$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/817/5zNxED-UWCGtOiWsWp21xDeZHEI.roa File: 5zNxED-UWCGtOiWsWp21xDeZHEI.roa (raw, json) Hash identifier: UnRDQDXuKf7smIoAxdZajlusGEh2SUIVXpl5mv1h16U= Subject key identifier: E7:33:71:10:3F:94:58:21:AD:3A:25:AC:5A:9D:B5:C4:37:99:1C:42 Certificate issuer: /CN=2A711AA7DC60049B0B0D884897E015B1171F37B9 Certificate serial: 21CB Authority key identifier: 2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9 Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/5zNxED-UWCGtOiWsWp21xDeZHEI.roa Signing time: Wed 03 Sep 2025 08:03:41 +0000 ROA not before: Wed 03 Sep 2025 08:03:41 +0000 ROA not after: Mon 03 Aug 2026 08:44:40 +0000 asID: 135377 IP address blocks: 42.240.252.0/24 maxlen: 24 Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Fri 05 Sep 2025 10:03:13 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 8651 (0x21cb) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=2A711AA7DC60049B0B0D884897E015B1171F37B9 Validity Not Before: Sep 3 08:03:41 2025 GMT Not After : Aug 3 08:44:40 2026 GMT Subject: CN=E73371103F945821AD3A25AC5A9DB5C437991C42 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c7:e8:e2:1b:61:8e:3e:00:8f:01:62:f0:a7:5c: 9a:1b:bf:88:d2:e0:62:9b:32:57:0c:10:c3:db:1e: 17:99:fd:ca:4e:8c:07:b6:fa:0f:5f:4d:17:83:5f: da:8b:e5:07:d5:ac:0b:70:12:35:51:c6:56:af:40: fa:9b:f5:9b:95:3c:af:db:b1:2a:30:83:cf:91:ef: 53:91:bc:11:9e:30:36:20:b0:4b:13:53:37:4c:96: aa:9d:46:17:b8:4b:32:a7:77:79:89:93:0c:99:87: 93:07:f5:71:f3:f7:b6:2a:66:75:f3:f6:65:56:b6: c8:af:95:dd:2e:48:86:68:98:e2:9a:d4:3e:a3:2e: 17:dd:41:cd:82:d5:4c:48:01:63:ae:4d:d1:63:ad: e2:1b:34:ec:cc:e6:f7:23:a7:6a:56:c6:84:96:ea: 6c:58:b8:a4:45:ff:9b:f4:64:48:ef:63:f5:90:87: 30:90:0f:30:0f:93:e5:be:db:31:34:87:b2:a2:3b: 1d:62:0b:7e:98:5f:d0:af:07:9c:c0:f7:93:15:cc: bc:1b:bc:6b:6c:96:9f:fa:83:e5:17:86:38:9f:49: c4:37:d6:e5:91:d6:9d:54:22:51:98:7d:8b:5f:7b: dd:77:1a:0d:2f:dc:43:11:1c:64:4d:6a:ce:2e:a8: 1b:57 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: E7:33:71:10:3F:94:58:21:AD:3A:25:AC:5A:9D:B5:C4:37:99:1C:42 X509v3 Authority Key Identifier: keyid:2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9 X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/5zNxED-UWCGtOiWsWp21xDeZHEI.roa RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-ipAddrBlock: critical IPv4: 42.240.252.0/24 Signature Algorithm: sha256WithRSAEncryption 28:cf:9d:f5:a2:ae:28:8c:63:c6:d5:66:7e:32:7d:05:4a:7a: e3:c5:ae:cc:26:2d:35:10:64:8e:a0:28:84:f0:27:8c:3e:4d: 1a:07:57:8a:dd:0b:28:41:c7:a3:d3:38:a6:8a:d7:9e:b5:7b: 0e:12:6b:49:fd:3c:28:6d:fc:6d:cd:a0:b3:9f:9d:95:f1:54: 59:d0:75:bc:12:7c:e6:aa:ed:b2:64:05:a4:54:22:7a:1b:47: 45:5d:9a:ef:0a:94:9e:df:8b:95:82:3f:b6:e8:9c:29:03:7a: 9a:ae:79:c4:2e:a2:36:9d:75:83:f1:8c:40:51:24:4c:1e:95: 9b:bb:27:80:a2:2b:3d:4c:a2:5a:ca:32:26:9a:05:fa:63:3d: 74:57:17:4e:2f:c7:63:6e:d2:b0:61:13:4b:9d:04:8b:3e:34: 42:b5:e3:f0:a7:aa:c9:fb:e9:94:ec:8c:31:1c:e8:5c:9f:f6: ae:78:66:89:b9:9b:b4:c8:da:a0:a6:ff:c4:01:54:70:d5:c7: 97:86:7e:8f:52:cb:04:d6:c8:19:08:2b:99:75:f5:cb:06:84: c2:64:15:ec:7e:71:2d:7b:da:77:50:4a:0e:b5:a8:29:05:42: 68:13:d6:a7:8e:0e:2a:ad:ec:ed:b5:33:6d:c5:ea:18:18:b2: 58:55:e0:52 -----BEGIN CERTIFICATE----- MIIE1TCCA72gAwIBAgICIcswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkE3 MTFBQTdEQzYwMDQ5QjBCMEQ4ODQ4OTdFMDE1QjExNzFGMzdCOTAeFw0yNTA5MDMw ODAzNDFaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEU3MzM3MTEwM0Y5NDU4 MjFBRDNBMjVBQzVBOURCNUM0Mzc5OTFDNDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDH6OIbYY4+AI8BYvCnXJobv4jS4GKbMlcMEMPbHheZ/cpOjAe2 +g9fTReDX9qL5QfVrAtwEjVRxlavQPqb9ZuVPK/bsSowg8+R71ORvBGeMDYgsEsT UzdMlqqdRhe4SzKnd3mJkwyZh5MH9XHz97YqZnXz9mVWtsivld0uSIZomOKa1D6j LhfdQc2C1UxIAWOuTdFjreIbNOzM5vcjp2pWxoSW6mxYuKRF/5v0ZEjvY/WQhzCQ DzAPk+W+2zE0h7KiOx1iC36YX9CvB5zA95MVzLwbvGtslp/6g+UXhjifScQ31uWR 1p1UIlGYfYtfe913Gg0v3EMRHGRNas4uqBtXAgMBAAGjggHxMIIB7TAdBgNVHQ4E FgQU5zNxED+UWCGtOiWsWp21xDeZHEIwHwYDVR0jBBgwFoAUKnEap9xgBJsLDYhI l+AVsRcfN7kwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3 L0tuRWFwOXhnQkpzTERZaElsLUFWc1JjZk43ay5jcmwwYwYIKwYBBQUHAQEEVzBV MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz RDAwMDAvS25FYXA5eGdCSnNMRFloSWwtQVZzUmNmTjdrLmNlcjAOBgNVHQ8BAf8E BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3LzV6TnhFRC1VV0NHdE9p V3NXcDIxeERlWkhFSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD BAAq8PwwDQYJKoZIhvcNAQELBQADggEBACjPnfWiriiMY8bVZn4yfQVKeuPFrswm LTUQZI6gKITwJ4w+TRoHV4rdCyhBx6PTOKaK1561ew4Sa0n9PCht/G3NoLOfnZXx VFnQdbwSfOaq7bJkBaRUInobR0Vdmu8KlJ7fi5WCP7bonCkDepquecQuojaddYPx jEBRJEwelZu7J4CiKz1MolrKMiaaBfpjPXRXF04vx2Nu0rBhE0udBIs+NEK14/Cn qsn76ZTsjDEc6Fyf9q54Zom5m7TI2qCm/8QBVHDVx5eGfo9SywTWyBkIK5l19csG hMJkFex+cS172ndQSg61qCkFQmgT1qeODiqt7O21M23F6hgYslhV4FI= -----END CERTIFICATE-----Generated at Fri Sep 5 09:10:36 2025 by rpki-client