$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2716/c-iRfnab448pBSrL8ph2NglqqGU.roa File: c-iRfnab448pBSrL8ph2NglqqGU.roa (raw, json) Hash identifier: +bTyfJ4o5uirmwiyYdZ/uvVBXwmWfx1pAaC93Q6+q+k= Subject key identifier: 73:E8:91:7E:76:9B:E3:8F:29:05:2A:CB:F2:98:76:36:09:6A:A8:65 Certificate issuer: /CN=39EE852FE138CDEDC5B42D11A34295D109AD4925 Certificate serial: 024D Authority key identifier: 39:EE:85:2F:E1:38:CD:ED:C5:B4:2D:11:A3:42:95:D1:09:AD:49:25 Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/Oe6FL-E4ze3FtC0Ro0KV0QmtSSU.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2716/c-iRfnab448pBSrL8ph2NglqqGU.roa Signing time: Wed 16 Jul 2025 10:01:53 +0000 ROA not before: Wed 16 Jul 2025 10:01:53 +0000 ROA not after: Wed 15 Apr 2026 09:08:30 +0000 asID: 134121 IP address blocks: 103.118.204.0/22 maxlen: 24 Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2716/Oe6FL-E4ze3FtC0Ro0KV0QmtSSU.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2716/Oe6FL-E4ze3FtC0Ro0KV0QmtSSU.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/Oe6FL-E4ze3FtC0Ro0KV0QmtSSU.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Sun 20 Jul 2025 13:39:48 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 589 (0x24d) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=39EE852FE138CDEDC5B42D11A34295D109AD4925 Validity Not Before: Jul 16 10:01:53 2025 GMT Not After : Apr 15 09:08:30 2026 GMT Subject: CN=73E8917E769BE38F29052ACBF2987636096AA865 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a5:3c:7c:b7:fa:6a:5d:fb:4b:13:99:21:3e:81: 16:9f:38:35:f5:85:86:08:d7:d7:bf:83:65:f3:52: 9f:ca:b5:22:87:f7:dd:66:e5:15:fa:02:bd:f7:6e: 2b:54:87:b4:39:42:d4:48:bc:1b:b8:74:68:8c:3b: 78:f8:07:8d:48:ce:6c:c4:af:1e:5b:91:bb:7f:56: 35:11:59:4b:34:15:19:f0:15:5f:dd:68:9c:9d:a8: a7:cc:3d:c8:97:75:c0:fc:16:62:66:6d:de:0d:03: f6:48:41:44:30:92:9c:8b:dc:67:91:5a:dd:2f:bd: fe:3e:dc:01:c4:fc:28:d9:ad:95:25:31:da:84:63: 3d:1b:d5:04:f1:f7:61:51:0c:a5:05:10:be:b7:52: 5b:c2:de:30:dd:16:c2:aa:08:29:13:33:1e:1d:b9: d0:b6:64:bb:9f:65:95:ef:e2:67:dd:9a:40:5e:1c: 0d:98:94:25:82:14:fd:de:6d:2b:e6:c8:39:0f:e5: 31:4b:ba:c4:b3:08:0a:85:01:2f:33:7e:31:63:c1: 5b:b8:01:cd:13:3a:2d:6d:04:bb:74:bb:e8:19:f3: 10:9b:0d:db:13:96:00:79:a1:bd:ec:27:0e:9f:08: 24:2d:57:f9:10:c2:41:47:f8:bb:32:6a:96:59:21: 36:a7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 73:E8:91:7E:76:9B:E3:8F:29:05:2A:CB:F2:98:76:36:09:6A:A8:65 X509v3 Authority Key Identifier: keyid:39:EE:85:2F:E1:38:CD:ED:C5:B4:2D:11:A3:42:95:D1:09:AD:49:25 X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2716/Oe6FL-E4ze3FtC0Ro0KV0QmtSSU.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/Oe6FL-E4ze3FtC0Ro0KV0QmtSSU.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2716/c-iRfnab448pBSrL8ph2NglqqGU.roa RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-ipAddrBlock: critical IPv4: 103.118.204.0/22 Signature Algorithm: sha256WithRSAEncryption 50:89:dd:c8:10:95:21:59:cf:ab:04:08:07:f7:1a:52:e5:26: 7c:7f:75:c9:39:fb:63:f1:5f:c8:aa:9e:4f:14:3e:55:0f:50: fb:f3:f1:f4:9a:60:93:44:e5:ab:67:07:2e:1a:9e:76:72:18: 95:67:c5:37:47:e6:90:91:a3:62:b3:7f:52:dd:bb:cc:60:d5: a9:24:62:3c:f9:ee:e7:24:20:13:e1:e3:12:65:b7:aa:3b:f4: 11:df:90:36:b3:70:0a:22:38:73:90:03:73:28:7f:8c:2b:63: 2f:10:03:ce:97:88:ae:46:76:4b:4d:68:12:90:5b:25:76:84: 32:60:45:8a:b7:83:a4:c7:e0:0a:ad:ce:ee:f7:cb:55:6a:37: ad:c4:8f:f1:ad:b7:12:c9:e8:30:55:a8:64:fc:be:5b:5f:f8: bd:fb:61:70:5c:61:ed:a9:8e:4c:33:c3:79:77:89:e8:d4:b4: d6:97:9f:e3:3b:80:d5:7b:ff:84:8c:19:9d:1f:c1:04:c5:43: 28:cc:bd:15:73:8d:e9:3d:ea:ea:e9:00:e9:5b:72:0a:63:6b: bf:a3:67:7d:bf:ee:f4:3a:ba:02:ed:07:c7:e5:d4:6a:2e:91: 68:60:55:50:f2:d5:66:78:74:85:94:50:eb:d0:06:ee:9d:12: cf:1f:8a:48 -----BEGIN CERTIFICATE----- MIIE1zCCA7+gAwIBAgICAk0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzlF RTg1MkZFMTM4Q0RFREM1QjQyRDExQTM0Mjk1RDEwOUFENDkyNTAeFw0yNTA3MTYx MDAxNTNaFw0yNjA0MTUwOTA4MzBaMDMxMTAvBgNVBAMTKDczRTg5MTdFNzY5QkUz OEYyOTA1MkFDQkYyOTg3NjM2MDk2QUE4NjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQClPHy3+mpd+0sTmSE+gRafODX1hYYI19e/g2XzUp/KtSKH991m 5RX6Ar33bitUh7Q5QtRIvBu4dGiMO3j4B41IzmzErx5bkbt/VjURWUs0FRnwFV/d aJydqKfMPciXdcD8FmJmbd4NA/ZIQUQwkpyL3GeRWt0vvf4+3AHE/CjZrZUlMdqE Yz0b1QTx92FRDKUFEL63UlvC3jDdFsKqCCkTMx4dudC2ZLufZZXv4mfdmkBeHA2Y lCWCFP3ebSvmyDkP5TFLusSzCAqFAS8zfjFjwVu4Ac0TOi1tBLt0u+gZ8xCbDdsT lgB5ob3sJw6fCCQtV/kQwkFH+LsyapZZITanAgMBAAGjggHzMIIB7zAdBgNVHQ4E FgQUc+iRfnab448pBSrL8ph2NglqqGUwHwYDVR0jBBgwFoAUOe6FL+E4ze3FtC0R o0KV0QmtSSUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjcx Ni9PZTZGTC1FNHplM0Z0QzBSbzBLVjBRbXRTU1UuY3JsMGMGCCsGAQUFBwEBBFcw VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF M0QwMDAwL09lNkZMLUU0emUzRnRDMFJvMEtWMFFtdFNTVS5jZXIwDgYDVR0PAQH/ BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI3MTYvYy1pUmZuYWI0NDhw QlNyTDhwaDJOZ2xxcUdVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw BgMEAmd2zDANBgkqhkiG9w0BAQsFAAOCAQEAUIndyBCVIVnPqwQIB/caUuUmfH91 yTn7Y/FfyKqeTxQ+VQ9Q+/Px9Jpgk0Tlq2cHLhqednIYlWfFN0fmkJGjYrN/Ut27 zGDVqSRiPPnu5yQgE+HjEmW3qjv0Ed+QNrNwCiI4c5ADcyh/jCtjLxADzpeIrkZ2 S01oEpBbJXaEMmBFireDpMfgCq3O7vfLVWo3rcSP8a23EsnoMFWoZPy+W1/4vfth cFxh7amOTDPDeXeJ6NS01pef4zuA1Xv/hIwZnR/BBMVDKMy9FXON6T3q6ukA6Vty CmNrv6Nnfb/u9Dq6Au0Hx+XUai6RaGBVUPLVZnh0hZRQ69AG7p0Szx+KSA== -----END CERTIFICATE-----Generated at Sun Jul 20 12:34:07 2025 by rpki-client