$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/cb2e5a8c-21f1-4679-a372-617732fc3ea6.roa File: cb2e5a8c-21f1-4679-a372-617732fc3ea6.roa (raw, json) Hash identifier: Z9np75TZ9Xp1a9ECxf2+DE3mfvCD/7fxNnuBJSZrfSo= Subject key identifier: BE:E6:61:77:08:D8:C1:E5:5B:7A:00:60:D7:43:84:7A:81:09:F0:B2 Certificate issuer: /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D Certificate serial: 3B91B84AB006517AA0A13E1E5C8B6720426C490F Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/cb2e5a8c-21f1-4679-a372-617732fc3ea6.roa Signing time: Mon 10 Nov 2025 16:20:53 +0000 ROA not before: Mon 10 Nov 2025 16:20:53 +0000 ROA not after: Mon 15 Dec 2025 23:59:59 +0000 asID: 16509 IP address blocks: 43.250.192.0/22 maxlen: 24 Validation: OK Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/manifest.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Fri 21 Nov 2025 00:02:03 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 3b:91:b8:4a:b0:06:51:7a:a0:a1:3e:1e:5c:8b:67:20:42:6c:49:0f Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91609040001, serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D Validity Not Before: Nov 10 16:20:53 2025 GMT Not After : Dec 15 23:59:59 2025 GMT Subject: serialNumber=bcbf1ed963e43a4dc157aa98b262ab01b237cda0f67dbd893524a91a5f08d7dd, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:bf:bb:fc:e5:26:1e:80:a9:71:7b:10:06:18:70: dd:6c:28:d6:26:02:be:82:9e:19:b7:f5:96:84:dd: 67:da:88:71:14:e8:09:ba:a4:6a:f8:df:9b:7e:61: b9:15:5b:3a:b4:23:1f:9c:18:10:97:22:6d:a2:3e: 29:79:2b:92:09:cd:17:d3:0d:fd:f0:df:4a:84:c1: e8:6b:10:d4:b5:5b:79:54:54:81:c6:ec:05:2d:32: 75:b1:9b:b4:34:25:97:86:3d:a5:2c:1c:c6:8d:67: ef:a4:12:ff:e1:36:2b:65:4d:2c:26:c5:b0:2b:87: ad:17:51:1c:a7:f7:6d:3a:32:2b:1c:af:f4:db:53: f7:50:c5:ae:e2:aa:ff:8f:dd:75:b2:be:3e:d8:c6: 5b:a3:0c:c4:49:8d:08:91:64:3c:48:6f:0c:5a:4e: f9:4b:3a:29:92:a8:36:29:4a:6b:0a:25:ba:12:d3: d4:16:06:b3:69:cc:4c:ab:35:73:32:21:2f:88:2e: 6f:d4:c6:71:b5:9b:ab:ac:30:b3:63:4c:57:19:5f: f4:2c:02:eb:73:05:0a:4f:02:a8:2a:34:30:cf:4f: cc:d4:41:18:e9:96:5c:55:ea:43:28:19:9b:8e:b0: b1:ed:0a:d2:10:90:36:ea:e1:b9:e2:fc:ac:7d:d1: 26:51 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: BE:E6:61:77:08:D8:C1:E5:5B:7A:00:60:D7:43:84:7A:81:09:F0:B2 X509v3 Authority Key Identifier: keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer Subject Information Access: Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/cb2e5a8c-21f1-4679-a372-617732fc3ea6.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 43.250.192.0/22 Signature Algorithm: sha256WithRSAEncryption 92:e5:13:6a:61:18:6b:2e:26:e5:6c:62:14:15:b7:87:13:74: 90:2b:c3:43:39:e4:41:1c:f2:d8:d8:cb:dc:81:a8:28:ff:a7: f3:8b:83:f3:e3:ec:20:29:f9:88:76:00:f7:19:f4:9e:f8:33: bf:e8:e4:ac:94:fb:ca:aa:bd:96:85:27:a6:f7:b6:5d:26:0b: 9d:83:0c:5f:b3:69:0a:64:e8:35:bc:f9:3b:17:bd:d2:ad:8a: 22:4a:92:1e:fe:93:13:d2:30:b2:fe:85:ee:f4:03:c1:c4:70: c6:e2:ac:4b:d3:a4:3b:74:d7:00:ee:bd:d9:52:e3:8f:06:9b: 94:38:a4:56:27:f8:43:c9:14:8b:f5:85:58:2f:7c:7b:24:f6: 44:a2:36:1d:ba:53:1d:39:00:37:1c:02:fb:79:7a:34:4d:d8: a9:86:0b:89:1c:b5:ea:63:8a:09:f9:5f:8a:91:98:27:d0:20: 5c:09:a2:c6:81:9a:31:89:70:21:b8:1c:c3:a3:40:63:df:67: 1c:5b:59:b9:b2:ae:1a:bf:74:47:ac:c6:1b:49:f9:b6:09:ee: 9c:9c:e7:1a:95:a2:18:a9:1b:05:17:fd:91:72:a7:0e:a5:86: 0f:e5:87:b0:51:5e:4b:34:4f:67:99:e7:d4:38:14:d6:de:35: 9e:c2:8f:1c -----BEGIN CERTIFICATE----- MIIFnDCCBISgAwIBAgIUO5G4SrAGUXqgoT4eXItnIEJsSQ8wDQYJKoZIhvcNAQEL BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5 MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI1MTExMDE2MjA1M1oX DTI1MTIxNTIzNTk1OVowejFJMEcGA1UEBRNAYmNiZjFlZDk2M2U0M2E0ZGMxNTdh YTk4YjI2MmFiMDFiMjM3Y2RhMGY2N2RiZDg5MzUyNGE5MWE1ZjA4ZDdkZDEtMCsG A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7v85SYegKlxexAGGHDdbCjWJgK+ gp4Zt/WWhN1n2ohxFOgJuqRq+N+bfmG5FVs6tCMfnBgQlyJtoj4peSuSCc0X0w39 8N9KhMHoaxDUtVt5VFSBxuwFLTJ1sZu0NCWXhj2lLBzGjWfvpBL/4TYrZU0sJsWw K4etF1Ecp/dtOjIrHK/021P3UMWu4qr/j911sr4+2MZbowzESY0IkWQ8SG8MWk75 Szopkqg2KUprCiW6EtPUFgazacxMqzVzMiEviC5v1MZxtZurrDCzY0xXGV/0LALr cwUKTwKoKjQwz0/M1EEY6ZZcVepDKBmbjrCx7QrSEJA26uG54vysfdEmUQIDAQAB o4ICSDCCAkQwHQYDVR0OBBYEFL7mYXcI2MHlW3oAYNdDhHqBCfCyMB8GA1UdIwQY MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0 L2NiMmU1YThjLTIxZjEtNDY3OS1hMzcyLTYxNzczMmZjM2VhNi5yb2EwgZUGA1Ud HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2 Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM BAIAATAGAwQCK/rAMA0GCSqGSIb3DQEBCwUAA4IBAQCS5RNqYRhrLiblbGIUFbeH E3SQK8NDOeRBHPLY2Mvcgago/6fzi4Pz4+wgKfmIdgD3GfSe+DO/6OSslPvKqr2W hSem97ZdJgudgwxfs2kKZOg1vPk7F73SrYoiSpIe/pMT0jCy/oXu9APBxHDG4qxL 06Q7dNcA7r3ZUuOPBpuUOKRWJ/hDyRSL9YVYL3x7JPZEojYdulMdOQA3HAL7eXo0 TdiphguJHLXqY4oJ+V+KkZgn0CBcCaLGgZoxiXAhuBzDo0Bj32ccW1m5sq4av3RH rMYbSfm2Ce6cnOcalaIYqRsFF/2RcqcOpYYP5YewUV5LNE9nmefUOBTW3jWewo8c -----END CERTIFICATE-----Generated at Mon Nov 17 11:40:18 2025 by rpki-client