$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/817/ZvNfT7BxAfWtvbHNd1BFwG1vkA4.roa File: ZvNfT7BxAfWtvbHNd1BFwG1vkA4.roa (raw, json) Hash identifier: wqTqW6hDzeeYTejBZxKDg8we4ruM8Z3fr+ZtS80TchE= Subject key identifier: 66:F3:5F:4F:B0:71:01:F5:AD:BD:B1:CD:77:50:45:C0:6D:6F:90:0E Certificate issuer: /CN=2A711AA7DC60049B0B0D884897E015B1171F37B9 Certificate serial: 219B Authority key identifier: 2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9 Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/ZvNfT7BxAfWtvbHNd1BFwG1vkA4.roa Signing time: Fri 29 Aug 2025 09:05:30 +0000 ROA not before: Fri 29 Aug 2025 09:05:30 +0000 ROA not after: Mon 03 Aug 2026 08:44:40 +0000 asID: 136958 IP address blocks: 42.240.160.0/20 maxlen: 20 Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Tue 09 Sep 2025 11:06:22 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 8603 (0x219b) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=2A711AA7DC60049B0B0D884897E015B1171F37B9 Validity Not Before: Aug 29 09:05:30 2025 GMT Not After : Aug 3 08:44:40 2026 GMT Subject: CN=66F35F4FB07101F5ADBDB1CD775045C06D6F900E Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b6:ab:28:3e:71:c6:84:5a:c1:22:92:7f:4f:56: e2:40:08:05:f3:31:86:3d:30:0c:9e:4a:a8:7a:06: ae:57:b8:96:87:bb:6c:0f:f8:69:17:0c:e6:d5:14: 8f:8e:c0:1b:cf:87:b4:17:88:a2:da:cf:45:58:92: dc:b9:6b:c7:48:ea:84:4e:55:23:6c:7a:b9:12:77: e2:a0:b6:f7:1e:d7:4f:04:84:97:27:58:64:52:82: 74:5b:50:2e:72:5c:f5:98:8f:1e:23:3b:e6:83:dd: d3:5d:e3:17:21:8d:56:8b:d3:1d:9b:69:6c:e1:ff: 0f:d8:53:d9:e2:e6:9a:94:b7:21:6a:fd:c2:4a:d6: 4e:ab:a7:2f:95:14:80:cd:a8:a3:1c:2d:45:9e:3f: fc:19:23:42:79:79:2d:4f:f3:67:10:c8:4e:dc:f3: 52:81:1c:45:1c:3e:7c:ea:8b:52:e9:b6:b7:76:0b: 5a:73:7b:d0:b7:d6:b7:33:18:62:08:06:6c:7a:8b: eb:06:e7:65:da:0c:de:ca:a8:d0:3d:c5:42:04:9d: 80:1e:be:69:f9:af:a4:23:8d:ef:0e:53:c1:34:2e: ba:cc:81:6a:a3:e6:d7:e4:b3:83:c9:ba:fd:f9:a5: fd:28:8a:75:7e:53:c9:dd:be:08:c3:65:08:c2:17: 66:81 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 66:F3:5F:4F:B0:71:01:F5:AD:BD:B1:CD:77:50:45:C0:6D:6F:90:0E X509v3 Authority Key Identifier: keyid:2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9 X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/ZvNfT7BxAfWtvbHNd1BFwG1vkA4.roa RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-ipAddrBlock: critical IPv4: 42.240.160.0/20 Signature Algorithm: sha256WithRSAEncryption a8:68:b3:28:ab:50:c0:73:01:dd:62:6c:d4:db:f2:18:df:df: 3a:4f:ac:94:98:da:5f:3a:f2:d1:86:52:ea:2d:90:3a:42:1d: 0e:8d:d0:50:b2:8e:74:40:68:e7:f1:e8:e8:c7:5d:82:02:99: 3d:e2:d6:a5:8a:6e:cf:75:57:3a:4a:52:6b:f7:48:22:e0:75: 2d:28:26:6a:46:24:2a:44:da:78:85:1a:5a:d5:33:84:60:74: dd:58:2d:2f:87:fa:09:dc:d2:10:c1:9f:c0:73:ac:d8:27:f0: 02:ad:71:66:cf:06:09:ab:2f:88:82:e9:9e:4a:c3:f6:e8:4d: 30:ff:83:e6:53:c1:9f:a8:bb:bd:46:09:39:ce:75:49:c6:b4: a7:18:72:3a:1d:dd:c8:28:8f:c7:4e:17:d1:46:39:18:cc:b6: 22:70:2c:35:95:52:75:b8:fd:ce:98:04:80:e6:a4:78:01:75: 8c:fe:a8:50:9d:49:b4:74:cf:35:fa:a9:44:d2:30:6f:d4:a6: ef:14:a2:eb:e4:83:be:d7:80:d4:22:06:cd:7a:d9:7d:2b:62: e1:15:d4:28:06:d5:43:b5:d7:57:c4:e4:de:5d:d0:4b:49:03: 0a:35:fc:24:cf:88:ea:62:e6:57:ea:c1:65:c0:fb:68:88:66: 8d:6e:81:29 -----BEGIN CERTIFICATE----- MIIE1TCCA72gAwIBAgICIZswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkE3 MTFBQTdEQzYwMDQ5QjBCMEQ4ODQ4OTdFMDE1QjExNzFGMzdCOTAeFw0yNTA4Mjkw OTA1MzBaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDY2RjM1RjRGQjA3MTAx RjVBREJEQjFDRDc3NTA0NUMwNkQ2RjkwMEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQC2qyg+ccaEWsEikn9PVuJACAXzMYY9MAyeSqh6Bq5XuJaHu2wP +GkXDObVFI+OwBvPh7QXiKLaz0VYkty5a8dI6oROVSNserkSd+Kgtvce108EhJcn WGRSgnRbUC5yXPWYjx4jO+aD3dNd4xchjVaL0x2baWzh/w/YU9ni5pqUtyFq/cJK 1k6rpy+VFIDNqKMcLUWeP/wZI0J5eS1P82cQyE7c81KBHEUcPnzqi1Lptrd2C1pz e9C31rczGGIIBmx6i+sG52XaDN7KqNA9xUIEnYAevmn5r6Qjje8OU8E0LrrMgWqj 5tfks4PJuv35pf0oinV+U8ndvgjDZQjCF2aBAgMBAAGjggHxMIIB7TAdBgNVHQ4E FgQUZvNfT7BxAfWtvbHNd1BFwG1vkA4wHwYDVR0jBBgwFoAUKnEap9xgBJsLDYhI l+AVsRcfN7kwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3 L0tuRWFwOXhnQkpzTERZaElsLUFWc1JjZk43ay5jcmwwYwYIKwYBBQUHAQEEVzBV MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz RDAwMDAvS25FYXA5eGdCSnNMRFloSWwtQVZzUmNmTjdrLmNlcjAOBgNVHQ8BAf8E BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3L1p2TmZUN0J4QWZXdHZi SE5kMUJGd0cxdmtBNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD BAQq8KAwDQYJKoZIhvcNAQELBQADggEBAKhosyirUMBzAd1ibNTb8hjf3zpPrJSY 2l868tGGUuotkDpCHQ6N0FCyjnRAaOfx6OjHXYICmT3i1qWKbs91VzpKUmv3SCLg dS0oJmpGJCpE2niFGlrVM4RgdN1YLS+H+gnc0hDBn8BzrNgn8AKtcWbPBgmrL4iC 6Z5Kw/boTTD/g+ZTwZ+ou71GCTnOdUnGtKcYcjod3cgoj8dOF9FGORjMtiJwLDWV UnW4/c6YBIDmpHgBdYz+qFCdSbR0zzX6qUTSMG/Upu8Uouvkg77XgNQiBs162X0r YuEV1CgG1UO111fE5N5d0EtJAwo1/CTPiOpi5lfqwWXA+2iIZo1ugSk= -----END CERTIFICATE-----Generated at Tue Sep 9 10:43:20 2025 by rpki-client