$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/817/HhAkT7aA6EjlYk4UIyII6l_dh5o.roa File: HhAkT7aA6EjlYk4UIyII6l_dh5o.roa (raw, json) Hash identifier: aotV8aEA7Zy+FW3ZR8mP3mL96rMKQAdpmXFAmzKtKtM= Subject key identifier: 1E:10:24:4F:B6:80:E8:48:E5:62:4E:14:23:22:08:EA:5F:DD:87:9A Certificate issuer: /CN=2A711AA7DC60049B0B0D884897E015B1171F37B9 Certificate serial: 2196 Authority key identifier: 2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9 Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/HhAkT7aA6EjlYk4UIyII6l_dh5o.roa Signing time: Fri 29 Aug 2025 09:05:29 +0000 ROA not before: Fri 29 Aug 2025 09:05:29 +0000 ROA not after: Mon 03 Aug 2026 08:44:40 +0000 asID: 136958 IP address blocks: 42.240.128.0/20 maxlen: 20 Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Tue 09 Sep 2025 11:06:22 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 8598 (0x2196) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=2A711AA7DC60049B0B0D884897E015B1171F37B9 Validity Not Before: Aug 29 09:05:29 2025 GMT Not After : Aug 3 08:44:40 2026 GMT Subject: CN=1E10244FB680E848E5624E14232208EA5FDD879A Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a4:3b:5d:83:e1:83:04:66:49:68:f5:11:b2:0e: f7:07:a1:ca:de:96:fd:42:72:bb:fb:4d:68:a4:00: 8a:30:81:4d:f1:de:25:07:4a:61:b8:6b:cd:c8:a9: d9:99:63:70:27:b2:d6:d5:1e:b0:9a:95:e7:1e:7c: 49:29:63:2f:6f:04:b8:cc:ad:7b:3d:42:f7:ba:2f: 07:32:23:a4:d9:ee:57:f1:5f:9a:b9:33:9b:ab:99: 85:61:d7:18:15:08:c3:21:e6:b4:60:7d:6c:e9:24: d3:50:e1:fd:00:eb:40:f5:e3:9c:d9:de:21:1f:3e: 63:e9:26:f7:3d:af:8f:bc:4f:d4:1a:26:43:ca:96: 7c:61:26:22:03:a4:14:0d:64:28:f9:f5:af:45:4e: c0:d3:e8:a7:01:8c:03:f7:e7:86:e7:0f:1c:0c:b1: fb:c2:0e:53:87:43:f6:94:e6:4e:c1:c0:6c:18:85: 01:3b:9c:2a:10:fb:55:6b:9d:84:ba:d7:94:67:03: a3:93:b5:e6:90:95:cc:ec:ae:e2:f1:28:24:44:48: 54:6c:4f:16:74:cc:70:5f:51:7f:35:e5:b3:c9:33: 2c:b4:97:11:f9:15:26:e2:31:0b:46:8d:b1:71:64: fa:b6:bc:73:9c:8f:fd:da:ad:34:74:27:76:b7:36: 70:3b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 1E:10:24:4F:B6:80:E8:48:E5:62:4E:14:23:22:08:EA:5F:DD:87:9A X509v3 Authority Key Identifier: keyid:2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9 X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/HhAkT7aA6EjlYk4UIyII6l_dh5o.roa RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-ipAddrBlock: critical IPv4: 42.240.128.0/20 Signature Algorithm: sha256WithRSAEncryption 41:b2:39:ba:44:47:cc:7e:ac:f8:32:73:5e:6d:df:a4:3a:07: 05:1c:5d:21:60:8a:a9:23:e0:36:c5:53:5d:54:66:62:2d:72: f2:cf:51:36:14:08:2a:df:f0:e8:72:79:b2:9e:46:5a:4a:b5: 05:3e:2c:8f:45:dc:93:21:5a:ce:16:64:ef:36:55:96:0d:08: a4:4b:42:83:17:0c:8e:6e:ca:d8:9a:77:1a:9f:3f:40:8d:95: 7b:d8:12:01:cd:61:5a:69:01:fa:30:7e:72:7f:ee:79:44:7c: bc:df:d3:4f:cc:2a:9e:c6:24:04:45:c7:5d:79:cc:ad:ec:3a: 50:ce:8c:94:80:5c:ea:5c:d3:0d:94:2e:76:27:f9:7b:08:65: 15:b1:68:3b:54:59:4f:95:f5:b4:28:b8:61:99:63:46:d4:f7: be:a1:20:ea:a8:05:f1:e9:ad:24:93:60:4e:1b:89:ef:48:86: 83:96:d5:50:8d:75:5c:5e:c7:0f:b7:61:c5:51:e1:21:aa:96: 36:d5:81:53:ba:19:3f:f9:d1:ae:78:88:6b:25:3f:a5:da:0e: c8:88:ee:93:94:b8:3a:53:16:3f:1a:ad:9f:55:30:c7:d5:30: b1:f8:09:12:4b:03:f8:ee:45:16:9e:df:0a:49:da:6b:02:b3: 29:11:a1:c0 -----BEGIN CERTIFICATE----- MIIE1TCCA72gAwIBAgICIZYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkE3 MTFBQTdEQzYwMDQ5QjBCMEQ4ODQ4OTdFMDE1QjExNzFGMzdCOTAeFw0yNTA4Mjkw OTA1MjlaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDFFMTAyNDRGQjY4MEU4 NDhFNTYyNEUxNDIzMjIwOEVBNUZERDg3OUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCkO12D4YMEZklo9RGyDvcHocrelv1Ccrv7TWikAIowgU3x3iUH SmG4a83IqdmZY3AnstbVHrCalecefEkpYy9vBLjMrXs9Qve6LwcyI6TZ7lfxX5q5 M5urmYVh1xgVCMMh5rRgfWzpJNNQ4f0A60D145zZ3iEfPmPpJvc9r4+8T9QaJkPK lnxhJiIDpBQNZCj59a9FTsDT6KcBjAP354bnDxwMsfvCDlOHQ/aU5k7BwGwYhQE7 nCoQ+1VrnYS615RnA6OTteaQlczsruLxKCRESFRsTxZ0zHBfUX815bPJMyy0lxH5 FSbiMQtGjbFxZPq2vHOcj/3arTR0J3a3NnA7AgMBAAGjggHxMIIB7TAdBgNVHQ4E FgQUHhAkT7aA6EjlYk4UIyII6l/dh5owHwYDVR0jBBgwFoAUKnEap9xgBJsLDYhI l+AVsRcfN7kwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3 L0tuRWFwOXhnQkpzTERZaElsLUFWc1JjZk43ay5jcmwwYwYIKwYBBQUHAQEEVzBV MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz RDAwMDAvS25FYXA5eGdCSnNMRFloSWwtQVZzUmNmTjdrLmNlcjAOBgNVHQ8BAf8E BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3L0hoQWtUN2FBNkVqbFlr NFVJeUlJNmxfZGg1by5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD BAQq8IAwDQYJKoZIhvcNAQELBQADggEBAEGyObpER8x+rPgyc15t36Q6BwUcXSFg iqkj4DbFU11UZmItcvLPUTYUCCrf8OhyebKeRlpKtQU+LI9F3JMhWs4WZO82VZYN CKRLQoMXDI5uytiadxqfP0CNlXvYEgHNYVppAfowfnJ/7nlEfLzf00/MKp7GJARF x115zK3sOlDOjJSAXOpc0w2ULnYn+XsIZRWxaDtUWU+V9bQouGGZY0bU976hIOqo BfHprSSTYE4bie9IhoOW1VCNdVxexw+3YcVR4SGqljbVgVO6GT/50a54iGslP6Xa DsiI7pOUuDpTFj8arZ9VMMfVMLH4CRJLA/juRRae3wpJ2msCsykRocA= -----END CERTIFICATE-----Generated at Tue Sep 9 10:38:34 2025 by rpki-client