$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/848/KffNP4Ei5PDyOIEhkuMAPVL5LCk.roa File: KffNP4Ei5PDyOIEhkuMAPVL5LCk.roa (raw, json) Hash identifier: O+2xlSh+PXtBddpHV56yp9u4vXuMJvlOTx7Ym+QqCRA= Subject key identifier: 29:F7:CD:3F:81:22:E4:F0:F2:38:81:21:92:E3:00:3D:52:F9:2C:29 Certificate issuer: /CN=F07EA8449694AA3572EE15A0D86B5E0EB4A08504 Certificate serial: 1F34 Authority key identifier: F0:7E:A8:44:96:94:AA:35:72:EE:15:A0:D8:6B:5E:0E:B4:A0:85:04 Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8H6oRJaUqjVy7hWg2GteDrSghQQ.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/848/KffNP4Ei5PDyOIEhkuMAPVL5LCk.roa Signing time: Fri 21 Mar 2025 03:28:11 +0000 ROA not before: Fri 21 Mar 2025 03:28:11 +0000 ROA not after: Sat 27 Sep 2025 02:40:14 +0000 asID: 31216 IP address blocks: 2401:5180::/32 maxlen: 32 Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/848/8H6oRJaUqjVy7hWg2GteDrSghQQ.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/848/8H6oRJaUqjVy7hWg2GteDrSghQQ.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8H6oRJaUqjVy7hWg2GteDrSghQQ.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Fri 04 Apr 2025 20:07:10 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 7988 (0x1f34) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=F07EA8449694AA3572EE15A0D86B5E0EB4A08504 Validity Not Before: Mar 21 03:28:11 2025 GMT Not After : Sep 27 02:40:14 2025 GMT Subject: CN=29F7CD3F8122E4F0F238812192E3003D52F92C29 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ca:fc:88:9c:da:0a:ae:28:d4:e7:1a:ab:2e:4b: d1:16:6c:c6:03:a9:bb:96:93:9c:3b:f9:67:57:6f: 2e:22:f9:31:76:31:91:89:35:b6:be:4f:b6:49:9b: 6f:ca:c2:da:0e:6d:68:46:08:e1:b7:6f:dc:62:48: 63:ba:99:c5:c9:07:67:50:bc:df:73:63:dd:dc:fd: 41:8e:28:bf:50:8a:aa:c3:c4:6f:4d:8d:91:a3:b9: 7a:a3:3a:f1:e5:f0:1d:57:30:f8:90:a1:e1:c6:4f: cf:b5:46:ba:61:e3:07:4f:8d:cd:c1:a4:7b:52:c1: 4d:7a:8e:bf:35:c1:6e:44:73:6b:2f:eb:4d:3f:69: 4b:eb:90:97:2d:18:55:6c:5d:c6:3f:54:de:82:5c: 40:c7:13:7d:02:76:6c:54:03:6d:c5:eb:ae:ba:76: fc:30:75:26:28:59:6d:98:8c:8c:89:5e:05:d1:3f: b3:43:52:c3:f2:e7:f3:61:8e:e1:cd:b5:9b:a5:48: 2d:27:d3:e5:ed:39:d6:78:65:d9:61:14:65:26:c9: cd:74:9b:07:0b:be:c8:65:1f:bc:43:b1:99:e0:c3: 9e:4e:95:a4:8f:a9:94:fd:2c:e1:28:08:cf:6c:99: 8f:71:93:3f:77:61:58:ab:a2:cc:a3:bb:4c:f0:25: 6f:91 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 29:F7:CD:3F:81:22:E4:F0:F2:38:81:21:92:E3:00:3D:52:F9:2C:29 X509v3 Authority Key Identifier: keyid:F0:7E:A8:44:96:94:AA:35:72:EE:15:A0:D8:6B:5E:0E:B4:A0:85:04 X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/848/8H6oRJaUqjVy7hWg2GteDrSghQQ.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8H6oRJaUqjVy7hWg2GteDrSghQQ.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/848/KffNP4Ei5PDyOIEhkuMAPVL5LCk.roa RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-ipAddrBlock: critical IPv6: 2401:5180::/32 Signature Algorithm: sha256WithRSAEncryption 74:92:e4:34:09:28:13:4a:b5:e4:79:77:43:8a:a2:70:c6:ce: 2c:7c:ae:9c:ea:30:8e:e9:9a:e2:60:c2:31:73:f4:6c:e0:d2: 2b:28:3f:87:82:25:c5:5c:0d:2f:b5:cc:9f:51:d8:0a:f0:71: 35:3c:14:ea:34:da:62:ba:58:4a:f6:66:43:ef:22:02:8e:f0: 3c:f2:8c:62:10:f8:1d:92:10:55:2f:47:7c:08:69:90:0a:bb: 95:f6:65:65:64:29:22:3a:3e:76:f8:89:f9:52:a1:e8:32:05: 8c:03:f6:82:93:34:c6:3f:01:2e:11:59:46:53:71:dd:c2:32: ad:dc:b7:71:c4:4c:af:5e:54:98:e6:ea:62:1a:6e:83:53:0e: 26:7b:9d:aa:31:26:74:9b:92:8b:6c:d7:7b:5b:7f:24:29:1e: 23:36:c5:a4:da:ba:52:94:d7:2f:c2:12:f6:f2:29:50:43:e8: fa:bd:c5:65:58:be:90:58:b1:3b:e9:bb:43:03:be:08:bd:55: 1b:79:89:be:70:4b:9e:b1:61:ab:be:bf:cf:5f:89:ef:02:0b: ae:b9:f6:ef:88:e1:d1:11:74:8e:24:75:c0:84:b6:0e:9a:cd: ed:85:5d:fa:52:f9:7c:12:8f:ad:55:e6:cb:83:d9:e0:91:ce: ea:21:17:5c -----BEGIN CERTIFICATE----- MIIE1jCCA76gAwIBAgICHzQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRjA3 RUE4NDQ5Njk0QUEzNTcyRUUxNUEwRDg2QjVFMEVCNEEwODUwNDAeFw0yNTAzMjEw MzI4MTFaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDI5RjdDRDNGODEyMkU0 RjBGMjM4ODEyMTkyRTMwMDNENTJGOTJDMjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDK/Iic2gquKNTnGqsuS9EWbMYDqbuWk5w7+WdXby4i+TF2MZGJ Nba+T7ZJm2/KwtoObWhGCOG3b9xiSGO6mcXJB2dQvN9zY93c/UGOKL9QiqrDxG9N jZGjuXqjOvHl8B1XMPiQoeHGT8+1Rrph4wdPjc3BpHtSwU16jr81wW5Ec2sv600/ aUvrkJctGFVsXcY/VN6CXEDHE30CdmxUA23F6666dvwwdSYoWW2YjIyJXgXRP7ND UsPy5/NhjuHNtZulSC0n0+XtOdZ4ZdlhFGUmyc10mwcLvshlH7xDsZngw55OlaSP qZT9LOEoCM9smY9xkz93YVirosyju0zwJW+RAgMBAAGjggHyMIIB7jAdBgNVHQ4E FgQUKffNP4Ei5PDyOIEhkuMAPVL5LCkwHwYDVR0jBBgwFoAU8H6oRJaUqjVy7hWg 2GteDrSghQQwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODQ4 LzhINm9SSmFVcWpWeTdoV2cyR3RlRHJTZ2hRUS5jcmwwYwYIKwYBBQUHAQEEVzBV MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz RDAwMDAvOEg2b1JKYVVxalZ5N2hXZzJHdGVEclNnaFFRLmNlcjAOBgNVHQ8BAf8E BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODQ4L0tmZk5QNEVpNVBEeU9J RWhrdU1BUFZMNUxDay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p Yy5jbi9ycmRwL25vdGlmeS54bWwwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcD BQAkAVGAMA0GCSqGSIb3DQEBCwUAA4IBAQB0kuQ0CSgTSrXkeXdDiqJwxs4sfK6c 6jCO6ZriYMIxc/Rs4NIrKD+HgiXFXA0vtcyfUdgK8HE1PBTqNNpiulhK9mZD7yIC jvA88oxiEPgdkhBVL0d8CGmQCruV9mVlZCkiOj52+In5UqHoMgWMA/aCkzTGPwEu EVlGU3HdwjKt3LdxxEyvXlSY5upiGm6DUw4me52qMSZ0m5KLbNd7W38kKR4jNsWk 2rpSlNcvwhL28ilQQ+j6vcVlWL6QWLE76btDA74IvVUbeYm+cEuesWGrvr/PX4nv AguuufbviOHREXSOJHXAhLYOms3thV36Uvl8Eo+tVebLg9ngkc7qIRdc -----END CERTIFICATE-----Generated at Fri Apr 4 18:40:40 2025 by rpki-client