Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/BD6571EEC0AC11EF8F832C34C4F9AE02.roa
File: BD6571EEC0AC11EF8F832C34C4F9AE02.roa (raw, json)
Hash identifier: LnqeCppjvfZw+kjrXoa/2ToWPDmJSTa9ohrJhVPCflE=
Subject key identifier: 58:26:C4:E8:33:5C:B0:E4:78:70:C7:68:BD:5D:95:06:09:1D:7E:37
Certificate issuer: /CN=A91DC46A/serialNumber=F8D4A632D069964C61A33E41D6243D535B007D54
Certificate serial: 1EC7
Authority key identifier: F8:D4:A6:32:D0:69:96:4C:61:A3:3E:41:D6:24:3D:53:5B:00:7D:54
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/BD6571EEC0AC11EF8F832C34C4F9AE02.roa
Signing time: Mon 02 Mar 2026 16:18:55 +0000
ROA not before: Mon 02 Mar 2026 16:18:55 +0000
ROA not after: Wed 31 Mar 2027 00:00:00 +0000
asID: 23678
IP address blocks: 27.131.32.0/19 maxlen: 24
43.252.44.0/22 maxlen: 22
43.252.44.0/23 maxlen: 23
43.252.44.0/24 maxlen: 24
43.252.45.0/24 maxlen: 24
43.252.46.0/24 maxlen: 24
43.252.47.0/24 maxlen: 24
103.12.64.0/22 maxlen: 22
103.12.64.0/23 maxlen: 23
103.12.64.0/24 maxlen: 24
103.12.65.0/24 maxlen: 24
103.12.66.0/24 maxlen: 24
103.12.67.0/24 maxlen: 24
103.137.120.0/22 maxlen: 24
103.221.60.0/22 maxlen: 23
103.221.60.0/23 maxlen: 24
103.221.62.0/24 maxlen: 24
103.243.192.0/22 maxlen: 22
103.243.192.0/24 maxlen: 24
103.243.193.0/24 maxlen: 24
103.243.194.0/24 maxlen: 24
122.0.16.0/20 maxlen: 24
150.107.156.0/22 maxlen: 22
150.107.156.0/24 maxlen: 24
150.107.157.0/24 maxlen: 24
150.107.158.0/24 maxlen: 24
150.107.159.0/24 maxlen: 24
202.133.96.0/20 maxlen: 24
2405:6400::/32 maxlen: 36
2405:6400::/42 maxlen: 42
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.crl
rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 02 Apr 2026 16:03:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7879 (0x1ec7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91DC46A, serialNumber=F8D4A632D069964C61A33E41D6243D535B007D54
Validity
Not Before: Mar 2 16:18:55 2026 GMT
Not After : Mar 31 00:00:00 2027 GMT
Subject: CN=69a5b86f-a64b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:28:b9:1a:fb:b7:b0:db:b9:98:79:a4:ca:95:
7d:ed:96:f9:cd:cf:a0:14:ad:d9:cd:36:df:b0:46:
92:61:89:a7:cb:48:e2:83:4b:49:60:4d:d1:65:13:
9c:23:44:5e:6c:bf:a8:6f:62:d1:68:ef:42:f7:98:
a2:64:60:8c:50:4f:a6:3f:16:76:21:1e:e8:09:db:
31:75:94:dc:8f:70:94:bc:ad:ef:1f:da:fb:93:a4:
56:8b:26:b6:c4:60:7c:3c:85:9c:65:e3:8d:8c:da:
ed:d5:ac:5f:90:6e:5c:35:3e:e5:da:21:78:b1:be:
b8:6b:0c:79:01:cb:fd:72:7c:33:bb:13:c1:ac:39:
c1:64:13:a1:69:3d:d2:4c:1e:31:7d:74:a9:6a:b1:
16:91:6d:d7:34:8a:8a:23:a1:c0:54:a7:b7:2c:7f:
c4:ee:6b:84:15:38:bd:be:18:f7:6c:c9:94:42:35:
c3:32:79:81:07:98:2c:fc:01:f6:07:c0:09:7e:6f:
5d:e9:8d:70:e7:a7:19:9b:7e:e9:6f:f3:92:21:2b:
0a:41:c7:cb:1c:ff:3b:fa:34:8b:63:d4:c1:af:6a:
15:ed:9a:28:9b:4c:4d:f5:50:f4:7a:ae:77:d1:5a:
36:da:54:d3:00:2e:d9:6a:8d:a0:8c:ce:11:09:69:
f6:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:26:C4:E8:33:5C:B0:E4:78:70:C7:68:BD:5D:95:06:09:1D:7E:37
X509v3 Authority Key Identifier:
keyid:F8:D4:A6:32:D0:69:96:4C:61:A3:3E:41:D6:24:3D:53:5B:00:7D:54
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/BD6571EEC0AC11EF8F832C34C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
27.131.32.0/19
43.252.44.0/22
103.12.64.0/22
103.137.120.0/22
103.221.60.0/22
103.243.192.0/22
122.0.16.0/20
150.107.156.0/22
202.133.96.0/20
IPv6:
2405:6400::/32
Signature Algorithm: sha256WithRSAEncryption
24:31:41:0d:e0:ff:c1:82:be:30:99:6b:4d:eb:7a:05:85:6d:
ac:e8:6e:ce:5b:06:68:13:0d:7b:59:0b:7e:6d:e8:df:40:fa:
16:1b:32:89:35:9d:44:0a:1b:5d:89:72:e9:3f:05:5a:8f:e9:
35:88:03:3f:df:3a:8d:5f:52:22:fe:c4:e0:bc:bd:44:56:97:
b3:72:94:60:62:fb:55:bb:91:25:6a:70:1b:76:ff:56:25:17:
73:8b:b7:f9:81:bc:d1:ff:34:49:db:3a:67:ee:71:1d:ea:25:
48:d7:56:49:86:89:e5:f6:45:93:2e:93:ec:a4:7b:a4:1b:5e:
1e:16:80:66:2d:6f:11:9b:eb:3f:18:30:c6:83:8c:1b:b1:fb:
a6:44:d4:83:a0:8a:af:52:5a:9c:b1:01:c5:84:e4:f4:7b:be:
68:51:5a:af:f7:82:a3:da:6d:51:e2:2b:c9:cd:7b:2f:c7:f3:
9e:34:39:13:67:71:1d:5a:b8:6b:72:5d:f0:86:97:a4:b8:f8:
4e:38:ac:e7:4c:f0:6a:46:36:61:81:d4:72:b2:53:c5:0c:14:
68:e4:75:fa:0f:38:93:91:67:65:11:66:62:d7:6c:56:d7:e1:
ff:4a:bd:f0:58:a8:9f:a1:ba:a9:34:69:61:2a:00:68:fd:5e:
0e:a9:1b:5e
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgICHscwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REM0NkExMTAvBgNVBAUTKEY4RDRBNjMyRDA2OTk2NEM2MUEzM0U0MUQ2MjQzRDUz
NUIwMDdENTQwHhcNMjYwMzAyMTYxODU1WhcNMjcwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE1Yjg2Zi1hNjRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6Ci5Gvu3sNu5mHmkypV97Zb5zc+gFK3ZzTbfsEaSYYmny0jig0tJYE3RZROc
I0RebL+ob2LRaO9C95iiZGCMUE+mPxZ2IR7oCdsxdZTcj3CUvK3vH9r7k6RWiya2
xGB8PIWcZeONjNrt1axfkG5cNT7l2iF4sb64awx5Acv9cnwzuxPBrDnBZBOhaT3S
TB4xfXSparEWkW3XNIqKI6HAVKe3LH/E7muEFTi9vhj3bMmUQjXDMnmBB5gs/AH2
B8AJfm9d6Y1w56cZm37pb/OSISsKQcfLHP87+jSLY9TBr2oV7Zoom0xN9VD0eq53
0Vo22lTTAC7Zao2gjM4RCWn2EwIDAQABo4ICnzCCApswHQYDVR0OBBYEFFgmxOgz
XLDkeHDHaL1dlQYJHX43MB8GA1UdIwQYMBaAFPjUpjLQaZZMYaM+QdYkPVNbAH1U
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQzQ2QS8wMDUwMDE2NDk0
MzIxMUU2OEMxQjgyNEFDNEY5QUUwMi8tTlNtTXRCcGxreGhvejVCMWlROVUxc0Fm
VlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1OU21NdEJwbGt4aG96NUIxaVE5VTFzQWZWUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REM0NkEvMDA1MDAxNjQ5NDMyMTFFNjhDMUI4MjRBQzRGOUFFMDIvQkQ2NTcxRUVD
MEFDMTFFRjhGODMyQzM0QzRGOUFFMDIucm9hMF4GCCsGAQUFBwEHAQH/BE8wTTA8
BAIAATA2AwQFG4MgAwQCK/wsAwQCZwxAAwQCZ4l4AwQCZ908AwQCZ/PAAwQEegAQ
AwQClmucAwQEyoVgMA0EAgACMAcDBQAkBWQAMA0GCSqGSIb3DQEBCwUAA4IBAQAk
MUEN4P/Bgr4wmWtN63oFhW2s6G7OWwZoEw17WQt+bejfQPoWGzKJNZ1EChtdiXLp
PwVaj+k1iAM/3zqNX1Ii/sTgvL1EVpezcpRgYvtVu5ElanAbdv9WJRdzi7f5gbzR
/zRJ2zpn7nEd6iVI11ZJhonl9kWTLpPspHukG14eFoBmLW8Rm+s/GDDGg4wbsfum
RNSDoIqvUlqcsQHFhOT0e75oUVqv94Kj2m1R4ivJzXsvx/OeNDkTZ3EdWrhrcl3w
hpekuPhOOKznTPBqRjZhgdRyslPFDBRo5HX6DziTkWdlEWZi12xW1+H/Sr3wWKif
obqpNGlhKgBo/V4OqRte
-----END CERTIFICATE-----
Generated at Fri Mar 27 06:21:29 2026 by rpki-client