$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/5484d331-446c-4042-9500-dd3002e6a910.roa File: 5484d331-446c-4042-9500-dd3002e6a910.roa (raw, json) Hash identifier: 3+bUAx+asv+x+M1q+7dLlMCLtdkRJZXb5A4BLgZzsYY= Subject key identifier: A2:99:0D:9E:A7:50:7F:ED:99:D8:F6:43:E4:DA:B9:56:DA:7F:85:50 Certificate issuer: /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883 Certificate serial: 34ABE3553A0BDF046BE549C3EBEA22E3532F6856 Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83 Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/5484d331-446c-4042-9500-dd3002e6a910.roa Signing time: Sat 18 Oct 2025 00:00:22 +0000 ROA not before: Sat 18 Oct 2025 00:00:22 +0000 ROA not after: Sat 22 Nov 2025 23:59:59 +0000 asID: 16509 IP address blocks: 240f:8014:c00::/38 maxlen: 38 Validation: OK Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/manifest.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Fri 24 Oct 2025 00:01:11 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 34:ab:e3:55:3a:0b:df:04:6b:e5:49:c3:eb:ea:22:e3:53:2f:68:56 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883 Validity Not Before: Oct 18 00:00:22 2025 GMT Not After : Nov 22 23:59:59 2025 GMT Subject: serialNumber=fe0348b9b413d45cea9319754b496859a6f7cc204d0c6eb30d7a910a47260e5d, CN=4257e925-715f-47a2-893e-0e3f97ec7e22 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c4:2f:c7:98:cb:c1:0b:a0:45:16:ad:11:17:26: 97:c8:af:e3:ff:4c:ca:62:4e:c3:46:73:0d:ba:55: fe:0c:ec:20:65:fa:6d:7c:18:d9:e0:46:4e:ff:fa: 16:1c:12:7c:77:8b:6f:47:dd:d5:95:f6:1d:18:a3: c6:45:d9:87:6d:55:77:51:c0:e2:8b:23:17:36:5c: 2c:d3:64:99:78:a0:8e:c9:8a:cf:eb:a1:ae:6d:6c: 8b:ee:e4:00:ac:e5:8c:92:d0:1e:91:83:19:0c:ca: b3:ac:18:a8:c3:ea:d3:3b:87:85:13:15:fe:3e:67: 80:99:56:d9:6e:29:0c:5f:72:44:fa:67:b1:9b:74: 3b:08:a5:a7:9b:0b:f2:4a:43:36:de:83:24:6b:1e: 0f:07:e4:0a:22:fb:6f:a4:c8:f0:22:5d:fc:5e:0b: 46:74:c4:c9:dd:d0:03:19:01:94:3c:5f:8d:52:9a: 61:1a:14:70:50:9d:a1:f1:a1:c9:05:3d:2f:0e:ff: 3f:68:a4:00:e8:23:06:35:8d:59:5d:50:42:1b:9d: 4f:1c:e7:20:bf:1a:73:d9:64:52:c2:e9:ce:81:c1: 43:b1:1e:06:c4:38:3e:78:c1:b4:65:27:a7:7d:0f: f9:f3:41:20:8a:ad:95:9e:73:16:50:cd:21:ed:09: 47:ab Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: A2:99:0D:9E:A7:50:7F:ED:99:D8:F6:43:E4:DA:B9:56:DA:7F:85:50 X509v3 Authority Key Identifier: keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer Subject Information Access: Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/5484d331-446c-4042-9500-dd3002e6a910.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv6: 240f:8014:c00::/38 Signature Algorithm: sha256WithRSAEncryption 54:01:53:48:cd:4c:0d:08:06:ec:82:01:3e:77:66:09:78:65: ed:64:ee:1b:1e:3d:51:6b:6a:af:a4:57:05:f2:d4:cf:fa:64: 13:58:a8:ac:e5:70:8f:3d:20:06:af:f1:e1:a9:3c:b8:50:a2: 77:45:de:19:81:7e:2d:5a:37:3b:e6:0d:2c:f4:19:2d:8f:4e: 81:72:d9:fe:fe:6c:4f:26:59:e6:d4:63:4b:ec:b5:97:96:1b: 47:42:a9:99:03:14:53:60:24:31:fa:4e:c6:f7:fd:96:73:19: 55:fa:a0:e4:3b:2b:4a:0e:ec:91:0f:dd:7b:23:d0:c6:7d:d3: f4:23:85:66:82:54:95:62:8b:a7:06:f1:b2:7d:19:7d:30:1a: b3:55:7a:9c:6b:a7:5b:bf:bf:08:97:3b:c5:d5:ae:fc:d2:4b: 48:a0:fc:b1:5d:b1:e9:ae:2d:e9:3b:ff:2a:8d:35:9a:2e:24: 38:cc:3d:2d:fc:1a:dd:40:f3:ac:26:eb:cb:3b:5e:af:10:26: 05:49:8b:63:57:de:d7:77:89:d7:60:39:f7:93:57:c8:e8:7f: 28:15:a1:d8:9f:be:fe:0a:b3:92:91:32:21:94:29:00:98:bf: 8c:2c:01:01:07:38:b7:22:bd:bd:e7:a9:45:33:9c:a8:85:2a: 42:f0:2e:c3 -----BEGIN CERTIFICATE----- MIIFnjCCBIagAwIBAgIUNKvjVToL3wRr5UnD6+oi41MvaFYwDQYJKoZIhvcNAQEL BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MTAxODAwMDAyMloX DTI1MTEyMjIzNTk1OVowejFJMEcGA1UEBRNAZmUwMzQ4YjliNDEzZDQ1Y2VhOTMx OTc1NGI0OTY4NTlhNmY3Y2MyMDRkMGM2ZWIzMGQ3YTkxMGE0NzI2MGU1ZDEtMCsG A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxC/HmMvBC6BFFq0RFyaXyK/j/0zK Yk7DRnMNulX+DOwgZfptfBjZ4EZO//oWHBJ8d4tvR93VlfYdGKPGRdmHbVV3UcDi iyMXNlws02SZeKCOyYrP66GubWyL7uQArOWMktAekYMZDMqzrBiow+rTO4eFExX+ PmeAmVbZbikMX3JE+mexm3Q7CKWnmwvySkM23oMkax4PB+QKIvtvpMjwIl38XgtG dMTJ3dADGQGUPF+NUpphGhRwUJ2h8aHJBT0vDv8/aKQA6CMGNY1ZXVBCG51PHOcg vxpz2WRSwunOgcFDsR4GxDg+eMG0ZSenfQ/580Egiq2VnnMWUM0h7QlHqwIDAQAB o4ICSjCCAkYwHQYDVR0OBBYEFKKZDZ6nUH/tmdj2Q+TauVbaf4VQMB8GA1UdIwQY MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2 LzU0ODRkMzMxLTQ0NmMtNDA0Mi05NTAwLWRkMzAwMmU2YTkxMC5yb2EwgZUGA1Ud HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO BAIAAjAIAwYCJA+AFAwwDQYJKoZIhvcNAQELBQADggEBAFQBU0jNTA0IBuyCAT53 Zgl4Ze1k7hsePVFraq+kVwXy1M/6ZBNYqKzlcI89IAav8eGpPLhQondF3hmBfi1a NzvmDSz0GS2PToFy2f7+bE8mWebUY0vstZeWG0dCqZkDFFNgJDH6Tsb3/ZZzGVX6 oOQ7K0oO7JEP3Xsj0MZ90/QjhWaCVJVii6cG8bJ9GX0wGrNVepxrp1u/vwiXO8XV rvzSS0ig/LFdsemuLek7/yqNNZouJDjMPS38Gt1A86wm68s7Xq8QJgVJi2NX3td3 iddgOfeTV8jofygVodifvv4Ks5KRMiGUKQCYv4wsAQEHOLcivb3nqUUznKiFKkLw LsM= -----END CERTIFICATE-----Generated at Mon Oct 20 15:39:56 2025 by rpki-client