Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/C64A9D821B2111F0B277571CC4F9AE02.roa
File: C64A9D821B2111F0B277571CC4F9AE02.roa (raw, json)
Hash identifier: 6EQRx6aa031JyIEDFgnynaOZ+5bnvuDSyDIypITveC4=
Subject key identifier: D6:9A:93:87:93:3F:8D:64:53:AB:1B:6D:B4:70:61:36:1E:C5:6F:9D
Certificate issuer: /CN=A9170304/serialNumber=AD270FDE99B1F1069DAB8EF7A576AA2C2AF2C6F0
Certificate serial: 34A2
Authority key identifier: AD:27:0F:DE:99:B1:F1:06:9D:AB:8E:F7:A5:76:AA:2C:2A:F2:C6:F0
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/rScP3pmx8Qadq473pXaqLCryxvA.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/C64A9D821B2111F0B277571CC4F9AE02.roa
Signing time: Thu 17 Apr 2025 00:20:32 +0000
ROA not before: Thu 17 Apr 2025 00:20:32 +0000
ROA not after: Thu 28 May 2026 00:00:00 +0000
asID: 37978
IP address blocks: 147.41.0.0/17 maxlen: 17
147.41.0.0/20 maxlen: 20
147.41.16.0/20 maxlen: 20
147.41.32.0/19 maxlen: 19
147.41.64.0/18 maxlen: 18
147.41.128.0/17 maxlen: 17
147.41.128.0/18 maxlen: 18
147.41.192.0/19 maxlen: 19
147.41.224.0/20 maxlen: 20
147.41.240.0/20 maxlen: 20
147.109.0.0/16 maxlen: 16
147.109.0.0/22 maxlen: 22
147.109.4.0/22 maxlen: 22
147.109.8.0/21 maxlen: 21
147.109.16.0/20 maxlen: 20
147.109.32.0/20 maxlen: 20
147.109.48.0/20 maxlen: 20
147.109.64.0/20 maxlen: 20
147.109.80.0/20 maxlen: 20
147.109.96.0/20 maxlen: 20
147.109.112.0/21 maxlen: 21
147.109.120.0/22 maxlen: 22
147.109.124.0/23 maxlen: 23
147.109.124.0/24 maxlen: 24
147.109.126.0/23 maxlen: 23
147.109.128.0/20 maxlen: 20
147.109.144.0/20 maxlen: 20
147.109.160.0/19 maxlen: 19
147.109.192.0/20 maxlen: 20
147.109.192.0/21 maxlen: 21
147.109.208.0/20 maxlen: 21
147.109.224.0/20 maxlen: 20
147.109.240.0/21 maxlen: 21
147.109.248.0/21 maxlen: 21
192.26.232.0/24 maxlen: 24
192.107.101.0/24 maxlen: 24
192.190.61.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/rScP3pmx8Qadq473pXaqLCryxvA.crl
rsync://rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/rScP3pmx8Qadq473pXaqLCryxvA.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/rScP3pmx8Qadq473pXaqLCryxvA.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 01 May 2025 14:38:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13474 (0x34a2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9170304, serialNumber=AD270FDE99B1F1069DAB8EF7A576AA2C2AF2C6F0
Validity
Not Before: Apr 17 00:20:32 2025 GMT
Not After : May 28 00:00:00 2026 GMT
Subject: CN=68004950-08ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:7b:5b:5b:91:25:95:4b:42:69:d5:00:03:ef:
db:6d:6f:df:f8:c2:d1:b4:2d:c5:a4:86:11:21:ea:
83:dd:b5:22:d0:12:ea:de:0a:6c:2d:13:ad:52:17:
16:c9:bd:e3:9c:51:8b:78:b3:a6:dd:51:6c:dc:5d:
d0:0b:9c:90:ef:0f:07:21:d2:d9:4f:be:5b:87:50:
c0:ec:4b:0e:ec:e2:76:1f:74:de:78:9e:54:dd:e1:
c5:76:8d:c8:90:62:2e:74:b1:09:5e:72:a6:eb:36:
46:2f:ae:9c:db:75:7b:09:8c:9f:9a:21:49:85:46:
7f:42:ad:5e:3a:35:cc:8c:8d:96:e7:3d:4e:4b:82:
8d:87:ac:1d:48:de:c6:82:c3:73:e9:01:5f:3e:19:
fc:88:ed:0b:7d:e5:08:bc:0c:0a:3c:03:8e:c0:c4:
d2:af:7d:f4:e5:ef:f2:8f:44:b0:63:b4:de:cb:85:
39:8f:49:95:c8:f8:52:b2:40:b3:04:67:be:ee:3b:
10:4b:d9:8a:0f:28:85:38:c2:36:24:bf:db:8c:b5:
1f:f3:41:06:9d:87:1b:cc:c4:56:4b:5e:27:75:78:
96:a8:f3:10:88:6d:a7:37:f3:81:26:ce:87:79:68:
b6:da:bb:88:b8:17:c0:01:45:82:e2:52:9b:15:c8:
e0:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:9A:93:87:93:3F:8D:64:53:AB:1B:6D:B4:70:61:36:1E:C5:6F:9D
X509v3 Authority Key Identifier:
keyid:AD:27:0F:DE:99:B1:F1:06:9D:AB:8E:F7:A5:76:AA:2C:2A:F2:C6:F0
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/rScP3pmx8Qadq473pXaqLCryxvA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/rScP3pmx8Qadq473pXaqLCryxvA.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9170304/9EF411301D8E11E2B18226ED08B02CD2/C64A9D821B2111F0B277571CC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
147.41.0.0/16
147.109.0.0/16
192.26.232.0/24
192.107.101.0/24
192.190.61.0/24
Signature Algorithm: sha256WithRSAEncryption
74:ab:2b:e7:d4:b9:5a:ac:25:17:ca:45:5c:92:5e:53:c0:bb:
b8:a2:fb:18:75:d4:56:d5:23:d7:40:e9:ab:12:62:77:b1:e2:
31:df:f8:68:ac:5c:12:34:e0:9e:08:86:e9:e7:a8:6e:75:fc:
51:80:76:c6:3f:9b:2e:6a:b5:e6:49:40:52:ea:cf:cb:b3:46:
d6:07:de:d9:a1:de:a9:f8:50:e0:88:b1:d5:b9:78:5a:85:5f:
57:41:7a:94:56:e0:32:09:fc:24:88:1f:39:1b:c6:5c:86:9d:
97:fa:25:7a:c8:78:57:7c:02:f8:cd:69:bb:78:4a:68:73:9b:
dc:a2:58:a5:e6:4a:07:54:f9:22:69:80:8b:f7:ed:0e:f9:39:
18:47:bb:f3:54:cd:29:77:bc:10:04:1b:70:94:e9:3c:78:5d:
ff:12:c0:96:28:76:f0:f7:e8:86:8b:79:f7:f1:69:6c:2e:89:
d3:4e:80:c0:77:6b:74:c6:c4:6a:92:9d:7e:9f:04:57:0c:f6:
23:04:83:5c:59:3d:81:5a:0c:0d:40:7b:6f:f5:f3:bb:89:ba:
24:40:6b:11:63:63:b4:cc:fb:eb:2e:e4:96:b8:77:7f:aa:13:
a4:49:bc:8c:36:cc:cf:14:d6:c3:f1:eb:18:07:45:59:fd:98:
ef:e0:2d:e4
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgICNKIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzAzMDQxMTAvBgNVBAUTKEFEMjcwRkRFOTlCMUYxMDY5REFCOEVGN0E1NzZBQTJD
MkFGMkM2RjAwHhcNMjUwNDE3MDAyMDMyWhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02ODAwNDk1MC0wOGFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA03tbW5EllUtCadUAA+/bbW/f+MLRtC3FpIYRIeqD3bUi0BLq3gpsLROtUhcW
yb3jnFGLeLOm3VFs3F3QC5yQ7w8HIdLZT75bh1DA7EsO7OJ2H3TeeJ5U3eHFdo3I
kGIudLEJXnKm6zZGL66c23V7CYyfmiFJhUZ/Qq1eOjXMjI2W5z1OS4KNh6wdSN7G
gsNz6QFfPhn8iO0LfeUIvAwKPAOOwMTSr3305e/yj0SwY7Tey4U5j0mVyPhSskCz
BGe+7jsQS9mKDyiFOMI2JL/bjLUf80EGnYcbzMRWS14ndXiWqPMQiG2nN/OBJs6H
eWi22ruIuBfAAUWC4lKbFcjgVwIDAQABo4ICqzCCAqcwHQYDVR0OBBYEFNaak4eT
P41kU6sbbbRwYTYexW+dMB8GA1UdIwQYMBaAFK0nD96ZsfEGnauO96V2qiwq8sbw
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MDMwNC85RUY0MTEzMDFE
OEUxMUUyQjE4MjI2RUQwOEIwMkNEMi9yU2NQM3BteDhRYWRxNDczcFhhcUxDcnl4
dkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3JTY1AzcG14OFFhZHE0NzNwWGFxTENyeXh2QS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzAzMDQvOUVGNDExMzAxRDhFMTFFMkIxODIyNkVEMDhCMDJDRDIvQzY0QTlEODIx
QjIxMTFGMEIyNzc1NzFDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNQYIKwYBBQUHAQcBAf8E
JjAkMCIEAgABMBwDAwCTKQMDAJNtAwQAwBroAwQAwGtlAwQAwL49MA0GCSqGSIb3
DQEBCwUAA4IBAQB0qyvn1LlarCUXykVckl5TwLu4ovsYddRW1SPXQOmrEmJ3seIx
3/horFwSNOCeCIbp56hudfxRgHbGP5suarXmSUBS6s/Ls0bWB97Zod6p+FDgiLHV
uXhahV9XQXqUVuAyCfwkiB85G8Zchp2X+iV6yHhXfAL4zWm7eEpoc5vcolil5koH
VPkiaYCL9+0O+TkYR7vzVM0pd7wQBBtwlOk8eF3/EsCWKHbw9+iGi3n38WlsLonT
ToDAd2t0xsRqkp1+nwRXDPYjBINcWT2BWgwNQHtv9fO7ibokQGsRY2O0zPvrLuSW
uHd/qhOkSbyMNszPFNbD8esYB0VZ/Zjv4C3k
-----END CERTIFICATE-----
Generated at Sat Apr 26 15:25:57 2025 by rpki-client