Certificate
$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1055390775090675715/1/89EA1A4A8D747274C368553DCBDC64DF11309CAC.cer
File: 89EA1A4A8D747274C368553DCBDC64DF11309CAC.cer (raw, json)
Hash identifier: F1FDfT3vDTttrcSHjGl+70YNRcvp3R7X19JaMxTMHnQ=
Subject key identifier: 89:EA:1A:4A:8D:74:72:74:C3:68:55:3D:CB:DC:64:DF:11:30:9C:AC
Authority key identifier: A5:6E:87:2A:40:3E:7B:9C:EB:94:31:A0:8F:54:04:01:D2:FB:D7:10
Certificate issuer: /CN=A9162E3D0001/serialNumber=A56E872A403E7B9CEB9431A08F540401D2FBD710
Certificate serial: 6F29E8965FDA814CD46028FB60747FBE3755D308
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pW6HKkA-e5zrlDGgj1QEAdL71xA.cer
Manifest: rsync://rpki-rps.cnnic.cn/repo/A1091985366321201154/0/89EA1A4A8D747274C368553DCBDC64DF11309CAC.mft
caRepository: rsync://rpki-rps.cnnic.cn/repo/A1091985366321201154/0/
Notify URL: https://rrdp-rps.cnnic.cn/rrdp/notification.xml
Certificate not before: Wed 08 Apr 2026 03:10:38 +0000
Certificate not after: Wed 07 Apr 2027 03:15:38 +0000
Subordinate resources: IP: 43.226.32.0/20
IP: 43.226.50.0/23
IP: 43.226.53.0 -- 43.226.54.255
IP: 43.226.64.0/21
IP: 43.226.76.0/23
IP: 43.226.144.0/20
IP: 43.227.64.0/22
IP: 43.227.72.0/21
IP: 103.39.208.0 -- 103.39.235.255
IP: 103.40.240.0/20
IP: 103.44.236.0 -- 103.45.63.255
IP: 103.45.96.0/19
IP: 103.45.172.0 -- 103.45.191.255
IP: 103.45.248.0/22
Validation: OK
Signature path: rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.crl
rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pW6HKkA-e5zrlDGgj1QEAdL71xA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 14 Apr 2026 12:10:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6f:29:e8:96:5f:da:81:4c:d4:60:28:fb:60:74:7f:be:37:55:d3:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9162E3D0001, serialNumber=A56E872A403E7B9CEB9431A08F540401D2FBD710
Validity
Not Before: Apr 8 03:10:38 2026 GMT
Not After : Apr 7 03:15:38 2027 GMT
Subject: CN=89EA1A4A8D747274C368553DCBDC64DF11309CAC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:5c:e6:f7:1d:27:5d:4d:68:06:6d:6c:7d:69:
7a:52:92:6a:47:63:30:d6:92:5a:f6:cf:c2:4f:5e:
ec:d1:9c:cf:23:08:24:f6:7a:10:18:6f:d4:ff:97:
6c:f6:4e:5b:3d:26:92:fb:af:70:5b:05:4d:5d:cf:
47:a4:d5:1f:d0:1d:7d:a0:f7:54:7d:3c:c8:14:97:
19:f5:33:0a:99:af:b3:c8:5f:35:cd:d9:fb:5b:a2:
65:df:e1:42:02:39:a0:4a:fc:4d:6e:83:17:1c:52:
75:08:2b:9c:f9:0c:61:c3:35:fd:e4:50:42:0a:dc:
98:d5:1b:4f:bb:a7:14:2f:16:c5:bc:10:fa:b9:42:
3e:56:59:4c:f6:0c:60:03:45:50:e0:66:60:a8:05:
6e:78:84:78:26:2a:68:f5:31:16:d3:d0:76:96:78:
29:aa:a1:62:a6:34:e2:19:ce:07:da:5c:c4:01:73:
f2:89:51:3e:47:71:22:c2:fa:32:c8:5b:6f:56:c1:
56:44:0e:7c:fb:74:a0:36:5d:5f:14:a6:51:3c:dd:
30:89:e9:a8:97:59:66:6f:1d:f6:de:15:01:cb:8b:
09:7d:a2:d9:33:28:b5:d6:f3:06:43:e3:d4:55:f0:
d5:51:e6:7a:cd:af:d6:4d:81:eb:95:61:4b:ec:cc:
aa:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
89:EA:1A:4A:8D:74:72:74:C3:68:55:3D:CB:DC:64:DF:11:30:9C:AC
X509v3 Authority Key Identifier:
keyid:A5:6E:87:2A:40:3E:7B:9C:EB:94:31:A0:8F:54:04:01:D2:FB:D7:10
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pW6HKkA-e5zrlDGgj1QEAdL71xA.cer
Subject Information Access:
CA Repository - URI:rsync://rpki-rps.cnnic.cn/repo/A1091985366321201154/0/
RPKI Manifest - URI:rsync://rpki-rps.cnnic.cn/repo/A1091985366321201154/0/89EA1A4A8D747274C368553DCBDC64DF11309CAC.mft
RPKI Notify - URI:https://rrdp-rps.cnnic.cn/rrdp/notification.xml
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
43.226.32.0/20
43.226.50.0/23
43.226.53.0-43.226.54.255
43.226.64.0/21
43.226.76.0/23
43.226.144.0/20
43.227.64.0/22
43.227.72.0/21
103.39.208.0-103.39.235.255
103.40.240.0/20
103.44.236.0-103.45.63.255
103.45.96.0/19
103.45.172.0-103.45.191.255
103.45.248.0/22
Signature Algorithm: sha256WithRSAEncryption
67:7c:3a:c3:f6:6a:7b:d1:9b:b9:9e:c8:7f:c7:95:d1:74:15:
32:e7:0c:66:01:7c:f0:5a:8a:6c:33:ea:42:78:62:01:7f:5b:
42:9c:c8:94:bc:8e:05:c1:f9:e5:26:50:1e:74:ba:33:cd:fe:
83:5d:57:71:ed:70:b7:55:4b:39:62:29:42:fa:79:af:c2:d9:
48:46:b8:ab:c3:e2:a4:0d:02:bc:e3:db:e4:97:e4:4f:a3:d2:
d9:11:de:12:54:94:24:46:74:37:8b:e1:4c:3d:66:fb:cf:85:
b6:1c:84:5d:0e:83:13:9f:d7:23:f5:90:55:3b:e8:10:46:13:
e5:07:e8:cd:ed:84:a1:95:f3:34:7c:2d:c2:2f:26:55:ec:ed:
bd:bb:47:16:53:9e:39:5a:35:18:ec:c4:1c:2f:4b:f4:b6:19:
e7:87:93:2e:34:58:e8:d2:9c:3e:b2:92:ff:65:21:53:43:8c:
2b:70:20:2e:a6:c6:ea:9c:a8:fb:3e:bf:fe:5e:6c:1e:98:58:
88:77:74:f7:86:64:8b:83:0b:6d:27:5e:70:39:47:2d:29:6d:
62:4b:b5:af:9d:c4:9a:aa:f9:7f:71:15:60:b3:5a:31:bb:dd:
9d:d0:7b:a4:f0:0a:ea:50:5a:67:e0:bc:f2:ae:ae:b6:6c:a4:
f7:40:14:3f
-----BEGIN CERTIFICATE-----
MIIGFjCCBP6gAwIBAgIUbynoll/agUzUYCj7YHR/vjdV0wgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjJFM0QwMDAxMTEwLwYDVQQFEyhBNTZFODcyQTQw
M0U3QjlDRUI5NDMxQTA4RjU0MDQwMUQyRkJENzEwMB4XDTI2MDQwODAzMTAzOFoX
DTI3MDQwNzAzMTUzOFowMzExMC8GA1UEAxMoODlFQTFBNEE4RDc0NzI3NEMzNjg1
NTNEQ0JEQzY0REYxMTMwOUNBQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALVc5vcdJ11NaAZtbH1pelKSakdjMNaSWvbPwk9e7NGczyMIJPZ6EBhv1P+X
bPZOWz0mkvuvcFsFTV3PR6TVH9AdfaD3VH08yBSXGfUzCpmvs8hfNc3Z+1uiZd/h
QgI5oEr8TW6DFxxSdQgrnPkMYcM1/eRQQgrcmNUbT7unFC8WxbwQ+rlCPlZZTPYM
YANFUOBmYKgFbniEeCYqaPUxFtPQdpZ4KaqhYqY04hnOB9pcxAFz8olRPkdxIsL6
Mshbb1bBVkQOfPt0oDZdXxSmUTzdMInpqJdZZm8d9t4VAcuLCX2i2TMotdbzBkPj
1FXw1VHmes2v1k2B65VhS+zMqiECAwEAAaOCAwkwggMFMA8GA1UdEwEB/wQFMAMB
Af8wHQYDVR0OBBYEFInqGkqNdHJ0w2hVPcvcZN8RMJysMB8GA1UdIwQYMBaAFKVu
hypAPnuc65QxoI9UBAHS+9cQMA4GA1UdDwEB/wQEAwIBBjBzBgNVHR8EbDBqMGig
ZqBkhmJyc3luYzovL3Jwa2ktcnBzLmNubmljLmNuL3JlcG8vQTEwNTUzOTA3NzUw
OTA2NzU3MTUvMS9BNTZFODcyQTQwM0U3QjlDRUI5NDMxQTA4RjU0MDQwMUQyRkJE
NzEwLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9wVzZIS2tBLWU1enJsREdnajFRRUFkTDcxeEEuY2VyMIIBAQYIKwYB
BQUHAQsEgfQwgfEwQgYIKwYBBQUHMAWGNnJzeW5jOi8vcnBraS1ycHMuY25uaWMu
Y24vcmVwby9BMTA5MTk4NTM2NjMyMTIwMTE1NC8wLzBuBggrBgEFBQcwCoZicnN5
bmM6Ly9ycGtpLXJwcy5jbm5pYy5jbi9yZXBvL0ExMDkxOTg1MzY2MzIxMjAxMTU0
LzAvODlFQTFBNEE4RDc0NzI3NEMzNjg1NTNEQ0JEQzY0REYxMTMwOUNBQy5tZnQw
OwYIKwYBBQUHMA2GL2h0dHBzOi8vcnJkcC1ycHMuY25uaWMuY24vcnJkcC9ub3Rp
ZmljYXRpb24ueG1sMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwgY0GCCsGAQUF
BwEHAQH/BH4wfDB6BAIAATB0AwQEK+IgAwQBK+IyMAwDBAAr4jUDBAAr4jYDBAMr
4kADBAEr4kwDBAQr4pADBAIr40ADBAMr40gwDAMEBGcn0AMEAmcn6AMEBGco8DAM
AwQCZyzsAwQGZy0AAwQFZy1gMAwDBAJnLawDBAZnLYADBAJnLfgwDQYJKoZIhvcN
AQELBQADggEBAGd8OsP2anvRm7meyH/HldF0FTLnDGYBfPBaimwz6kJ4YgF/W0Kc
yJS8jgXB+eUmUB50ujPN/oNdV3HtcLdVSzliKUL6ea/C2UhGuKvD4qQNArzj2+SX
5E+j0tkR3hJUlCRGdDeL4Uw9ZvvPhbYchF0OgxOf1yP1kFU76BBGE+UH6M3thKGV
8zR8LcIvJlXs7b27RxZTnjlaNRjsxBwvS/S2GeeHky40WOjSnD6ykv9lIVNDjCtw
IC6mxuqcqPs+v/5ebB6YWIh3dPeGZIuDC20nXnA5Ry0pbWJLta+dxJqq+X9xFWCz
WjG73Z3Qe6TwCupQWmfgvPKurrZspPdAFD8=
-----END CERTIFICATE-----
Generated at Mon Apr 13 09:29:12 2026 by rpki-client