$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2522/S2-jJU_L040ttF-NJgy5PYKXy3E.roa File: S2-jJU_L040ttF-NJgy5PYKXy3E.roa (raw, json) Hash identifier: +vGsAskfuCMz+1+/W1DJx5UQCsGuTqv6bd2xEpK4IzM= Subject key identifier: 4B:6F:A3:25:4F:CB:D3:8D:2D:B4:5F:8D:26:0C:B9:3D:82:97:CB:71 Certificate issuer: /CN=4087DAB67172836B082075CE18BE5E5FA45D5E95 Certificate serial: 2080 Authority key identifier: 40:87:DA:B6:71:72:83:6B:08:20:75:CE:18:BE:5E:5F:A4:5D:5E:95 Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/QIfatnFyg2sIIHXOGL5eX6RdXpU.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2522/S2-jJU_L040ttF-NJgy5PYKXy3E.roa Signing time: Sat 13 Sep 2025 03:04:34 +0000 ROA not before: Sat 13 Sep 2025 03:04:34 +0000 ROA not after: Mon 03 Aug 2026 08:44:40 +0000 asID: 131567 IP address blocks: 103.96.8.0/22 maxlen: 24 103.96.8.0/24 maxlen: 24 103.96.9.0/24 maxlen: 24 103.96.10.0/24 maxlen: 24 103.96.11.0/24 maxlen: 24 Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2522/QIfatnFyg2sIIHXOGL5eX6RdXpU.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2522/QIfatnFyg2sIIHXOGL5eX6RdXpU.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/QIfatnFyg2sIIHXOGL5eX6RdXpU.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Mon 20 Oct 2025 23:00:34 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 8320 (0x2080) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=4087DAB67172836B082075CE18BE5E5FA45D5E95 Validity Not Before: Sep 13 03:04:34 2025 GMT Not After : Aug 3 08:44:40 2026 GMT Subject: CN=4B6FA3254FCBD38D2DB45F8D260CB93D8297CB71 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e7:d9:c2:5d:2e:cd:a1:a6:48:bd:eb:af:09:75: 07:60:f1:f7:c5:a8:2d:cb:e7:2c:12:6f:55:1d:e2: fb:90:c8:a4:d5:dd:5b:4d:30:99:d8:86:4e:c6:8f: 2a:04:a3:59:8c:6e:7c:47:aa:e5:3f:97:05:7d:19: 78:f4:83:8d:7f:9c:77:a4:78:e2:28:f2:b3:68:6e: 79:f2:9d:97:09:97:45:40:22:cc:c0:f2:0b:fb:8f: 27:c2:a7:2a:1b:a1:84:07:7d:1e:77:fd:b1:c4:31: 07:74:dd:dd:cf:61:d7:a2:38:2d:25:3b:58:1e:ed: d2:75:27:0a:d4:f7:3a:53:ab:ee:63:09:36:a7:5b: 20:e2:d3:e8:68:50:95:08:3d:99:7f:85:44:79:8d: 1b:a0:90:8f:78:e5:da:2b:2c:23:d7:6c:ef:16:fc: 1c:10:18:58:5a:92:7d:3a:f2:84:63:87:51:ee:2f: 6a:27:e1:00:20:a1:47:f7:a1:73:34:9b:b9:83:73: ca:a1:8e:b7:b2:fd:e1:ae:71:53:b8:65:ca:20:e7: b0:16:90:2a:06:b0:d2:ae:42:79:64:1d:62:89:7f: 93:af:63:f7:3f:bf:bf:4b:7c:e4:50:46:d6:a4:3b: 42:68:99:52:5c:55:d8:0c:d2:a2:d0:d8:e2:ea:38: 01:2d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 4B:6F:A3:25:4F:CB:D3:8D:2D:B4:5F:8D:26:0C:B9:3D:82:97:CB:71 X509v3 Authority Key Identifier: keyid:40:87:DA:B6:71:72:83:6B:08:20:75:CE:18:BE:5E:5F:A4:5D:5E:95 X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2522/QIfatnFyg2sIIHXOGL5eX6RdXpU.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/QIfatnFyg2sIIHXOGL5eX6RdXpU.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2522/S2-jJU_L040ttF-NJgy5PYKXy3E.roa RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-ipAddrBlock: critical IPv4: 103.96.8.0/22 Signature Algorithm: sha256WithRSAEncryption 21:06:e1:94:22:22:cc:42:d6:3a:56:fc:f2:73:7d:16:8b:b9: cc:4d:3d:20:de:90:d9:ad:11:90:12:f8:df:c7:4c:be:6e:12: ba:c0:5c:83:ac:e1:2a:ab:e9:1f:96:46:ea:17:4b:b3:79:08: ac:32:fc:94:14:ea:77:68:f8:10:07:e6:0b:d3:72:5b:69:de: a5:06:ce:2f:7b:1d:08:9b:f1:c0:b4:20:d2:bd:05:9f:89:86: 2a:4b:3f:3d:72:38:59:7f:4a:ec:d1:a1:e8:4b:06:5c:22:7a: 3d:9f:9d:41:48:dd:f9:f1:1c:c7:71:73:95:8a:85:83:39:06: ea:9f:e0:5d:17:f8:40:6f:5d:ad:69:9a:81:6c:00:58:a9:bc: a4:05:f3:7d:9c:36:a3:a3:9d:d2:9d:d8:1c:de:2a:62:cc:4b: 14:8f:f9:57:4f:98:79:3c:43:14:1b:f5:2e:a9:d8:cf:26:ea: 89:f1:fa:e4:07:7b:72:0c:87:1f:5e:f7:63:78:83:0b:01:a8: 99:eb:8d:25:b5:a3:19:81:67:3f:1e:53:7f:9b:6e:af:58:11: 46:ba:7b:71:01:4d:b2:b8:49:d0:54:dc:0a:c0:fa:02:43:1d: 44:9b:3b:95:71:e2:ee:c5:b8:63:9e:21:ff:01:e2:f4:91:28: bd:3a:14:01 -----BEGIN CERTIFICATE----- MIIE1zCCA7+gAwIBAgICIIAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDA4 N0RBQjY3MTcyODM2QjA4MjA3NUNFMThCRTVFNUZBNDVENUU5NTAeFw0yNTA5MTMw MzA0MzRaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDRCNkZBMzI1NEZDQkQz OEQyREI0NUY4RDI2MENCOTNEODI5N0NCNzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDn2cJdLs2hpki9668JdQdg8ffFqC3L5ywSb1Ud4vuQyKTV3VtN MJnYhk7GjyoEo1mMbnxHquU/lwV9GXj0g41/nHekeOIo8rNobnnynZcJl0VAIszA 8gv7jyfCpyoboYQHfR53/bHEMQd03d3PYdeiOC0lO1ge7dJ1JwrU9zpTq+5jCTan WyDi0+hoUJUIPZl/hUR5jRugkI945dorLCPXbO8W/BwQGFhakn068oRjh1HuL2on 4QAgoUf3oXM0m7mDc8qhjrey/eGucVO4Zcog57AWkCoGsNKuQnlkHWKJf5OvY/c/ v79LfORQRtakO0JomVJcVdgM0qLQ2OLqOAEtAgMBAAGjggHzMIIB7zAdBgNVHQ4E FgQUS2+jJU/L040ttF+NJgy5PYKXy3EwHwYDVR0jBBgwFoAUQIfatnFyg2sIIHXO GL5eX6RdXpUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjUy Mi9RSWZhdG5GeWcyc0lJSFhPR0w1ZVg2UmRYcFUuY3JsMGMGCCsGAQUFBwEBBFcw VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF M0QwMDAwL1FJZmF0bkZ5ZzJzSUlIWE9HTDVlWDZSZFhwVS5jZXIwDgYDVR0PAQH/ BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI1MjIvUzItakpVX0wwNDB0 dEYtTkpneTVQWUtYeTNFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw BgMEAmdgCDANBgkqhkiG9w0BAQsFAAOCAQEAIQbhlCIizELWOlb88nN9Fou5zE09 IN6Q2a0RkBL438dMvm4SusBcg6zhKqvpH5ZG6hdLs3kIrDL8lBTqd2j4EAfmC9Ny W2nepQbOL3sdCJvxwLQg0r0Fn4mGKks/PXI4WX9K7NGh6EsGXCJ6PZ+dQUjd+fEc x3FzlYqFgzkG6p/gXRf4QG9drWmagWwAWKm8pAXzfZw2o6Od0p3YHN4qYsxLFI/5 V0+YeTxDFBv1LqnYzybqifH65Ad7cgyHH173Y3iDCwGomeuNJbWjGYFnPx5Tf5tu r1gRRrp7cQFNsrhJ0FTcCsD6AkMdRJs7lXHi7sW4Y54h/wHi9JEovToUAQ== -----END CERTIFICATE-----Generated at Mon Oct 20 22:36:03 2025 by rpki-client