93:c5:9b:3c:
ac:5b:f1:52:9f:62:a5:9f:cd:d0:35:a8:9a:67:39:
bd:b9:11:db:d1:8e:eb:4c:b6:35:f5:ea:c1:0f:dc:
02:77:79:3f:da:29:5d:49:ae:bf:e0:6b:54:45:de:
00:72:d1:eb:b4:59:86:8f:d4:ce:a4:d3:93:74:28:
1d:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:C6:1F:BF:B1:77:91:96:84:41:15:32:F6:2F:CB:A5:18:66:BE:20
X509v3 Authority Key Identifier:
keyid:88:28:59:D5:23:01:F0:15:71:D9:D4:CF:95:3F:45:E0:75:E0:9A:98
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A919D588/BF7D5E767BF311F0A05FAD82C4F9AE02/iChZ1SMB8BVx2dTPlT9F4HXgmpg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iChZ1SMB8BVx2dTPlT9F4HXgmpg.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919D588/BF7D5E767BF311F0A05FAD82C4F9AE02/5C7DE69E7EFD11F0827C5F1DC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
43.245.132.0/22
103.31.88.0/22
103.47.0.0/24
103.55.134.0/23
103.61.128.0/24
103.61.130.0/24
103.79.172.0/22
144.48.232.0/22
202.179.144.0/22
203.166.216.0/24
203.189.124.0/22
IPv6:
2401:8140::/32
2402:4c80::/32
Signature Algorithm: sha256WithRSAEncryption
0c:d9:e3:e7:96:d5:d1:2f:f3:ba:c8:c0:bf:ec:02:bf:a7:9a:
11:9b:68:07:b6:8d:ba:51:2b:af:db:4e:4e:6c:96:00:20:6d:
86:bb:b5:f4:03:b8:d4:91:57:38:72:82:1f:2d:de:02:4b:d2:
86:d6:50:5f:ed:6b:a5:9b:d6:e2:31:af:c0:35:33:e4:19:45:
7e:ac:46:ae:69:b7:99:e4:5f:ce:dc:5c:85:c8:44:8b:fc:5b:
ac:16:b2:09:16:32:3c:71:4e:2a:41:75:32:39:e3:1d:e2:22:
e1:30:27:f6:a4:64:9a:a0:74:bc:ad:16:21:d0:04:82:32:d2:
93:46:80:0e:ec:eb:45:c9:62:34:f9:d6:dd:ed:d8:40:5f:81:
83:25:99:70:e2:f8:98:5b:e1:3b:e0:e4:b0:d9:65:2a:5b:6c:
cf:84:ef:ff:fe:2c:61:de:4c:23:64:88:76:ab:80:f2:91:4d:
79:42:51:9b:55:dd:d7:2e:d5:7f:65:1a:7a:8a:8a:d0:48:b6:
c3:88:69:7a:7d:da:e6:2a:64:e6:ef:57:c4:55:1c:15:ba:8f:
9b:26:22:fb:91:9c:49:2b:3a:60:23:18:c3:46:17:6f:bf:24:
9e:21:b0:de:c3:09:df:a6:2e:87:c4:34:5f:ae:dd:15:f9:da:
a0:89:17:29
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgIBcjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE5
RDU4ODExMC8GA1UEBRMoODgyODU5RDUyMzAxRjAxNTcxRDlENENGOTUzRjQ1RTA3
NUUwOUE5ODAeFw0yNTA4MjIwMjExNDlaFw0yNjEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY5YTU4NGZiLWI3ZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDmq8qyYMVig9/NfArw3NI/t7jL7twZ5zDLGW8zVK0Z23FzYPJOJZFikABkXvqY
+3x0hIZ06Qh77+SL//RCFmBrg2cL85tKtwi1b1coykPYiYH4/AJPo8QPuQ41R3Iw
+LUS8ksK/aC+xYCganFAY/gXaKbRO3AZE2S7uZF7V6H+vKHOO4JED1BPus7RVtoZ
waMfyJF9XvjmNVYvWYGEiU/Gh1sQZOrwa6RrohH54sB/tySv7L/mnaumYVQjVQnN
k8WbPKxb8VKfYqWfzdA1qJpnOb25EdvRjutMtjX16sEP3AJ3eT/aKV1Jrr/ga1RF
3gBy0eu0WYaP1M6k05N0KB0RAgMBAAGjggKyMIICrjAdBgNVHQ4EFgQUK8Yfv7F3
kZaEQRUy9i/LpRhmviAwHwYDVR0jBBgwFoAUiChZ1SMB8BVx2dTPlT9F4HXgmpgw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTlENTg4L0JGN0Q1RTc2N0JG
MzExRjBBMDVGQUQ4MkM0RjlBRTAyL2lDaFoxU01COEJWeDJkVFBsVDlGNEhYZ21w
Zy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvaUNoWjFTTUI4QlZ4MmRUUGxUOUY0SFhnbXBnLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgZYGCCsGAQUFBwELBIGJMIGGMIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5
RDU4OC9CRjdENUU3NjdCRjMxMUYwQTA1RkFEODJDNEY5QUUwMi81QzdERTY5RTdF
RkQxMUYwODI3QzVGMURDNEY5QUUwMi5yb2EwcQYIKwYBBQUHAQcBAf8EYjBgMEgE
AgABMEIDBAIr9YQDBAJnH1gDBABnLwADBAFnN4YDBABnPYADBABnPYIDBAJnT6wD
BAKQMOgDBALKs5ADBADLptgDBALLvXwwFAQCAAIwDgMFACQBgUADBQAkAkyAMA0G
CSqGSIb3DQEBCwUAA4IBAQAM2ePnltXRL/O6yMC/7AK/p5oRm2gHto26USuv205O
bJYAIG2Gu7X0A7jUkVc4coIfLd4CS9KG1lBf7Wulm9biMa/ANTPkGUV+rEauabeZ
5F/O3FyFyESL/FusFrIJFjI8cU4qQXUyOeMd4iLhMCf2pGSaoHS8rRYh0ASCMtKT
RoAO7OtFyWI0+dbd7dhAX4GDJZlw4viYW+E74OSw2WUqW2zPhO///ixh3kwjZIh2
q4DykU15QlGbVd3XLtV/ZRp6iorQSLbDiGl6fdrmKmTm71fEVRwVuo+bJiL7kZxJ
KzpgIxjDRhdvvySeIbDewwnfpi6HxDRfrt0V+dqgiRcp
-----END CERTIFICATE-----
Generated at Thu Mar 26 04:13:28 2026 by rpki-client