$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/817/CJbX145KFJe7eYBediiY6I2tKJQ.roa File: CJbX145KFJe7eYBediiY6I2tKJQ.roa (raw, json) Hash identifier: LjTjlN7I+yyu6LDIatzGnfv/3ElYQLJ31kkmxqxMxUk= Subject key identifier: 08:96:D7:D7:8E:4A:14:97:BB:79:80:5E:76:28:98:E8:8D:AD:28:94 Certificate issuer: /CN=2A711AA7DC60049B0B0D884897E015B1171F37B9 Certificate serial: 21FE Authority key identifier: 2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9 Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/CJbX145KFJe7eYBediiY6I2tKJQ.roa Signing time: Sat 13 Sep 2025 03:03:48 +0000 ROA not before: Sat 13 Sep 2025 03:03:48 +0000 ROA not after: Mon 03 Aug 2026 08:44:40 +0000 asID: 4811 IP address blocks: 2401:3480:2000::/48 maxlen: 48 Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Mon 20 Oct 2025 23:00:34 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 8702 (0x21fe) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=2A711AA7DC60049B0B0D884897E015B1171F37B9 Validity Not Before: Sep 13 03:03:48 2025 GMT Not After : Aug 3 08:44:40 2026 GMT Subject: CN=0896D7D78E4A1497BB79805E762898E88DAD2894 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b4:f3:03:3c:eb:1d:dd:34:40:63:bf:63:6e:fb: 50:66:20:f0:16:28:e3:28:d1:c0:ef:43:37:2b:e1: e4:8d:fb:28:b3:07:c4:5c:ff:88:53:8e:ee:17:d1: 54:39:17:28:8f:e0:d4:d6:59:4a:32:8d:88:45:66: cc:22:0b:5a:58:ca:74:c3:3c:82:bb:14:16:2e:67: 04:73:94:3a:be:85:10:3e:8b:fb:92:ad:0a:86:50: 89:7c:29:d6:2a:f8:1e:8c:ac:72:b2:bf:94:8d:da: 8c:4f:c7:04:10:0a:b4:d2:ee:db:37:56:c7:eb:00: ff:6e:ce:e9:24:92:f8:d2:15:fe:c6:63:6a:bf:89: e6:ff:32:12:a5:5b:c5:d5:f8:75:9a:f2:47:c7:6d: 37:2f:ab:c5:7f:44:76:99:3f:1c:a2:16:a1:7e:ad: a7:50:16:1b:23:ec:23:b3:35:e6:e5:f6:c6:15:2f: d9:a0:08:d8:e3:35:6b:cb:65:7f:cc:2e:39:3f:3d: f3:3a:ef:43:ac:9e:db:82:d1:91:b8:51:2c:75:d5: 64:8d:3b:a0:5e:48:7b:74:38:cb:08:d9:ff:50:a8: 32:44:d3:0c:eb:2c:2a:db:4d:c7:6e:cf:1a:54:84: 35:95:1e:24:f3:99:ca:11:1d:82:99:56:b1:9c:5b: 7a:f9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 08:96:D7:D7:8E:4A:14:97:BB:79:80:5E:76:28:98:E8:8D:AD:28:94 X509v3 Authority Key Identifier: keyid:2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9 X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/CJbX145KFJe7eYBediiY6I2tKJQ.roa RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-ipAddrBlock: critical IPv6: 2401:3480:2000::/48 Signature Algorithm: sha256WithRSAEncryption 21:ef:aa:36:a0:2a:cf:f8:2b:01:61:c4:f9:0a:21:7d:9f:84: a2:46:e8:7b:67:47:a6:31:80:55:28:19:80:7a:bd:fe:6e:70: 16:e8:0a:07:ce:0a:06:d2:80:70:a9:b6:5c:bc:9b:40:9b:41: 28:29:26:fd:c1:f8:fa:9c:da:38:4e:81:0c:26:76:d0:8c:c2: 57:56:9d:de:2d:ab:21:84:64:5f:ec:d2:ac:cb:c9:b1:8f:ef: d7:54:b4:15:09:22:e6:a5:9d:f1:4f:c9:e5:b7:ea:4c:99:06: 1b:c7:73:a5:f4:22:ea:50:72:be:00:4e:be:de:b4:d4:df:14: 27:30:8d:cd:fe:28:62:00:64:3b:c4:23:4a:11:cb:91:85:3c: 05:0b:f8:02:e7:3e:d1:22:98:83:7f:ea:fc:41:5a:2d:e3:31: f5:1e:a5:83:a0:41:af:8d:36:f7:81:43:49:e8:31:d6:7f:d2: ce:1e:bc:6f:2d:96:6b:5f:58:3e:80:20:16:38:a9:f0:d8:2b: 27:50:43:e0:e7:c5:e3:76:46:0d:36:88:0a:7c:e1:98:a1:d1: 32:58:49:4a:87:be:bd:33:b5:05:c5:ad:cd:1a:a7:ef:54:e7: e3:6b:c3:d2:d2:13:e6:8d:63:e8:22:b6:65:0c:9c:60:a8:93: 21:a6:4e:1e -----BEGIN CERTIFICATE----- MIIE2DCCA8CgAwIBAgICIf4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkE3 MTFBQTdEQzYwMDQ5QjBCMEQ4ODQ4OTdFMDE1QjExNzFGMzdCOTAeFw0yNTA5MTMw MzAzNDhaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDA4OTZEN0Q3OEU0QTE0 OTdCQjc5ODA1RTc2Mjg5OEU4OERBRDI4OTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQC08wM86x3dNEBjv2Nu+1BmIPAWKOMo0cDvQzcr4eSN+yizB8Rc /4hTju4X0VQ5FyiP4NTWWUoyjYhFZswiC1pYynTDPIK7FBYuZwRzlDq+hRA+i/uS rQqGUIl8KdYq+B6MrHKyv5SN2oxPxwQQCrTS7ts3VsfrAP9uzukkkvjSFf7GY2q/ ieb/MhKlW8XV+HWa8kfHbTcvq8V/RHaZPxyiFqF+radQFhsj7COzNebl9sYVL9mg CNjjNWvLZX/MLjk/PfM670OsntuC0ZG4USx11WSNO6BeSHt0OMsI2f9QqDJE0wzr LCrbTcduzxpUhDWVHiTzmcoRHYKZVrGcW3r5AgMBAAGjggH0MIIB8DAdBgNVHQ4E FgQUCJbX145KFJe7eYBediiY6I2tKJQwHwYDVR0jBBgwFoAUKnEap9xgBJsLDYhI l+AVsRcfN7kwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3 L0tuRWFwOXhnQkpzTERZaElsLUFWc1JjZk43ay5jcmwwYwYIKwYBBQUHAQEEVzBV MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz RDAwMDAvS25FYXA5eGdCSnNMRFloSWwtQVZzUmNmTjdrLmNlcjAOBgNVHQ8BAf8E BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3L0NKYlgxNDVLRkplN2VZ QmVkaWlZNkkydEtKUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p Yy5jbi9ycmRwL25vdGlmeS54bWwwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkD BwAkATSAIAAwDQYJKoZIhvcNAQELBQADggEBACHvqjagKs/4KwFhxPkKIX2fhKJG 6HtnR6YxgFUoGYB6vf5ucBboCgfOCgbSgHCptly8m0CbQSgpJv3B+Pqc2jhOgQwm dtCMwldWnd4tqyGEZF/s0qzLybGP79dUtBUJIualnfFPyeW36kyZBhvHc6X0IupQ cr4ATr7etNTfFCcwjc3+KGIAZDvEI0oRy5GFPAUL+ALnPtEimIN/6vxBWi3jMfUe pYOgQa+NNveBQ0noMdZ/0s4evG8tlmtfWD6AIBY4qfDYKydQQ+DnxeN2Rg02iAp8 4Zih0TJYSUqHvr0ztQXFrc0ap+9U5+Nrw9LSE+aNY+gitmUMnGCokyGmTh4= -----END CERTIFICATE-----Generated at Mon Oct 20 19:50:52 2025 by rpki-client