Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917EB41/18D7955617BE11ED8B325938C4F9AE02/22D1D50A58BC11ED96790F65C4F9AE02.roa
File: 22D1D50A58BC11ED96790F65C4F9AE02.roa (raw, json)
Hash identifier: A+qnbUnjSVIZC27YU1NZxiXk+sZg+SOpLKE+1J+co/A=
Subject key identifier: FE:2A:E2:43:BD:D4:0B:9E:F4:98:55:19:8A:BD:2E:65:86:DC:0F:31
Certificate issuer: /CN=A917EB41/serialNumber=9F43B26ABA728E82F626337FA26521F8E69FBBCB
Certificate serial: 0304
Authority key identifier: 9F:43:B2:6A:BA:72:8E:82:F6:26:33:7F:A2:65:21:F8:E6:9F:BB:CB
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n0OyarpyjoL2JjN_omUh-Oafu8s.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917EB41/18D7955617BE11ED8B325938C4F9AE02/22D1D50A58BC11ED96790F65C4F9AE02.roa
Signing time: Mon 02 Mar 2026 14:28:57 +0000
ROA not before: Thu 01 Jan 2026 01:20:19 +0000
ROA not after: Tue 02 Mar 2027 00:00:00 +0000
asID: 9824
IP address blocks: 27.136.0.0/13 maxlen: 24
42.144.0.0/13 maxlen: 24
59.166.0.0/16 maxlen: 24
59.168.0.0/14 maxlen: 24
60.58.0.0/15 maxlen: 24
60.60.0.0/15 maxlen: 24
60.62.0.0/16 maxlen: 24
61.21.0.0/16 maxlen: 24
61.22.0.0/15 maxlen: 24
61.24.0.0/14 maxlen: 24
110.128.0.0/13 maxlen: 24
116.64.0.0/15 maxlen: 24
116.214.16.0/21 maxlen: 24
116.220.0.0/14 maxlen: 24
119.168.0.0/13 maxlen: 24
124.140.0.0/14 maxlen: 24
124.144.0.0/15 maxlen: 24
125.8.0.0/13 maxlen: 24
203.165.0.0/16 maxlen: 24
210.20.0.0/16 maxlen: 24
210.194.0.0/16 maxlen: 24
220.152.0.0/18 maxlen: 24
220.152.64.0/19 maxlen: 24
2001:ff0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A917EB41/18D7955617BE11ED8B325938C4F9AE02/n0OyarpyjoL2JjN_omUh-Oafu8s.crl
rsync://rpki.apnic.net/member_repository/A917EB41/18D7955617BE11ED8B325938C4F9AE02/n0OyarpyjoL2JjN_omUh-Oafu8s.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n0OyarpyjoL2JjN_omUh-Oafu8s.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 01 Apr 2026 00:55:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 772 (0x304)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917EB41, serialNumber=9F43B26ABA728E82F626337FA26521F8E69FBBCB
Validity
Not Before: Jan 1 01:20:19 2026 GMT
Not After : Mar 2 00:00:00 2027 GMT
Subject: CN=69a59ea8-9012
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:af:22:02:9e:44:e1:d4:a6:93:a4:59:c3:c9:
c6:74:85:87:d1:90:f9:85:9d:0f:98:0d:60:24:44:
09:2b:cd:27:93:11:67:4e:57:d8:7e:4f:54:7c:92:
23:83:1f:41:e2:d8:fe:80:b0:a3:28:0c:11:1d:02:
65:7c:bd:6f:76:be:58:4a:ac:74:9d:1b:6f:a3:3d:
8f:67:c9:e1:f4:d4:5f:2c:da:11:3e:de:5a:a8:e1:
cd:0c:db:b4:d0:29:be:6e:a2:d1:87:bb:2f:ab:3b:
b6:8e:f5:15:00:43:23:eb:ce:a9:3f:12:71:4b:0b:
a6:49:53:62:d2:f4:ff:61:15:09:f9:77:ce:68:79:
f5:18:af:b2:d4:0c:13:f3:75:1a:49:71:a4:53:95:
26:ac:43:ce:80:82:4e:31:18:c3:f0:c1:56:e6:20:
a5:89:81:f2:0c:52:79:a2:bc:2c:41:fa:01:45:4d:
c7:cf:e3:34:47:ea:b8:73:24:bc:2a:9c:19:d4:3b:
db:7b:3c:2a:53:82:8f:59:cf:15:e3:68:4d:95:b9:
76:0b:34:c9:57:ab:c4:50:2f:1a:69:9d:5b:4e:f9:
9b:b0:d8:92:95:38:f6:28:48:71:c7:3b:8f:31:ae:
0f:89:f3:2c:e3:de:f5:f3:e2:fb:4c:83:90:97:ab:
03:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:2A:E2:43:BD:D4:0B:9E:F4:98:55:19:8A:BD:2E:65:86:DC:0F:31
X509v3 Authority Key Identifier:
keyid:9F:43:B2:6A:BA:72:8E:82:F6:26:33:7F:A2:65:21:F8:E6:9F:BB:CB
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917EB41/18D7955617BE11ED8B325938C4F9AE02/n0OyarpyjoL2JjN_omUh-Oafu8s.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n0OyarpyjoL2JjN_omUh-Oafu8s.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917EB41/18D7955617BE11ED8B325938C4F9AE02/22D1D50A58BC11ED96790F65C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
27.136.0.0/13
42.144.0.0/13
59.166.0.0/16
59.168.0.0/14
60.58.0.0-60.62.255.255
61.21.0.0-61.27.255.255
110.128.0.0/13
116.64.0.0/15
116.214.16.0/21
116.220.0.0/14
119.168.0.0/13
124.140.0.0-124.145.255.255
125.8.0.0/13
203.165.0.0/16
210.20.0.0/16
210.194.0.0/16
220.152.0.0-220.152.95.255
IPv6:
2001:ff0::/32
Signature Algorithm: sha256WithRSAEncryption
23:ab:32:a2:8a:ca:cc:6e:fa:48:d1:ab:6f:38:4a:8f:a4:75:
ca:86:f9:9a:5f:0c:31:0c:73:82:fa:12:5e:11:bd:f6:6a:a3:
48:31:a1:28:b4:ca:93:4c:de:0c:dd:6c:c9:64:9d:a8:d8:62:
e7:c7:82:f1:9e:d1:fd:29:b1:78:8e:d1:6c:ce:47:52:1d:16:
29:9e:0b:7e:f4:f9:64:0b:2e:77:20:fc:7c:ff:e9:21:08:9e:
9e:d3:a9:86:94:61:81:20:1a:b0:cc:b7:8a:b1:d8:08:66:f2:
eb:51:12:a0:be:0b:48:4d:e7:86:43:32:d2:9a:29:0a:6d:00:
b6:62:bd:5c:99:f6:8c:59:b0:bc:dd:77:04:02:25:1c:bb:7d:
98:3d:0f:1c:a7:23:5a:b7:50:0f:d2:41:cc:88:2e:23:cc:04:
5d:d2:c5:c1:d7:76:39:4a:1d:60:cd:00:b9:82:a4:ef:04:dd:
fa:19:f5:5b:b4:f9:22:25:98:e8:51:0b:d8:ec:6b:1e:1e:6a:
a5:67:5b:b1:1c:43:de:08:b5:ac:56:8e:67:36:d2:5e:58:e8:
90:a3:f1:48:39:f6:78:5d:a4:94:54:8a:78:7e:6e:19:ff:bd:
93:18:7f:9b:9c:3a:1b:b0:dd:13:10:7b:5e:22:a3:36:0e:ba:
39:a7:0c:96
-----BEGIN CERTIFICATE-----
MIIFuzCCBKOgAwIBAgICAwQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0VCNDExMTAvBgNVBAUTKDlGNDNCMjZBQkE3MjhFODJGNjI2MzM3RkEyNjUyMUY4
RTY5RkJCQ0IwHhcNMjYwMTAxMDEyMDE5WhcNMjcwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE1OWVhOC05MDEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAua8iAp5E4dSmk6RZw8nGdIWH0ZD5hZ0PmA1gJEQJK80nkxFnTlfYfk9UfJIj
gx9B4tj+gLCjKAwRHQJlfL1vdr5YSqx0nRtvoz2PZ8nh9NRfLNoRPt5aqOHNDNu0
0Cm+bqLRh7svqzu2jvUVAEMj686pPxJxSwumSVNi0vT/YRUJ+XfOaHn1GK+y1AwT
83UaSXGkU5UmrEPOgIJOMRjD8MFW5iCliYHyDFJ5orwsQfoBRU3Hz+M0R+q4cyS8
KpwZ1DvbezwqU4KPWc8V42hNlbl2CzTJV6vEUC8aaZ1bTvmbsNiSlTj2KEhxxzuP
Ma4PifMs49718+L7TIOQl6sDDQIDAQABo4IC3zCCAtswHQYDVR0OBBYEFP4q4kO9
1Aue9JhVGYq9LmWG3A8xMB8GA1UdIwQYMBaAFJ9Dsmq6co6C9iYzf6JlIfjmn7vL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3RUI0MS8xOEQ3OTU1NjE3
QkUxMUVEOEIzMjU5MzhDNEY5QUUwMi9uME95YXJweWpvTDJKak5fb21VaC1PYWZ1
OHMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL24wT3lhcnB5am9MMkpqTl9vbVVoLU9hZnU4cy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0VCNDEvMThENzk1NTYxN0JFMTFFRDhCMzI1OTM4QzRGOUFFMDIvMjJEMUQ1MEE1
OEJDMTFFRDk2NzkwRjY1QzRGOUFFMDIucm9hMIGdBggrBgEFBQcBBwEB/wSBjTCB
ijB5BAIAATBzAwMDG4gDAwMqkAMDADumAwMCO6gwCgMDATw6AwMAPD4wCgMDAD0V
AwMCPRgDAwNugAMDAXRAAwQDdNYQAwMCdNwDAwN3qDAKAwMCfIwDAwF8kAMDA30I
AwMAy6UDAwDSFAMDANLCMAsDAwPcmAMEBdyYQDANBAIAAjAHAwUAIAEP8DANBgkq
hkiG9w0BAQsFAAOCAQEAI6syoorKzG76SNGrbzhKj6R1yob5ml8MMQxzgvoSXhG9
9mqjSDGhKLTKk0zeDN1syWSdqNhi58eC8Z7R/SmxeI7RbM5HUh0WKZ4LfvT5ZAsu
dyD8fP/pIQientOphpRhgSAasMy3irHYCGby61ESoL4LSE3nhkMy0popCm0AtmK9
XJn2jFmwvN13BAIlHLt9mD0PHKcjWrdQD9JBzIguI8wEXdLFwdd2OUodYM0AuYKk
7wTd+hn1W7T5IiWY6FEL2OxrHh5qpWdbsRxD3gi1rFaOZzbSXljokKPxSDn2eF2k
lFSKeH5uGf+9kxh/m5w6G7DdExB7XiKjNg66OacMlg==
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:36:08 2026 by rpki-client