Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A91E6194/5F37B9EEEF6B11EBB376EC75C4F9AE02/0FAA7244A7D211F0BEE84D58C4F9AE02.roa
File: 0FAA7244A7D211F0BEE84D58C4F9AE02.roa (raw, json)
Hash identifier: MlIegAxmiZi8feLlk0p4rXujBJW9bxtTttiOOMZiwZ8=
Subject key identifier: 12:A5:57:C5:3C:7C:1A:A8:5A:4E:9B:DE:D1:12:03:4D:11:EA:86:08
Certificate issuer: /CN=A91E6194/serialNumber=67DD7747A9DB8B01A5E7CCA146C48965A2308091
Certificate serial: 061A
Authority key identifier: 67:DD:77:47:A9:DB:8B:01:A5:E7:CC:A1:46:C4:89:65:A2:30:80:91
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Z913R6nbiwGl58yhRsSJZaIwgJE.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A91E6194/5F37B9EEEF6B11EBB376EC75C4F9AE02/0FAA7244A7D211F0BEE84D58C4F9AE02.roa
Signing time: Mon 04 May 2026 23:28:53 +0000
ROA not before: Mon 04 May 2026 23:28:53 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 7628
IP address blocks: 103.68.202.0/24 maxlen: 24
103.212.217.0/24 maxlen: 24
103.212.218.0/24 maxlen: 24
103.212.219.0/24 maxlen: 24
203.56.23.0/24 maxlen: 24
2402:1b40:1001::/48 maxlen: 48
2402:1b40:1002::/48 maxlen: 48
2402:1b40:1003::/48 maxlen: 48
2402:1b40:1004::/48 maxlen: 48
2402:1b40:1005::/48 maxlen: 48
2402:1b40:2000::/37 maxlen: 37
2402:1b40:2000::/48 maxlen: 48
2402:1b40:2004::/48 maxlen: 48
2402:1b40:2008::/48 maxlen: 48
2402:1b40:200c::/48 maxlen: 48
2402:1b40:2010::/48 maxlen: 48
2402:1b40:2014::/48 maxlen: 48
2402:1b40:2018::/48 maxlen: 48
2402:1b40:8000::/36 maxlen: 36
2402:1b40:9000::/36 maxlen: 36
2402:1b40:a000::/36 maxlen: 36
2402:1b40:b000::/36 maxlen: 36
2402:1b40:c000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A91E6194/5F37B9EEEF6B11EBB376EC75C4F9AE02/Z913R6nbiwGl58yhRsSJZaIwgJE.crl
rsync://rpki.apnic.net/member_repository/A91E6194/5F37B9EEEF6B11EBB376EC75C4F9AE02/Z913R6nbiwGl58yhRsSJZaIwgJE.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Z913R6nbiwGl58yhRsSJZaIwgJE.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 19 May 2026 22:58:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1562 (0x61a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E6194, serialNumber=67DD7747A9DB8B01A5E7CCA146C48965A2308091
Validity
Not Before: May 4 23:28:53 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=69f92bb5-9fa9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:f2:cd:5d:da:9d:17:82:2b:b6:b7:76:75:45:
e0:83:df:2d:b0:f5:bb:ad:77:39:dd:a7:a4:7e:4e:
e5:60:a9:e6:48:9b:36:60:92:c4:75:1e:b3:e2:0f:
90:0f:b7:0f:81:66:68:06:9a:74:b7:fb:69:20:32:
75:5d:8a:16:c1:c7:42:11:c6:33:ec:5d:3e:d9:8b:
1d:28:04:bd:ed:60:5d:7a:18:02:67:96:71:58:57:
df:df:d4:5c:2b:e6:4d:56:a2:f4:a3:04:d0:80:4f:
0c:96:ad:14:04:14:03:fa:be:de:6c:83:c6:75:1c:
ce:b4:f8:e3:0d:59:1a:6d:13:35:fb:7e:34:a0:c1:
bf:b4:7c:a4:9a:c7:72:d3:f1:f4:bb:72:f7:62:8d:
1a:83:f4:d6:87:b4:99:15:fd:a2:c7:b4:d1:fb:3d:
af:b3:24:f8:b1:80:5c:ed:d7:18:19:3e:02:f0:48:
a8:c7:65:25:f0:7c:bb:37:22:3d:72:5e:5b:d4:3b:
7a:5a:3a:01:f3:34:06:5a:c6:62:f9:f2:ad:c0:6f:
0c:86:09:5e:27:bd:a1:46:e8:cf:5a:8b:01:c4:8c:
1b:81:6f:8e:ac:b5:bf:31:f1:06:ec:a8:b6:a2:12:
6e:76:44:90:89:79:53:ae:ce:f0:82:aa:0f:fa:ef:
fd:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:A5:57:C5:3C:7C:1A:A8:5A:4E:9B:DE:D1:12:03:4D:11:EA:86:08
X509v3 Authority Key Identifier:
keyid:67:DD:77:47:A9:DB:8B:01:A5:E7:CC:A1:46:C4:89:65:A2:30:80:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A91E6194/5F37B9EEEF6B11EBB376EC75C4F9AE02/Z913R6nbiwGl58yhRsSJZaIwgJE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Z913R6nbiwGl58yhRsSJZaIwgJE.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E6194/5F37B9EEEF6B11EBB376EC75C4F9AE02/0FAA7244A7D211F0BEE84D58C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
103.68.202.0/24
103.212.217.0-103.212.219.255
203.56.23.0/24
IPv6:
2402:1b40:1001::-2402:1b40:1005:ffff:ffff:ffff:ffff:ffff
2402:1b40:2000::/37
2402:1b40:8000::-2402:1b40:cfff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
81:23:d1:8b:58:b0:d3:41:ed:83:ba:dc:99:22:8a:95:8c:c9:
c5:94:3a:fa:cc:ec:6e:a3:53:ab:c8:3e:09:e1:97:f7:37:80:
58:c4:b8:97:4f:00:2e:b3:28:ec:5a:dc:91:61:2e:c7:fb:9d:
e6:92:fd:3b:c4:f6:5c:27:22:6a:3a:70:11:a6:dd:a2:99:08:
17:00:18:6c:69:17:8a:f9:3d:e3:53:f7:ea:6e:ca:98:30:6a:
4f:ae:44:48:47:be:45:3b:5e:ab:10:73:c4:43:d4:fb:c9:30:
0e:1b:8e:f7:60:12:8e:61:1b:bc:9b:38:55:8e:0d:e2:53:a5:
91:72:cd:73:43:60:99:9a:46:95:90:dc:71:e6:83:52:54:2e:
69:81:ef:7c:4e:84:15:da:39:56:9a:e4:a0:65:36:67:54:b0:
30:c6:81:a8:76:86:5f:f3:df:77:38:67:56:34:7a:f0:92:01:
19:6a:23:75:80:69:d3:20:16:0a:5c:27:80:6d:6c:3a:a7:5c:
2c:63:28:a3:c0:29:7e:d2:c9:5c:c6:44:84:03:45:d4:9b:92:
78:be:2c:0e:13:09:24:86:87:a4:b2:73:d7:28:8b:71:67:92:
45:6f:86:cd:8e:35:8f:12:3a:c5:a8:e3:ab:9b:e3:0b:4a:bb:
f0:d5:43:ea
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICBhowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTYxOTQxMTAvBgNVBAUTKDY3REQ3NzQ3QTlEQjhCMDFBNUU3Q0NBMTQ2QzQ4OTY1
QTIzMDgwOTEwHhcNMjYwNTA0MjMyODUzWhcNMjcwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWY5MmJiNS05ZmE5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx/LNXdqdF4Irtrd2dUXgg98tsPW7rXc53aekfk7lYKnmSJs2YJLEdR6z4g+Q
D7cPgWZoBpp0t/tpIDJ1XYoWwcdCEcYz7F0+2YsdKAS97WBdehgCZ5ZxWFff39Rc
K+ZNVqL0owTQgE8Mlq0UBBQD+r7ebIPGdRzOtPjjDVkabRM1+340oMG/tHykmsdy
0/H0u3L3Yo0ag/TWh7SZFf2ix7TR+z2vsyT4sYBc7dcYGT4C8Eiox2Ul8Hy7NyI9
cl5b1Dt6WjoB8zQGWsZi+fKtwG8MhgleJ72hRujPWosBxIwbgW+OrLW/MfEG7Ki2
ohJudkSQiXlTrs7wgqoP+u/9cQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFBKlV8U8
fBqoWk6b3tESA00R6oYIMB8GA1UdIwQYMBaAFGfdd0ep24sBpefMoUbEiWWiMICR
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNjE5NC81RjM3QjlFRUVG
NkIxMUVCQjM3NkVDNzVDNEY5QUUwMi9aOTEzUjZuYml3R2w1OHloUnNTSlphSXdn
SkUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1o5MTNSNm5iaXdHbDU4eWhSc1NKWmFJd2dKRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTYxOTQvNUYzN0I5RUVFRjZCMTFFQkIzNzZFQzc1QzRGOUFFMDIvMEZBQTcyNDRB
N0QyMTFGMEJFRTg0RDU4QzRGOUFFMDIucm9hMGkGCCsGAQUFBwEHAQH/BFowWDAg
BAIAATAaAwQAZ0TKMAwDBABn1NkDBAJn1NgDBADLOBcwNAQCAAIwLjASAwcAJAIb
QBABAwcBJAIbQBAEAwYDJAIbQCAwEAMGByQCG0CAAwYEJAIbQMAwDQYJKoZIhvcN
AQELBQADggEBAIEj0YtYsNNB7YO63JkiipWMycWUOvrM7G6jU6vIPgnhl/c3gFjE
uJdPAC6zKOxa3JFhLsf7neaS/TvE9lwnImo6cBGm3aKZCBcAGGxpF4r5PeNT9+pu
ypgwak+uREhHvkU7XqsQc8RD1PvJMA4bjvdgEo5hG7ybOFWODeJTpZFyzXNDYJma
RpWQ3HHmg1JULmmB73xOhBXaOVaa5KBlNmdUsDDGgah2hl/z33c4Z1Y0evCSARlq
I3WAadMgFgpcJ4BtbDqnXCxjKKPAKX7SyVzGRIQDRdSbkni+LA4TCSSGh6Syc9co
i3FnkkVvhs2ONY8SOsWo46ub4wtKu/DVQ+o=
-----END CERTIFICATE-----
Generated at Wed May 13 15:12:18 2026 by rpki-client