Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/6954A6281D1811F1BB26F0200F3D8C67.roa
File: 6954A6281D1811F1BB26F0200F3D8C67.roa (raw, json)
Hash identifier: 6kykLOl9r4HzpXuTyrWIkt0JckBYVmNudo4YO7qNUhU=
Subject key identifier: F1:00:DA:A3:3E:7E:F4:24:63:50:3E:C8:7C:14:98:05:8C:4D:6B:11
Certificate issuer: /CN=A91E4D3D/serialNumber=C8070FD061A851FF8AEDE0DE0C3607EEB98FF701
Certificate serial: 0681
Authority key identifier: C8:07:0F:D0:61:A8:51:FF:8A:ED:E0:DE:0C:36:07:EE:B9:8F:F7:01
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yAcP0GGoUf-K7eDeDDYH7rmP9wE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/6954A6281D1811F1BB26F0200F3D8C67.roa
Signing time: Wed 25 Mar 2026 10:41:46 +0000
ROA not before: Wed 25 Mar 2026 10:41:46 +0000
ROA not after: Wed 31 Mar 2027 00:00:00 +0000
asID: 13150
IP address blocks: 103.203.220.0/24 maxlen: 24
103.203.221.0/24 maxlen: 24
103.203.222.0/24 maxlen: 24
103.203.223.0/24 maxlen: 24
113.30.128.0/24 maxlen: 24
113.30.130.0/24 maxlen: 24
113.30.131.0/24 maxlen: 24
113.30.132.0/24 maxlen: 24
113.30.133.0/24 maxlen: 24
123.253.152.0/24 maxlen: 24
123.253.153.0/24 maxlen: 24
123.253.154.0/24 maxlen: 24
123.253.155.0/24 maxlen: 24
150.195.208.0/24 maxlen: 24
150.195.209.0/24 maxlen: 24
150.195.210.0/24 maxlen: 24
150.195.211.0/24 maxlen: 24
150.195.212.0/24 maxlen: 24
150.195.214.0/24 maxlen: 24
150.195.217.0/24 maxlen: 24
150.195.218.0/24 maxlen: 24
150.195.219.0/24 maxlen: 24
150.195.220.0/24 maxlen: 24
150.195.221.0/24 maxlen: 24
150.195.222.0/24 maxlen: 24
150.195.223.0/24 maxlen: 24
202.75.240.0/24 maxlen: 24
202.75.242.0/24 maxlen: 24
202.75.243.0/24 maxlen: 24
202.75.244.0/24 maxlen: 24
202.75.246.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/yAcP0GGoUf-K7eDeDDYH7rmP9wE.crl
rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/yAcP0GGoUf-K7eDeDDYH7rmP9wE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yAcP0GGoUf-K7eDeDDYH7rmP9wE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 01 Apr 2026 10:41:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1665 (0x681)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E4D3D, serialNumber=C8070FD061A851FF8AEDE0DE0C3607EEB98FF701
Validity
Not Before: Mar 25 10:41:46 2026 GMT
Not After : Mar 31 00:00:00 2027 GMT
Subject: CN=69c3bbe9-bb69
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:e7:e7:68:1d:da:d4:75:9b:90:6c:3c:2f:30:
70:17:3f:0c:6d:2b:1f:10:8a:a0:65:33:5a:e2:41:
1a:4f:76:b2:19:c8:17:44:a5:39:07:29:65:96:05:
ea:38:a4:6a:f2:39:96:8d:12:74:b3:74:5a:15:e5:
88:8e:38:14:4e:2d:f1:b5:04:52:0a:ef:dc:fb:b0:
1e:23:c6:bf:d3:13:6f:39:f3:93:f8:04:c8:00:33:
fc:d6:1f:f8:d1:30:8e:8d:23:7b:9e:28:dc:01:1c:
87:c2:f4:06:63:96:e4:d0:e1:94:16:c8:cb:7b:77:
6a:28:8a:86:dd:36:2b:3f:b2:5c:cf:43:5b:08:93:
b6:da:36:1b:89:73:d5:d3:15:c2:36:5b:4c:be:8d:
aa:70:f4:96:f4:2f:eb:b9:bf:28:aa:c3:be:de:35:
14:01:e6:22:0b:83:10:20:e7:58:c8:c6:22:ff:84:
e4:c5:77:2c:fa:ea:10:c4:d6:be:76:b9:31:a0:e5:
c0:12:f1:76:b3:40:0d:92:cd:0c:e5:0e:fb:9c:07:
4a:67:92:b6:ed:f2:9d:cb:7e:e5:c1:1e:78:75:74:
fb:59:b8:d3:0d:56:8a:5c:14:da:6d:2e:2c:25:eb:
b9:a5:a7:17:42:6c:c0:23:6a:69:21:60:ab:ae:9a:
6c:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:00:DA:A3:3E:7E:F4:24:63:50:3E:C8:7C:14:98:05:8C:4D:6B:11
X509v3 Authority Key Identifier:
keyid:C8:07:0F:D0:61:A8:51:FF:8A:ED:E0:DE:0C:36:07:EE:B9:8F:F7:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/yAcP0GGoUf-K7eDeDDYH7rmP9wE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yAcP0GGoUf-K7eDeDDYH7rmP9wE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/6954A6281D1811F1BB26F0200F3D8C67.roa
sbgp-ipAddrBlock: critical
IPv4:
103.203.220.0/22
113.30.128.0/24
113.30.130.0-113.30.133.255
123.253.152.0/22
150.195.208.0-150.195.212.255
150.195.214.0/24
150.195.217.0-150.195.223.255
202.75.240.0/24
202.75.242.0-202.75.244.255
202.75.246.0/24
Signature Algorithm: sha256WithRSAEncryption
03:7f:ff:40:2d:e5:5c:ce:73:58:32:4f:b8:ea:c3:ed:62:00:
bc:23:83:fc:af:a0:52:eb:a4:44:03:32:83:12:58:d3:59:87:
24:7b:f7:a6:05:05:04:f4:52:26:e6:c6:e2:31:dd:e1:b2:fd:
bd:be:79:e2:67:db:30:0a:62:ad:22:87:7d:f7:56:a7:ea:19:
02:44:57:63:12:a4:b3:c4:c0:02:6e:94:2d:8e:6a:2e:ba:ea:
6a:76:c7:30:77:be:82:f8:7c:d1:80:16:b4:10:49:c3:22:6a:
f0:56:b1:cf:5c:87:ce:c1:99:4e:1e:c5:e0:58:89:08:03:6a:
cf:c3:70:7d:6a:f4:46:cc:1f:3d:9b:00:6e:de:31:9b:43:cf:
c7:85:a3:51:8c:0c:5e:3d:9f:6f:e9:3d:5b:66:73:44:9c:71:
98:3b:82:fd:f8:8c:6f:10:93:54:d9:ae:d4:ca:bc:2a:c0:e3:
12:1a:75:5e:15:a9:e0:7c:ab:a3:a5:8a:6a:b5:ae:ec:31:a6:
c8:88:69:c3:e5:0d:11:ec:d8:b3:c2:c7:ba:95:d4:cb:9f:e9:
5d:1e:62:38:05:7a:bc:c9:15:cc:dd:83:53:f5:b8:33:9e:59:
ed:61:6d:cf:49:4c:88:a6:d6:8a:29:4b:1a:f0:04:c7:69:37:
14:88:9c:c4
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICBoEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTREM0QxMTAvBgNVBAUTKEM4MDcwRkQwNjFBODUxRkY4QUVERTBERTBDMzYwN0VF
Qjk4RkY3MDEwHhcNMjYwMzI1MTA0MTQ2WhcNMjcwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWMzYmJlOS1iYjY5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuufnaB3a1HWbkGw8LzBwFz8MbSsfEIqgZTNa4kEaT3ayGcgXRKU5BylllgXq
OKRq8jmWjRJ0s3RaFeWIjjgUTi3xtQRSCu/c+7AeI8a/0xNvOfOT+ATIADP81h/4
0TCOjSN7nijcARyHwvQGY5bk0OGUFsjLe3dqKIqG3TYrP7Jcz0NbCJO22jYbiXPV
0xXCNltMvo2qcPSW9C/rub8oqsO+3jUUAeYiC4MQIOdYyMYi/4TkxXcs+uoQxNa+
drkxoOXAEvF2s0ANks0M5Q77nAdKZ5K27fKdy37lwR54dXT7WbjTDVaKXBTabS4s
Jeu5pacXQmzAI2ppIWCrrppsnQIDAQABo4ICtjCCArIwHQYDVR0OBBYEFPEA2qM+
fvQkY1A+yHwUmAWMTWsRMB8GA1UdIwQYMBaAFMgHD9BhqFH/iu3g3gw2B+65j/cB
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNEQzRC9CMDIwMkQzMkQ4
QjkxMUVCQUJDMUY0ODVDNEY5QUUwMi95QWNQMEdHb1VmLUs3ZURlRERZSDdybVA5
d0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lBY1AwR0dvVWYtSzdlRGVERFlIN3JtUDl3RS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTREM0QvQjAyMDJEMzJEOEI5MTFFQkFCQzFGNDg1QzRGOUFFMDIvNjk1NEE2Mjgx
RDE4MTFGMUJCMjZGMDIwMEYzRDhDNjcucm9hMHUGCCsGAQUFBwEHAQH/BGYwZDBi
BAIAATBcAwQCZ8vcAwQAcR6AMAwDBAFxHoIDBAFxHoQDBAJ7/ZgwDAMEBJbD0AME
AJbD1AMEAJbD1jAMAwQAlsPZAwQFlsPAAwQAykvwMAwDBAHKS/IDBADKS/QDBADK
S/YwDQYJKoZIhvcNAQELBQADggEBAAN//0At5VzOc1gyT7jqw+1iALwjg/yvoFLr
pEQDMoMSWNNZhyR796YFBQT0UibmxuIx3eGy/b2+eeJn2zAKYq0ih333VqfqGQJE
V2MSpLPEwAJulC2Oai666mp2xzB3voL4fNGAFrQQScMiavBWsc9ch87BmU4exeBY
iQgDas/DcH1q9EbMHz2bAG7eMZtDz8eFo1GMDF49n2/pPVtmc0SccZg7gv34jG8Q
k1TZrtTKvCrA4xIadV4VqeB8q6Olimq1ruwxpsiIacPlDRHs2LPCx7qV1Muf6V0e
YjgFerzJFczdg1P1uDOeWe1hbc9JTIim1oopSxrwBMdpNxSInMQ=
-----END CERTIFICATE-----
Generated at Fri Mar 27 00:08:36 2026 by rpki-client