Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/CF6B95A22B0611F095AFC61DC4F9AE02.roa
File: CF6B95A22B0611F095AFC61DC4F9AE02.roa (raw, json)
Hash identifier: 65WLHhFzJCnpdIBXbV7T9P/QaGhG5xrEFCFRSt+tkFQ=
Subject key identifier: 41:0B:24:7B:62:40:88:70:AB:20:45:48:DA:0B:B9:73:06:85:8B:0B
Certificate issuer: /CN=A917BB9A/serialNumber=A6172EEBE1FCD1A978CCA467E1B58A30B37951EB
Certificate serial: 0161
Authority key identifier: A6:17:2E:EB:E1:FC:D1:A9:78:CC:A4:67:E1:B5:8A:30:B3:79:51:EB
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/phcu6-H80al4zKRn4bWKMLN5Ues.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/CF6B95A22B0611F095AFC61DC4F9AE02.roa
Signing time: Sun 01 Mar 2026 17:59:20 +0000
ROA not before: Sat 24 Jan 2026 04:56:43 +0000
ROA not after: Mon 31 Aug 2026 00:00:00 +0000
asID: 56209
IP address blocks: 150.129.172.0/23 maxlen: 23
150.129.172.0/24 maxlen: 24
150.129.173.0/24 maxlen: 24
150.129.174.0/23 maxlen: 23
150.129.174.0/24 maxlen: 24
150.129.175.0/24 maxlen: 24
202.47.112.0/24 maxlen: 24
202.47.113.0/24 maxlen: 24
202.47.114.0/24 maxlen: 24
202.47.115.0/24 maxlen: 24
202.47.116.0/24 maxlen: 24
202.47.117.0/24 maxlen: 24
202.47.118.0/24 maxlen: 24
202.47.119.0/24 maxlen: 24
202.71.0.0/23 maxlen: 23
202.71.0.0/24 maxlen: 24
202.71.1.0/24 maxlen: 24
202.71.2.0/23 maxlen: 23
202.71.2.0/24 maxlen: 24
202.71.3.0/24 maxlen: 24
202.71.24.0/23 maxlen: 23
202.71.24.0/24 maxlen: 24
202.71.25.0/24 maxlen: 24
202.71.26.0/24 maxlen: 24
202.71.27.0/24 maxlen: 24
202.71.28.0/24 maxlen: 24
202.71.29.0/24 maxlen: 24
202.71.30.0/24 maxlen: 24
202.71.31.0/24 maxlen: 24
2401:a3e0::/48 maxlen: 48
2401:a3e0:1::/48 maxlen: 48
2401:a3e0:2::/48 maxlen: 48
2401:a3e0:3::/48 maxlen: 48
2401:a3e0:4::/48 maxlen: 48
2401:a3e0:5::/48 maxlen: 48
2401:a3e0:6::/48 maxlen: 48
2401:a3e0:7::/48 maxlen: 48
2401:a3e0:8::/48 maxlen: 48
2401:a3e0:9::/48 maxlen: 48
2401:a3e0:a::/48 maxlen: 48
2401:a3e0:b::/48 maxlen: 48
2401:a3e0:c::/48 maxlen: 48
2401:a3e0:d::/48 maxlen: 48
2401:a3e0:e::/48 maxlen: 48
2401:a3e0:f::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/phcu6-H80al4zKRn4bWKMLN5Ues.crl
rsync://rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/phcu6-H80al4zKRn4bWKMLN5Ues.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/phcu6-H80al4zKRn4bWKMLN5Ues.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 09 Mar 2026 02:58:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 353 (0x161)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A917BB9A, serialNumber=A6172EEBE1FCD1A978CCA467E1B58A30B37951EB
Validity
Not Before: Jan 24 04:56:43 2026 GMT
Not After : Aug 31 00:00:00 2026 GMT
Subject: CN=69a47e77-cce2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:a3:af:73:aa:f1:5c:14:b7:69:41:be:64:e6:
17:b6:5e:67:d0:fd:30:2d:62:e7:ef:82:a1:37:c7:
d2:28:a7:12:5c:08:f0:0c:14:99:9d:27:09:66:a1:
5f:e6:b9:e2:50:3b:a6:44:2f:16:19:a0:07:76:40:
5c:61:31:45:d5:93:e4:ae:ce:48:9a:7d:46:dd:2d:
0d:20:cb:f3:ca:52:aa:39:3a:d0:71:10:76:19:78:
a7:fd:84:f4:41:35:c1:95:fd:d4:49:ad:61:2b:d9:
c9:8b:20:ca:33:59:1b:31:96:b3:7a:32:84:58:9a:
1b:88:8d:10:ec:a9:98:87:da:a1:c2:7b:35:29:13:
e8:f8:04:d8:c2:da:01:14:9f:e3:7a:41:9e:98:30:
31:0a:02:4f:dd:5f:36:c9:d7:fb:69:72:1b:d4:24:
2d:f4:29:1e:87:e4:83:3f:f2:0d:cf:3a:99:05:10:
a5:f5:58:c1:2c:80:d1:2c:45:d9:30:21:07:c9:cc:
85:75:22:a8:40:c3:fd:19:ba:d6:62:5e:9c:05:52:
ae:1f:19:77:15:84:dd:0c:b2:36:7d:59:62:a7:e3:
05:fa:11:bc:9b:7c:c7:48:9e:9f:23:97:45:ca:98:
be:62:91:d1:b4:04:df:c3:e8:cd:28:c5:11:c8:75:
65:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:0B:24:7B:62:40:88:70:AB:20:45:48:DA:0B:B9:73:06:85:8B:0B
X509v3 Authority Key Identifier:
keyid:A6:17:2E:EB:E1:FC:D1:A9:78:CC:A4:67:E1:B5:8A:30:B3:79:51:EB
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/phcu6-H80al4zKRn4bWKMLN5Ues.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/phcu6-H80al4zKRn4bWKMLN5Ues.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917BB9A/49CD0304CFF311EF9062E521C4F9AE02/CF6B95A22B0611F095AFC61DC4F9AE02.roa
sbgp-ipAddrBlock: critical
IPv4:
150.129.172.0/22
202.47.112.0/21
202.71.0.0/22
202.71.24.0/21
IPv6:
2401:a3e0::/44
Signature Algorithm: sha256WithRSAEncryption
6b:41:4b:85:ec:04:1b:fd:2b:05:22:09:ba:fa:f2:f5:48:96:
59:ad:37:d0:d6:40:21:69:48:a9:bb:f5:c3:b3:65:1e:0d:74:
51:e2:b5:1d:6c:1c:e7:b4:05:ea:8b:cd:43:57:e9:09:36:31:
9f:1b:8b:cf:2c:db:2c:b2:a2:a6:eb:c1:4d:83:45:d7:d9:70:
2b:c2:ce:a1:f7:b6:54:b6:41:10:8d:cd:30:75:78:4f:83:5a:
11:6b:33:a4:5f:39:9d:b0:f4:e5:22:d0:05:33:32:a9:01:c9:
18:45:6c:ce:38:a3:0d:b9:56:0c:9d:c0:ac:65:57:f7:db:35:
df:4f:92:31:5e:69:e1:6d:15:2e:3b:b4:29:b0:9e:80:50:c5:
6a:a1:d3:49:b4:6b:1f:01:56:d5:e6:58:d3:9e:a0:e3:9b:da:
c5:1a:72:e4:c4:b7:7e:5c:be:b4:9e:e4:8c:6d:5d:9f:95:a1:
94:74:a7:a1:68:b7:2e:25:68:0c:5d:4e:cb:9b:d1:e6:44:de:
fa:65:a3:35:62:2b:67:40:ed:dd:77:ac:13:fd:c6:8c:42:f8:
30:ca:0d:57:ab:7d:e3:13:09:c4:fa:01:d0:7c:9e:37:4c:ba:
e6:bb:d3:19:b0:a6:ce:d2:68:e0:af:14:64:79:12:0c:ab:14:
1f:16:ca:e2
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgICAWEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0JCOUExMTAvBgNVBAUTKEE2MTcyRUVCRTFGQ0QxQTk3OENDQTQ2N0UxQjU4QTMw
QjM3OTUxRUIwHhcNMjYwMTI0MDQ1NjQzWhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OWE0N2U3Ny1jY2UyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxaOvc6rxXBS3aUG+ZOYXtl5n0P0wLWLn74KhN8fSKKcSXAjwDBSZnScJZqFf
5rniUDumRC8WGaAHdkBcYTFF1ZPkrs5Imn1G3S0NIMvzylKqOTrQcRB2GXin/YT0
QTXBlf3USa1hK9nJiyDKM1kbMZazejKEWJobiI0Q7KmYh9qhwns1KRPo+ATYwtoB
FJ/jekGemDAxCgJP3V82ydf7aXIb1CQt9Ckeh+SDP/INzzqZBRCl9VjBLIDRLEXZ
MCEHycyFdSKoQMP9GbrWYl6cBVKuHxl3FYTdDLI2fVlip+MF+hG8m3zHSJ6fI5dF
ypi+YpHRtATfw+jNKMURyHVlEQIDAQABo4ICgzCCAn8wHQYDVR0OBBYEFEELJHti
QIhwqyBFSNoLuXMGhYsLMB8GA1UdIwQYMBaAFKYXLuvh/NGpeMykZ+G1ijCzeVHr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QkI5QS80OUNEMDMwNENG
RjMxMUVGOTA2MkU1MjFDNEY5QUUwMi9waGN1Ni1IODBhbDR6S1JuNGJXS01MTjVV
ZXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3BoY3U2LUg4MGFsNHpLUm40YldLTUxONVVlcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0JCOUEvNDlDRDAzMDRDRkYzMTFFRjkwNjJFNTIxQzRGOUFFMDIvQ0Y2Qjk1QTIy
QjA2MTFGMDk1QUZDNjFEQzRGOUFFMDIucm9hMEIGCCsGAQUFBwEHAQH/BDMwMTAe
BAIAATAYAwQCloGsAwQDyi9wAwQCykcAAwQDykcYMA8EAgACMAkDBwQkAaPgAAAw
DQYJKoZIhvcNAQELBQADggEBAGtBS4XsBBv9KwUiCbr68vVIllmtN9DWQCFpSKm7
9cOzZR4NdFHitR1sHOe0BeqLzUNX6Qk2MZ8bi88s2yyyoqbrwU2DRdfZcCvCzqH3
tlS2QRCNzTB1eE+DWhFrM6RfOZ2w9OUi0AUzMqkByRhFbM44ow25VgydwKxlV/fb
Nd9PkjFeaeFtFS47tCmwnoBQxWqh00m0ax8BVtXmWNOeoOOb2sUacuTEt35cvrSe
5IxtXZ+VoZR0p6Foty4laAxdTsub0eZE3vplozViK2dA7d13rBP9xoxC+DDKDVer
feMTCcT6AdB8njdMuua70xmwps7SaOCvFGR5EgyrFB8WyuI=
-----END CERTIFICATE-----
Generated at Mon Mar 2 20:01:55 2026 by rpki-client