Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91AEDF7/DEE2D07C090011EB8523165CC4F9AE02/13901018203F11ECBE18630CC4F9AE02.roa
File: 13901018203F11ECBE18630CC4F9AE02.roa (raw, json)
Hash identifier: qWStS0v5bHsp5UQ+CjZRahzRxVHNB9C2cwcqgmnOyvw=
Subject key identifier: A3:65:4C:19:F0:D8:F1:6E:7F:E0:80:C5:AE:64:69:4A:2E:8C:56:93
Certificate issuer: /CN=A91AEDF7/serialNumber=9696C6592C02B503F488D4437CD0AC82C176B376
Certificate serial: 084B
Authority key identifier: 96:96:C6:59:2C:02:B5:03:F4:88:D4:43:7C:D0:AC:82:C1:76:B3:76
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lpbGWSwCtQP0iNRDfNCsgsF2s3Y.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91AEDF7/DEE2D07C090011EB8523165CC4F9AE02/13901018203F11ECBE18630CC4F9AE02.roa
Signing time: Sun 01 Mar 2026 14:07:46 +0000
ROA not before: Sat 14 Feb 2026 21:18:22 +0000
ROA not after: Wed 31 Mar 2027 00:00:00 +0000
asID: 55366
IP address blocks: 103.70.172.0/22 maxlen: 23
103.70.172.0/24 maxlen: 24
103.70.173.0/24 maxlen: 24
103.70.174.0/24 maxlen: 24
103.70.175.0/24 maxlen: 24
202.58.229.0/24 maxlen: 24
202.90.38.0/23 maxlen: 23
202.90.38.0/24 maxlen: 24
202.90.39.0/24 maxlen: 24
203.142.223.0/24 maxlen: 24
2406:9c40::/32 maxlen: 40
2406:9c40:1000::/48 maxlen: 48
2406:9c40:1001::/48 maxlen: 48
2406:9c40:1002::/47 maxlen: 47
2406:9c40:1004::/46 maxlen: 46
2406:9c40:1008::/45 maxlen: 45
2406:9c40:1010::/44 maxlen: 44
2406:9c40:1020::/43 maxlen: 43
2406:9c40:1040::/42 maxlen: 42
2406:9c40:1080::/41 maxlen: 41
2406:9c40:2000::/48 maxlen: 48
2406:9c40:2001::/48 maxlen: 48
2406:9c40:2002::/47 maxlen: 47
2406:9c40:2004::/46 maxlen: 46
2406:9c40:2008::/45 maxlen: 45
2406:9c40:2010::/44 maxlen: 44
2406:9c40:2020::/43 maxlen: 43
2406:9c40:2040::/42 maxlen: 42
2406:9c40:2080::/41 maxlen: 41
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91AEDF7/DEE2D07C090011EB8523165CC4F9AE02/lpbGWSwCtQP0iNRDfNCsgsF2s3Y.crl
rsync://rpki.apnic.net/member_repository/A91AEDF7/DEE2D07C090011EB8523165CC4F9AE02/lpbGWSwCtQP0iNRDfNCsgsF2s3Y.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lpbGWSwCtQP0iNRDfNCsgsF2s3Y.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 02 Apr 2026 20:48:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2123 (0x84b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91AEDF7, serialNumber=9696C6592C02B503F488D4437CD0AC82C176B376
Validity
Not Before: Feb 14 21:18:22 2026 GMT
Not After : Mar 31 00:00:00 2027 GMT
Subject: CN=69a44832-db90
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:d6:e8:40:a7:12:0c:5f:d7:9f:d3:64:88:d2:
66:03:b7:8e:c3:0f:62:78:37:f0:33:10:38:3a:0b:
a4:58:d1:5f:48:69:ea:d2:50:9e:c1:0e:15:41:7f:
38:2e:76:99:cf:84:99:d5:ac:12:71:b8:32:a5:7d:
ef:91:b4:40:cd:d5:ec:df:b1:54:32:aa:7a:dd:71:
6b:cc:a1:91:be:55:89:66:18:8f:45:52:5f:db:6e:
fd:d1:26:46:0e:19:fc:2d:a5:83:ee:4b:7a:6c:f3:
d6:ed:bb:36:22:1d:f5:4c:21:a1:81:7e:4e:4a:95:
59:9e:7e:35:d0:d1:b5:85:b5:a3:a9:01:f8:7b:f5:
c7:f7:4d:b5:bd:aa:ba:97:50:76:fe:52:b0:1d:2d:
ff:b6:bf:b6:60:15:18:8f:f5:0c:2c:d7:22:dd:2e:
7f:0e:56:16:83:9c:47:e1:69:56:46:dd:1a:4a:6d:
c9:61:a1:dd:54:0d:f3:12:0b:7c:6b:18:03:72:d9:
51:fe:d2:af:f0:5f:51:ac:43:23:07:f1:c5:56:a4:
46:6f:ee:d1:70:83:20:93:3c:9b:a7:61:89:58:53:
1e:87:35:10:12:03:d1:d2:71:9f:70:fc:66:d2:f8:
5a:4e:b4:8d:c0:5d:c0:11:58:3d:a9:f2:71:b5:01:
d3:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:65:4C:19:F0:D8:F1:6E:7F:E0:80:C5:AE:64:69:4A:2E:8C:56:93
X509v3 Authority Key Identifier:
keyid:96:96:C6:59:2C:02:B5:03:F4:88:D4:43:7C:D0:AC:82:C1:76:B3:76
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91AEDF7/DEE2D07C090011EB8523165CC4F9AE02/lpbGWSwCtQP0iNRDfNCsgsF2s3Y.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lpbGWSwCtQP0iNRDfNCsgsF2s3Y.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AEDF7/DEE2D07C090011EB8523165CC4F9AE02/13901018203F11ECBE18630CC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
103.70.172.0/22
202.58.229.0/24
202.90.38.0/23
203.142.223.0/24
IPv6:
2406:9c40::/32
Signature Algorithm: sha256WithRSAEncryption
46:63:50:bc:6a:5a:7b:23:8d:a0:26:25:ae:e7:14:d7:43:dd:
87:04:ae:a1:8e:ff:f5:da:32:a8:cd:3c:15:68:1c:ea:63:93:
92:e0:1b:0b:9c:7c:32:cd:1e:f3:2f:e6:26:43:8b:73:eb:76:
e9:66:9f:66:ed:a3:e6:fa:fd:c2:79:46:e7:bf:7c:dc:41:85:
63:8b:36:0d:c9:a9:c6:41:25:99:84:57:ef:83:77:22:bb:23:
e7:c2:31:39:6d:51:3d:08:7d:cd:6f:43:da:82:6d:ef:64:1a:
07:85:2e:47:48:04:12:b9:47:6a:b2:de:4b:00:8c:08:9d:14:
7a:1f:c3:35:01:96:38:61:45:d0:00:8c:5e:73:3c:ad:b4:b6:
49:d1:26:09:0c:60:7a:46:7a:0d:ba:6e:7d:1c:35:3c:c4:7e:
51:a9:e7:b3:c8:42:74:01:3c:6a:24:61:e6:9b:d0:7a:12:8e:
5a:92:eb:c8:47:a3:7d:eb:5c:3a:a2:00:59:99:30:13:2f:1c:
6d:fa:a1:d8:c3:af:85:f3:48:98:da:2d:06:bb:60:7a:a3:2e:
16:ac:13:d3:8d:48:f4:91:6f:25:75:59:c8:61:c1:28:00:c1:
f9:c2:dc:ed:9f:2e:45:63:f4:bf:6a:55:e2:28:ea:98:7b:a2:
a8:e3:a3:a0
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgICCEswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUVERjcxMTAvBgNVBAUTKDk2OTZDNjU5MkMwMkI1MDNGNDg4RDQ0MzdDRDBBQzgy
QzE3NkIzNzYwHhcNMjYwMjE0MjExODIyWhcNMjcwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NDgzMi1kYjkwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAn9boQKcSDF/Xn9NkiNJmA7eOww9ieDfwMxA4OgukWNFfSGnq0lCewQ4VQX84
LnaZz4SZ1awScbgypX3vkbRAzdXs37FUMqp63XFrzKGRvlWJZhiPRVJf22790SZG
Dhn8LaWD7kt6bPPW7bs2Ih31TCGhgX5OSpVZnn410NG1hbWjqQH4e/XH9021vaq6
l1B2/lKwHS3/tr+2YBUYj/UMLNci3S5/DlYWg5xH4WlWRt0aSm3JYaHdVA3zEgt8
axgDctlR/tKv8F9RrEMjB/HFVqRGb+7RcIMgkzybp2GJWFMehzUQEgPR0nGfcPxm
0vhaTrSNwF3AEVg9qfJxtQHTEQIDAQABo4ICgTCCAn0wHQYDVR0OBBYEFKNlTBnw
2PFuf+CAxa5kaUoujFaTMB8GA1UdIwQYMBaAFJaWxlksArUD9IjUQ3zQrILBdrN2
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBRURGNy9ERUUyRDA3QzA5
MDAxMUVCODUyMzE2NUNDNEY5QUUwMi9scGJHV1N3Q3RRUDBpTlJEZk5Dc2dzRjJz
M1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2xwYkdXU3dDdFFQMGlOUkRmTkNzZ3NGMnMzWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUVERjcvREVFMkQwN0MwOTAwMTFFQjg1MjMxNjVDQzRGOUFFMDIvMTM5MDEwMTgy
MDNGMTFFQ0JFMTg2MzBDQzRGOUFFMDIucm9hMEAGCCsGAQUFBwEHAQH/BDEwLzAe
BAIAATAYAwQCZ0asAwQAyjrlAwQBylomAwQAy47fMA0EAgACMAcDBQAkBpxAMA0G
CSqGSIb3DQEBCwUAA4IBAQBGY1C8alp7I42gJiWu5xTXQ92HBK6hjv/12jKozTwV
aBzqY5OS4BsLnHwyzR7zL+YmQ4tz63bpZp9m7aPm+v3CeUbnv3zcQYVjizYNyanG
QSWZhFfvg3ciuyPnwjE5bVE9CH3Nb0Pagm3vZBoHhS5HSAQSuUdqst5LAIwInRR6
H8M1AZY4YUXQAIxeczyttLZJ0SYJDGB6RnoNum59HDU8xH5RqeezyEJ0ATxqJGHm
m9B6Eo5akuvIR6N961w6ogBZmTATLxxt+qHYw6+F80iY2i0Gu2B6oy4WrBPTjUj0
kW8ldVnIYcEoAMH5wtztny5FY/S/alXiKOqYe6Ko46Og
-----END CERTIFICATE-----
Generated at Sat Mar 28 13:39:52 2026 by rpki-client