$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86af3d6b-7547-4abd-8e4b-90abce9de966.roa File: 86af3d6b-7547-4abd-8e4b-90abce9de966.roa (raw, json) Hash identifier: ZjhyiCGadq2v1C7RV7Asai0CGSt+FQ3tE1QXq46MfzE= Subject key identifier: BA:05:41:01:52:CA:47:44:44:7A:66:52:6D:A7:72:0C:19:03:62:13 Certificate issuer: /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37 Certificate serial: 481BEA17AE1BED2DA5F1FA7EAF04279B21953430 Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37 Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86af3d6b-7547-4abd-8e4b-90abce9de966.roa Signing time: Mon 10 Nov 2025 16:20:47 +0000 ROA not before: Mon 10 Nov 2025 16:20:47 +0000 ROA not after: Mon 15 Dec 2025 23:59:59 +0000 asID: 16509 IP address blocks: 2406:da1e:400::/38 maxlen: 38 Validation: OK Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dc5cb86a-b72d-4eca-b351-c500ace28c65.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Sat 22 Nov 2025 00:01:21 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 48:1b:ea:17:ae:1b:ed:2d:a5:f1:fa:7e:af:04:27:9b:21:95:34:30 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37 Validity Not Before: Nov 10 16:20:47 2025 GMT Not After : Dec 15 23:59:59 2025 GMT Subject: serialNumber=7c053e7374a0057eb6be1e46833474849eb51ad32c349b223f1292ca29e2de05, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c0:a2:d0:7c:eb:c8:d6:f4:e5:ac:80:c6:be:ce: fe:7c:90:47:47:90:76:ce:d1:49:83:98:b3:9a:30: f3:a6:79:74:74:81:1f:43:0e:de:dd:dc:48:b9:82: 90:79:34:1e:e7:00:36:42:11:fe:f3:dd:d2:0b:3a: 38:0b:1b:f5:66:06:19:70:a4:d5:e6:31:1a:f0:17: 0d:c9:4e:04:7f:2d:93:22:c3:99:ff:06:1d:05:15: aa:0d:8b:a4:c5:c1:65:b0:62:b6:6c:df:ab:6e:0c: d4:fd:f4:9b:4c:b0:c3:d4:14:dc:88:d2:0d:40:42: 5a:0e:38:28:05:e1:5a:91:44:3b:7f:b0:a1:fc:9b: 3e:f0:1d:6c:1c:7f:20:ed:b8:9a:ec:de:d8:fc:1f: f3:8a:61:23:91:24:6e:ce:97:81:74:fb:9d:3c:d8: e6:85:ee:64:01:17:63:aa:5d:d6:5e:92:f6:e1:d2: 45:6b:76:e7:a6:6c:e8:82:b6:06:8c:e6:e2:e2:37: 60:1e:b9:87:63:3e:8c:c8:81:79:61:fb:64:70:5d: 04:a5:11:7a:d2:48:ea:69:92:f2:01:15:4c:46:d9: 49:94:4a:cc:3a:e3:d6:71:b3:1c:b5:0e:f2:7e:ac: 3a:09:87:91:9a:f8:99:a2:37:a4:b8:10:48:27:ef: 04:6b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: BA:05:41:01:52:CA:47:44:44:7A:66:52:6D:A7:72:0C:19:03:62:13 X509v3 Authority Key Identifier: keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer Subject Information Access: Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86af3d6b-7547-4abd-8e4b-90abce9de966.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv6: 2406:da1e:400::/38 Signature Algorithm: sha256WithRSAEncryption 1e:b2:3c:1a:68:46:51:a7:03:30:52:bb:b5:cc:93:6e:f1:e3: b8:53:ba:89:08:20:2c:96:29:47:e0:c1:8d:0e:4a:00:14:4e: c0:6e:ee:2c:31:20:0e:e8:66:7a:58:79:1f:2d:c8:a1:f8:e7: 7c:4d:25:1a:eb:d3:82:99:d3:16:8f:75:86:5d:c4:de:c2:b2: e8:54:27:92:bc:63:d2:0a:49:ee:88:a5:c8:67:50:a9:64:bd: 5b:4d:e9:c0:f3:23:12:2e:4c:b9:fc:8f:69:53:99:58:12:25: 7d:9d:14:f0:82:f4:bb:50:dd:5c:e8:4b:1f:3d:63:9f:6a:2c: ff:0c:3a:39:a2:0a:0e:f6:3c:e1:ca:6b:0d:e6:a7:69:6e:69: c2:c1:be:16:1d:ee:24:11:d7:f6:e9:b2:ac:44:d6:89:0b:92: b3:e0:29:0f:95:24:0a:2d:23:de:3a:8e:36:03:dd:af:e5:d7: aa:04:af:cb:1e:5e:9b:cf:c6:1a:a5:1a:c7:71:13:99:9b:96: 8a:f3:e5:cc:0d:5e:f4:5a:a7:74:aa:de:51:6e:45:f9:95:d7: db:b6:8b:2e:0a:54:a6:ef:86:cf:30:cc:59:14:f1:59:6f:20: 65:f8:8a:ba:1c:80:fe:7c:23:4d:0c:cf:00:22:92:05:31:17: 5c:66:ee:90 -----BEGIN CERTIFICATE----- MIIFnjCCBIagAwIBAgIUSBvqF64b7S2l8fp+rwQnmyGVNDAwDQYJKoZIhvcNAQEL BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0 RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MTExMDE2MjA0N1oX DTI1MTIxNTIzNTk1OVowejFJMEcGA1UEBRNAN2MwNTNlNzM3NGEwMDU3ZWI2YmUx ZTQ2ODMzNDc0ODQ5ZWI1MWFkMzJjMzQ5YjIyM2YxMjkyY2EyOWUyZGUwNTEtMCsG A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKLQfOvI1vTlrIDGvs7+fJBHR5B2 ztFJg5izmjDzpnl0dIEfQw7e3dxIuYKQeTQe5wA2QhH+893SCzo4Cxv1ZgYZcKTV 5jEa8BcNyU4Efy2TIsOZ/wYdBRWqDYukxcFlsGK2bN+rbgzU/fSbTLDD1BTciNIN QEJaDjgoBeFakUQ7f7Ch/Js+8B1sHH8g7bia7N7Y/B/zimEjkSRuzpeBdPudPNjm he5kARdjql3WXpL24dJFa3bnpmzogrYGjObi4jdgHrmHYz6MyIF5YftkcF0EpRF6 0kjqaZLyARVMRtlJlErMOuPWcbMctQ7yfqw6CYeRmviZojekuBBIJ+8EawIDAQAB o4ICSjCCAkYwHQYDVR0OBBYEFLoFQQFSykdERHpmUm2ncgwZA2ITMB8GA1UdIwQY MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx Lzg2YWYzZDZiLTc1NDctNGFiZC04ZTRiLTkwYWJjZTlkZTk2Ni5yb2EwgZUGA1Ud HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1 MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO BAIAAjAIAwYCJAbaHgQwDQYJKoZIhvcNAQELBQADggEBAB6yPBpoRlGnAzBSu7XM k27x47hTuokIICyWKUfgwY0OSgAUTsBu7iwxIA7oZnpYeR8tyKH453xNJRrr04KZ 0xaPdYZdxN7CsuhUJ5K8Y9IKSe6IpchnUKlkvVtN6cDzIxIuTLn8j2lTmVgSJX2d FPCC9LtQ3VzoSx89Y59qLP8MOjmiCg72POHKaw3mp2luacLBvhYd7iQR1/bpsqxE 1okLkrPgKQ+VJAotI946jjYD3a/l16oEr8seXpvPxhqlGsdxE5mblorz5cwNXvRa p3Sq3lFuRfmV19u2iy4KVKbvhs8wzFkU8VlvIGX4irocgP58I00MzwAikgUxF1xm 7pA= -----END CERTIFICATE-----Generated at Tue Nov 18 10:39:49 2025 by rpki-client