Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/C64A9D821B2111F0B277571CC4F9AE02.roa
File: C64A9D821B2111F0B277571CC4F9AE02.roa (raw, json)
Hash identifier: 4Ac6i1SOQwgt8N+kPlif+nugciOLMTg73OE3t6XybBE=
Subject key identifier: 0C:DD:F6:02:C8:84:F5:AB:76:7F:AE:72:E5:44:B4:D4:05:93:E1:60
Certificate issuer: /CN=A9170304/serialNumber=AD270FDE99B1F1069DAB8EF7A576AA2C2AF2C6F0
Certificate serial: 3549
Authority key identifier: AD:27:0F:DE:99:B1:F1:06:9D:AB:8E:F7:A5:76:AA:2C:2A:F2:C6:F0
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/rScP3pmx8Qadq473pXaqLCryxvA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/C64A9D821B2111F0B277571CC4F9AE02.roa
Signing time: Sun 01 Mar 2026 11:22:41 +0000
ROA not before: Thu 17 Apr 2025 00:20:32 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 37978
IP address blocks: 147.41.0.0/17 maxlen: 17
147.41.0.0/20 maxlen: 20
147.41.16.0/20 maxlen: 20
147.41.32.0/19 maxlen: 19
147.41.64.0/18 maxlen: 18
147.41.128.0/17 maxlen: 17
147.41.128.0/18 maxlen: 18
147.41.192.0/19 maxlen: 19
147.41.224.0/20 maxlen: 20
147.41.240.0/20 maxlen: 20
147.109.0.0/16 maxlen: 16
147.109.0.0/22 maxlen: 22
147.109.4.0/22 maxlen: 22
147.109.8.0/21 maxlen: 21
147.109.16.0/20 maxlen: 20
147.109.32.0/20 maxlen: 20
147.109.48.0/20 maxlen: 20
147.109.64.0/20 maxlen: 20
147.109.80.0/20 maxlen: 20
147.109.96.0/20 maxlen: 20
147.109.112.0/21 maxlen: 21
147.109.120.0/22 maxlen: 22
147.109.124.0/23 maxlen: 23
147.109.124.0/24 maxlen: 24
147.109.126.0/23 maxlen: 23
147.109.128.0/20 maxlen: 20
147.109.144.0/20 maxlen: 20
147.109.160.0/19 maxlen: 19
147.109.192.0/20 maxlen: 20
147.109.192.0/21 maxlen: 21
147.109.208.0/20 maxlen: 21
147.109.224.0/20 maxlen: 20
147.109.240.0/21 maxlen: 21
147.109.248.0/21 maxlen: 21
192.26.232.0/24 maxlen: 24
192.107.101.0/24 maxlen: 24
192.190.61.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/rScP3pmx8Qadq473pXaqLCryxvA.crl
rsync://rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/rScP3pmx8Qadq473pXaqLCryxvA.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/rScP3pmx8Qadq473pXaqLCryxvA.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 08 Mar 2026 22:34:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13641 (0x3549)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9170304, serialNumber=AD270FDE99B1F1069DAB8EF7A576AA2C2AF2C6F0
Validity
Not Before: Apr 17 00:20:32 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=69a42181-c797
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:30:47:19:eb:12:c3:6d:06:23:00:fd:0d:6e:
db:be:ab:29:eb:cf:d1:be:c4:be:12:20:5c:50:da:
5d:f8:70:6e:ba:ba:82:5e:55:be:9e:72:8a:c2:f6:
b6:e8:72:57:cf:a9:8a:08:4b:29:70:85:c8:ff:22:
92:59:c1:cc:fd:e4:04:d8:49:5e:2a:ef:fd:6f:f0:
02:96:46:30:e9:78:69:86:8d:aa:69:a2:46:44:04:
14:19:e9:50:74:8a:fb:a7:ff:48:b6:3a:0d:ef:c6:
21:e5:92:83:a1:df:9b:0b:97:df:53:e8:25:16:15:
17:a8:a6:1a:99:a1:df:18:bd:ee:21:4a:76:91:3e:
d1:d3:80:e0:d4:0a:b6:6c:9c:26:fd:d2:6e:9a:01:
b2:88:ea:15:96:20:42:69:69:41:0e:d8:dc:01:95:
9c:e9:b2:4f:a8:3a:7e:f0:80:a2:dc:bc:0b:7b:6b:
85:fb:c1:66:58:f9:0e:c8:99:35:42:fd:ef:69:9d:
e7:56:fd:ab:6c:85:9d:82:7e:27:f7:fa:1e:12:22:
db:79:8b:b2:6b:02:79:f8:8a:0a:02:36:da:36:a9:
19:f6:6d:25:3f:98:f0:0e:d3:62:5b:3e:1f:3b:89:
d8:9b:62:86:14:5a:b4:e5:f5:45:f0:f4:d9:0d:f2:
66:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:DD:F6:02:C8:84:F5:AB:76:7F:AE:72:E5:44:B4:D4:05:93:E1:60
X509v3 Authority Key Identifier:
keyid:AD:27:0F:DE:99:B1:F1:06:9D:AB:8E:F7:A5:76:AA:2C:2A:F2:C6:F0
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/rScP3pmx8Qadq473pXaqLCryxvA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/rScP3pmx8Qadq473pXaqLCryxvA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/C64A9D821B2111F0B277571CC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
147.41.0.0/16
147.109.0.0/16
192.26.232.0/24
192.107.101.0/24
192.190.61.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:48:c3:3b:8d:94:16:a6:da:b3:3c:7c:db:14:7c:e0:c5:94:
99:1f:ad:25:18:bb:0b:be:0a:8e:05:39:82:96:27:8d:76:71:
37:77:83:25:f1:60:9d:c7:2c:b9:b0:2b:0c:74:9d:03:a2:09:
96:30:41:9f:9c:1e:6c:d2:e3:b2:0f:1d:12:76:f9:74:30:9b:
e0:ad:e2:b7:bb:05:ad:24:ed:41:33:99:ce:3a:9e:43:85:20:
da:72:6d:7b:21:bc:cc:c0:43:bf:29:e0:9e:f9:74:f8:5f:52:
75:1b:a0:a8:21:cb:ba:29:64:06:2b:9f:11:18:40:0e:7b:b0:
0c:df:b2:32:8d:bd:72:70:ad:b5:e5:b8:c5:0f:ba:9e:ab:af:
b9:50:43:dc:f6:77:6d:4a:94:47:76:30:82:43:c5:dc:01:e3:
bd:4b:f8:8a:82:fe:eb:f3:42:8e:f4:d2:5d:8a:4e:b1:3d:b6:
bf:d2:e8:85:99:95:d2:f7:a8:e6:9c:53:78:c5:54:53:11:76:
c9:ba:a4:42:70:64:fa:bb:d2:0f:46:4f:34:30:2d:b6:e1:31:
50:f7:85:e2:18:0f:4c:fe:10:89:ee:6f:41:9b:b6:8b:ab:81:
a5:9a:78:f6:80:3b:bc:e0:42:b1:4d:13:0d:82:64:e1:a4:b4:
8b:54:0a:50
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgICNUkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzAzMDQxMTAvBgNVBAUTKEFEMjcwRkRFOTlCMUYxMDY5REFCOEVGN0E1NzZBQTJD
MkFGMkM2RjAwHhcNMjUwNDE3MDAyMDMyWhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0MjE4MS1jNzk3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArzBHGesSw20GIwD9DW7bvqsp68/RvsS+EiBcUNpd+HBuurqCXlW+nnKKwva2
6HJXz6mKCEspcIXI/yKSWcHM/eQE2EleKu/9b/AClkYw6Xhpho2qaaJGRAQUGelQ
dIr7p/9ItjoN78Yh5ZKDod+bC5ffU+glFhUXqKYamaHfGL3uIUp2kT7R04Dg1Aq2
bJwm/dJumgGyiOoVliBCaWlBDtjcAZWc6bJPqDp+8ICi3LwLe2uF+8FmWPkOyJk1
Qv3vaZ3nVv2rbIWdgn4n9/oeEiLbeYuyawJ5+IoKAjbaNqkZ9m0lP5jwDtNiWz4f
O4nYm2KGFFq05fVF8PTZDfJmHwIDAQABo4ICdjCCAnIwHQYDVR0OBBYEFAzd9gLI
hPWrdn+ucuVEtNQFk+FgMB8GA1UdIwQYMBaAFK0nD96ZsfEGnauO96V2qiwq8sbw
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MDMwNC85RUY0MTEzMDFE
OEUxMUUyQjE4MjI2RUQwOEIwMkNEMi9yU2NQM3BteDhRYWRxNDczcFhhcUxDcnl4
dkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3JTY1AzcG14OFFhZHE0NzNwWGFxTENyeXh2QS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzAzMDQvOUVGNDExMzAxRDhFMTFFMkIxODIyNkVEMDhCMDJDRDIvQzY0QTlEODIx
QjIxMTFGMEIyNzc1NzFDQzRGOUFFMDIucm9hMDUGCCsGAQUFBwEHAQH/BCYwJDAi
BAIAATAcAwMAkykDAwCTbQMEAMAa6AMEAMBrZQMEAMC+PTANBgkqhkiG9w0BAQsF
AAOCAQEAO0jDO42UFqbaszx82xR84MWUmR+tJRi7C74KjgU5gpYnjXZxN3eDJfFg
nccsubArDHSdA6IJljBBn5webNLjsg8dEnb5dDCb4K3it7sFrSTtQTOZzjqeQ4Ug
2nJteyG8zMBDvyngnvl0+F9SdRugqCHLuilkBiufERhADnuwDN+yMo29cnCtteW4
xQ+6nquvuVBD3PZ3bUqUR3YwgkPF3AHjvUv4ioL+6/NCjvTSXYpOsT22v9LohZmV
0veo5pxTeMVUUxF2ybqkQnBk+rvSD0ZPNDAttuExUPeF4hgPTP4Qie5vQZu2i6uB
pZp49oA7vOBCsU0TDYJk4aS0i1QKUA==
-----END CERTIFICATE-----
Generated at Mon Mar 2 07:43:03 2026 by rpki-client