Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91D5BFB/DF2E013ED9FB11E584D11A76C4F9AE02/6D2F20B6ECEB11EE960F5531C4F9AE02.roa
File: 6D2F20B6ECEB11EE960F5531C4F9AE02.roa (raw, json)
Hash identifier: JN5MdgQyOnCl7sTnuuhfSC+dcJigA58t5/ie8y0Mx7o=
Subject key identifier: 64:06:77:F4:49:20:DC:90:A1:D8:56:48:2A:FB:2D:43:52:0A:7A:87
Certificate issuer: /CN=A91D5BFB/serialNumber=BFB69BC22576B957BAB5FF336B7E8358DCB70A2A
Certificate serial: 2262
Authority key identifier: BF:B6:9B:C2:25:76:B9:57:BA:B5:FF:33:6B:7E:83:58:DC:B7:0A:2A
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/v7abwiV2uVe6tf8za36DWNy3Cio.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91D5BFB/DF2E013ED9FB11E584D11A76C4F9AE02/6D2F20B6ECEB11EE960F5531C4F9AE02.roa
Signing time: Sun 01 Mar 2026 16:41:15 +0000
ROA not before: Fri 13 Feb 2026 10:06:42 +0000
ROA not after: Tue 02 Mar 2027 00:00:00 +0000
asID: 55915
IP address blocks: 43.231.208.0/22 maxlen: 24
45.64.160.0/22 maxlen: 24
45.123.220.0/22 maxlen: 24
49.236.212.0/22 maxlen: 24
103.1.92.0/22 maxlen: 24
103.51.16.0/22 maxlen: 24
103.192.76.0/22 maxlen: 24
202.94.66.0/24 maxlen: 24
2407:5200::/32 maxlen: 32
2407:5200:1::/48 maxlen: 48
2407:5200:32::/48 maxlen: 48
2407:5200:48::/48 maxlen: 48
2407:5200:49::/48 maxlen: 48
2407:5200:4c::/46 maxlen: 48
2407:5200:50::/46 maxlen: 48
2407:5200:54::/48 maxlen: 48
2407:5200:200::/46 maxlen: 48
2407:5200:204::/46 maxlen: 48
2407:5200:300::/46 maxlen: 48
2407:5200:400::/46 maxlen: 48
2407:5200:404::/46 maxlen: 48
2407:5200:600::/46 maxlen: 48
2407:5200:1000::/40 maxlen: 48
2407:5200:1200::/40 maxlen: 48
2407:5200:1300::/40 maxlen: 48
2407:5200:1500::/40 maxlen: 40
2407:5200:4920::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91D5BFB/DF2E013ED9FB11E584D11A76C4F9AE02/v7abwiV2uVe6tf8za36DWNy3Cio.crl
rsync://rpki.apnic.net/member_repository/A91D5BFB/DF2E013ED9FB11E584D11A76C4F9AE02/v7abwiV2uVe6tf8za36DWNy3Cio.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/v7abwiV2uVe6tf8za36DWNy3Cio.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 31 Mar 2026 15:48:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8802 (0x2262)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91D5BFB, serialNumber=BFB69BC22576B957BAB5FF336B7E8358DCB70A2A
Validity
Not Before: Feb 13 10:06:42 2026 GMT
Not After : Mar 2 00:00:00 2027 GMT
Subject: CN=69a46c2a-9d2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:57:48:17:75:3e:67:8b:d0:05:62:99:93:8e:
85:4e:30:12:f3:8b:cf:38:f9:86:80:2e:c1:94:0f:
8d:7b:a3:72:1a:d7:29:17:b0:b4:a1:2d:2a:40:ef:
db:97:52:08:1c:f8:0e:bb:02:db:80:e4:ba:ca:f2:
54:25:5c:ae:a0:40:b1:31:5d:30:88:87:a2:f5:c8:
ab:4a:b5:01:e1:4e:f7:bf:b0:b1:dd:7a:86:39:2c:
db:0b:1e:13:75:ce:5b:64:b6:98:ec:9f:c8:76:ca:
8d:67:15:ba:1a:8b:8c:4b:58:34:17:7c:2f:68:fa:
28:07:87:b5:94:55:e4:2a:4e:7a:0c:1f:cc:3d:a7:
a0:a8:bc:7d:77:33:ad:0c:07:81:54:38:a7:cb:d6:
b8:95:24:b4:0f:8a:5a:1e:81:f9:09:a4:65:35:c6:
e8:3c:61:15:e7:53:b0:a4:3f:a7:1f:d8:c8:2a:fd:
9b:a2:23:de:91:93:c1:c3:b1:3b:d7:eb:7b:eb:72:
75:ff:21:ff:ab:eb:7e:ca:8c:c0:72:0f:82:d7:18:
82:70:5b:20:4f:42:a1:78:ad:be:b5:bf:dd:0a:e3:
a2:0a:e0:0c:a6:b7:27:ba:90:22:f3:88:a1:22:37:
d8:9c:91:50:dc:08:3c:7f:9d:7b:74:c8:c0:34:ba:
4a:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:06:77:F4:49:20:DC:90:A1:D8:56:48:2A:FB:2D:43:52:0A:7A:87
X509v3 Authority Key Identifier:
keyid:BF:B6:9B:C2:25:76:B9:57:BA:B5:FF:33:6B:7E:83:58:DC:B7:0A:2A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91D5BFB/DF2E013ED9FB11E584D11A76C4F9AE02/v7abwiV2uVe6tf8za36DWNy3Cio.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/v7abwiV2uVe6tf8za36DWNy3Cio.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D5BFB/DF2E013ED9FB11E584D11A76C4F9AE02/6D2F20B6ECEB11EE960F5531C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
43.231.208.0/22
45.64.160.0/22
45.123.220.0/22
49.236.212.0/22
103.1.92.0/22
103.51.16.0/22
103.192.76.0/22
202.94.66.0/24
IPv6:
2407:5200::/32
Signature Algorithm: sha256WithRSAEncryption
08:b0:9f:07:92:08:17:ed:80:76:78:67:1a:c0:6b:09:58:59:
7e:85:c2:87:8d:f6:fe:4e:7b:1c:ee:9b:b4:3d:96:e3:2f:48:
4a:4f:8d:6f:94:d6:38:6a:75:a7:bc:d6:dd:9d:4c:32:69:cd:
72:35:00:45:62:53:3c:4a:d7:3f:5e:97:40:86:e6:79:86:4e:
0b:aa:1f:e9:31:65:82:bb:fd:ae:e1:8d:0f:08:ce:3e:03:25:
0e:91:e0:8c:63:fd:a9:48:34:6c:60:af:52:bc:fa:d5:ab:2a:
74:71:b8:2f:58:f0:f4:f4:86:3c:13:d2:6e:10:bf:f3:ac:8c:
d7:27:7a:c2:dc:41:07:94:87:f5:3c:81:1b:62:4f:48:79:35:
f8:85:d1:3f:db:e2:de:75:38:8d:38:61:9e:dc:ee:44:ea:be:
ce:f8:1d:b3:ab:5e:41:d9:21:02:da:88:e4:98:7f:86:eb:74:
bb:e9:7a:93:79:c5:46:30:41:d3:0a:5e:fa:02:13:d1:34:fe:
40:da:b1:d1:3c:0d:08:13:7d:c3:25:f2:84:3d:79:5e:6a:c4:
7a:76:65:1b:a1:00:75:f7:87:1b:94:e1:b9:10:a0:bc:de:5c:
61:15:a1:ef:ec:93:2b:e8:90:d0:df:e2:d7:02:df:d6:ea:38:
a0:99:34:a8
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgICImIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDVCRkIxMTAvBgNVBAUTKEJGQjY5QkMyMjU3NkI5NTdCQUI1RkYzMzZCN0U4MzU4
RENCNzBBMkEwHhcNMjYwMjEzMTAwNjQyWhcNMjcwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NmMyYS05ZDJkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwFdIF3U+Z4vQBWKZk46FTjAS84vPOPmGgC7BlA+Ne6NyGtcpF7C0oS0qQO/b
l1IIHPgOuwLbgOS6yvJUJVyuoECxMV0wiIei9cirSrUB4U73v7Cx3XqGOSzbCx4T
dc5bZLaY7J/IdsqNZxW6GouMS1g0F3wvaPooB4e1lFXkKk56DB/MPaegqLx9dzOt
DAeBVDiny9a4lSS0D4paHoH5CaRlNcboPGEV51OwpD+nH9jIKv2boiPekZPBw7E7
1+t763J1/yH/q+t+yozAcg+C1xiCcFsgT0KheK2+tb/dCuOiCuAMprcnupAi84ih
IjfYnJFQ3Ag8f517dMjANLpKfwIDAQABo4ICmTCCApUwHQYDVR0OBBYEFGQGd/RJ
INyQodhWSCr7LUNSCnqHMB8GA1UdIwQYMBaAFL+2m8IldrlXurX/M2t+g1jctwoq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENUJGQi9ERjJFMDEzRUQ5
RkIxMUU1ODREMTFBNzZDNEY5QUUwMi92N2Fid2lWMnVWZTZ0Zjh6YTM2RFdOeTND
aW8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3Y3YWJ3aVYydVZlNnRmOHphMzZEV055M0Npby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDVCRkIvREYyRTAxM0VEOUZCMTFFNTg0RDExQTc2QzRGOUFFMDIvNkQyRjIwQjZF
Q0VCMTFFRTk2MEY1NTMxQzRGOUFFMDIucm9hMFgGCCsGAQUFBwEHAQH/BEkwRzA2
BAIAATAwAwQCK+fQAwQCLUCgAwQCLXvcAwQCMezUAwQCZwFcAwQCZzMQAwQCZ8BM
AwQAyl5CMA0EAgACMAcDBQAkB1IAMA0GCSqGSIb3DQEBCwUAA4IBAQAIsJ8HkggX
7YB2eGcawGsJWFl+hcKHjfb+Tnsc7pu0PZbjL0hKT41vlNY4anWnvNbdnUwyac1y
NQBFYlM8Stc/XpdAhuZ5hk4Lqh/pMWWCu/2u4Y0PCM4+AyUOkeCMY/2pSDRsYK9S
vPrVqyp0cbgvWPD09IY8E9JuEL/zrIzXJ3rC3EEHlIf1PIEbYk9IeTX4hdE/2+Le
dTiNOGGe3O5E6r7O+B2zq15B2SEC2ojkmH+G63S76XqTecVGMEHTCl76AhPRNP5A
2rHRPA0IE33DJfKEPXleasR6dmUboQB194cblOG5EKC83lxhFaHv7JMr6JDQ3+LX
At/W6jigmTSo
-----END CERTIFICATE-----
Generated at Thu Mar 26 07:12:36 2026 by rpki-client