Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9172878/4C998A361D8A11E28A1F23E408B02CD2/8D2DEDF4C2A811EBA79A7055C4F9AE02.roa
File: 8D2DEDF4C2A811EBA79A7055C4F9AE02.roa (raw, json)
Hash identifier: ATzhpEQ3sWsRctxwBO/oEigCG80DEQbCszCIkMpVBHY=
Subject key identifier: 70:DA:A8:18:C9:83:F0:86:CE:02:26:65:CE:A4:20:17:CE:B2:DA:ED
Certificate issuer: /CN=A9172878/serialNumber=A3D00626C2F9B462C5507FF180C36DE9C3399CB2
Certificate serial: 35B3
Authority key identifier: A3:D0:06:26:C2:F9:B4:62:C5:50:7F:F1:80:C3:6D:E9:C3:39:9C:B2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/o9AGJsL5tGLFUH_xgMNt6cM5nLI.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9172878/4C998A361D8A11E28A1F23E408B02CD2/8D2DEDF4C2A811EBA79A7055C4F9AE02.roa
Signing time: Tue 31 Mar 2026 15:10:44 +0000
ROA not before: Tue 31 Mar 2026 15:10:44 +0000
ROA not after: Sat 01 Aug 2026 00:00:00 +0000
asID: 18399
IP address blocks: 61.4.65.0/24 maxlen: 24
61.4.68.0/24 maxlen: 24
61.4.69.0/24 maxlen: 24
61.4.70.0/24 maxlen: 24
61.4.71.0/24 maxlen: 24
61.4.72.0/24 maxlen: 24
61.4.73.0/24 maxlen: 24
61.4.74.0/24 maxlen: 24
61.4.75.0/24 maxlen: 24
61.4.76.0/24 maxlen: 24
61.4.77.0/24 maxlen: 24
61.4.78.0/24 maxlen: 24
61.4.79.0/24 maxlen: 24
122.248.100.0/24 maxlen: 24
122.248.101.0/24 maxlen: 24
122.248.102.0/24 maxlen: 24
122.248.103.0/24 maxlen: 24
122.248.104.0/24 maxlen: 24
122.248.105.0/24 maxlen: 24
122.248.106.0/24 maxlen: 24
122.248.112.0/24 maxlen: 24
122.248.113.0/24 maxlen: 24
122.248.118.0/24 maxlen: 24
122.248.119.0/24 maxlen: 24
122.248.120.0/24 maxlen: 24
122.248.121.0/24 maxlen: 24
122.248.122.0/24 maxlen: 24
122.248.126.0/24 maxlen: 24
203.81.160.0/24 maxlen: 24
203.81.161.0/24 maxlen: 24
203.81.162.0/24 maxlen: 24
203.81.163.0/24 maxlen: 24
203.81.164.0/24 maxlen: 24
203.81.165.0/24 maxlen: 24
203.81.168.0/24 maxlen: 24
203.81.169.0/24 maxlen: 24
203.81.172.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9172878/4C998A361D8A11E28A1F23E408B02CD2/o9AGJsL5tGLFUH_xgMNt6cM5nLI.crl
rsync://rpki.apnic.net/member_repository/A9172878/4C998A361D8A11E28A1F23E408B02CD2/o9AGJsL5tGLFUH_xgMNt6cM5nLI.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/o9AGJsL5tGLFUH_xgMNt6cM5nLI.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Thu 23 Apr 2026 14:32:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13747 (0x35b3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9172878, serialNumber=A3D00626C2F9B462C5507FF180C36DE9C3399CB2
Validity
Not Before: Mar 31 15:10:44 2026 GMT
Not After : Aug 1 00:00:00 2026 GMT
Subject: CN=69cbe3f4-a5c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:02:89:83:da:99:09:5a:e5:54:af:7f:d4:b4:
f2:21:16:04:af:58:2b:c2:8a:e0:22:6f:e0:e6:a1:
46:8f:71:da:73:a3:d3:08:62:86:bc:0e:70:21:b2:
51:5c:46:3c:8a:bb:28:39:cb:98:9e:e3:af:82:28:
8f:b7:5a:49:cd:57:a2:1e:51:40:fe:a2:67:75:16:
7d:1f:8f:fb:51:d1:7c:16:8d:e4:37:92:d8:c4:25:
bd:5a:e9:a9:99:9e:f0:36:73:d2:01:b7:9e:9e:2b:
35:73:6e:e8:47:ab:4e:a2:8f:d1:7f:ef:25:4d:dd:
c7:db:4b:d9:64:25:5a:c7:5e:02:d7:00:dc:b3:14:
92:e8:5e:e9:87:aa:36:52:49:38:57:c6:72:66:7e:
c1:93:45:e8:60:c9:27:e5:d6:d0:67:8a:6a:b5:17:
d2:ba:71:6c:f1:fe:10:13:46:79:d6:d9:7f:bf:27:
d2:36:99:5a:46:28:f8:0c:8a:b7:54:cf:62:8f:e2:
21:f1:0c:3a:25:5d:97:e3:ec:89:e1:f6:f1:03:10:
76:7b:2c:d3:5d:f9:43:8e:59:dd:71:80:c0:0a:69:
7b:80:8f:c4:32:45:5a:d4:ad:e8:4f:06:69:fd:fd:
09:2b:9a:fd:6c:cc:de:58:fb:51:b6:09:33:db:70:
80:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:DA:A8:18:C9:83:F0:86:CE:02:26:65:CE:A4:20:17:CE:B2:DA:ED
X509v3 Authority Key Identifier:
keyid:A3:D0:06:26:C2:F9:B4:62:C5:50:7F:F1:80:C3:6D:E9:C3:39:9C:B2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9172878/4C998A361D8A11E28A1F23E408B02CD2/o9AGJsL5tGLFUH_xgMNt6cM5nLI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/o9AGJsL5tGLFUH_xgMNt6cM5nLI.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9172878/4C998A361D8A11E28A1F23E408B02CD2/8D2DEDF4C2A811EBA79A7055C4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
61.4.65.0/24
61.4.68.0-61.4.79.255
122.248.100.0-122.248.106.255
122.248.112.0/23
122.248.118.0-122.248.122.255
122.248.126.0/24
203.81.160.0-203.81.165.255
203.81.168.0/23
203.81.172.0/22
Signature Algorithm: sha256WithRSAEncryption
79:1e:7f:5e:21:d8:57:a3:f8:0c:c2:a4:9d:5a:00:35:23:4b:
aa:21:6e:e8:ff:3d:d8:9b:4e:65:02:88:d2:e0:f6:8d:d6:70:
a9:49:13:ad:a6:02:7f:00:92:ac:68:90:01:04:3d:02:e4:07:
34:f6:9c:5d:fa:f6:f9:0f:1d:a1:5e:95:98:d8:32:3e:1b:12:
4f:cb:96:c1:df:3f:52:f8:14:d5:4d:c6:9d:8e:82:aa:7b:d8:
08:96:0e:78:f5:8c:68:9a:90:e7:70:6b:ea:92:cb:61:2b:16:
0e:8f:f1:1c:4f:20:6a:dc:02:e6:58:92:76:df:99:5d:16:7c:
79:f3:3f:17:4c:3f:b8:74:56:81:aa:89:e7:13:72:09:67:06:
b8:5e:46:64:06:fe:78:c8:e5:dd:16:74:3f:e3:37:58:5e:5d:
b0:08:47:ba:59:9c:cf:1a:26:be:df:53:e2:dd:4b:6d:56:6f:
43:9a:48:b3:33:d6:69:44:55:c3:b9:10:35:60:ee:81:4b:47:
73:f1:5b:9a:77:2c:b4:6e:a9:09:50:29:1d:46:49:3f:4e:c4:
3f:5a:5a:4f:c8:a5:b7:d4:bf:87:c8:e3:c9:e2:9d:54:12:ff:
30:77:8d:a9:4a:2b:44:18:f0:74:c3:c8:3f:73:6b:a4:64:45:
1a:0e:2a:50
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICNbMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzI4NzgxMTAvBgNVBAUTKEEzRDAwNjI2QzJGOUI0NjJDNTUwN0ZGMTgwQzM2REU5
QzMzOTlDQjIwHhcNMjYwMzMxMTUxMDQ0WhcNMjYwODAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWNiZTNmNC1hNWMwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtgKJg9qZCVrlVK9/1LTyIRYEr1grworgIm/g5qFGj3Hac6PTCGKGvA5wIbJR
XEY8irsoOcuYnuOvgiiPt1pJzVeiHlFA/qJndRZ9H4/7UdF8Fo3kN5LYxCW9Wump
mZ7wNnPSAbeenis1c27oR6tOoo/Rf+8lTd3H20vZZCVax14C1wDcsxSS6F7ph6o2
Ukk4V8ZyZn7Bk0XoYMkn5dbQZ4pqtRfSunFs8f4QE0Z51tl/vyfSNplaRij4DIq3
VM9ij+Ih8Qw6JV2X4+yJ4fbxAxB2eyzTXflDjlndcYDACml7gI/EMkVa1K3oTwZp
/f0JK5r9bMzeWPtRtgkz23CAzQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFHDaqBjJ
g/CGzgImZc6kIBfOstrtMB8GA1UdIwQYMBaAFKPQBibC+bRixVB/8YDDbenDOZyy
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3Mjg3OC80Qzk5OEEzNjFE
OEExMUUyOEExRjIzRTQwOEIwMkNEMi9vOUFHSnNMNXRHTEZVSF94Z01OdDZjTTVu
TEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL285QUdKc0w1dEdMRlVIX3hnTU50NmNNNW5MSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzI4NzgvNEM5OThBMzYxRDhBMTFFMjhBMUYyM0U0MDhCMDJDRDIvOEQyREVERjRD
MkE4MTFFQkE3OUE3MDU1QzRGOUFFMDIucm9hMG8GCCsGAQUFBwEHAQH/BGAwXjBc
BAIAATBWAwQAPQRBMAwDBAI9BEQDBAQ9BEAwDAMEAnr4ZAMEAHr4agMEAXr4cDAM
AwQBevh2AwQAevh6AwQAevh+MAwDBAXLUaADBAHLUaQDBAHLUagDBALLUawwDQYJ
KoZIhvcNAQELBQADggEBAHkef14h2Fej+AzCpJ1aADUjS6ohbuj/PdibTmUCiNLg
9o3WcKlJE62mAn8AkqxokAEEPQLkBzT2nF369vkPHaFelZjYMj4bEk/LlsHfP1L4
FNVNxp2Ogqp72AiWDnj1jGiakOdwa+qSy2ErFg6P8RxPIGrcAuZYknbfmV0WfHnz
PxdMP7h0VoGqiecTcglnBrheRmQG/njI5d0WdD/jN1heXbAIR7pZnM8aJr7fU+Ld
S21Wb0OaSLMz1mlEVcO5EDVg7oFLR3PxW5p3LLRuqQlQKR1GST9OxD9aWk/IpbfU
v4fI48ninVQS/zB3jalKK0QY8HTDyD9za6RkRRoOKlA=
-----END CERTIFICATE-----
Generated at Fri Apr 17 18:18:26 2026 by rpki-client