$ rpki-client -vvf rpki.apnic.net/member_repository/A91A9CBB/D53BD14615B111F0A2774A09C4F9AE02/2A8C8F02198E11F09D302145C4F9AE02.roa File: 2A8C8F02198E11F09D302145C4F9AE02.roa (raw, json) Hash identifier: pkFF5f+Vaat+aJOayMibpTMU9Wp7Q864DQvUc24s624= Subject key identifier: F9:80:4A:8C:16:BE:99:82:FC:E1:71:E6:FC:9B:5B:E5:4B:AD:F9:A2 Certificate issuer: /CN=A91A9CBB/serialNumber=FC24F539074787ECEAB00C242606C2BD68819A0D Certificate serial: 05 Authority key identifier: FC:24:F5:39:07:47:87:EC:EA:B0:0C:24:26:06:C2:BD:68:81:9A:0D Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_CT1OQdHh-zqsAwkJgbCvWiBmg0.cer Subject info access: rsync://rpki.apnic.net/member_repository/A91A9CBB/D53BD14615B111F0A2774A09C4F9AE02/2A8C8F02198E11F09D302145C4F9AE02.roa Signing time: Tue 15 Apr 2025 00:11:24 +0000 ROA not before: Tue 15 Apr 2025 00:11:24 +0000 ROA not after: Fri 01 May 2026 00:00:00 +0000 asID: 4637 IP address blocks: 202.47.192.0/24 maxlen: 24 202.47.195.0/24 maxlen: 24 202.47.196.0/24 maxlen: 24 202.47.201.0/24 maxlen: 24 202.47.202.0/24 maxlen: 24 202.47.203.0/24 maxlen: 24 210.57.8.0/22 maxlen: 24 210.176.128.0/24 maxlen: 24 210.176.142.0/24 maxlen: 24 Validation: OK Signature path: rsync://rpki.apnic.net/member_repository/A91A9CBB/D53BD14615B111F0A2774A09C4F9AE02/_CT1OQdHh-zqsAwkJgbCvWiBmg0.crl rsync://rpki.apnic.net/member_repository/A91A9CBB/D53BD14615B111F0A2774A09C4F9AE02/_CT1OQdHh-zqsAwkJgbCvWiBmg0.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_CT1OQdHh-zqsAwkJgbCvWiBmg0.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Wed 12 Nov 2025 07:09:46 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 5 (0x5) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91A9CBB, serialNumber=FC24F539074787ECEAB00C242606C2BD68819A0D Validity Not Before: Apr 15 00:11:24 2025 GMT Not After : May 1 00:00:00 2026 GMT Subject: CN=67fda42c-132c Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c7:af:84:d4:24:b4:7b:73:0b:c0:a2:0e:7e:d5: 52:89:6f:c8:10:bc:05:81:aa:32:a8:70:75:bb:4a: 31:96:bf:34:6e:cd:ef:ed:e2:c1:38:46:16:a7:87: c7:89:3a:0f:e9:70:5f:c3:53:8b:5a:4e:c0:2d:dd: a2:51:1e:3f:67:8b:20:6b:5d:1c:5b:43:82:29:43: ec:b8:f6:31:93:e6:83:d7:72:f3:9f:78:5c:91:e5: 96:65:14:65:35:ed:f2:8c:d7:44:99:1f:9e:c3:d5: 28:d9:39:35:c9:c7:18:67:ba:f8:90:62:e8:7a:16: c8:6a:a4:04:eb:0e:e9:4b:60:63:34:b6:eb:8d:df: c8:af:f5:34:62:bc:be:f3:9a:bc:f9:99:ad:9a:6b: a8:8e:aa:ac:d0:79:1c:5c:48:59:82:ab:53:0b:13: a9:8f:b4:3e:40:8d:d2:81:98:32:3d:9d:91:80:90: 7d:d8:ca:06:2c:d7:13:9d:a2:99:f1:e8:70:5d:86: 53:7f:81:77:ab:28:77:30:f2:87:23:5f:2e:2a:61: cf:83:56:18:8a:12:19:2a:39:42:a0:b3:a9:51:2b: ce:dd:39:88:e6:90:5f:12:6d:55:12:01:66:e0:7d: 23:96:20:03:c2:10:21:72:39:8c:2f:56:08:3d:8e: b7:67 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: F9:80:4A:8C:16:BE:99:82:FC:E1:71:E6:FC:9B:5B:E5:4B:AD:F9:A2 X509v3 Authority Key Identifier: keyid:FC:24:F5:39:07:47:87:EC:EA:B0:0C:24:26:06:C2:BD:68:81:9A:0D X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.apnic.net/member_repository/A91A9CBB/D53BD14615B111F0A2774A09C4F9AE02/_CT1OQdHh-zqsAwkJgbCvWiBmg0.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_CT1OQdHh-zqsAwkJgbCvWiBmg0.cer X509v3 Certificate Policies: critical Policy: ipAddr-asNumber CPS: https://www.apnic.net/RPKI/CPS.pdf Subject Information Access: Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A9CBB/D53BD14615B111F0A2774A09C4F9AE02/2A8C8F02198E11F09D302145C4F9AE02.roa RPKI Notify - URI:https://rrdp.apnic.net/notification.xml sbgp-ipAddrBlock: critical IPv4: 202.47.192.0/24 202.47.195.0-202.47.196.255 202.47.201.0-202.47.203.255 210.57.8.0/22 210.176.128.0/24 210.176.142.0/24 Signature Algorithm: sha256WithRSAEncryption 2a:9b:04:40:c2:19:ba:cf:5b:c1:5b:bc:6e:83:1f:ef:c2:7f: 14:17:b4:b4:04:41:52:f6:f1:91:c1:d0:8a:a8:23:46:78:30: 74:0c:81:86:a0:d8:ff:49:44:f8:e7:e6:17:1f:af:d0:b0:e5: bc:2b:4c:42:06:59:c1:e8:7d:be:c0:0e:af:33:33:b2:ec:2c: 6d:52:3a:b4:3f:b7:38:a7:8d:72:3c:09:68:5a:2f:ae:73:49: 20:02:98:94:0a:f9:f6:8d:d1:0b:69:66:b9:e4:c7:8c:80:19: 4d:1d:05:7f:e4:df:3f:df:b9:c8:7b:7e:8d:53:b6:82:d6:0c: 78:9e:77:3a:22:fe:f1:8f:a1:83:b8:d3:66:60:d7:83:79:1d: e3:dc:0a:6c:19:13:47:c6:ef:28:d5:ca:37:f1:e9:de:54:06: 68:93:94:8b:46:6e:04:08:48:8a:4d:35:70:59:a1:e8:3f:bd: f2:03:10:0b:d7:21:e3:5f:60:c3:1a:d0:61:54:7d:a8:40:dd: d2:01:17:1d:91:f5:4c:aa:92:e1:92:21:66:41:dd:92:91:84: 3f:de:2e:a4:e6:16:39:c7:49:2c:f6:f8:f4:6b:3d:09:ab:80: 98:48:ee:c3:b1:ba:27:6e:3a:7b:81:32:1f:ab:53:ac:2b:99: 18:d9:da:b7 -----BEGIN CERTIFICATE----- MIIFnjCCBIagAwIBAgIBBTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFB OUNCQjExMC8GA1UEBRMoRkMyNEY1MzkwNzQ3ODdFQ0VBQjAwQzI0MjYwNkMyQkQ2 ODgxOUEwRDAeFw0yNTA0MTUwMDExMjRaFw0yNjA1MDEwMDAwMDBaMBgxFjAUBgNV BAMTDTY3ZmRhNDJjLTEzMmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDHr4TUJLR7cwvAog5+1VKJb8gQvAWBqjKocHW7SjGWvzRuze/t4sE4Rhanh8eJ Og/pcF/DU4taTsAt3aJRHj9niyBrXRxbQ4IpQ+y49jGT5oPXcvOfeFyR5ZZlFGU1 7fKM10SZH57D1SjZOTXJxxhnuviQYuh6FshqpATrDulLYGM0tuuN38iv9TRivL7z mrz5ma2aa6iOqqzQeRxcSFmCq1MLE6mPtD5AjdKBmDI9nZGAkH3YygYs1xOdopnx 6HBdhlN/gXerKHcw8ocjXy4qYc+DVhiKEhkqOUKgs6lRK87dOYjmkF8SbVUSAWbg fSOWIAPCECFyOYwvVgg9jrdnAgMBAAGjggLDMIICvzAdBgNVHQ4EFgQU+YBKjBa+ mYL84XHm/Jtb5Uut+aIwHwYDVR0jBBgwFoAU/CT1OQdHh+zqsAwkJgbCvWiBmg0w DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUE5Q0JCL0Q1M0JEMTQ2MTVC MTExRjBBMjc3NEEwOUM0RjlBRTAyL19DVDFPUWRIaC16cXNBd2tKZ2JDdldpQm1n MC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG RDFGRjIvX0NUMU9RZEhoLXpxc0F3a0pnYkN2V2lCbWcwLmNlcjBKBgNVHSABAf8E QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFB OUNCQi9ENTNCRDE0NjE1QjExMUYwQTI3NzRBMDlDNEY5QUUwMi8yQThDOEYwMjE5 OEUxMUYwOUQzMDIxNDVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDBNBggrBgEFBQcBBwEB/wQ+ MDwwOgQCAAEwNAMEAMovwDAMAwQAyi/DAwQAyi/EMAwDBADKL8kDBALKL8gDBALS OQgDBADSsIADBADSsI4wDQYJKoZIhvcNAQELBQADggEBACqbBEDCGbrPW8FbvG6D H+/CfxQXtLQEQVL28ZHB0IqoI0Z4MHQMgYag2P9JRPjn5hcfr9Cw5bwrTEIGWcHo fb7ADq8zM7LsLG1SOrQ/tzinjXI8CWhaL65zSSACmJQK+faN0QtpZrnkx4yAGU0d BX/k3z/fuch7fo1TtoLWDHiedzoi/vGPoYO402Zg14N5HePcCmwZE0fG7yjVyjfx 6d5UBmiTlItGbgQISIpNNXBZoeg/vfIDEAvXIeNfYMMa0GFUfahA3dIBFx2R9Uyq kuGSIWZB3ZKRhD/eLqTmFjnHSSz2+PRrPQmrgJhI7sOxuiduOnuBMh+rU6wrmRjZ 2rc= -----END CERTIFICATE-----Generated at Wed Nov 5 10:06:21 2025 by rpki-client