$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2309/cHRo-hr5vmKf2efQVzb9SlGhKUA.roa File: cHRo-hr5vmKf2efQVzb9SlGhKUA.roa (raw, json) Hash identifier: p4BukhfF7uVeCeNM7A4KiU5uirEPzlriOAbTujzkRV0= Subject key identifier: 70:74:68:FA:1A:F9:BE:62:9F:D9:E7:D0:57:36:FD:4A:51:A1:29:40 Certificate issuer: /CN=DC6892E3620DD0F1FD62982E118E29757DC8CB3D Certificate serial: 1652 Authority key identifier: DC:68:92:E3:62:0D:D0:F1:FD:62:98:2E:11:8E:29:75:7D:C8:CB:3D Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3GiS42IN0PH9YpguEY4pdX3Iyz0.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2309/cHRo-hr5vmKf2efQVzb9SlGhKUA.roa Signing time: Mon 23 Jun 2025 02:15:38 +0000 ROA not before: Mon 23 Jun 2025 02:15:38 +0000 ROA not after: Thu 09 Apr 2026 06:41:24 +0000 asID: 174 IP address blocks: 59.83.236.0/22 maxlen: 24 Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2309/3GiS42IN0PH9YpguEY4pdX3Iyz0.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2309/3GiS42IN0PH9YpguEY4pdX3Iyz0.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3GiS42IN0PH9YpguEY4pdX3Iyz0.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Tue 01 Jul 2025 14:14:28 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 5714 (0x1652) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=DC6892E3620DD0F1FD62982E118E29757DC8CB3D Validity Not Before: Jun 23 02:15:38 2025 GMT Not After : Apr 9 06:41:24 2026 GMT Subject: CN=707468FA1AF9BE629FD9E7D05736FD4A51A12940 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a3:44:9a:c5:d1:47:5f:cd:1c:e4:40:39:2f:38: d6:2c:ad:e2:a2:06:38:46:ea:b6:c9:37:07:12:5d: ce:59:7a:bc:fb:ce:b6:0d:18:e6:09:95:2a:3c:42: 68:db:e2:f0:01:9b:ae:a0:3f:2c:dc:9e:0a:ce:29: 1d:cc:a4:0c:99:52:e2:b9:35:a5:b6:fb:ac:c4:bc: da:a1:84:30:c2:fd:41:14:2c:fc:7a:56:42:d6:46: 8f:e2:19:cf:c5:32:0a:72:b6:90:7a:54:94:f0:b1: c5:88:5e:3e:5b:db:53:67:22:9c:64:97:72:96:aa: 02:96:e3:93:78:06:0f:94:07:3b:91:d7:73:2f:0a: 3d:09:fb:7d:30:2e:9f:d8:06:4a:ce:ad:a7:cd:0e: 1f:96:8b:40:8e:9a:32:d9:7f:6e:bd:9c:5e:1d:ee: 0f:a2:ef:6a:0f:3e:f9:b6:96:49:f3:b8:7a:05:e0: c8:69:3d:e2:fa:1e:15:04:f2:6a:73:e7:c6:ce:2a: a1:d6:4e:bb:7a:6f:9a:f0:63:8a:1d:53:7d:83:b4: 42:e1:8f:97:54:68:3e:04:e5:c4:ff:eb:ab:a8:5a: 97:31:47:b8:03:96:cc:15:f1:18:b4:bd:c4:84:3f: a6:bb:03:01:c0:a9:b1:c3:8c:0f:4f:fe:6f:97:d3: 4f:c9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 70:74:68:FA:1A:F9:BE:62:9F:D9:E7:D0:57:36:FD:4A:51:A1:29:40 X509v3 Authority Key Identifier: keyid:DC:68:92:E3:62:0D:D0:F1:FD:62:98:2E:11:8E:29:75:7D:C8:CB:3D X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2309/3GiS42IN0PH9YpguEY4pdX3Iyz0.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3GiS42IN0PH9YpguEY4pdX3Iyz0.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2309/cHRo-hr5vmKf2efQVzb9SlGhKUA.roa RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-ipAddrBlock: critical IPv4: 59.83.236.0/22 Signature Algorithm: sha256WithRSAEncryption 7b:37:b2:0d:13:bd:e7:47:76:4a:09:55:9f:be:0c:cd:db:60: f7:39:39:22:f6:15:92:4b:df:61:97:a6:8a:85:7f:95:dc:a5: 0f:0c:3c:f6:9a:db:4d:a5:02:8c:2b:8d:39:37:4e:f1:79:98: 64:5b:ed:8c:54:8b:d9:6f:34:b1:b4:2d:bc:c0:32:dd:84:8e: b8:32:52:66:47:53:a4:d8:10:e6:3e:2e:f9:75:76:c0:78:d2: 0f:cf:c1:e3:b3:a8:2a:c7:cb:4f:3b:c2:cb:c4:81:3c:80:00: 2d:cb:e5:16:75:ed:24:8b:d5:9d:47:5d:56:c3:eb:dc:ae:1a: eb:79:07:9b:32:df:6d:f3:74:62:77:f2:b3:a8:3e:f0:0f:e6: 0e:5e:e8:b5:bc:4b:55:62:eb:d4:05:9b:ba:a7:59:2c:46:db: 3b:50:1e:c8:00:ac:77:6c:91:33:0c:6b:5a:34:b5:36:55:8e: 7b:a7:fd:e5:af:0a:05:11:e3:00:4d:1c:f5:01:81:2f:85:7c: 74:75:19:8f:2c:a8:a9:02:a4:34:86:be:1c:7b:bc:33:ca:86: 63:67:49:e5:f6:21:8d:e9:63:56:49:03:1d:6d:e1:7d:7b:92: 7b:1a:f9:75:39:30:53:30:6d:2d:03:01:94:48:19:44:6b:0e: bd:b6:f1:a1 -----BEGIN CERTIFICATE----- MIIE1zCCA7+gAwIBAgICFlIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoREM2 ODkyRTM2MjBERDBGMUZENjI5ODJFMTE4RTI5NzU3REM4Q0IzRDAeFw0yNTA2MjMw MjE1MzhaFw0yNjA0MDkwNjQxMjRaMDMxMTAvBgNVBAMTKDcwNzQ2OEZBMUFGOUJF NjI5RkQ5RTdEMDU3MzZGRDRBNTFBMTI5NDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCjRJrF0UdfzRzkQDkvONYsreKiBjhG6rbJNwcSXc5Zerz7zrYN GOYJlSo8Qmjb4vABm66gPyzcngrOKR3MpAyZUuK5NaW2+6zEvNqhhDDC/UEULPx6 VkLWRo/iGc/FMgpytpB6VJTwscWIXj5b21NnIpxkl3KWqgKW45N4Bg+UBzuR13Mv Cj0J+30wLp/YBkrOrafNDh+Wi0COmjLZf269nF4d7g+i72oPPvm2lknzuHoF4Mhp PeL6HhUE8mpz58bOKqHWTrt6b5rwY4odU32DtELhj5dUaD4E5cT/66uoWpcxR7gD lswV8Ri0vcSEP6a7AwHAqbHDjA9P/m+X00/JAgMBAAGjggHzMIIB7zAdBgNVHQ4E FgQUcHRo+hr5vmKf2efQVzb9SlGhKUAwHwYDVR0jBBgwFoAU3GiS42IN0PH9Ypgu EY4pdX3Iyz0wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjMw OS8zR2lTNDJJTjBQSDlZcGd1RVk0cGRYM0l5ejAuY3JsMGMGCCsGAQUFBwEBBFcw VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF M0QwMDAwLzNHaVM0MklOMFBIOVlwZ3VFWTRwZFgzSXl6MC5jZXIwDgYDVR0PAQH/ BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzIzMDkvY0hSby1ocjV2bUtm MmVmUVZ6YjlTbEdoS1VBLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw BgMEAjtT7DANBgkqhkiG9w0BAQsFAAOCAQEAezeyDRO950d2SglVn74Mzdtg9zk5 IvYVkkvfYZemioV/ldylDww89prbTaUCjCuNOTdO8XmYZFvtjFSL2W80sbQtvMAy 3YSOuDJSZkdTpNgQ5j4u+XV2wHjSD8/B47OoKsfLTzvCy8SBPIAALcvlFnXtJIvV nUddVsPr3K4a63kHmzLfbfN0Ynfys6g+8A/mDl7otbxLVWLr1AWbuqdZLEbbO1Ae yACsd2yRMwxrWjS1NlWOe6f95a8KBRHjAE0c9QGBL4V8dHUZjyyoqQKkNIa+HHu8 M8qGY2dJ5fYhjeljVkkDHW3hfXuSexr5dTkwUzBtLQMBlEgZRGsOvbbxoQ== -----END CERTIFICATE-----Generated at Tue Jul 1 13:47:46 2025 by rpki-client