This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5CnUKeZreXs9ihy-JJFXetw4pI4.cer File: 5CnUKeZreXs9ihy-JJFXetw4pI4.cer (raw, json) Hash identifier: 4aM1ZDyMKZLQOqXka8KqTvWU7jv9kQcukBxVzo+1OOw= Subject key identifier: E4:29:D4:29:E6:6B:79:7B:3D:8A:1C:BE:24:91:57:7A:DC:38:A4:8E Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F Certificate issuer: /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F Certificate serial: 027ED7 Authority info access: rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer Manifest: rsync://rpki.apnic.net/member_repository/A91CC711/C7D1B0541EE311EF90D21234C4F9AE02/5CnUKeZreXs9ihy-JJFXetw4pI4.mft caRepository: rsync://rpki.apnic.net/member_repository/A91CC711/C7D1B0541EE311EF90D21234C4F9AE02/ Notify URL: https://rrdp.apnic.net/notification.xml Certificate not before: Wed 17 Dec 2025 04:12:07 +0000 Certificate not after: Sun 31 Jan 2027 00:00:00 +0000 Subordinate resources: AS: 17659 AS: 24563 AS: 37985 AS: 132160 IP: 103.11.160.0/22 IP: 182.236.116.0/23 IP: 202.5.162.0 -- 202.5.164.255 IP: 202.5.168.0/23 IP: 202.5.177.0/24 IP: 202.5.190.0/24 IP: 203.56.81.0/24 IP: 203.86.208.0/21 IP: 203.86.219.0 -- 203.86.223.255 IP: 2401:cf00::/32 IP: 2402:2b00::/32 Validation: OK Signature path: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Fri 26 Dec 2025 14:50:15 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 163543 (0x27ed7) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A90DC5BE, serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F Validity Not Before: Dec 17 04:12:07 2025 GMT Not After : Jan 31 00:00:00 2027 GMT Subject: CN=A91CC711, serialNumber=E429D429E66B797B3D8A1CBE2491577ADC38A48E Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c4:92:9d:3a:b6:fc:59:53:2f:25:6f:f7:0d:61: 8c:4c:cb:de:be:09:73:15:5e:aa:fe:b9:22:1e:f5: 99:34:7b:20:2a:45:0d:e5:ff:f0:1e:52:90:10:fa: 7e:ca:27:c7:ff:19:aa:b4:be:9b:94:63:28:8a:12: 28:69:43:c6:ea:ad:b3:dc:67:96:40:25:1b:6e:89: e7:74:e8:0a:85:93:00:90:b3:1e:5c:fd:99:9a:9f: 08:c9:3e:c0:85:b7:cb:1f:bc:46:b5:91:8a:2b:33: 47:16:de:18:e1:96:68:5a:91:8d:d1:30:18:33:22: c6:e4:82:b7:04:c5:ac:e5:af:b9:4a:80:8d:d0:00: e5:27:64:fd:7d:45:f7:30:a4:d0:14:f3:51:55:41: e4:28:14:66:52:f1:7d:36:b6:2d:c7:61:86:01:65: fc:1d:af:b7:23:74:4f:3d:2e:ae:df:ca:dd:78:4e: 3e:35:f7:1a:1c:30:b0:01:90:64:e6:0e:78:26:25: 68:3b:93:67:63:63:50:b8:9d:c4:3e:6c:8d:17:98: ec:7c:41:fc:3f:1d:35:d1:f4:b3:37:e9:7b:54:dd: f6:f8:2a:4b:53:a1:fd:c1:55:11:0a:c7:8b:68:cb: ae:43:f5:fb:73:91:12:9f:70:92:87:fb:98:ee:f7: 7d:ef Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: E4:29:D4:29:E6:6B:79:7B:3D:8A:1C:BE:24:91:57:7A:DC:38:A4:8E X509v3 Authority Key Identifier: keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer X509v3 Certificate Policies: critical Policy: ipAddr-asNumber CPS: https://www.apnic.net/RPKI/CPS.pdf Subject Information Access: CA Repository - URI:rsync://rpki.apnic.net/member_repository/A91CC711/C7D1B0541EE311EF90D21234C4F9AE02/ RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A91CC711/C7D1B0541EE311EF90D21234C4F9AE02/5CnUKeZreXs9ihy-JJFXetw4pI4.mft RPKI Notify - URI:https://rrdp.apnic.net/notification.xml sbgp-autonomousSysNum: critical Autonomous System Numbers: 17659 24563 37985 132160 sbgp-ipAddrBlock: critical IPv4: 103.11.160.0/22 182.236.116.0/23 202.5.162.0-202.5.164.255 202.5.168.0/23 202.5.177.0/24 202.5.190.0/24 203.56.81.0/24 203.86.208.0/21 203.86.219.0-203.86.223.255 IPv6: 2401:cf00::/32 2402:2b00::/32 Signature Algorithm: sha256WithRSAEncryption a2:3b:bb:9c:22:ef:bf:79:d5:36:2f:eb:f9:46:75:20:29:c8: 1b:5b:0d:f4:30:d0:7d:8b:b0:a2:f6:06:88:f3:4c:0c:f8:d3: a8:79:cd:11:67:b8:f6:54:80:ef:73:4b:1c:79:37:9b:e1:fa: f6:9d:de:95:6f:6b:73:11:ce:16:dc:7d:dd:1b:b3:ef:66:f9: 46:fe:7c:ed:d7:23:57:6a:d6:fc:9e:f0:b4:95:af:15:f6:15: 30:38:87:36:b8:a8:71:1f:49:34:f5:55:59:05:59:bb:dd:5a: 8e:7f:ed:ae:08:c8:56:43:ba:5e:24:96:63:5c:48:bf:1b:97: ce:95:7d:25:7d:98:ad:d9:73:79:0b:17:52:3f:ad:f1:99:e0: af:8e:ac:34:4b:a0:25:76:ad:ed:6f:e5:3d:dc:ee:62:51:34: fe:80:3a:00:64:61:3c:4d:99:1e:b9:18:01:fc:9e:0e:c5:eb: 8c:e3:9b:59:10:7b:ac:3b:54:a8:3a:dd:4a:54:72:2e:ad:42: 1b:eb:1c:66:46:15:41:d9:2e:a4:a3:e0:db:fd:e9:f3:86:97: bf:de:01:46:02:27:4c:75:e7:01:80:e8:a8:c9:79:bd:d4:75: bd:a0:c4:1d:cb:e1:46:38:9e:24:f3:18:c0:57:35:45:fa:46: 0d:8a:de:33 -----BEGIN CERTIFICATE----- MIIGfTCCBWWgAwIBAgIDAn7XMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5 MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4 QzkwN0FBNzlGMB4XDTI1MTIxNzA0MTIwN1oXDTI3MDEzMTAwMDAwMFowRjERMA8G A1UEAxMIQTkxQ0M3MTExMTAvBgNVBAUTKEU0MjlENDI5RTY2Qjc5N0IzRDhBMUNC RTI0OTE1NzdBREMzOEE0OEUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDEkp06tvxZUy8lb/cNYYxMy96+CXMVXqr+uSIe9Zk0eyAqRQ3l//AeUpAQ+n7K J8f/Gaq0vpuUYyiKEihpQ8bqrbPcZ5ZAJRtuied06AqFkwCQsx5c/ZmanwjJPsCF t8sfvEa1kYorM0cW3hjhlmhakY3RMBgzIsbkgrcExazlr7lKgI3QAOUnZP19Rfcw pNAU81FVQeQoFGZS8X02ti3HYYYBZfwdr7cjdE89Lq7fyt14Tj419xocMLABkGTm DngmJWg7k2djY1C4ncQ+bI0XmOx8Qfw/HTXR9LM36XtU3fb4KktTof3BVREKx4to y65D9ftzkRKfcJKH+5ju933vAgMBAAGjggNyMIIDbjAdBgNVHQ4EFgQU5CnUKeZr eXs9ihy+JJFXetw4pI4wHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2 NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1 OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0 RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5 MUNDNzExL0M3RDFCMDU0MUVFMzExRUY5MEQyMTIzNEM0RjlBRTAyLzB+BggrBgEF BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B OTFDQzcxMS9DN0QxQjA1NDFFRTMxMUVGOTBEMjEyMzRDNEY5QUUwMi81Q25VS2Va cmVYczlpaHktSkpGWGV0dzRwSTQubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQgBAf8EGDAW oBQwEgICRPsCAl/zAgMAlGECAwIEQDB1BggrBgEFBQcBBwEB/wRmMGQwTAQCAAEw RgMEAmcLoAMEAbbsdDAMAwQBygWiAwQAygWkAwQBygWoAwQAygWxAwQAygW+AwQA yzhRAwQDy1bQMAwDBADLVtsDBAXLVsAwFAQCAAIwDgMFACQBzwADBQAkAisAMA0G CSqGSIb3DQEBCwUAA4IBAQCiO7ucIu+/edU2L+v5RnUgKcgbWw30MNB9i7Ci9gaI 80wM+NOoec0RZ7j2VIDvc0sceTeb4fr2nd6Vb2tzEc4W3H3dG7PvZvlG/nzt1yNX atb8nvC0la8V9hUwOIc2uKhxH0k09VVZBVm73VqOf+2uCMhWQ7peJJZjXEi/G5fO lX0lfZit2XN5CxdSP63xmeCvjqw0S6Aldq3tb+U93O5iUTT+gDoAZGE8TZkeuRgB /J4OxeuM45tZEHusO1SoOt1KVHIurUIb6xxmRhVB2S6ko+Db/enzhpe/3gFGAidM decBgOioyXm91HW9oMQdy+FGOJ4k8xjAVzVF+kYNit4z -----END CERTIFICATE-----Generated at Fri Dec 19 17:47:11 2025 by rpki-client