$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1055390775090675715/1/21E2A70B0578C674B0BF1FD7BEB3B9B2A62A2DD8.cer File: 21E2A70B0578C674B0BF1FD7BEB3B9B2A62A2DD8.cer (raw, json) Hash identifier: b2038PWaSFvR0NwiCTf0u7q74dmLfkKzdFx2hzo4T+8= Subject key identifier: 21:E2:A7:0B:05:78:C6:74:B0:BF:1F:D7:BE:B3:B9:B2:A6:2A:2D:D8 Authority key identifier: A5:6E:87:2A:40:3E:7B:9C:EB:94:31:A0:8F:54:04:01:D2:FB:D7:10 Certificate issuer: /CN=A9162E3D0001/serialNumber=A56E872A403E7B9CEB9431A08F540401D2FBD710 Certificate serial: 3B66C6727B5079E18E9644B81C758DF02754AF4E Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pW6HKkA-e5zrlDGgj1QEAdL71xA.cer Manifest: rsync://rpki-rps.cnnic.cn/repo/A1096241666697854979/0/21E2A70B0578C674B0BF1FD7BEB3B9B2A62A2DD8.mft caRepository: rsync://rpki-rps.cnnic.cn/repo/A1096241666697854979/0/ Notify URL: https://rrdp-rps.cnnic.cn/rrdp/notification.xml Certificate not before: Tue 14 Apr 2026 01:16:09 +0000 Certificate not after: Tue 13 Apr 2027 01:21:09 +0000 Subordinate resources: AS: 9814 IP: 125.96.0.0 -- 125.98.255.255 IP: 180.202.0.0/15 IP: 210.72.224.0 -- 210.72.247.255 IP: 211.99.0.0/19 IP: 211.160.0.0/16 IP: 2402:3c00::/32 IP: 2408:6000::/24 Validation: OK Signature path: rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.crl rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pW6HKkA-e5zrlDGgj1QEAdL71xA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Fri 17 Apr 2026 17:57:45 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 3b:66:c6:72:7b:50:79:e1:8e:96:44:b8:1c:75:8d:f0:27:54:af:4e Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A9162E3D0001, serialNumber=A56E872A403E7B9CEB9431A08F540401D2FBD710 Validity Not Before: Apr 14 01:16:09 2026 GMT Not After : Apr 13 01:21:09 2027 GMT Subject: CN=21E2A70B0578C674B0BF1FD7BEB3B9B2A62A2DD8 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a5:b7:59:40:2e:bd:44:4e:ef:0b:ae:ee:69:47: 1d:6b:56:60:96:33:17:f6:07:52:2e:89:a4:5c:f0: 15:f4:da:a8:39:c4:40:2b:06:11:80:0c:89:48:19: aa:e9:dc:c5:11:a3:d6:29:c2:00:8c:13:9f:8a:1b: 39:c5:37:90:be:18:99:ff:55:88:2d:8d:f9:b0:e9: 0f:90:18:e4:67:24:d0:db:06:85:ba:bf:06:07:88: e4:df:3f:d5:f9:b4:13:e5:82:74:28:f7:2c:ff:66: 6f:8a:e4:b0:d2:05:40:36:01:81:92:ac:88:68:9b: 5e:bb:cd:7f:f1:9a:64:3f:9f:66:8e:de:91:0e:b5: 67:30:a8:b8:6f:d0:12:17:6e:3a:a9:fd:5f:d8:d0: 89:3e:09:b5:26:52:1b:b0:31:42:71:4e:49:66:d7: 90:60:33:2c:3c:c9:f2:34:93:70:38:8a:09:be:ac: 1e:6e:46:e3:b9:40:6e:84:8f:91:7c:e9:54:c2:94: 7b:4c:a7:d5:0a:12:14:90:b1:29:fe:46:96:15:86: eb:f8:63:59:01:51:15:32:9b:4a:90:93:aa:2f:78: a3:61:57:4c:0c:de:a4:7e:3a:44:72:75:aa:10:49: 89:1f:e5:5a:3d:49:55:4f:26:64:fa:33:3b:fd:3a: 6d:2f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 21:E2:A7:0B:05:78:C6:74:B0:BF:1F:D7:BE:B3:B9:B2:A6:2A:2D:D8 X509v3 Authority Key Identifier: keyid:A5:6E:87:2A:40:3E:7B:9C:EB:94:31:A0:8F:54:04:01:D2:FB:D7:10 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pW6HKkA-e5zrlDGgj1QEAdL71xA.cer Subject Information Access: CA Repository - URI:rsync://rpki-rps.cnnic.cn/repo/A1096241666697854979/0/ RPKI Manifest - URI:rsync://rpki-rps.cnnic.cn/repo/A1096241666697854979/0/21E2A70B0578C674B0BF1FD7BEB3B9B2A62A2DD8.mft RPKI Notify - URI:https://rrdp-rps.cnnic.cn/rrdp/notification.xml X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 125.96.0.0-125.98.255.255 180.202.0.0/15 210.72.224.0-210.72.247.255 211.99.0.0/19 211.160.0.0/16 IPv6: 2402:3c00::/32 2408:6000::/24 sbgp-autonomousSysNum: critical Autonomous System Numbers: 9814 Signature Algorithm: sha256WithRSAEncryption 4a:44:41:04:55:c7:e2:6c:e7:ee:15:7e:40:1b:1c:ed:d9:9b: 47:0f:82:7c:e5:0c:b2:01:96:b3:b1:05:6b:24:74:11:9a:bd: 06:6f:03:80:33:0f:08:21:56:d7:da:03:bf:39:b9:e4:ee:aa: c7:f1:a7:72:7d:1a:d5:69:0d:5f:f4:5a:c2:5c:0c:24:22:b5: ff:eb:0e:78:c6:35:98:63:40:de:15:df:9c:61:58:d0:f4:32: a3:f5:05:13:6d:fd:cd:a9:bc:41:9c:4b:ef:ec:75:79:69:b5: 33:05:0b:e3:0b:4c:7d:21:06:29:ed:37:35:71:44:3e:e4:54: 6a:f5:68:d6:c8:e7:63:e4:03:c7:d3:d0:9d:64:09:5f:e7:f3: 92:b2:2c:18:2a:1f:cb:e0:60:e1:fd:97:57:aa:92:9a:49:a1: 79:d9:b7:d0:ec:3f:78:5e:03:71:a7:cd:a2:77:52:e6:ed:fe: 02:f3:97:83:0d:46:cf:99:c6:d3:a1:c8:24:fc:fc:76:02:fe: 59:bd:d2:60:9a:07:08:60:a3:58:b4:b5:21:a9:2e:fc:a8:bb: 11:ae:8a:af:d1:d0:b7:c8:70:0b:0a:14:da:be:77:20:94:2d: d5:4c:d9:4b:1c:5f:03:ee:a2:f3:eb:ab:12:5e:80:75:4c:bc: 1e:41:ce:ac -----BEGIN CERTIFICATE----- MIIF+zCCBOOgAwIBAgIUO2bGcntQeeGOlkS4HHWN8CdUr04wDQYJKoZIhvcNAQEL BQAwSjEVMBMGA1UEAxMMQTkxNjJFM0QwMDAxMTEwLwYDVQQFEyhBNTZFODcyQTQw M0U3QjlDRUI5NDMxQTA4RjU0MDQwMUQyRkJENzEwMB4XDTI2MDQxNDAxMTYwOVoX DTI3MDQxMzAxMjEwOVowMzExMC8GA1UEAxMoMjFFMkE3MEIwNTc4QzY3NEIwQkYx RkQ3QkVCM0I5QjJBNjJBMkREODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAKW3WUAuvURO7wuu7mlHHWtWYJYzF/YHUi6JpFzwFfTaqDnEQCsGEYAMiUgZ quncxRGj1inCAIwTn4obOcU3kL4Ymf9ViC2N+bDpD5AY5Gck0NsGhbq/BgeI5N8/ 1fm0E+WCdCj3LP9mb4rksNIFQDYBgZKsiGibXrvNf/GaZD+fZo7ekQ61ZzCouG/Q EhduOqn9X9jQiT4JtSZSG7AxQnFOSWbXkGAzLDzJ8jSTcDiKCb6sHm5G47lAboSP kXzpVMKUe0yn1QoSFJCxKf5GlhWG6/hjWQFRFTKbSpCTqi94o2FXTAzepH46RHJ1 qhBJiR/lWj1JVU8mZPozO/06bS8CAwEAAaOCAu4wggLqMA8GA1UdEwEB/wQFMAMB Af8wHQYDVR0OBBYEFCHipwsFeMZ0sL8f176zubKmKi3YMB8GA1UdIwQYMBaAFKVu hypAPnuc65QxoI9UBAHS+9cQMA4GA1UdDwEB/wQEAwIBBjBzBgNVHR8EbDBqMGig ZqBkhmJyc3luYzovL3Jwa2ktcnBzLmNubmljLmNuL3JlcG8vQTEwNTUzOTA3NzUw OTA2NzU3MTUvMS9BNTZFODcyQTQwM0U3QjlDRUI5NDMxQTA4RjU0MDQwMUQyRkJE NzEwLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3 MkZEMUZGMi9wVzZIS2tBLWU1enJsREdnajFRRUFkTDcxeEEuY2VyMIIBAQYIKwYB BQUHAQsEgfQwgfEwQgYIKwYBBQUHMAWGNnJzeW5jOi8vcnBraS1ycHMuY25uaWMu Y24vcmVwby9BMTA5NjI0MTY2NjY5Nzg1NDk3OS8wLzBuBggrBgEFBQcwCoZicnN5 bmM6Ly9ycGtpLXJwcy5jbm5pYy5jbi9yZXBvL0ExMDk2MjQxNjY2Njk3ODU0OTc5 LzAvMjFFMkE3MEIwNTc4QzY3NEIwQkYxRkQ3QkVCM0I5QjJBNjJBMkREOC5tZnQw OwYIKwYBBQUHMA2GL2h0dHBzOi8vcnJkcC1ycHMuY25uaWMuY24vcnJkcC9ub3Rp ZmljYXRpb24ueG1sMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwWAYIKwYBBQUH AQcBAf8ESTBHMDAEAgABMCowCgMDBX1gAwMAfWIDAwG0yjAMAwQF0kjgAwQD0kjw AwQF02MAAwMA06AwEwQCAAIwDQMFACQCPAADBAAkCGAwGQYIKwYBBQUHAQgBAf8E CjAIoAYwBAICJlYwDQYJKoZIhvcNAQELBQADggEBAEpEQQRVx+Js5+4VfkAbHO3Z m0cPgnzlDLIBlrOxBWskdBGavQZvA4AzDwghVtfaA785ueTuqsfxp3J9GtVpDV/0 WsJcDCQitf/rDnjGNZhjQN4V35xhWND0MqP1BRNt/c2pvEGcS+/sdXlptTMFC+ML TH0hBintNzVxRD7kVGr1aNbI52PkA8fT0J1kCV/n85KyLBgqH8vgYOH9l1eqkppJ oXnZt9DsP3heA3GnzaJ3Uubt/gLzl4MNRs+ZxtOhyCT8/HYC/lm90mCaBwhgo1i0 tSGpLvyouxGuiq/R0LfIcAsKFNq+dyCULdVM2UscXwPuovPrqxJegHVMvB5Bzqw= -----END CERTIFICATE-----Generated at Thu Apr 16 23:53:51 2026 by rpki-client