Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/CBF7E2CE2D3611EEA81A490BC4F9AE02.roa
File: CBF7E2CE2D3611EEA81A490BC4F9AE02.roa (raw, json)
Hash identifier: j7L99bx7Ey41ZLd+2+aMZ4wqjEnPklq5VL7HIrKdyHs=
Subject key identifier: 9D:7A:AF:E4:55:A7:DF:8F:38:2C:13:C0:B5:0C:EC:09:CE:99:68:2C
Certificate issuer: /CN=A91BB4C2/serialNumber=DC23A69EA1EFC1A379492C13E9AC147C49F5AD04
Certificate serial: 0269
Authority key identifier: DC:23:A6:9E:A1:EF:C1:A3:79:49:2C:13:E9:AC:14:7C:49:F5:AD:04
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3COmnqHvwaN5SSwT6awUfEn1rQQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/CBF7E2CE2D3611EEA81A490BC4F9AE02.roa
Signing time: Mon 02 Mar 2026 14:09:25 +0000
ROA not before: Wed 13 Aug 2025 04:11:40 +0000
ROA not after: Mon 31 Aug 2026 00:00:00 +0000
asID: 136395
IP address blocks: 103.213.36.0/23 maxlen: 23
103.213.36.0/24 maxlen: 24
103.213.37.0/24 maxlen: 24
2401:5e0::/32 maxlen: 32
2401:5e0::/36 maxlen: 36
2401:5e0:1::/48 maxlen: 48
2401:5e0:2::/48 maxlen: 48
2401:5e0:3::/48 maxlen: 48
2401:5e0:4::/48 maxlen: 48
2401:5e0:1000::/36 maxlen: 36
2401:5e0:1000::/48 maxlen: 48
2401:5e0:1001::/48 maxlen: 48
2401:5e0:1002::/48 maxlen: 48
2401:5e0:1003::/48 maxlen: 48
2401:5e0:1004::/48 maxlen: 48
2401:5e0:1005::/48 maxlen: 48
2401:5e0:1006::/48 maxlen: 48
2401:5e0:1007::/48 maxlen: 48
2401:5e0:1008::/48 maxlen: 48
2401:5e0:1009::/48 maxlen: 48
2401:5e0:100a::/48 maxlen: 48
2401:5e0:100b::/48 maxlen: 48
2401:5e0:100c::/48 maxlen: 48
2401:5e0:100d::/48 maxlen: 48
2401:5e0:100e::/48 maxlen: 48
2401:5e0:100f::/48 maxlen: 48
2401:5e0:1010::/48 maxlen: 48
2401:5e0:2000::/36 maxlen: 36
2401:5e0:2000::/48 maxlen: 48
2401:5e0:2001::/48 maxlen: 48
2401:5e0:2002::/48 maxlen: 48
2401:5e0:2003::/48 maxlen: 48
2401:5e0:2004::/48 maxlen: 48
2401:5e0:2005::/48 maxlen: 48
2401:5e0:3000::/36 maxlen: 36
2401:5e0:4000::/36 maxlen: 36
2401:5e0:5000::/36 maxlen: 36
2401:5e0:6000::/36 maxlen: 36
2401:5e0:7000::/36 maxlen: 36
2401:5e0:8000::/36 maxlen: 36
2401:5e0:9000::/36 maxlen: 36
2401:5e0:a000::/36 maxlen: 36
2401:5e0:b000::/36 maxlen: 36
2401:5e0:c000::/36 maxlen: 36
2401:5e0:d000::/36 maxlen: 36
2401:5e0:e000::/36 maxlen: 36
2401:5e0:f000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/3COmnqHvwaN5SSwT6awUfEn1rQQ.crl
rsync://rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/3COmnqHvwaN5SSwT6awUfEn1rQQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3COmnqHvwaN5SSwT6awUfEn1rQQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 01 Apr 2026 02:18:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 617 (0x269)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91BB4C2, serialNumber=DC23A69EA1EFC1A379492C13E9AC147C49F5AD04
Validity
Not Before: Aug 13 04:11:40 2025 GMT
Not After : Aug 31 00:00:00 2026 GMT
Subject: CN=69a59a15-bc4b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:84:d3:a3:64:3b:1a:d7:f5:7d:4a:34:ef:c4:
2f:61:fc:1a:a8:56:80:f8:04:83:c6:e8:24:24:3e:
bf:11:35:d6:ef:a5:96:6b:9c:54:a4:d8:8e:c5:ef:
c9:75:7d:90:7e:7d:f5:d1:20:c6:59:21:85:9d:95:
a9:2f:f0:cd:02:7e:9a:3e:75:9b:5a:2c:76:94:6c:
0b:c2:6b:cd:b3:e0:de:f3:15:73:9c:ed:b1:e6:5b:
05:03:97:04:15:f4:4f:a6:1c:97:bd:03:de:3c:29:
86:1c:8a:a5:cd:78:61:b5:fe:9a:9e:09:89:c4:10:
dd:8c:fc:c6:0c:7b:e1:8a:6d:a4:93:c2:c8:f5:34:
b6:7a:b4:3a:0d:4b:13:ca:12:18:b5:91:eb:42:98:
5a:7e:e9:bb:71:45:ce:40:3d:9b:12:dd:14:af:e2:
ea:43:35:04:3d:02:39:9e:ce:48:4b:a3:6c:98:41:
99:62:90:b4:35:d2:25:63:a8:ed:4e:3f:7d:49:41:
4a:95:b3:32:1f:5a:d8:1d:90:f0:90:47:15:65:30:
52:bd:5a:1e:10:b2:70:11:01:7c:9a:d0:93:94:17:
d0:80:94:b8:71:76:1e:4e:d9:9f:03:92:2b:79:f4:
e9:01:38:0d:a8:29:9f:76:9b:6c:ab:b8:e9:50:c2:
39:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:7A:AF:E4:55:A7:DF:8F:38:2C:13:C0:B5:0C:EC:09:CE:99:68:2C
X509v3 Authority Key Identifier:
keyid:DC:23:A6:9E:A1:EF:C1:A3:79:49:2C:13:E9:AC:14:7C:49:F5:AD:04
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/3COmnqHvwaN5SSwT6awUfEn1rQQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3COmnqHvwaN5SSwT6awUfEn1rQQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/CBF7E2CE2D3611EEA81A490BC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
103.213.36.0/23
IPv6:
2401:5e0::/32
Signature Algorithm: sha256WithRSAEncryption
16:ec:4a:d3:2c:23:ac:24:ab:ed:f1:11:fc:b5:31:44:f4:26:
02:b5:8f:af:9a:4a:f7:d2:59:ff:66:73:30:f4:8a:18:09:19:
ef:73:32:8d:1f:eb:58:97:7d:17:21:8c:fe:20:d6:92:ea:ce:
d0:de:f2:37:0d:6e:fb:04:1a:0b:ac:ea:31:f6:91:a4:62:da:
df:11:7c:2e:97:ca:ef:ea:30:0e:58:e3:da:54:e2:46:83:3f:
67:52:83:c4:df:64:0e:99:1c:17:b4:47:f6:6d:5a:2d:4c:95:
23:a1:eb:ff:ee:c8:e3:e5:81:cb:18:f9:46:5b:e2:b3:e6:c9:
38:b9:1d:a4:5e:8e:42:df:bf:25:6d:6d:62:74:7e:bd:05:17:
aa:31:ee:d8:13:99:10:47:78:ac:37:4d:2a:a2:41:2a:1c:80:
44:8a:01:5d:12:92:50:13:2e:5f:4e:7a:06:28:fb:9e:47:33:
6e:c4:09:b7:2a:dd:4e:d1:d0:97:8a:ad:03:1c:87:89:61:ce:
97:54:00:9d:c7:97:9b:ff:e1:78:d4:05:56:8f:a5:19:ff:4b:
46:a4:35:cf:0f:20:06:46:f1:e6:e1:07:7b:9a:8d:19:09:55:
a7:1a:3b:e3:52:0d:3d:91:63:6c:b3:2f:ae:f4:c0:7b:00:f4:
22:23:02:96
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgICAmkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkI0QzIxMTAvBgNVBAUTKERDMjNBNjlFQTFFRkMxQTM3OTQ5MkMxM0U5QUMxNDdD
NDlGNUFEMDQwHhcNMjUwODEzMDQxMTQwWhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE1OWExNS1iYzRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuoTTo2Q7Gtf1fUo078QvYfwaqFaA+ASDxugkJD6/ETXW76WWa5xUpNiOxe/J
dX2Qfn310SDGWSGFnZWpL/DNAn6aPnWbWix2lGwLwmvNs+De8xVznO2x5lsFA5cE
FfRPphyXvQPePCmGHIqlzXhhtf6angmJxBDdjPzGDHvhim2kk8LI9TS2erQ6DUsT
yhIYtZHrQphafum7cUXOQD2bEt0Ur+LqQzUEPQI5ns5IS6NsmEGZYpC0NdIlY6jt
Tj99SUFKlbMyH1rYHZDwkEcVZTBSvVoeELJwEQF8mtCTlBfQgJS4cXYeTtmfA5Ir
efTpATgNqCmfdptsq7jpUMI5gQIDAQABo4ICbzCCAmswHQYDVR0OBBYEFJ16r+RV
p9+POCwTwLUM7AnOmWgsMB8GA1UdIwQYMBaAFNwjpp6h78GjeUksE+msFHxJ9a0E
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCQjRDMi9CMTdFOTVENjAz
NzAxMUVFOUJCNjJDMkZDNEY5QUUwMi8zQ09tbnFIdndhTjVTU3dUNmF3VWZFbjFy
UVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzNDT21ucUh2d2FONVNTd1Q2YXdVZkVuMXJRUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkI0QzIvQjE3RTk1RDYwMzcwMTFFRTlCQjYyQzJGQzRGOUFFMDIvQ0JGN0UyQ0Uy
RDM2MTFFRUE4MUE0OTBCQzRGOUFFMDIucm9hMC4GCCsGAQUFBwEHAQH/BB8wHTAM
BAIAATAGAwQBZ9UkMA0EAgACMAcDBQAkAQXgMA0GCSqGSIb3DQEBCwUAA4IBAQAW
7ErTLCOsJKvt8RH8tTFE9CYCtY+vmkr30ln/ZnMw9IoYCRnvczKNH+tYl30XIYz+
INaS6s7Q3vI3DW77BBoLrOox9pGkYtrfEXwul8rv6jAOWOPaVOJGgz9nUoPE32QO
mRwXtEf2bVotTJUjoev/7sjj5YHLGPlGW+Kz5sk4uR2kXo5C378lbW1idH69BReq
Me7YE5kQR3isN00qokEqHIBEigFdEpJQEy5fTnoGKPueRzNuxAm3Kt1O0dCXiq0D
HIeJYc6XVACdx5eb/+F41AVWj6UZ/0tGpDXPDyAGRvHm4Qd7mo0ZCVWnGjvjUg09
kWNssy+u9MB7APQiIwKW
-----END CERTIFICATE-----
Generated at Thu Mar 26 19:14:32 2026 by rpki-client