$ rpki-client -vvf rpki.apnic.net/member_repository/A91D087E/B019F1CA04FC11EA8CAED415C4F9AE02/8A7C342604FE11EAB778E81CC4F9AE02.roa File: 8A7C342604FE11EAB778E81CC4F9AE02.roa (raw, json) Hash identifier: W5qhrk3NsiS79KgqelHi0v6nSmVUxngvNJSR/yTxWhg= Subject key identifier: 86:EB:8F:6F:91:A4:83:6A:1F:B6:85:B3:B6:38:24:C5:94:40:D9:29 Certificate issuer: /CN=A91D087E/serialNumber=F07FB13EF91E2211B0FEBC855ADDAF301B0671A4 Certificate serial: 0C3A Authority key identifier: F0:7F:B1:3E:F9:1E:22:11:B0:FE:BC:85:5A:DD:AF:30:1B:06:71:A4 Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/8H-xPvkeIhGw_ryFWt2vMBsGcaQ.cer Subject info access: rsync://rpki.apnic.net/member_repository/A91D087E/B019F1CA04FC11EA8CAED415C4F9AE02/8A7C342604FE11EAB778E81CC4F9AE02.roa Signing time: Sun 06 Apr 2025 18:28:01 +0000 ROA not before: Sun 06 Apr 2025 18:28:01 +0000 ROA not after: Wed 01 Jul 2026 00:00:00 +0000 asID: 24516 IP address blocks: 43.247.124.0/22 maxlen: 24 43.247.128.0/22 maxlen: 24 103.227.200.0/22 maxlen: 24 103.230.172.0/22 maxlen: 24 103.245.216.0/22 maxlen: 24 125.254.48.0/23 maxlen: 24 203.23.139.0/24 maxlen: 24 2402:fa80::/32 maxlen: 32 Validation: OK Signature path: rsync://rpki.apnic.net/member_repository/A91D087E/B019F1CA04FC11EA8CAED415C4F9AE02/8H-xPvkeIhGw_ryFWt2vMBsGcaQ.crl rsync://rpki.apnic.net/member_repository/A91D087E/B019F1CA04FC11EA8CAED415C4F9AE02/8H-xPvkeIhGw_ryFWt2vMBsGcaQ.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/8H-xPvkeIhGw_ryFWt2vMBsGcaQ.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Tue 11 Nov 2025 18:23:48 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 3130 (0xc3a) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91D087E, serialNumber=F07FB13EF91E2211B0FEBC855ADDAF301B0671A4 Validity Not Before: Apr 6 18:28:01 2025 GMT Not After : Jul 1 00:00:00 2026 GMT Subject: CN=67f2c7b1-73a3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b7:da:82:b6:4a:dc:0c:d9:14:cd:03:32:39:fd: 6e:cf:07:ce:33:62:c9:7f:e3:4f:be:cd:68:fa:7f: 3d:9e:63:e6:06:6f:1e:14:4e:f2:6d:a7:42:46:33: d0:f7:b3:9f:36:17:e5:18:49:78:52:e0:d4:81:08: 81:65:1a:74:dd:22:4c:f9:28:e4:33:d0:ac:35:31: 2a:f0:cc:a4:d5:0a:80:b1:03:b5:b9:f7:aa:93:e2: 6e:36:46:df:9d:61:b2:7b:73:e5:e2:81:9e:39:f0: e8:c1:7c:a9:92:29:71:11:ed:8c:0e:c5:81:d5:b9: 27:87:3f:5a:39:31:7a:ea:41:7a:4c:88:48:cf:3b: 09:a6:bf:d3:36:2c:7b:8b:7b:ba:5a:e9:bd:8c:cd: cb:06:f3:5d:5c:0d:1d:5e:a5:8f:a1:9f:c8:9f:b2: ef:88:25:e3:04:17:04:5a:ca:37:60:44:e3:4a:cb: c4:6d:55:ea:99:8f:61:83:73:8f:95:23:b5:6e:86: b7:27:02:d0:59:26:c1:23:d7:72:fc:20:b0:73:8b: 37:67:48:6f:35:3f:7e:ee:ad:ff:88:1e:ee:d0:3f: a7:44:16:79:e9:68:a5:39:da:6a:1d:89:3f:4a:9c: b4:b4:67:16:f7:0c:6f:4a:37:dd:72:39:6f:95:cc: 5b:9f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 86:EB:8F:6F:91:A4:83:6A:1F:B6:85:B3:B6:38:24:C5:94:40:D9:29 X509v3 Authority Key Identifier: keyid:F0:7F:B1:3E:F9:1E:22:11:B0:FE:BC:85:5A:DD:AF:30:1B:06:71:A4 X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.apnic.net/member_repository/A91D087E/B019F1CA04FC11EA8CAED415C4F9AE02/8H-xPvkeIhGw_ryFWt2vMBsGcaQ.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/8H-xPvkeIhGw_ryFWt2vMBsGcaQ.cer X509v3 Certificate Policies: critical Policy: ipAddr-asNumber CPS: https://www.apnic.net/RPKI/CPS.pdf Subject Information Access: Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D087E/B019F1CA04FC11EA8CAED415C4F9AE02/8A7C342604FE11EAB778E81CC4F9AE02.roa RPKI Notify - URI:https://rrdp.apnic.net/notification.xml sbgp-ipAddrBlock: critical IPv4: 43.247.124.0-43.247.131.255 103.227.200.0/22 103.230.172.0/22 103.245.216.0/22 125.254.48.0/23 203.23.139.0/24 IPv6: 2402:fa80::/32 Signature Algorithm: sha256WithRSAEncryption 87:18:de:e2:eb:ac:ea:0b:64:f2:ac:3e:c0:a7:c6:cd:e2:fd: fb:37:17:c9:50:15:20:66:39:5e:bd:e3:6e:02:a4:f8:f0:bd: e1:b0:a0:a7:ee:88:c8:f6:ca:22:9d:ce:a2:c1:d4:09:72:b9: ac:5b:25:1a:f2:e6:09:e9:0f:a5:26:be:09:8f:97:51:ef:bb: a6:6c:e6:e9:df:f5:b7:da:69:b1:00:d6:be:67:3d:5f:9e:20: 3e:78:47:b5:53:12:1d:78:c9:32:0c:41:90:49:36:61:80:80: 5d:5d:f4:5a:ac:8e:90:06:2d:a7:d3:e9:42:30:fd:be:c4:c3: ee:6f:ec:ba:e9:39:11:1b:44:b7:70:0d:06:98:ac:39:61:02: b5:d9:f9:01:a7:b2:1e:92:60:d4:31:0f:0a:9d:1a:44:5d:7f: ae:44:dd:93:e4:26:0c:c9:db:e5:20:1d:72:ef:f2:c7:40:b3: a8:c3:e0:a6:bf:17:56:60:eb:c6:82:21:39:35:29:37:a2:70: 67:ae:92:86:c8:ca:80:a9:38:03:17:18:77:ac:67:24:bb:7d: 0a:be:f8:e1:2c:03:33:e2:80:30:39:74:21:68:88:ff:3a:c2: 2a:47:c4:0c:7c:fc:5c:16:8b:5d:2a:c0:65:28:69:db:3e:98: f9:60:50:9c -----BEGIN CERTIFICATE----- MIIFpjCCBI6gAwIBAgICDDowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx RDA4N0UxMTAvBgNVBAUTKEYwN0ZCMTNFRjkxRTIyMTFCMEZFQkM4NTVBRERBRjMw MUIwNjcxQTQwHhcNMjUwNDA2MTgyODAxWhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD VQQDEw02N2YyYzdiMS03M2EzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAt9qCtkrcDNkUzQMyOf1uzwfOM2LJf+NPvs1o+n89nmPmBm8eFE7ybadCRjPQ 97OfNhflGEl4UuDUgQiBZRp03SJM+SjkM9CsNTEq8Myk1QqAsQO1ufeqk+JuNkbf nWGye3Pl4oGeOfDowXypkilxEe2MDsWB1bknhz9aOTF66kF6TIhIzzsJpr/TNix7 i3u6Wum9jM3LBvNdXA0dXqWPoZ/In7LviCXjBBcEWso3YETjSsvEbVXqmY9hg3OP lSO1boa3JwLQWSbBI9dy/CCwc4s3Z0hvNT9+7q3/iB7u0D+nRBZ56WilOdpqHYk/ Spy0tGcW9wxvSjfdcjlvlcxbnwIDAQABo4ICyjCCAsYwHQYDVR0OBBYEFIbrj2+R pINqH7aFs7Y4JMWUQNkpMB8GA1UdIwQYMBaAFPB/sT75HiIRsP68hVrdrzAbBnGk MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEMDg3RS9CMDE5RjFDQTA0 RkMxMUVBOENBRUQ0MTVDNEY5QUUwMi84SC14UHZrZUloR3dfcnlGV3Qydk1Cc0dj YVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy RkQxRkYyLzhILXhQdmtlSWhHd19yeUZXdDJ2TUJzR2NhUS5jZXIwSgYDVR0gAQH/ BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx RDA4N0UvQjAxOUYxQ0EwNEZDMTFFQThDQUVENDE1QzRGOUFFMDIvOEE3QzM0MjYw NEZFMTFFQUI3NzhFODFDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVAYIKwYBBQUHAQcBAf8E RTBDMDIEAgABMCwwDAMEAiv3fAMEAiv3gAMEAmfjyAMEAmfmrAMEAmf12AMEAX3+ MAMEAMsXizANBAIAAjAHAwUAJAL6gDANBgkqhkiG9w0BAQsFAAOCAQEAhxje4uus 6gtk8qw+wKfGzeL9+zcXyVAVIGY5Xr3jbgKk+PC94bCgp+6IyPbKIp3OosHUCXK5 rFslGvLmCekPpSa+CY+XUe+7pmzm6d/1t9ppsQDWvmc9X54gPnhHtVMSHXjJMgxB kEk2YYCAXV30WqyOkAYtp9PpQjD9vsTD7m/suuk5ERtEt3ANBpisOWECtdn5Aaey HpJg1DEPCp0aRF1/rkTdk+QmDMnb5SAdcu/yx0CzqMPgpr8XVmDrxoIhOTUpN6Jw Z66ShsjKgKk4AxcYd6xnJLt9Cr744SwDM+KAMDl0IWiI/zrCKkfEDHz8XBaLXSrA ZShp2z6Y+WBQnA== -----END CERTIFICATE-----Generated at Wed Nov 5 15:40:55 2025 by rpki-client