$ rpki-client -vvf rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa File: DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa (raw, json) Hash identifier: 81ReA4BHk/lxP9lEIuQUr4XFnT42WFD0y3bTKzIXKJE= Subject key identifier: 0A:A7:80:B4:8D:F5:85:B6:C5:28:B1:91:98:C5:69:6D:25:6D:E3:60 Certificate issuer: /CN=A91CE978/serialNumber=6A1E4F72847EB3699522C93D26773F0DF8396EBE Certificate serial: 35D6 Authority key identifier: 6A:1E:4F:72:84:7E:B3:69:95:22:C9:3D:26:77:3F:0D:F8:39:6E:BE Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer Subject info access: rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa Signing time: Sun 01 Mar 2026 15:26:40 +0000 ROA not before: Thu 10 Apr 2025 15:20:52 +0000 ROA not after: Wed 01 Jul 2026 00:00:00 +0000 asID: 23838 IP address blocks: 43.255.160.0/22 maxlen: 22 43.255.160.0/24 maxlen: 24 43.255.161.0/24 maxlen: 24 43.255.162.0/24 maxlen: 24 43.255.163.0/24 maxlen: 24 103.8.252.0/22 maxlen: 23 116.90.135.0/24 maxlen: 24 120.136.48.0/20 maxlen: 20 120.136.48.0/21 maxlen: 21 120.136.49.0/24 maxlen: 24 120.136.53.0/24 maxlen: 24 120.136.56.0/21 maxlen: 21 120.136.56.0/24 maxlen: 24 120.136.58.0/24 maxlen: 24 2401:f000:6::/48 maxlen: 48 2401:f000:8::/48 maxlen: 48 2401:f000:16::/48 maxlen: 48 2401:f000:18::/48 maxlen: 48 2402:1c00::/32 maxlen: 32 2402:1c00::/32 maxlen: 48 2402:1c00:4000::/36 maxlen: 36 2402:1c00:8000::/36 maxlen: 36 2402:1c00:9000::/37 maxlen: 37 2402:1c00:c000::/36 maxlen: 36 Validation: OK Signature path: rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.crl rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Mon 09 Mar 2026 00:13:57 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 13782 (0x35d6) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91CE978, serialNumber=6A1E4F72847EB3699522C93D26773F0DF8396EBE Validity Not Before: Apr 10 15:20:52 2025 GMT Not After : Jul 1 00:00:00 2026 GMT Subject: CN=69a45ab0-75ad Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:cd:6a:08:b4:b6:94:46:3e:d2:8d:f5:b9:f6:7b: 83:de:26:ff:5b:7d:47:95:0e:91:8b:a9:c5:80:5c: 57:0c:cd:48:97:4a:8d:d6:a6:5c:d3:2f:aa:4f:96: 9a:ab:56:1e:e9:29:f0:91:00:a0:22:1b:8f:f9:a6: b8:26:5a:c6:1e:a0:ff:3f:d2:8a:56:ca:c4:28:84: c3:73:a5:07:4c:e9:99:f5:0e:5b:7d:1b:55:e6:36: 18:80:c6:d4:fe:12:73:70:fc:8f:e8:50:c9:a6:34: 15:b5:20:c7:1e:15:eb:4a:d4:c7:f1:3b:4f:9b:a3: 5b:a9:b7:93:85:4d:e3:30:b0:91:24:e8:77:d0:e7: d8:fd:ab:c0:47:44:2b:32:ea:23:9f:41:b5:36:dd: d4:d1:15:aa:a7:70:b5:0d:42:cf:54:8e:fe:e2:ca: b1:5c:be:bf:96:ec:82:9a:08:ae:08:b5:92:59:ba: ac:94:84:50:33:da:a7:97:66:1b:1b:f2:d6:37:07: f1:56:d9:81:75:d7:93:26:d3:f0:ed:c3:78:8c:f6: 2d:b3:d1:60:6d:d8:57:e4:fb:69:16:a5:95:80:d9: 11:d1:e8:c0:be:40:78:a8:40:b7:2e:c3:de:4d:51: 0c:ad:43:0a:1c:7a:0e:7e:a9:70:2c:19:43:2f:2c: b7:1f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 0A:A7:80:B4:8D:F5:85:B6:C5:28:B1:91:98:C5:69:6D:25:6D:E3:60 X509v3 Authority Key Identifier: keyid:6A:1E:4F:72:84:7E:B3:69:95:22:C9:3D:26:77:3F:0D:F8:39:6E:BE X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer X509v3 Certificate Policies: critical Policy: ipAddr-asNumber CPS: https://www.apnic.net/RPKI/CPS.pdf Subject Information Access: Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa sbgp-ipAddrBlock: critical IPv4: 43.255.160.0/22 103.8.252.0/22 116.90.135.0/24 120.136.48.0/20 IPv6: 2401:f000:6::/48 2401:f000:8::/48 2401:f000:16::/48 2401:f000:18::/48 2402:1c00::/32 Signature Algorithm: sha256WithRSAEncryption 55:6e:cd:53:56:81:56:63:69:e8:21:1a:65:7c:8f:18:f3:97: 51:41:f9:b5:f5:09:3b:18:f9:cd:87:97:51:8b:ae:50:9b:24: b2:7b:22:8e:cf:13:69:4c:7d:5d:73:6c:4c:bd:e3:e7:7c:55: da:b3:dc:d2:dc:0d:82:df:b4:40:4c:41:02:be:e6:93:38:8c: 94:7d:a3:e2:f4:06:9c:54:63:04:db:64:0c:11:3d:5f:a2:f9: 95:98:09:14:80:fa:ff:c8:b0:de:8b:56:7c:12:2a:66:12:4b: 73:1c:e5:a1:b5:b0:50:e9:7e:04:7c:a2:00:36:6f:06:4a:16: 59:18:fb:d1:6f:91:ca:ed:55:a6:61:9d:41:d2:fa:0b:ec:4d: a4:a3:61:25:8c:4b:c2:79:a6:0e:5d:6d:e0:00:2e:6a:56:51: ee:4a:06:43:2a:3a:c0:19:68:81:61:50:97:7c:91:d1:6c:41: ce:39:95:af:9a:4b:0b:43:28:9d:e7:7c:8d:2b:c4:b8:60:92: d7:4c:6b:59:84:fd:31:af:0f:65:27:72:85:71:33:86:33:ba: ad:93:7b:0e:02:9b:5b:1b:aa:ac:69:a7:8f:ed:e2:fd:49:1b: 89:21:cf:a4:99:6d:f1:30:24:cf:32:e4:42:51:c0:3a:1e:b8: dd:5a:79:0e -----BEGIN CERTIFICATE----- MIIFgTCCBGmgAwIBAgICNdYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx Q0U5NzgxMTAvBgNVBAUTKDZBMUU0RjcyODQ3RUIzNjk5NTIyQzkzRDI2NzczRjBE RjgzOTZFQkUwHhcNMjUwNDEwMTUyMDUyWhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD VQQDEw02OWE0NWFiMC03NWFkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAzWoItLaURj7SjfW59nuD3ib/W31HlQ6Ri6nFgFxXDM1Il0qN1qZc0y+qT5aa q1Ye6SnwkQCgIhuP+aa4JlrGHqD/P9KKVsrEKITDc6UHTOmZ9Q5bfRtV5jYYgMbU /hJzcPyP6FDJpjQVtSDHHhXrStTH8TtPm6NbqbeThU3jMLCRJOh30OfY/avAR0Qr Muojn0G1Nt3U0RWqp3C1DULPVI7+4sqxXL6/luyCmgiuCLWSWbqslIRQM9qnl2Yb G/LWNwfxVtmBddeTJtPw7cN4jPYts9FgbdhX5PtpFqWVgNkR0ejAvkB4qEC3LsPe TVEMrUMKHHoOfqlwLBlDLyy3HwIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFAqngLSN 9YW2xSixkZjFaW0lbeNgMB8GA1UdIwQYMBaAFGoeT3KEfrNplSLJPSZ3Pw34OW6+ MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRTk3OC8zMjIzRjM1RTFE OTgxMUUyOEE4QzJFODIwOEIwMkNEMi9haDVQY29SLXMybVZJc2s5Sm5jX0RmZzVi cjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy RkQxRkYyL2FoNVBjb1ItczJtVklzazlKbmNfRGZnNWJyNC5jZXIwSgYDVR0gAQH/ BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx Q0U5NzgvMzIyM0YzNUUxRDk4MTFFMjhBOEMyRTgyMDhCMDJDRDIvRERGNEIwRDJG MDhDMTFFRUI3MEExRjc2QzRGOUFFMDIucm9hMGQGCCsGAQUFBwEHAQH/BFUwUzAe BAIAATAYAwQCK/+gAwQCZwj8AwQAdFqHAwQEeIgwMDEEAgACMCsDBwAkAfAAAAYD BwAkAfAAAAgDBwAkAfAAABYDBwAkAfAAABgDBQAkAhwAMA0GCSqGSIb3DQEBCwUA A4IBAQBVbs1TVoFWY2noIRplfI8Y85dRQfm19Qk7GPnNh5dRi65QmySyeyKOzxNp TH1dc2xMvePnfFXas9zS3A2C37RATEECvuaTOIyUfaPi9AacVGME22QMET1fovmV mAkUgPr/yLDei1Z8EipmEktzHOWhtbBQ6X4EfKIANm8GShZZGPvRb5HK7VWmYZ1B 0voL7E2ko2EljEvCeaYOXW3gAC5qVlHuSgZDKjrAGWiBYVCXfJHRbEHOOZWvmksL Qyid53yNK8S4YJLXTGtZhP0xrw9lJ3KFcTOGM7qtk3sOAptbG6qsaaeP7eL9SRuJ Ic+kmW3xMCTPMuRCUcA6HrjdWnkO -----END CERTIFICATE-----Generated at Mon Mar 2 03:49:19 2026 by rpki-client