$ rpki-client -vvf rpki.apnic.net/member_repository/A91151C9/C300C2CEC6FA11E7AAABCC0BC4F9AE02/A652A68C3DB911EFACDF8C75C4F9AE02.roa File: A652A68C3DB911EFACDF8C75C4F9AE02.roa (raw, json) Hash identifier: EjdNTbAyftBJxtIBKhAk8tku0Xw6VBdJSMgPHoN2SG0= Subject key identifier: 6E:DC:B6:5F:86:D1:62:45:83:64:E2:DB:1F:F9:9D:AF:5F:BD:38:BE Certificate issuer: /CN=A91151C9/serialNumber=875F40021C6D43B04EFE894A7FC15CC4F6ED89BA Certificate serial: 17D4 Authority key identifier: 87:5F:40:02:1C:6D:43:B0:4E:FE:89:4A:7F:C1:5C:C4:F6:ED:89:BA Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/h19AAhxtQ7BO_olKf8FcxPbtibo.cer Subject info access: rsync://rpki.apnic.net/member_repository/A91151C9/C300C2CEC6FA11E7AAABCC0BC4F9AE02/A652A68C3DB911EFACDF8C75C4F9AE02.roa Signing time: Tue 06 May 2025 16:54:55 +0000 ROA not before: Tue 06 May 2025 16:54:55 +0000 ROA not after: Wed 01 Jul 2026 00:00:00 +0000 asID: 64096 IP address blocks: 43.228.180.0/22 maxlen: 22 43.228.180.0/24 maxlen: 24 43.228.181.0/24 maxlen: 24 43.228.182.0/23 maxlen: 24 103.47.200.0/22 maxlen: 24 103.103.176.0/22 maxlen: 22 103.103.176.0/23 maxlen: 24 103.103.178.0/24 maxlen: 24 103.103.179.0/24 maxlen: 24 103.212.56.0/22 maxlen: 22 103.212.56.0/24 maxlen: 24 103.212.57.0/24 maxlen: 24 103.212.58.0/23 maxlen: 24 116.206.0.0/22 maxlen: 22 116.206.0.0/24 maxlen: 24 116.206.1.0/24 maxlen: 24 116.206.2.0/23 maxlen: 24 2404:ff80::/32 maxlen: 32 2404:ff80:100::/48 maxlen: 48 2404:ff80:101::/48 maxlen: 48 2404:ff80:1001::/48 maxlen: 48 2404:ff80:c000::/34 maxlen: 34 2404:ff80:ffe0::/44 maxlen: 48 2404:ff80:fff0::/44 maxlen: 48 Validation: OK Signature path: rsync://rpki.apnic.net/member_repository/A91151C9/C300C2CEC6FA11E7AAABCC0BC4F9AE02/h19AAhxtQ7BO_olKf8FcxPbtibo.crl rsync://rpki.apnic.net/member_repository/A91151C9/C300C2CEC6FA11E7AAABCC0BC4F9AE02/h19AAhxtQ7BO_olKf8FcxPbtibo.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/h19AAhxtQ7BO_olKf8FcxPbtibo.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Tue 11 Nov 2025 16:38:19 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 6100 (0x17d4) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91151C9, serialNumber=875F40021C6D43B04EFE894A7FC15CC4F6ED89BA Validity Not Before: May 6 16:54:55 2025 GMT Not After : Jul 1 00:00:00 2026 GMT Subject: CN=681a3edf-6de3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b4:72:db:af:51:bd:45:a8:75:fc:e0:73:82:33: 0e:86:e3:a1:71:a2:92:05:24:4a:ab:04:41:1c:36: b2:dd:63:f4:d2:a4:c0:e2:ae:cc:0b:1e:1d:28:b4: e4:c8:e4:7f:3f:0a:35:84:7f:74:18:e1:26:89:10: e1:31:34:27:e7:5d:28:5b:4d:2f:98:f3:da:a2:84: 32:24:a7:7a:89:96:be:fc:02:40:93:cf:47:44:6f: b4:b7:f0:2a:9d:65:ee:1f:6c:bf:73:9c:57:e4:cf: 05:a0:4c:d6:8b:a6:ae:e3:52:47:91:0f:28:56:45: 80:d4:3b:20:c6:1b:f4:9b:6e:a3:f5:48:fd:45:d1: a5:fb:f6:04:00:a8:b6:79:03:09:e7:9c:cc:27:32: 2b:dd:e6:ff:06:15:6b:73:de:24:ed:11:ff:fa:d0: ea:17:4d:01:dc:0d:97:0b:98:37:3f:45:ba:cd:0b: 6e:be:73:8f:24:58:90:cb:b9:70:63:7f:c3:0a:f9: e1:2a:c2:4a:4c:49:20:5b:4c:e5:c1:ec:c9:4f:ca: 38:67:ac:42:3e:f5:cf:4e:fc:c7:d0:23:51:87:8e: 65:00:6f:eb:73:2a:67:30:c6:c7:8b:ef:6c:3a:bf: 24:18:e5:28:48:d1:df:c9:c6:73:05:f7:64:ec:21: f9:bb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 6E:DC:B6:5F:86:D1:62:45:83:64:E2:DB:1F:F9:9D:AF:5F:BD:38:BE X509v3 Authority Key Identifier: keyid:87:5F:40:02:1C:6D:43:B0:4E:FE:89:4A:7F:C1:5C:C4:F6:ED:89:BA X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.apnic.net/member_repository/A91151C9/C300C2CEC6FA11E7AAABCC0BC4F9AE02/h19AAhxtQ7BO_olKf8FcxPbtibo.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/h19AAhxtQ7BO_olKf8FcxPbtibo.cer X509v3 Certificate Policies: critical Policy: ipAddr-asNumber CPS: https://www.apnic.net/RPKI/CPS.pdf Subject Information Access: Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91151C9/C300C2CEC6FA11E7AAABCC0BC4F9AE02/A652A68C3DB911EFACDF8C75C4F9AE02.roa RPKI Notify - URI:https://rrdp.apnic.net/notification.xml sbgp-ipAddrBlock: critical IPv4: 43.228.180.0/22 103.47.200.0/22 103.103.176.0/22 103.212.56.0/22 116.206.0.0/22 IPv6: 2404:ff80::/32 Signature Algorithm: sha256WithRSAEncryption 3d:70:6b:b7:ca:f0:92:26:2d:0b:af:d5:f6:78:77:29:97:cb: 25:3b:87:a4:50:8e:66:fb:5b:1d:35:44:99:8e:ab:95:78:2a: c3:06:78:e2:36:98:bc:44:90:4a:7b:93:92:79:06:76:b2:9f: 0b:f4:a0:92:fe:d1:39:06:e4:0c:7f:94:2d:64:6c:80:5f:27: f1:29:9e:05:7e:28:32:de:0a:10:0e:b7:aa:30:8b:05:5f:29: f9:68:79:b0:49:10:95:98:bc:4d:45:1f:3f:e7:b2:14:6a:17: ed:b8:db:bc:fb:aa:d1:28:ec:8f:aa:bc:33:ee:80:0e:94:21: dc:47:3f:97:0d:78:0f:9e:26:c7:9d:18:d0:e7:8d:45:47:e1: cb:33:3c:84:ab:49:0b:7f:58:6a:82:b0:a6:79:8f:79:40:61: 34:7c:8f:b9:f1:5b:8c:e4:bc:29:40:e2:1a:83:d9:ab:ba:75: 6e:f9:19:7f:ba:57:2c:e7:33:d6:7b:bf:60:4e:4e:59:59:a3: cd:bf:40:ac:79:87:60:e8:fd:ee:0d:45:17:20:23:62:fe:85: 20:e7:9a:10:bb:d5:55:42:c3:b8:68:85:7b:d0:dd:83:98:47: c2:9f:f3:d3:6f:58:6d:8c:88:8e:30:71:aa:09:2a:52:7d:11: 5c:7d:c0:d1 -----BEGIN CERTIFICATE----- MIIFmDCCBICgAwIBAgICF9QwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx MTUxQzkxMTAvBgNVBAUTKDg3NUY0MDAyMUM2RDQzQjA0RUZFODk0QTdGQzE1Q0M0 RjZFRDg5QkEwHhcNMjUwNTA2MTY1NDU1WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD VQQDEw02ODFhM2VkZi02ZGUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAtHLbr1G9Rah1/OBzgjMOhuOhcaKSBSRKqwRBHDay3WP00qTA4q7MCx4dKLTk yOR/Pwo1hH90GOEmiRDhMTQn510oW00vmPPaooQyJKd6iZa+/AJAk89HRG+0t/Aq nWXuH2y/c5xX5M8FoEzWi6au41JHkQ8oVkWA1Dsgxhv0m26j9Uj9RdGl+/YEAKi2 eQMJ55zMJzIr3eb/BhVrc94k7RH/+tDqF00B3A2XC5g3P0W6zQtuvnOPJFiQy7lw Y3/DCvnhKsJKTEkgW0zlwezJT8o4Z6xCPvXPTvzH0CNRh45lAG/rcypnMMbHi+9s Or8kGOUoSNHfycZzBfdk7CH5uwIDAQABo4ICvDCCArgwHQYDVR0OBBYEFG7ctl+G 0WJFg2Ti2x/5na9fvTi+MB8GA1UdIwQYMBaAFIdfQAIcbUOwTv6JSn/BXMT27Ym6 MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExNTFDOS9DMzAwQzJDRUM2 RkExMUU3QUFBQkNDMEJDNEY5QUUwMi9oMTlBQWh4dFE3Qk9fb2xLZjhGY3hQYnRp Ym8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy RkQxRkYyL2gxOUFBaHh0UTdCT19vbEtmOEZjeFBidGliby5jZXIwSgYDVR0gAQH/ BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx MTUxQzkvQzMwMEMyQ0VDNkZBMTFFN0FBQUJDQzBCQzRGOUFFMDIvQTY1MkE2OEMz REI5MTFFRkFDREY4Qzc1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E NzA1MCQEAgABMB4DBAIr5LQDBAJnL8gDBAJnZ7ADBAJn1DgDBAJ0zgAwDQQCAAIw BwMFACQE/4AwDQYJKoZIhvcNAQELBQADggEBAD1wa7fK8JImLQuv1fZ4dymXyyU7 h6RQjmb7Wx01RJmOq5V4KsMGeOI2mLxEkEp7k5J5Bnaynwv0oJL+0TkG5Ax/lC1k bIBfJ/EpngV+KDLeChAOt6owiwVfKfloebBJEJWYvE1FHz/nshRqF+2427z7qtEo 7I+qvDPugA6UIdxHP5cNeA+eJsedGNDnjUVH4cszPISrSQt/WGqCsKZ5j3lAYTR8 j7nxW4zkvClA4hqD2au6dW75GX+6VyznM9Z7v2BOTllZo82/QKx5h2Do/e4NRRcg I2L+hSDnmhC71VVCw7hohXvQ3YOYR8Kf89NvWG2MiI4wcaoJKlJ9EVx9wNE= -----END CERTIFICATE-----Generated at Wed Nov 5 16:38:39 2025 by rpki-client