$ rpki-client -vvf rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/1C628A90671411EEA0040661C4F9AE02.roa File: 1C628A90671411EEA0040661C4F9AE02.roa (raw, json) Hash identifier: CTvIhXrCtBos/LVoBMmH2P68ViNfFaDxoAYBDmOA96g= Subject key identifier: DA:FC:3C:C5:E8:9A:38:AA:0D:0C:6B:B2:5F:58:1C:39:EE:57:83:2A Certificate issuer: /CN=A91FDD4D/serialNumber=72AFBAEBC9ECDDA2EED2D49B13E6048EA3E41E60 Certificate serial: 217E Authority key identifier: 72:AF:BA:EB:C9:EC:DD:A2:EE:D2:D4:9B:13:E6:04:8E:A3:E4:1E:60 Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cq-668ns3aLu0tSbE-YEjqPkHmA.cer Subject info access: rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/1C628A90671411EEA0040661C4F9AE02.roa Signing time: Tue 04 Mar 2025 16:33:18 +0000 ROA not before: Tue 04 Mar 2025 16:33:18 +0000 ROA not after: Fri 01 May 2026 00:00:00 +0000 asID: 58511 IP address blocks: 43.225.32.0/22 maxlen: 22 103.29.174.0/23 maxlen: 23 103.29.174.0/24 maxlen: 24 103.227.66.0/24 maxlen: 24 103.247.0.0/22 maxlen: 24 163.47.48.0/22 maxlen: 24 2001:df0:27a::/48 maxlen: 48 2400:5240::/32 maxlen: 32 2400:8280::/32 maxlen: 48 Validation: OK Signature path: rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.crl rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cq-668ns3aLu0tSbE-YEjqPkHmA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Fri 11 Apr 2025 15:59:16 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 8574 (0x217e) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91FDD4D Validity Not Before: Mar 4 16:33:18 2025 GMT Not After : May 1 00:00:00 2026 GMT Subject: CN=67c72b4e-1a4f Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:cf:5e:f7:99:7f:1f:c4:db:e9:b6:22:82:74:f8: 3f:04:fc:65:88:f8:e2:f2:1a:13:c9:fb:b8:6e:af: 5c:99:d5:dd:1f:d0:33:f9:da:d1:19:79:57:03:aa: 78:e6:62:d3:92:ad:07:09:8e:cb:f5:45:20:49:7f: a5:9d:9c:37:a4:97:00:e7:7b:28:60:45:5a:69:c2: 4c:7f:b4:f7:3a:57:4d:34:b7:32:05:e0:af:85:b8: 8f:11:f6:dc:df:4f:61:06:91:ec:6e:7d:6c:d9:11: 51:e7:4d:73:b0:5e:a9:e7:67:e9:8d:d9:6e:d7:d0: 4e:b6:3a:45:17:3d:14:ca:d9:f9:b4:0c:62:fd:43: fd:83:d1:52:ad:d9:3b:ef:24:8a:5e:7a:d3:88:fd: 8c:bd:d6:27:4d:69:10:ad:ae:75:58:a2:8f:95:02: 95:43:a7:1a:36:2e:70:2b:34:1a:bf:e5:fa:bc:28: df:5b:d3:9a:b3:24:88:7d:22:d3:5d:bf:8a:78:c7: 8c:ce:bf:e0:79:1e:57:16:72:be:31:2a:39:89:59: d2:12:f0:8c:d0:94:da:28:b9:96:c1:e4:dc:2f:a2: de:1d:69:a6:da:80:9f:ec:a6:ce:77:1d:57:56:5f: 30:00:6a:77:b6:29:ae:2d:ca:86:d3:4f:e7:dc:f8: d6:0f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: DA:FC:3C:C5:E8:9A:38:AA:0D:0C:6B:B2:5F:58:1C:39:EE:57:83:2A X509v3 Authority Key Identifier: keyid:72:AF:BA:EB:C9:EC:DD:A2:EE:D2:D4:9B:13:E6:04:8E:A3:E4:1E:60 X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cq-668ns3aLu0tSbE-YEjqPkHmA.cer X509v3 Certificate Policies: critical Policy: ipAddr-asNumber CPS: https://www.apnic.net/RPKI/CPS.pdf Subject Information Access: Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/1C628A90671411EEA0040661C4F9AE02.roa RPKI Notify - URI:https://rrdp.apnic.net/notification.xml sbgp-ipAddrBlock: critical IPv4: 43.225.32.0/22 103.29.174.0/23 103.227.66.0/24 103.247.0.0/22 163.47.48.0/22 IPv6: 2001:df0:27a::/48 2400:5240::/32 2400:8280::/32 Signature Algorithm: sha256WithRSAEncryption 90:b7:96:82:dd:4f:39:87:bc:98:02:75:6d:bc:5a:a7:dc:08: ca:aa:22:d9:75:57:56:a6:3f:57:e5:b3:84:98:f9:0d:46:d6: fa:98:73:4e:b8:77:f0:f8:9c:92:94:94:dc:cb:a4:37:b4:cc: 0d:00:d2:0f:6d:f2:38:a3:6a:07:b2:7c:65:15:71:00:69:be: 53:2f:ab:30:a7:9a:94:1b:5a:d7:33:ba:24:82:6e:99:18:9e: ad:7f:5c:e7:da:c3:fe:b1:8e:8f:30:4b:92:6c:ec:f4:66:a1: 57:a2:5b:e5:68:66:00:9f:d5:cb:83:57:b8:18:b9:2e:ff:49: 1f:dc:a3:ce:d3:08:31:ed:98:1c:cd:2d:c9:11:4e:cd:43:32: 38:53:7f:5b:90:fb:7d:1f:4e:e0:b2:0c:1c:34:8d:ee:1a:3c: 49:aa:e0:cf:14:8c:77:6e:07:5f:b9:44:b9:a9:9b:19:4f:21: 71:52:99:99:09:74:84:76:cd:bd:9d:91:8d:09:bc:8d:6f:ce: 56:0d:05:77:e1:5e:7d:1f:3d:30:e7:a7:21:5f:c4:36:05:89: 9f:2d:d8:97:ed:f4:35:f4:77:40:1a:80:c5:a9:38:19:a8:4c: fe:e7:da:ae:59:9d:4a:72:42:b3:1e:3c:6d:12:57:24:5d:58: e2:0d:0c:fd -----BEGIN CERTIFICATE----- MIIFqDCCBJCgAwIBAgICIX4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx RkRENEQxMTAvBgNVBAUTKDcyQUZCQUVCQzlFQ0REQTJFRUQyRDQ5QjEzRTYwNDhF QTNFNDFFNjAwHhcNMjUwMzA0MTYzMzE4WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD VQQDEw02N2M3MmI0ZS0xYTRmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAz173mX8fxNvptiKCdPg/BPxliPji8hoTyfu4bq9cmdXdH9Az+drRGXlXA6p4 5mLTkq0HCY7L9UUgSX+lnZw3pJcA53soYEVaacJMf7T3OldNNLcyBeCvhbiPEfbc 309hBpHsbn1s2RFR501zsF6p52fpjdlu19BOtjpFFz0Uytn5tAxi/UP9g9FSrdk7 7ySKXnrTiP2MvdYnTWkQra51WKKPlQKVQ6caNi5wKzQav+X6vCjfW9OasySIfSLT Xb+KeMeMzr/geR5XFnK+MSo5iVnSEvCM0JTaKLmWweTcL6LeHWmm2oCf7KbOdx1X Vl8wAGp3timuLcqG00/n3PjWDwIDAQABo4ICzDCCAsgwHQYDVR0OBBYEFNr8PMXo mjiqDQxrsl9YHDnuV4MqMB8GA1UdIwQYMBaAFHKvuuvJ7N2i7tLUmxPmBI6j5B5g MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGREQ0RC9CQUUxMDhDNEVB NjAxMUU1ODgxNTc3MENDNEY5QUUwMi9jcS02NjhuczNhTHUwdFNiRS1ZRWpxUGtI bUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy RkQxRkYyL2NxLTY2OG5zM2FMdTB0U2JFLVlFanFQa0htQS5jZXIwSgYDVR0gAQH/ BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx RkRENEQvQkFFMTA4QzRFQTYwMTFFNTg4MTU3NzBDQzRGOUFFMDIvMUM2MjhBOTA2 NzE0MTFFRUEwMDQwNjYxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVgYIKwYBBQUHAQcBAf8E RzBFMCQEAgABMB4DBAIr4SADBAFnHa4DBABn40IDBAJn9wADBAKjLzAwHQQCAAIw FwMHACABDfACegMFACQAUkADBQAkAIKAMA0GCSqGSIb3DQEBCwUAA4IBAQCQt5aC 3U85h7yYAnVtvFqn3AjKqiLZdVdWpj9X5bOEmPkNRtb6mHNOuHfw+JySlJTcy6Q3 tMwNANIPbfI4o2oHsnxlFXEAab5TL6swp5qUG1rXM7okgm6ZGJ6tf1zn2sP+sY6P MEuSbOz0ZqFXolvlaGYAn9XLg1e4GLku/0kf3KPO0wgx7ZgczS3JEU7NQzI4U39b kPt9H07gsgwcNI3uGjxJquDPFIx3bgdfuUS5qZsZTyFxUpmZCXSEds29nZGNCbyN b85WDQV34V59Hz0w56chX8Q2BYmfLdiX7fQ19HdAGoDFqTgZqEz+59quWZ1KckKz HjxtElckXVjiDQz9 -----END CERTIFICATE-----Generated at Sun Apr 6 06:42:35 2025 by rpki-client