Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/DE61D0DC2A7311F08DDC6D17C4F9AE02.roa
File: DE61D0DC2A7311F08DDC6D17C4F9AE02.roa (raw, json)
Hash identifier: xXPAl2rdlXbRKGiZrQ383xk0pehWZEjj7jMTsKVw0eI=
Subject key identifier: 6A:49:13:EE:01:19:67:A4:59:30:0C:8C:18:01:07:D1:C4:BA:65:7F
Certificate issuer: /CN=A91DA2D5/serialNumber=3C1C877347EE82729636AF0F3A375D391090F921
Certificate serial: 2D8F
Authority key identifier: 3C:1C:87:73:47:EE:82:72:96:36:AF:0F:3A:37:5D:39:10:90:F9:21
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PByHc0fugnKWNq8POjddORCQ-SE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/DE61D0DC2A7311F08DDC6D17C4F9AE02.roa
Signing time: Sun 01 Mar 2026 17:08:14 +0000
ROA not before: Wed 25 Feb 2026 08:56:17 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 58717
IP address blocks: 43.245.140.0/22 maxlen: 22
43.245.140.0/22 maxlen: 24
43.245.140.0/23 maxlen: 23
43.245.140.0/24 maxlen: 24
43.245.141.0/24 maxlen: 24
43.245.142.0/23 maxlen: 23
43.245.142.0/24 maxlen: 24
43.245.143.0/24 maxlen: 24
59.153.202.0/23 maxlen: 24
103.15.244.0/22 maxlen: 24
103.15.246.64/26 maxlen: 26
103.75.238.0/23 maxlen: 24
103.96.68.0/23 maxlen: 24
103.96.70.0/23 maxlen: 24
103.108.144.0/22 maxlen: 24
103.199.84.0/22 maxlen: 24
103.242.216.0/24 maxlen: 24
103.242.217.0/24 maxlen: 24
103.242.218.0/23 maxlen: 24
144.48.148.0/23 maxlen: 23
144.48.148.0/24 maxlen: 24
144.48.149.0/24 maxlen: 24
175.41.44.0/22 maxlen: 24
2405:1500::/30 maxlen: 31
2405:1500::/32 maxlen: 32
2405:1500::/32 maxlen: 48
2405:1500::/48 maxlen: 48
2405:1500:11::/48 maxlen: 48
2405:1500:12::/48 maxlen: 48
2405:1500:13::/48 maxlen: 48
2405:1500:30::/48 maxlen: 48
2405:1500:37::/48 maxlen: 48
2405:1500:40::/48 maxlen: 48
2405:1500:41::/48 maxlen: 48
2405:1500:42::/48 maxlen: 48
2405:1500:45::/48 maxlen: 48
2405:1500:50::/48 maxlen: 48
2405:1500:52::/48 maxlen: 48
2405:1500:55::/48 maxlen: 48
2405:1500:56::/48 maxlen: 48
2405:1500:60::/48 maxlen: 48
2405:1500:70::/48 maxlen: 48
2405:1500:80::/48 maxlen: 48
2405:1500:82::/48 maxlen: 48
2405:1500:90::/48 maxlen: 48
2405:1500:92::/48 maxlen: 48
2405:1500:94::/48 maxlen: 48
2405:1500:97::/48 maxlen: 48
2405:1500:a1::/48 maxlen: 48
2405:1500:b0::/48 maxlen: 48
2405:1500:b1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/PByHc0fugnKWNq8POjddORCQ-SE.crl
rsync://rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/PByHc0fugnKWNq8POjddORCQ-SE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PByHc0fugnKWNq8POjddORCQ-SE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 31 Mar 2026 15:28:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11663 (0x2d8f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DA2D5, serialNumber=3C1C877347EE82729636AF0F3A375D391090F921
Validity
Not Before: Feb 25 08:56:17 2026 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=69a4727e-32a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:a1:ee:26:2f:99:02:c4:b5:76:a9:b8:07:fa:
63:c5:c3:67:22:f0:80:d3:69:4e:cb:0c:6b:6f:9e:
9e:47:56:2a:f6:15:49:fb:ab:53:78:1a:33:dc:f6:
0f:19:1c:43:99:b8:61:d9:89:c5:b1:5e:29:61:af:
f9:d5:9f:39:ee:1e:8b:dc:8e:ec:20:5c:ec:e2:2c:
34:0f:6d:c0:dd:4c:c8:b5:e2:25:fb:40:af:11:86:
8f:02:84:22:0c:bf:5f:16:f8:d5:20:63:59:d7:82:
49:a4:df:94:00:26:5f:35:5f:ac:38:fc:b2:23:51:
49:37:86:1e:b2:45:76:03:84:5b:58:75:ab:4d:3a:
e3:3d:ef:98:bc:d0:a4:3f:5d:32:80:b1:c8:e9:41:
38:fc:70:80:3e:cb:94:0d:34:0e:d2:08:7f:25:08:
75:02:48:e0:96:d4:88:0f:62:3e:49:8d:e2:45:a9:
8e:5a:a1:ab:42:f0:a6:53:f4:e7:ac:d6:63:13:f6:
6b:c5:09:ef:a4:bd:9b:aa:67:cc:96:44:b3:e9:c6:
a3:a1:41:04:e6:31:0a:ea:59:69:0c:d7:47:e5:e3:
75:fe:40:80:95:df:38:d4:81:54:48:16:aa:f9:39:
0f:20:4a:59:49:40:22:e0:22:1e:6b:24:0f:2e:09:
95:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:49:13:EE:01:19:67:A4:59:30:0C:8C:18:01:07:D1:C4:BA:65:7F
X509v3 Authority Key Identifier:
keyid:3C:1C:87:73:47:EE:82:72:96:36:AF:0F:3A:37:5D:39:10:90:F9:21
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/PByHc0fugnKWNq8POjddORCQ-SE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PByHc0fugnKWNq8POjddORCQ-SE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DA2D5/5F861EE6B89A11E3B4AC7E785911EA32/DE61D0DC2A7311F08DDC6D17C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
43.245.140.0/22
59.153.202.0/23
103.15.244.0/22
103.75.238.0/23
103.96.68.0/22
103.108.144.0/22
103.199.84.0/22
103.242.216.0/22
144.48.148.0/23
175.41.44.0/22
IPv6:
2405:1500::/30
Signature Algorithm: sha256WithRSAEncryption
56:d2:ce:36:77:ea:48:07:80:be:1d:8c:b3:47:a8:31:79:a6:
98:58:45:ed:ef:25:ef:5f:d4:6b:13:0e:54:61:91:a4:34:68:
48:d3:bb:52:74:35:da:e6:e3:78:5c:33:f8:99:a2:21:7e:c7:
57:52:0f:61:ee:ac:6c:d7:7e:3f:8b:46:9c:fa:85:62:bd:87:
3f:cd:06:17:21:32:6d:e5:eb:9e:de:85:eb:c0:98:3c:7e:20:
d8:44:6a:06:6e:3e:9e:2e:15:80:d8:13:81:c1:cf:c8:23:d6:
69:2a:f6:e8:04:b9:05:a6:f0:be:3c:35:37:9e:ba:db:21:b1:
51:66:96:18:b5:03:7e:eb:33:28:d1:94:00:e7:fd:c6:c8:d0:
04:00:4f:53:87:57:b5:39:a4:f1:4c:07:42:8d:b5:2a:0b:f4:
4e:9c:d3:29:73:63:2e:b1:52:aa:48:b6:b8:7f:d9:f8:ff:b2:
1b:5b:27:91:6c:b7:aa:06:77:d5:2d:75:bc:74:30:65:b8:5c:
5c:3d:df:d3:73:8e:53:0b:8c:bb:39:99:86:20:a4:a4:9c:ce:
0b:65:b4:ce:b7:95:8a:2a:57:1e:7e:96:cc:74:b1:d7:c0:95:
9e:36:c7:67:27:0d:ff:8e:30:86:42:da:f2:a8:64:4b:a8:23:
ad:5f:0e:de
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgICLY8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REEyRDUxMTAvBgNVBAUTKDNDMUM4NzczNDdFRTgyNzI5NjM2QUYwRjNBMzc1RDM5
MTA5MEY5MjEwHhcNMjYwMjI1MDg1NjE3WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0NzI3ZS0zMmE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4qHuJi+ZAsS1dqm4B/pjxcNnIvCA02lOywxrb56eR1Yq9hVJ+6tTeBoz3PYP
GRxDmbhh2YnFsV4pYa/51Z857h6L3I7sIFzs4iw0D23A3UzIteIl+0CvEYaPAoQi
DL9fFvjVIGNZ14JJpN+UACZfNV+sOPyyI1FJN4YeskV2A4RbWHWrTTrjPe+YvNCk
P10ygLHI6UE4/HCAPsuUDTQO0gh/JQh1AkjgltSID2I+SY3iRamOWqGrQvCmU/Tn
rNZjE/ZrxQnvpL2bqmfMlkSz6cajoUEE5jEK6llpDNdH5eN1/kCAld841IFUSBaq
+TkPIEpZSUAi4CIeayQPLgmV/wIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFGpJE+4B
GWekWTAMjBgBB9HEumV/MB8GA1UdIwQYMBaAFDwch3NH7oJyljavDzo3XTkQkPkh
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQTJENS81Rjg2MUVFNkI4
OUExMUUzQjRBQzdFNzg1OTExRUEzMi9QQnlIYzBmdWduS1dOcThQT2pkZE9SQ1Et
U0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BCeUhjMGZ1Z25LV05xOFBPamRkT1JDUS1TRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REEyRDUvNUY4NjFFRTZCODlBMTFFM0I0QUM3RTc4NTkxMUVBMzIvREU2MUQwREMy
QTczMTFGMDhEREM2RDE3QzRGOUFFMDIucm9hMGQGCCsGAQUFBwEHAQH/BFUwUzBC
BAIAATA8AwQCK/WMAwQBO5nKAwQCZw/0AwQBZ0vuAwQCZ2BEAwQCZ2yQAwQCZ8dU
AwQCZ/LYAwQBkDCUAwQCryksMA0EAgACMAcDBQIkBRUAMA0GCSqGSIb3DQEBCwUA
A4IBAQBW0s42d+pIB4C+HYyzR6gxeaaYWEXt7yXvX9RrEw5UYZGkNGhI07tSdDXa
5uN4XDP4maIhfsdXUg9h7qxs134/i0ac+oVivYc/zQYXITJt5eue3oXrwJg8fiDY
RGoGbj6eLhWA2BOBwc/II9ZpKvboBLkFpvC+PDU3nrrbIbFRZpYYtQN+6zMo0ZQA
5/3GyNAEAE9Th1e1OaTxTAdCjbUqC/ROnNMpc2MusVKqSLa4f9n4/7IbWyeRbLeq
BnfVLXW8dDBluFxcPd/Tc45TC4y7OZmGIKSknM4LZbTOt5WKKlcefpbMdLHXwJWe
NsdnJw3/jjCGQtryqGRLqCOtXw7e
-----END CERTIFICATE-----
Generated at Thu Mar 26 09:57:14 2026 by rpki-client