Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91AD5C8/80D8B48AEF8511F09D6DE831606F56BC/40DFA7D2EF8811F0A94034DF606F56BC.roa
File: 40DFA7D2EF8811F0A94034DF606F56BC.roa (raw, json)
Hash identifier: r01cCM8Cr1fBBAypHwZvdCaBHe7BaHRTnIOSdsNilxQ=
Subject key identifier: 3B:B0:B2:47:0E:09:E0:9C:FF:8B:1E:9F:C0:25:AC:1B:0A:A5:60:A4
Certificate issuer: /CN=A91AD5C8/serialNumber=1D3E18B8F6A67D9296CED71E219245A32805267D
Certificate serial: 20
Authority key identifier: 1D:3E:18:B8:F6:A6:7D:92:96:CE:D7:1E:21:92:45:A3:28:05:26:7D
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HT4YuPamfZKWztceIZJFoygFJn0.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91AD5C8/80D8B48AEF8511F09D6DE831606F56BC/40DFA7D2EF8811F0A94034DF606F56BC.roa
Signing time: Mon 02 Mar 2026 14:59:31 +0000
ROA not before: Mon 12 Jan 2026 07:28:13 +0000
ROA not after: Tue 02 Mar 2027 00:00:00 +0000
asID: 24514
IP address blocks: 103.17.78.0/24 maxlen: 24
103.26.47.0/24 maxlen: 24
103.26.74.0/23 maxlen: 23
103.26.74.0/24 maxlen: 24
122.129.120.0/22 maxlen: 22
122.129.120.0/24 maxlen: 24
122.129.121.0/24 maxlen: 24
122.129.122.0/24 maxlen: 24
122.129.123.0/24 maxlen: 24
122.129.124.0/22 maxlen: 22
122.129.124.0/24 maxlen: 24
122.129.125.0/24 maxlen: 24
122.129.126.0/24 maxlen: 24
122.129.127.0/24 maxlen: 24
150.129.184.0/23 maxlen: 23
150.129.185.0/24 maxlen: 24
150.129.186.0/24 maxlen: 24
203.80.16.0/22 maxlen: 22
203.80.16.0/24 maxlen: 24
203.80.19.0/24 maxlen: 24
203.80.20.0/22 maxlen: 22
203.80.20.0/24 maxlen: 24
203.80.21.0/24 maxlen: 24
203.80.22.0/24 maxlen: 24
203.80.23.0/24 maxlen: 24
2404:a8:5::/48 maxlen: 48
2404:a8:19::/48 maxlen: 48
2404:a8:3ff::/48 maxlen: 48
2404:a8:4000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91AD5C8/80D8B48AEF8511F09D6DE831606F56BC/HT4YuPamfZKWztceIZJFoygFJn0.crl
rsync://rpki.apnic.net/member_repository/A91AD5C8/80D8B48AEF8511F09D6DE831606F56BC/HT4YuPamfZKWztceIZJFoygFJn0.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HT4YuPamfZKWztceIZJFoygFJn0.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 01 Apr 2026 07:56:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 32 (0x20)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91AD5C8, serialNumber=1D3E18B8F6A67D9296CED71E219245A32805267D
Validity
Not Before: Jan 12 07:28:13 2026 GMT
Not After : Mar 2 00:00:00 2027 GMT
Subject: CN=69a5a5d3-94e7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:74:1a:61:42:ef:18:8b:95:5a:3e:38:94:0a:
9c:2f:1b:f4:18:dd:0f:33:b9:c1:c4:f4:57:b9:36:
e8:5f:9f:e4:28:75:7a:50:ff:b4:de:a5:2c:7b:f2:
c2:28:fb:00:af:cf:26:2f:d4:12:8a:2a:de:5b:19:
7f:23:ea:37:7b:73:62:ce:88:d1:cb:4e:fe:2f:fc:
c4:a6:ea:e0:b9:68:9f:17:9c:fa:8c:b8:ec:cc:3c:
17:b3:27:16:07:2a:e8:23:08:e2:7f:f1:20:a3:d0:
b0:2b:c6:6e:ec:5d:86:fe:2c:d6:ab:04:89:98:23:
9d:3e:90:49:2f:d6:78:4f:63:0e:b3:19:c7:04:e2:
2c:05:af:af:5a:ca:75:d1:6d:a4:eb:6a:3c:f8:51:
60:51:f8:82:71:34:fe:f1:83:af:dc:54:3a:f8:7f:
5f:82:0f:0e:ae:53:5d:94:42:4b:03:07:24:a5:5e:
14:7d:7d:a8:9a:20:b0:60:4d:ff:aa:21:e3:ba:fe:
5b:55:24:25:73:fb:b5:67:10:07:67:05:37:07:ae:
4b:50:07:2f:07:d1:24:95:b7:16:47:dd:f0:58:1d:
a5:6c:70:5e:d9:9f:8c:c3:a7:82:83:f2:2d:2c:78:
e2:34:c8:14:ed:ff:ce:57:65:02:e7:45:32:eb:e1:
fe:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:B0:B2:47:0E:09:E0:9C:FF:8B:1E:9F:C0:25:AC:1B:0A:A5:60:A4
X509v3 Authority Key Identifier:
keyid:1D:3E:18:B8:F6:A6:7D:92:96:CE:D7:1E:21:92:45:A3:28:05:26:7D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91AD5C8/80D8B48AEF8511F09D6DE831606F56BC/HT4YuPamfZKWztceIZJFoygFJn0.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HT4YuPamfZKWztceIZJFoygFJn0.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AD5C8/80D8B48AEF8511F09D6DE831606F56BC/40DFA7D2EF8811F0A94034DF606F56BC.roa
sbgp-ipAddrBlock: critical
IPv4:
103.17.78.0/24
103.26.47.0/24
103.26.74.0/23
122.129.120.0/21
150.129.184.0-150.129.186.255
203.80.16.0/21
IPv6:
2404:a8:5::/48
2404:a8:19::/48
2404:a8:3ff::/48
2404:a8:4000::/36
Signature Algorithm: sha256WithRSAEncryption
a0:06:fa:eb:c1:32:94:c1:da:4e:bc:5b:9c:64:31:ea:84:f3:
4f:55:7a:b3:a8:bd:e6:3e:a5:3c:29:a0:a2:f6:15:1b:11:b2:
19:0a:86:95:7f:2a:f4:f4:a1:cd:7c:2c:f6:dc:0f:6d:d4:61:
5a:ea:56:0f:fb:c8:69:df:ca:f6:ac:37:9d:cb:8a:94:2b:cb:
61:be:c0:b3:75:4e:04:3b:e5:f0:fd:ce:be:41:e8:51:ce:71:
df:af:13:4d:69:16:58:a7:24:1f:d1:92:a4:54:08:d7:63:1d:
96:1e:76:ab:5c:ab:5c:aa:70:b4:d0:0e:d3:12:55:52:32:6a:
2d:f0:6c:80:07:44:d5:62:74:33:37:c4:21:92:a5:06:fb:d1:
35:2f:c4:79:8e:e8:16:2d:49:8b:e6:40:9b:ca:aa:61:0a:a7:
b2:db:0c:ea:ed:6a:fb:ce:92:8f:80:96:47:37:a6:49:d2:aa:
49:9b:4b:9b:6b:e4:88:e7:27:0e:52:36:df:34:c5:81:e0:ce:
0d:9e:67:0a:61:77:ff:be:90:e0:ea:53:c8:62:c1:fa:05:7c:
2f:ea:21:ab:5e:ca:46:6a:26:c2:c8:9d:61:28:74:7a:0b:5e:
0f:f3:e0:cb:1b:68:79:c8:00:29:f2:56:67:dd:ba:94:60:03:
db:dc:f0:6c
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFB
RDVDODExMC8GA1UEBRMoMUQzRTE4QjhGNkE2N0Q5Mjk2Q0VENzFFMjE5MjQ1QTMy
ODA1MjY3RDAeFw0yNjAxMTIwNzI4MTNaFw0yNzAzMDIwMDAwMDBaMBgxFjAUBgNV
BAMTDTY5YTVhNWQzLTk0ZTcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC9dBphQu8Yi5VaPjiUCpwvG/QY3Q8zucHE9Fe5Nuhfn+QodXpQ/7TepSx78sIo
+wCvzyYv1BKKKt5bGX8j6jd7c2LOiNHLTv4v/MSm6uC5aJ8XnPqMuOzMPBezJxYH
KugjCOJ/8SCj0LArxm7sXYb+LNarBImYI50+kEkv1nhPYw6zGccE4iwFr69aynXR
baTrajz4UWBR+IJxNP7xg6/cVDr4f1+CDw6uU12UQksDBySlXhR9faiaILBgTf+q
IeO6/ltVJCVz+7VnEAdnBTcHrktQBy8H0SSVtxZH3fBYHaVscF7Zn4zDp4KD8i0s
eOI0yBTt/85XZQLnRTLr4f7nAgMBAAGjggKxMIICrTAdBgNVHQ4EFgQUO7CyRw4J
4Jz/ix6fwCWsGwqlYKQwHwYDVR0jBBgwFoAUHT4YuPamfZKWztceIZJFoygFJn0w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUFENUM4LzgwRDhCNDhBRUY4
NTExRjA5RDZERTgzMTYwNkY1NkJDL0hUNFl1UGFtZlpLV3p0Y2VJWkpGb3lnRkpu
MC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvSFQ0WXVQYW1mWktXenRjZUlaSkZveWdGSm4wLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgZYGCCsGAQUFBwELBIGJMIGGMIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFB
RDVDOC84MEQ4QjQ4QUVGODUxMUYwOUQ2REU4MzE2MDZGNTZCQy80MERGQTdEMkVG
ODgxMUYwQTk0MDM0REY2MDZGNTZCQy5yb2EwcAYIKwYBBQUHAQcBAf8EYTBfMDIE
AgABMCwDBABnEU4DBABnGi8DBAFnGkoDBAN6gXgwDAMEA5aBuAMEAJaBugMEA8tQ
EDApBAIAAjAjAwcAJAQAqAAFAwcAJAQAqAAZAwcAJAQAqAP/AwYEJAQAqEAwDQYJ
KoZIhvcNAQELBQADggEBAKAG+uvBMpTB2k68W5xkMeqE809VerOoveY+pTwpoKL2
FRsRshkKhpV/KvT0oc18LPbcD23UYVrqVg/7yGnfyvasN53LipQry2G+wLN1TgQ7
5fD9zr5B6FHOcd+vE01pFlinJB/RkqRUCNdjHZYedqtcq1yqcLTQDtMSVVIyai3w
bIAHRNVidDM3xCGSpQb70TUvxHmO6BYtSYvmQJvKqmEKp7LbDOrtavvOko+Alkc3
pknSqkmbS5tr5IjnJw5SNt80xYHgzg2eZwphd/++kODqU8hiwfoFfC/qIateykZq
JsLInWEodHoLXg/z4MsbaHnIACnyVmfdupRgA9vc8Gw=
-----END CERTIFICATE-----
Generated at Thu Mar 26 08:41:49 2026 by rpki-client