$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2889/XXKUC_jUdfsh3-6DY8kDdpvzUuk.roa File: XXKUC_jUdfsh3-6DY8kDdpvzUuk.roa (raw, json) Hash identifier: VYF+iRwgE2+53/k7HEAnfhbiGDtC8oHgOZL9gcS5l0g= Subject key identifier: 5D:72:94:0B:F8:D4:75:FB:21:DF:EE:83:63:C9:03:76:9B:F3:52:E9 Certificate issuer: /CN=A93A86712684A72E5DF41F00AFA04C5F01A97735 Certificate serial: 2070 Authority key identifier: A9:3A:86:71:26:84:A7:2E:5D:F4:1F:00:AF:A0:4C:5F:01:A9:77:35 Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/qTqGcSaEpy5d9B8Ar6BMXwGpdzU.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2889/XXKUC_jUdfsh3-6DY8kDdpvzUuk.roa Signing time: Sat 13 Sep 2025 03:09:26 +0000 ROA not before: Sat 13 Sep 2025 03:09:26 +0000 ROA not after: Mon 03 Aug 2026 08:44:40 +0000 asID: 139021 IP address blocks: 218.247.80.0/22 maxlen: 22 Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2889/qTqGcSaEpy5d9B8Ar6BMXwGpdzU.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2889/qTqGcSaEpy5d9B8Ar6BMXwGpdzU.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/qTqGcSaEpy5d9B8Ar6BMXwGpdzU.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Mon 20 Oct 2025 13:37:50 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 8304 (0x2070) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A93A86712684A72E5DF41F00AFA04C5F01A97735 Validity Not Before: Sep 13 03:09:26 2025 GMT Not After : Aug 3 08:44:40 2026 GMT Subject: CN=5D72940BF8D475FB21DFEE8363C903769BF352E9 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d9:8e:80:d3:11:aa:ba:c6:c0:c3:23:72:3d:33: af:3b:67:4b:ab:1b:cf:fd:3c:ef:2d:36:56:62:d6: 31:a0:4e:2e:c7:5e:1c:d6:29:49:a8:bc:a7:aa:d0: 4d:3f:7d:74:54:41:94:fb:e1:81:c7:66:46:12:a6: 06:8f:ef:b3:7f:89:9c:19:c7:ba:c9:57:b3:97:14: 70:75:f9:3d:2d:41:a8:b6:86:99:43:3d:80:d9:63: 9a:ab:5d:b6:e6:55:1c:43:b5:5a:cb:32:8b:2c:9c: 63:dd:3c:d5:86:4f:38:be:ec:53:86:fb:e1:d2:f1: e3:21:81:e1:e5:68:41:c9:7b:3d:a1:95:63:64:c1: 13:b1:65:9f:74:a0:a3:d5:b3:40:d1:d9:98:cb:85: 9f:d8:a6:cd:f1:f4:0c:20:53:44:85:e7:3d:0a:87: 3a:d5:ae:2f:73:97:b9:03:b1:eb:4b:7d:ec:e0:13: 39:75:c7:ce:ae:a2:9c:38:db:11:94:7e:bc:5f:3c: 1b:be:9d:80:f3:c2:0f:5c:21:83:6d:f4:3f:6b:e2: 9e:ec:88:13:4b:9a:3a:3c:94:44:58:06:0f:6b:9e: 42:7e:e9:9c:19:16:c9:f1:7c:9c:82:a9:8f:45:d7: 4a:75:91:cb:6d:76:51:81:2d:04:9f:f1:cc:25:0d: 47:dd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 5D:72:94:0B:F8:D4:75:FB:21:DF:EE:83:63:C9:03:76:9B:F3:52:E9 X509v3 Authority Key Identifier: keyid:A9:3A:86:71:26:84:A7:2E:5D:F4:1F:00:AF:A0:4C:5F:01:A9:77:35 X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2889/qTqGcSaEpy5d9B8Ar6BMXwGpdzU.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/qTqGcSaEpy5d9B8Ar6BMXwGpdzU.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2889/XXKUC_jUdfsh3-6DY8kDdpvzUuk.roa RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-ipAddrBlock: critical IPv4: 218.247.80.0/22 Signature Algorithm: sha256WithRSAEncryption 78:26:01:db:42:c2:54:7a:39:4e:32:9d:cb:16:2b:15:19:d5: 60:4a:72:f3:51:7a:49:40:97:d6:1d:4c:73:b3:83:6b:a2:9c: 24:59:88:31:38:a5:bd:ad:10:4d:4c:dd:83:a9:d0:c0:9b:55: 90:e1:7f:7a:0c:d0:97:d5:0e:53:ad:15:2d:68:35:df:8c:99: 50:03:56:24:79:3c:b1:2a:87:14:8f:d3:4b:0e:0d:22:60:a7: cb:2c:f6:cc:45:59:cc:66:ae:f1:ea:5e:db:3e:ea:15:34:21: 32:f0:b5:e9:38:0a:d5:1f:7b:8a:c0:29:f9:fc:5c:31:65:6d: b4:3d:48:eb:58:4d:b1:37:85:82:91:be:e3:62:ae:f3:8e:ae: f9:d5:16:84:82:bc:71:ee:3d:ca:2c:e5:b3:33:f6:5b:bd:e7: 68:e9:bb:9d:24:d7:db:6a:c6:85:ee:78:4d:77:91:5e:7d:7b: e1:31:9a:98:e6:bf:22:a2:d1:20:f1:5b:a5:96:c0:d0:14:4b: b8:53:ed:05:14:5a:2d:5d:f4:c7:9e:22:43:5b:ab:23:a0:e6: 6f:ac:61:bd:68:8f:52:25:d2:fa:8a:b3:c2:5f:b4:ca:14:a2: f3:2d:9f:04:3e:ae:d5:4c:77:a7:48:a1:2e:46:47:30:10:78: 0b:8f:ce:17 -----BEGIN CERTIFICATE----- MIIE1zCCA7+gAwIBAgICIHAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQTkz QTg2NzEyNjg0QTcyRTVERjQxRjAwQUZBMDRDNUYwMUE5NzczNTAeFw0yNTA5MTMw MzA5MjZaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDVENzI5NDBCRjhENDc1 RkIyMURGRUU4MzYzQzkwMzc2OUJGMzUyRTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDZjoDTEaq6xsDDI3I9M687Z0urG8/9PO8tNlZi1jGgTi7HXhzW KUmovKeq0E0/fXRUQZT74YHHZkYSpgaP77N/iZwZx7rJV7OXFHB1+T0tQai2hplD PYDZY5qrXbbmVRxDtVrLMossnGPdPNWGTzi+7FOG++HS8eMhgeHlaEHJez2hlWNk wROxZZ90oKPVs0DR2ZjLhZ/Yps3x9AwgU0SF5z0KhzrVri9zl7kDsetLfezgEzl1 x86uopw42xGUfrxfPBu+nYDzwg9cIYNt9D9r4p7siBNLmjo8lERYBg9rnkJ+6ZwZ FsnxfJyCqY9F10p1kcttdlGBLQSf8cwlDUfdAgMBAAGjggHzMIIB7zAdBgNVHQ4E FgQUXXKUC/jUdfsh3+6DY8kDdpvzUukwHwYDVR0jBBgwFoAUqTqGcSaEpy5d9B8A r6BMXwGpdzUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjg4 OS9xVHFHY1NhRXB5NWQ5QjhBcjZCTVh3R3BkelUuY3JsMGMGCCsGAQUFBwEBBFcw VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF M0QwMDAwL3FUcUdjU2FFcHk1ZDlCOEFyNkJNWHdHcGR6VS5jZXIwDgYDVR0PAQH/ BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI4ODkvWFhLVUNfalVkZnNo My02RFk4a0RkcHZ6VXVrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw BgMEAtr3UDANBgkqhkiG9w0BAQsFAAOCAQEAeCYB20LCVHo5TjKdyxYrFRnVYEpy 81F6SUCX1h1Mc7ODa6KcJFmIMTilva0QTUzdg6nQwJtVkOF/egzQl9UOU60VLWg1 34yZUANWJHk8sSqHFI/TSw4NImCnyyz2zEVZzGau8epe2z7qFTQhMvC16TgK1R97 isAp+fxcMWVttD1I61hNsTeFgpG+42Ku846u+dUWhIK8ce49yizlszP2W73naOm7 nSTX22rGhe54TXeRXn174TGamOa/IqLRIPFbpZbA0BRLuFPtBRRaLV30x54iQ1ur I6Dmb6xhvWiPUiXS+oqzwl+0yhSi8y2fBD6u1Ux3p0ihLkZHMBB4C4/OFw== -----END CERTIFICATE-----Generated at Mon Oct 20 11:19:14 2025 by rpki-client