Certificate
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/qTqGcSaEpy5d9B8Ar6BMXwGpdzU.cer
File: qTqGcSaEpy5d9B8Ar6BMXwGpdzU.cer (raw, json)
Hash identifier: LBXqJBXqX9MYEOroMzy7TUOC+WoUR6TcA4YgALre9sw=
Subject key identifier: A9:3A:86:71:26:84:A7:2E:5D:F4:1F:00:AF:A0:4C:5F:01:A9:77:35
Authority key identifier: 04:16:29:B6:A9:EA:B7:CB:13:24:EA:39:78:F0:37:96:F8:89:B5:40
Certificate issuer: /CN=A9162E3D0000/serialNumber=041629B6A9EAB7CB1324EA3978F03796F889B540
Certificate serial: CB85
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
Manifest: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2889/qTqGcSaEpy5d9B8Ar6BMXwGpdzU.mft
caRepository: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2889/
Notify URL: https://rpki.cnnic.cn/rrdp/notify.xml
Certificate not before: Fri 21 Mar 2025 03:13:42 +0000
Certificate not after: Sat 27 Sep 2025 02:40:14 +0000
Subordinate resources: IP: 43.250.116.0/22
IP: 103.108.192.0/22
IP: 103.139.0.0/22
IP: 103.235.184.0/22
IP: 150.242.224.0/22
IP: 218.247.64.0/19
IP: 219.234.0.0/19
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 52101 (0xcb85)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9162E3D0000
Validity
Not Before: Mar 21 03:13:42 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=A93A86712684A72E5DF41F00AFA04C5F01A97735
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:21:a5:2a:39:f7:16:70:ff:b7:6c:01:dc:24:
f8:ad:36:53:c9:f0:f1:95:d0:f8:a2:46:35:9f:5c:
f2:ce:e2:ba:9a:64:e6:10:ea:c7:46:70:fa:a7:1c:
05:28:a4:80:a6:cb:a8:24:6d:49:c4:48:3e:28:64:
24:90:86:10:59:63:e6:a8:6a:90:14:13:92:18:b9:
ab:8f:7a:c6:63:03:b9:63:90:95:f5:72:09:6b:9b:
6e:ee:59:91:ef:59:3b:3e:c0:ea:bb:dd:bd:34:ef:
3c:c2:4f:cf:12:4d:5b:df:69:71:6a:8d:32:a8:cd:
cb:07:ad:d9:7d:77:69:a8:5b:f8:3f:7b:ef:56:8a:
fb:1a:db:8c:6c:9e:51:9e:ea:27:51:4c:9d:f1:4a:
b0:7a:90:3c:16:cf:1e:80:a4:ad:40:7a:13:38:45:
89:4f:3a:5a:7e:da:d4:62:7f:3c:11:40:72:79:b2:
49:e6:2f:07:07:60:ae:db:1d:77:b8:22:ad:ff:90:
10:a6:38:be:56:98:e8:17:f6:a7:5e:4e:94:db:c7:
a1:2c:76:1f:13:c5:9c:b7:4f:f9:67:2b:a9:b9:b9:
e7:ba:c8:90:e1:ef:1f:b7:36:55:87:03:ce:00:e9:
42:4c:24:26:a0:4d:1a:16:9c:6f:5d:5e:13:d7:4f:
e9:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:3A:86:71:26:84:A7:2E:5D:F4:1F:00:AF:A0:4C:5F:01:A9:77:35
X509v3 Authority Key Identifier:
keyid:04:16:29:B6:A9:EA:B7:CB:13:24:EA:39:78:F0:37:96:F8:89:B5:40
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Subject Information Access:
CA Repository - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2889/
RPKI Manifest - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2889/qTqGcSaEpy5d9B8Ar6BMXwGpdzU.mft
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.250.116.0/22
103.108.192.0/22
103.139.0.0/22
103.235.184.0/22
150.242.224.0/22
218.247.64.0/19
219.234.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b4:ae:8e:41:b8:52:bb:ef:49:1a:46:4a:2f:d2:8d:09:cc:9d:
56:d8:a8:ff:6a:39:b9:9d:e6:95:db:94:df:69:87:f6:5f:21:
e9:a1:c8:e7:1d:55:81:96:3b:26:e0:e8:4e:45:c4:c2:d1:42:
f2:df:f7:1d:54:0d:ed:7b:ef:b1:0b:04:37:e1:50:74:61:f4:
3a:cc:9d:8a:99:13:5f:7b:47:57:ea:33:5b:58:8c:46:dc:80:
bd:46:53:04:09:e3:2e:45:86:f4:91:51:08:b1:f2:40:66:33:
4f:32:6f:e3:fa:a2:e8:9d:a4:f7:08:0c:b7:2a:55:95:a1:a7:
96:ce:56:04:f0:25:76:34:2d:35:9e:0a:78:1d:17:24:6e:33:
93:2d:91:71:f9:82:6d:02:36:35:6a:44:2a:03:db:19:c4:97:
6c:46:b5:62:3c:e6:74:25:cf:32:d4:38:24:74:8f:92:f7:54:
98:90:2f:5f:4c:84:fa:94:c5:ce:80:b4:1b:0d:13:d3:b8:c2:
0d:23:0b:ff:14:58:a3:2a:c2:48:fe:db:c6:df:ba:e3:ca:0c:
d6:de:6d:3a:8a:0a:75:a8:39:c3:b7:80:13:9f:0b:ea:ed:25:
ed:fc:7d:f9:d3:79:8e:3b:d7:b9:f5:1a:a9:78:be:dc:74:a8:
3d:b6:85:ef
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgIDAMuFMA0GCSqGSIb3DQEBCwUAMEoxFTATBgNVBAMTDEE5
MTYyRTNEMDAwMDExMC8GA1UEBRMoMDQxNjI5QjZBOUVBQjdDQjEzMjRFQTM5NzhG
MDM3OTZGODg5QjU0MDAeFw0yNTAzMjEwMzEzNDJaFw0yNTA5MjcwMjQwMTRaMDMx
MTAvBgNVBAMTKEE5M0E4NjcxMjY4NEE3MkU1REY0MUYwMEFGQTA0QzVGMDFBOTc3
MzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoIaUqOfcWcP+3bAHc
JPitNlPJ8PGV0PiiRjWfXPLO4rqaZOYQ6sdGcPqnHAUopICmy6gkbUnESD4oZCSQ
hhBZY+aoapAUE5IYuauPesZjA7ljkJX1cglrm27uWZHvWTs+wOq73b007zzCT88S
TVvfaXFqjTKozcsHrdl9d2moW/g/e+9Wivsa24xsnlGe6idRTJ3xSrB6kDwWzx6A
pK1AehM4RYlPOlp+2tRifzwRQHJ5sknmLwcHYK7bHXe4Iq3/kBCmOL5WmOgX9qde
TpTbx6Esdh8TxZy3T/lnK6m5uee6yJDh7x+3NlWHA84A6UJMJCagTRoWnG9dXhPX
T+nPAgMBAAGjggJ5MIICdTAdBgNVHQ4EFgQUqTqGcSaEpy5d9B8Ar6BMXwGpdzUw
HwYDVR0jBBgwFoAUBBYptqnqt8sTJOo5ePA3lviJtUAwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjBYBgNVHR8EUTBPME2gS6BJhkdyc3luYzovL3Jwa2kuY25uaWMu
Y24vcnBraS9BOTE2MkUzRDAwMDAvQkJZcHRxbnF0OHNUSk9vNWVQQTNsdmlKdFVB
LmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5h
cG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZE
MUZGMi9CQllwdHFucXQ4c1RKT281ZVBBM2x2aUp0VUEuY2VyMA8GA1UdEwEB/wQF
MAMBAf8wDgYDVR0PAQH/BAQDAgEGMIHYBggrBgEFBQcBCwSByzCByDA5BggrBgEF
BQcwBYYtcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI4
ODkvMFgGCCsGAQUFBzAKhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2
MkUzRDAwMDAvMjg4OS9xVHFHY1NhRXB5NWQ5QjhBcjZCTVh3R3BkelUubWZ0MDEG
CCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMuY24vcnJkcC9ub3RpZnkueG1s
MEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCK/p0AwQCZ2zAAwQCZ4sAAwQC
Z+u4AwQClvLgAwQF2vdAAwQF2+oAMA0GCSqGSIb3DQEBCwUAA4IBAQC0ro5BuFK7
70kaRkov0o0JzJ1W2Kj/ajm5neaV25TfaYf2XyHpocjnHVWBljsm4OhORcTC0ULy
3/cdVA3te++xCwQ34VB0YfQ6zJ2KmRNfe0dX6jNbWIxG3IC9RlMECeMuRYb0kVEI
sfJAZjNPMm/j+qLonaT3CAy3KlWVoaeWzlYE8CV2NC01ngp4HRckbjOTLZFx+YJt
AjY1akQqA9sZxJdsRrViPOZ0Jc8y1DgkdI+S91SYkC9fTIT6lMXOgLQbDRPTuMIN
Iwv/FFijKsJI/tvG37rjygzW3m06igp1qDnDt4ATnwvq7SXt/H3503mOO9e59Rqp
eL7cdKg9toXv
-----END CERTIFICATE-----
Generated at Fri Apr 4 02:19:51 2025 by rpki-client