Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/C64A9D821B2111F0B277571CC4F9AE02.roa
File: C64A9D821B2111F0B277571CC4F9AE02.roa (raw, json)
Hash identifier: UIYwNayG8hTeDwgvsuKN7XA3xd3VH9+6keHdCSYXSag=
Subject key identifier: 50:2F:24:0E:5D:3A:EC:D1:55:06:3A:32:4C:32:09:22:77:A7:53:65
Certificate issuer: /CN=A9170304/serialNumber=AD270FDE99B1F1069DAB8EF7A576AA2C2AF2C6F0
Certificate serial: 3558
Authority key identifier: AD:27:0F:DE:99:B1:F1:06:9D:AB:8E:F7:A5:76:AA:2C:2A:F2:C6:F0
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/rScP3pmx8Qadq473pXaqLCryxvA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/C64A9D821B2111F0B277571CC4F9AE02.roa
Signing time: Wed 18 Mar 2026 15:13:02 +0000
ROA not before: Wed 18 Mar 2026 15:13:02 +0000
ROA not after: Fri 28 May 2027 00:00:00 +0000
asID: 37978
IP address blocks: 147.41.0.0/17 maxlen: 17
147.41.0.0/20 maxlen: 20
147.41.16.0/20 maxlen: 20
147.41.32.0/19 maxlen: 19
147.41.64.0/18 maxlen: 18
147.41.128.0/17 maxlen: 17
147.41.128.0/18 maxlen: 18
147.41.192.0/19 maxlen: 19
147.41.224.0/20 maxlen: 20
147.41.240.0/20 maxlen: 20
147.109.0.0/16 maxlen: 16
147.109.0.0/22 maxlen: 22
147.109.4.0/22 maxlen: 22
147.109.8.0/21 maxlen: 21
147.109.16.0/20 maxlen: 20
147.109.32.0/20 maxlen: 20
147.109.48.0/20 maxlen: 20
147.109.64.0/20 maxlen: 20
147.109.80.0/20 maxlen: 20
147.109.96.0/20 maxlen: 20
147.109.112.0/21 maxlen: 21
147.109.120.0/22 maxlen: 22
147.109.124.0/23 maxlen: 23
147.109.124.0/24 maxlen: 24
147.109.126.0/23 maxlen: 23
147.109.128.0/20 maxlen: 20
147.109.144.0/20 maxlen: 20
147.109.160.0/19 maxlen: 19
147.109.192.0/20 maxlen: 20
147.109.192.0/21 maxlen: 21
147.109.208.0/20 maxlen: 21
147.109.224.0/20 maxlen: 20
147.109.240.0/21 maxlen: 21
147.109.248.0/21 maxlen: 21
192.26.232.0/24 maxlen: 24
192.107.101.0/24 maxlen: 24
192.190.61.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/rScP3pmx8Qadq473pXaqLCryxvA.crl
rsync://rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/rScP3pmx8Qadq473pXaqLCryxvA.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/rScP3pmx8Qadq473pXaqLCryxvA.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 02 Apr 2026 14:41:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13656 (0x3558)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9170304, serialNumber=AD270FDE99B1F1069DAB8EF7A576AA2C2AF2C6F0
Validity
Not Before: Mar 18 15:13:02 2026 GMT
Not After : May 28 00:00:00 2027 GMT
Subject: CN=69bac0fe-2a62
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:7f:e1:a6:0f:58:e7:93:2f:56:bf:74:b9:a2:
7d:6d:d7:8a:0d:a4:c2:fc:d9:9f:c2:84:db:37:27:
08:24:b8:71:85:a7:29:05:08:2b:ce:63:5e:38:1f:
ef:33:ef:e8:fc:04:46:0c:9e:38:ed:0b:ef:92:37:
a7:51:be:bf:b9:61:da:1e:bd:20:86:b7:29:88:1f:
61:27:82:bf:4f:d8:d4:03:1a:d2:f9:d5:4b:2c:70:
03:1b:7a:ad:f7:2a:b8:cf:0c:8b:e1:e0:57:9f:33:
8d:6c:40:10:5f:43:c9:ea:1e:ff:ef:a2:f6:69:80:
f4:14:1c:51:c6:a0:86:07:5e:93:00:d9:b7:89:0f:
52:02:46:af:42:b1:7e:e9:53:be:57:5d:ff:87:db:
78:7f:90:d9:87:79:b5:f9:31:7b:a0:26:c9:29:fc:
47:46:e0:fd:20:a5:10:b1:35:31:ff:4c:aa:f2:b7:
53:eb:94:0f:3d:7a:8e:30:86:36:88:3a:2a:1c:64:
4b:04:0b:de:70:be:17:77:48:c1:14:91:eb:31:35:
cc:cd:40:f4:40:07:2d:f9:35:77:5e:a5:f9:bc:cd:
80:31:5a:44:3f:87:a7:ae:f0:a2:63:6f:c3:43:88:
ae:84:f8:62:8a:a9:dd:0d:f2:4b:9a:44:88:99:f7:
f7:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:2F:24:0E:5D:3A:EC:D1:55:06:3A:32:4C:32:09:22:77:A7:53:65
X509v3 Authority Key Identifier:
keyid:AD:27:0F:DE:99:B1:F1:06:9D:AB:8E:F7:A5:76:AA:2C:2A:F2:C6:F0
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/rScP3pmx8Qadq473pXaqLCryxvA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/rScP3pmx8Qadq473pXaqLCryxvA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/C64A9D821B2111F0B277571CC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
147.41.0.0/16
147.109.0.0/16
192.26.232.0/24
192.107.101.0/24
192.190.61.0/24
Signature Algorithm: sha256WithRSAEncryption
1f:63:de:e2:e6:d1:c1:fd:59:8f:92:d5:53:65:08:29:a5:2c:
6d:1e:d2:ca:29:cb:c8:da:8b:c4:8a:b0:ed:d1:3c:44:9d:65:
e0:68:34:95:2d:04:60:d3:ee:12:79:0e:2b:61:60:51:20:e2:
cf:83:3f:e0:87:99:df:7d:4b:03:ed:1f:53:63:ab:9a:45:22:
37:0c:e6:6e:68:a9:bf:83:09:73:6c:86:17:93:d0:c7:6b:f0:
b6:58:9b:83:d3:72:c3:50:c1:b4:05:dc:71:82:0c:04:c2:a1:
a3:f1:96:89:92:b5:20:b8:98:e8:14:29:b2:27:37:90:50:b3:
c4:85:00:5b:d2:1e:f3:e8:2b:81:74:16:54:03:fc:7b:fd:e9:
47:16:03:b8:6d:ea:70:15:f4:cb:d0:7f:60:c5:b4:3c:81:fd:
27:08:77:77:59:97:42:3b:b1:a6:85:69:5f:fc:34:29:77:42:
ef:a7:7d:f4:02:ed:7e:99:11:e3:82:1c:45:6c:17:a8:87:3d:
56:76:8f:a2:52:f4:96:76:02:ff:df:b1:c5:12:d6:ce:07:50:
05:4f:de:b2:81:72:39:fa:6a:f9:36:ae:e7:d2:bd:36:46:03:
28:56:47:25:de:5f:5a:7d:35:f5:13:61:06:90:20:f7:61:8a:
60:e3:3e:d2
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgICNVgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzAzMDQxMTAvBgNVBAUTKEFEMjcwRkRFOTlCMUYxMDY5REFCOEVGN0E1NzZBQTJD
MkFGMkM2RjAwHhcNMjYwMzE4MTUxMzAyWhcNMjcwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OWJhYzBmZS0yYTYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy3/hpg9Y55MvVr90uaJ9bdeKDaTC/NmfwoTbNycIJLhxhacpBQgrzmNeOB/v
M+/o/ARGDJ447QvvkjenUb6/uWHaHr0ghrcpiB9hJ4K/T9jUAxrS+dVLLHADG3qt
9yq4zwyL4eBXnzONbEAQX0PJ6h7/76L2aYD0FBxRxqCGB16TANm3iQ9SAkavQrF+
6VO+V13/h9t4f5DZh3m1+TF7oCbJKfxHRuD9IKUQsTUx/0yq8rdT65QPPXqOMIY2
iDoqHGRLBAvecL4Xd0jBFJHrMTXMzUD0QAct+TV3XqX5vM2AMVpEP4enrvCiY2/D
Q4iuhPhiiqndDfJLmkSImff3owIDAQABo4ICdjCCAnIwHQYDVR0OBBYEFFAvJA5d
OuzRVQY6MkwyCSJ3p1NlMB8GA1UdIwQYMBaAFK0nD96ZsfEGnauO96V2qiwq8sbw
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MDMwNC85RUY0MTEzMDFE
OEUxMUUyQjE4MjI2RUQwOEIwMkNEMi9yU2NQM3BteDhRYWRxNDczcFhhcUxDcnl4
dkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3JTY1AzcG14OFFhZHE0NzNwWGFxTENyeXh2QS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzAzMDQvOUVGNDExMzAxRDhFMTFFMkIxODIyNkVEMDhCMDJDRDIvQzY0QTlEODIx
QjIxMTFGMEIyNzc1NzFDQzRGOUFFMDIucm9hMDUGCCsGAQUFBwEHAQH/BCYwJDAi
BAIAATAcAwMAkykDAwCTbQMEAMAa6AMEAMBrZQMEAMC+PTANBgkqhkiG9w0BAQsF
AAOCAQEAH2Pe4ubRwf1Zj5LVU2UIKaUsbR7SyinLyNqLxIqw7dE8RJ1l4Gg0lS0E
YNPuEnkOK2FgUSDiz4M/4IeZ331LA+0fU2OrmkUiNwzmbmipv4MJc2yGF5PQx2vw
tlibg9Nyw1DBtAXccYIMBMKho/GWiZK1ILiY6BQpsic3kFCzxIUAW9Ie8+grgXQW
VAP8e/3pRxYDuG3qcBX0y9B/YMW0PIH9Jwh3d1mXQjuxpoVpX/w0KXdC76d99ALt
fpkR44IcRWwXqIc9VnaPolL0lnYC/9+xxRLWzgdQBU/esoFyOfpq+Tau59K9NkYD
KFZHJd5fWn019RNhBpAg92GKYOM+0g==
-----END CERTIFICATE-----
Generated at Thu Mar 26 18:55:32 2026 by rpki-client