$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/2e40ee0b-9aa9-4919-a079-9712212e127c.roa File: 2e40ee0b-9aa9-4919-a079-9712212e127c.roa (raw, json) Hash identifier: wx0ljkavWBRQLEOnIMWtDDJWKm/xU4QEm1HNlHLbD3k= Subject key identifier: 80:FB:61:F0:5B:EA:E6:F9:AA:37:16:91:9A:0C:DA:89:54:FE:DA:40 Certificate issuer: /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7 Certificate serial: 0AFE2B9A722482EC1068264CF71CBEA42B7C9AF9 Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7 Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/2e40ee0b-9aa9-4919-a079-9712212e127c.roa Signing time: Wed 09 Jul 2025 00:00:08 +0000 ROA not before: Wed 09 Jul 2025 00:00:08 +0000 ROA not after: Wed 13 Aug 2025 23:59:59 +0000 asID: 16509 IP address blocks: 159.248.232.0/21 maxlen: 21 Validation: OK Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/manifest.mft rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Thu 24 Jul 2025 00:00:55 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 0a:fe:2b:9a:72:24:82:ec:10:68:26:4c:f7:1c:be:a4:2b:7c:9a:f9 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91F635F0000, serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7 Validity Not Before: Jul 9 00:00:08 2025 GMT Not After : Aug 13 23:59:59 2025 GMT Subject: serialNumber=331ba7ab085b28f2eec8c68b0a8146bbec11d7898e1a2819f8618e87b682a76c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a2:17:22:43:cf:6f:8b:58:9e:ec:81:91:4f:42: ec:71:b0:65:33:5b:dd:a9:10:e7:a0:cf:55:ba:7d: a7:0e:1b:1b:fd:cc:bf:60:56:4a:79:e1:81:52:9b: 34:b5:3c:39:99:c8:4a:b0:b1:1d:ed:4f:80:f5:40: 7f:b4:e2:0c:7c:3a:cb:f3:db:cc:31:1d:2a:c8:f3: 7d:24:d1:10:1f:01:aa:61:1b:7a:a7:fc:9c:17:0a: 04:5b:ea:fc:31:2a:43:65:0a:07:3c:f7:51:1f:67: 1e:bc:f2:a2:22:34:54:9a:72:eb:17:e2:23:4d:33: 5c:a2:06:8e:83:7d:4e:29:5e:6a:8d:32:a5:60:a0: 7d:58:1b:f0:97:70:54:92:04:c9:7e:c0:6f:fe:01: a2:cd:cb:9c:50:50:70:9b:f1:db:c8:77:9e:8f:5e: 6e:ba:00:5f:08:32:24:24:df:6f:a6:31:74:63:57: 7c:37:34:8c:0c:01:cc:f3:4f:55:b7:56:c8:f8:4e: 71:87:2a:95:dd:f9:4a:21:e9:a1:48:88:15:bd:7a: 42:44:8d:6d:26:61:53:96:a8:23:e3:d5:1d:53:49: 26:9d:19:42:6f:fc:c2:c9:fb:36:ff:0a:93:5a:83: 3f:67:6d:bc:c4:f0:9d:dd:9d:d9:98:54:2f:df:1e: 63:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 80:FB:61:F0:5B:EA:E6:F9:AA:37:16:91:9A:0C:DA:89:54:FE:DA:40 X509v3 Authority Key Identifier: keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer Subject Information Access: Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/2e40ee0b-9aa9-4919-a079-9712212e127c.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 159.248.232.0/21 Signature Algorithm: sha256WithRSAEncryption 2b:f0:2e:1a:7b:13:13:87:ba:8f:dc:9e:f3:3d:27:04:d9:1e: d7:43:91:da:ff:cf:7f:3a:68:d8:6f:f6:8e:d3:0f:d5:de:11: 1b:2b:f8:49:46:9a:ed:4e:f9:e9:bf:d1:dd:38:d0:63:0a:74: 72:5b:d9:37:b8:fd:ad:a7:84:bf:28:5a:f6:f4:b2:39:25:4b: 5a:df:b6:43:2a:32:f4:f0:0f:99:89:69:5d:2f:34:10:16:3d: 14:7c:d5:e0:46:52:6d:24:2a:8f:c2:22:0a:5e:f7:11:7f:b6: f0:d7:aa:6f:d3:15:46:ff:c2:3b:3c:5d:67:f6:80:23:5f:07: 15:83:ce:7b:1d:65:3a:84:f2:75:3d:74:1f:a0:26:b4:8f:d0: a1:07:05:ff:ca:d3:80:d2:9e:3c:ff:d8:c0:c6:ad:a9:75:88: f1:b8:fd:5f:f9:7b:2d:5f:cc:53:03:1f:4a:6f:ed:f3:8b:8e: d4:c7:c7:52:14:2c:c4:ee:a2:8e:6e:f7:66:ba:31:87:a1:81: 4e:7a:e9:cd:db:3f:25:00:ee:8b:0c:d1:fc:9c:61:30:c5:0f: 08:59:9e:17:1e:c7:45:a7:7e:95:7a:f3:5d:68:c4:40:35:80: 3f:a3:f2:34:5a:a7:22:93:c0:4f:10:ec:52:3b:28:6a:00:9d: 54:fa:1e:8e -----BEGIN CERTIFICATE----- MIIFnDCCBISgAwIBAgIUCv4rmnIkguwQaCZM9xy+pCt8mvkwDQYJKoZIhvcNAQEL BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI1MDcwOTAwMDAwOFoX DTI1MDgxMzIzNTk1OVowejFJMEcGA1UEBRNAMzMxYmE3YWIwODViMjhmMmVlYzhj NjhiMGE4MTQ2YmJlYzExZDc4OThlMWEyODE5Zjg2MThlODdiNjgyYTc2YzEtMCsG A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohciQ89vi1ie7IGRT0LscbBlM1vd qRDnoM9Vun2nDhsb/cy/YFZKeeGBUps0tTw5mchKsLEd7U+A9UB/tOIMfDrL89vM MR0qyPN9JNEQHwGqYRt6p/ycFwoEW+r8MSpDZQoHPPdRH2cevPKiIjRUmnLrF+Ij TTNcogaOg31OKV5qjTKlYKB9WBvwl3BUkgTJfsBv/gGizcucUFBwm/HbyHeej15u ugBfCDIkJN9vpjF0Y1d8NzSMDAHM809Vt1bI+E5xhyqV3flKIemhSIgVvXpCRI1t JmFTlqgj49UdU0kmnRlCb/zCyfs2/wqTWoM/Z228xPCd3Z3ZmFQv3x5jiwIDAQAB o4ICSDCCAkQwHQYDVR0OBBYEFID7YfBb6ub5qjcWkZoM2olU/tpAMB8GA1UdIwQY MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx LzJlNDBlZTBiLTlhYTktNDkxOS1hMDc5LTk3MTIyMTJlMTI3Yy5yb2EwgZUGA1Ud HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1 MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM BAIAATAGAwQDn/joMA0GCSqGSIb3DQEBCwUAA4IBAQAr8C4aexMTh7qP3J7zPScE 2R7XQ5Ha/89/OmjYb/aO0w/V3hEbK/hJRprtTvnpv9HdONBjCnRyW9k3uP2tp4S/ KFr29LI5JUta37ZDKjL08A+ZiWldLzQQFj0UfNXgRlJtJCqPwiIKXvcRf7bw16pv 0xVG/8I7PF1n9oAjXwcVg857HWU6hPJ1PXQfoCa0j9ChBwX/ytOA0p48/9jAxq2p dYjxuP1f+XstX8xTAx9Kb+3zi47Ux8dSFCzE7qKObvdmujGHoYFOeunN2z8lAO6L DNH8nGEwxQ8IWZ4XHsdFp36VevNdaMRANYA/o/I0Wqcik8BPEOxSOyhqAJ1U+h6O -----END CERTIFICATE-----Generated at Mon Jul 21 00:04:02 2025 by rpki-client