$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2122/Dwfo0-5nzAYJ6SwlhTAcaaz9Ij8.roa File: Dwfo0-5nzAYJ6SwlhTAcaaz9Ij8.roa (raw, json) Hash identifier: TGrgrYouVeq8HF4De+pXJxFQrXzE/HT43TDwLK4Fhnc= Subject key identifier: 0F:07:E8:D3:EE:67:CC:06:09:E9:2C:25:85:30:1C:69:AC:FD:22:3F Certificate issuer: /CN=88884D4D4A75F17F08DD44CBA9592FE70F539D97 Certificate serial: 20B1 Authority key identifier: 88:88:4D:4D:4A:75:F1:7F:08:DD:44:CB:A9:59:2F:E7:0F:53:9D:97 Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iIhNTUp18X8I3UTLqVkv5w9TnZc.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2122/Dwfo0-5nzAYJ6SwlhTAcaaz9Ij8.roa Signing time: Sat 13 Sep 2025 03:05:51 +0000 ROA not before: Sat 13 Sep 2025 03:05:51 +0000 ROA not after: Mon 03 Aug 2026 08:44:40 +0000 asID: 63641 IP address blocks: 123.49.242.0/24 maxlen: 24 Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2122/iIhNTUp18X8I3UTLqVkv5w9TnZc.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2122/iIhNTUp18X8I3UTLqVkv5w9TnZc.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iIhNTUp18X8I3UTLqVkv5w9TnZc.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Mon 20 Oct 2025 18:05:54 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 8369 (0x20b1) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=88884D4D4A75F17F08DD44CBA9592FE70F539D97 Validity Not Before: Sep 13 03:05:51 2025 GMT Not After : Aug 3 08:44:40 2026 GMT Subject: CN=0F07E8D3EE67CC0609E92C2585301C69ACFD223F Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b5:b7:24:fe:3c:dc:63:3a:60:0b:b6:12:65:88: 75:6b:e3:30:4b:62:19:93:86:d1:a9:49:9f:4a:b2: 6a:b1:79:97:77:62:ad:2f:56:b2:11:9f:f8:e9:39: ff:87:76:37:83:78:3c:ef:7d:7d:3a:de:73:2b:ef: 7b:75:e9:28:30:a1:68:0b:d2:78:c9:7e:47:ea:9b: 22:29:53:37:a2:15:37:46:c1:38:06:a0:21:57:a4: f2:10:39:55:08:ca:b2:0a:32:f3:5f:ec:a4:8c:2b: 3d:d4:e9:be:9e:00:91:c9:1c:f7:64:f5:67:61:69: e1:38:92:68:24:39:93:15:af:c4:b7:2e:15:f8:92: 4f:b8:6e:12:30:2a:ba:0c:f6:b5:d8:65:d8:cf:18: 27:f5:5c:a4:48:79:2f:82:26:56:6a:a7:ca:41:d8: c1:52:b4:9a:70:e3:1b:d9:c1:eb:ff:1f:24:6e:09: 0d:a8:29:b1:b3:da:23:02:97:5d:2d:36:16:20:83: e5:e1:46:a0:ab:d2:d5:af:83:f2:af:c7:ac:b0:d8: 92:86:27:86:01:da:3f:f5:cc:95:e6:83:c8:9a:ed: 92:9e:73:2f:ce:91:7d:96:1d:6c:92:d6:57:76:ed: 9c:b1:8a:30:62:88:86:9b:4a:57:ab:95:94:f4:7d: 23:f5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 0F:07:E8:D3:EE:67:CC:06:09:E9:2C:25:85:30:1C:69:AC:FD:22:3F X509v3 Authority Key Identifier: keyid:88:88:4D:4D:4A:75:F1:7F:08:DD:44:CB:A9:59:2F:E7:0F:53:9D:97 X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2122/iIhNTUp18X8I3UTLqVkv5w9TnZc.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iIhNTUp18X8I3UTLqVkv5w9TnZc.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2122/Dwfo0-5nzAYJ6SwlhTAcaaz9Ij8.roa RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-ipAddrBlock: critical IPv4: 123.49.242.0/24 Signature Algorithm: sha256WithRSAEncryption a1:e7:d7:2c:d0:f1:95:26:92:3b:79:a5:ae:fe:37:6b:3c:7d: 94:01:18:bf:12:e1:f3:c9:a8:9e:6c:5d:10:48:9d:57:7f:2f: 39:d2:eb:d7:eb:2b:b4:2d:aa:7c:45:51:c2:d0:47:4b:84:f7: 56:6e:0a:1b:bb:b6:e3:ef:62:c1:55:ff:05:54:e9:b7:13:2e: 12:00:49:7b:04:cc:c0:4a:a1:44:88:ff:ef:c0:fc:b9:8e:dc: d8:f0:25:8b:bc:0f:2d:fc:a9:ac:7c:38:6b:37:7c:d4:ef:b8: 63:55:3d:07:44:f5:55:23:2a:07:3a:2e:53:c2:b7:b8:9f:20: 35:35:b0:b0:00:65:49:af:c1:17:1a:00:b9:69:d1:f7:35:64: 30:56:94:ad:62:f2:99:4c:e8:c2:a4:4d:e5:c8:13:1f:24:e6: 1d:3c:fd:48:24:4a:48:e1:db:92:fe:ab:a4:82:d6:3a:00:76: ba:c8:1a:1b:ea:3f:a5:d1:83:f8:8a:59:51:d0:72:26:10:f0: 2e:39:df:f0:70:05:b7:ed:e9:cc:8f:27:b3:03:da:6c:12:eb: 4a:59:4e:9d:29:af:6a:ca:a5:13:79:93:a7:42:51:b9:3e:c2: a3:f1:e1:a1:9e:f3:83:72:b9:66:8a:9d:b6:98:57:34:a8:32: 27:ea:ec:f1 -----BEGIN CERTIFICATE----- MIIE1zCCA7+gAwIBAgICILEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoODg4 ODRENEQ0QTc1RjE3RjA4REQ0NENCQTk1OTJGRTcwRjUzOUQ5NzAeFw0yNTA5MTMw MzA1NTFaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDBGMDdFOEQzRUU2N0ND MDYwOUU5MkMyNTg1MzAxQzY5QUNGRDIyM0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQC1tyT+PNxjOmALthJliHVr4zBLYhmThtGpSZ9KsmqxeZd3Yq0v VrIRn/jpOf+HdjeDeDzvfX063nMr73t16SgwoWgL0njJfkfqmyIpUzeiFTdGwTgG oCFXpPIQOVUIyrIKMvNf7KSMKz3U6b6eAJHJHPdk9WdhaeE4kmgkOZMVr8S3LhX4 kk+4bhIwKroM9rXYZdjPGCf1XKRIeS+CJlZqp8pB2MFStJpw4xvZwev/HyRuCQ2o KbGz2iMCl10tNhYgg+XhRqCr0tWvg/Kvx6yw2JKGJ4YB2j/1zJXmg8ia7ZKecy/O kX2WHWyS1ld27ZyxijBiiIabSlerlZT0fSP1AgMBAAGjggHzMIIB7zAdBgNVHQ4E FgQUDwfo0+5nzAYJ6SwlhTAcaaz9Ij8wHwYDVR0jBBgwFoAUiIhNTUp18X8I3UTL qVkv5w9TnZcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjEy Mi9pSWhOVFVwMThYOEkzVVRMcVZrdjV3OVRuWmMuY3JsMGMGCCsGAQUFBwEBBFcw VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF M0QwMDAwL2lJaE5UVXAxOFg4STNVVExxVmt2NXc5VG5aYy5jZXIwDgYDVR0PAQH/ BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzIxMjIvRHdmbzAtNW56QVlK NlN3bGhUQWNhYXo5SWo4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw BgMEAHsx8jANBgkqhkiG9w0BAQsFAAOCAQEAoefXLNDxlSaSO3mlrv43azx9lAEY vxLh88monmxdEEidV38vOdLr1+srtC2qfEVRwtBHS4T3Vm4KG7u24+9iwVX/BVTp txMuEgBJewTMwEqhRIj/78D8uY7c2PAli7wPLfyprHw4azd81O+4Y1U9B0T1VSMq BzouU8K3uJ8gNTWwsABlSa/BFxoAuWnR9zVkMFaUrWLymUzowqRN5cgTHyTmHTz9 SCRKSOHbkv6rpILWOgB2usgaG+o/pdGD+IpZUdByJhDwLjnf8HAFt+3pzI8nswPa bBLrSllOnSmvasqlE3mTp0JRuT7Co/HhoZ7zg3K5ZoqdtphXNKgyJ+rs8Q== -----END CERTIFICATE-----Generated at Mon Oct 20 17:43:04 2025 by rpki-client