$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2620/tkqVNxepgrss0_proul-YA3tOPU.roa File: tkqVNxepgrss0_proul-YA3tOPU.roa (raw, json) Hash identifier: +s1yBXbq7JebgQLhF6St4gtAnyboEtNX9nSRGW4VZuE= Subject key identifier: B6:4A:95:37:17:A9:82:BB:2C:D3:FA:6B:A2:E9:7E:60:0D:ED:38:F5 Certificate issuer: /CN=21DC875965C2BA61D1DACBB48DEE140554AA5AEF Certificate serial: 19EA Authority key identifier: 21:DC:87:59:65:C2:BA:61:D1:DA:CB:B4:8D:EE:14:05:54:AA:5A:EF Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IdyHWWXCumHR2su0je4UBVSqWu8.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/tkqVNxepgrss0_proul-YA3tOPU.roa Signing time: Mon 26 Jan 2026 06:52:56 +0000 ROA not before: Mon 26 Jan 2026 06:52:56 +0000 ROA not after: Sat 09 Jan 2027 08:23:18 +0000 asID: 58593 IP address blocks: 40.72.255.0/24 maxlen: 32 Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/IdyHWWXCumHR2su0je4UBVSqWu8.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/IdyHWWXCumHR2su0je4UBVSqWu8.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IdyHWWXCumHR2su0je4UBVSqWu8.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1xHsDTeBWKRHb-bqfXClSpUZWhE.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1xHsDTeBWKRHb-bqfXClSpUZWhE.mft rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/1xHsDTeBWKRHb-bqfXClSpUZWhE.cer rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Mon 02 Mar 2026 15:58:29 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 6634 (0x19ea) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=21DC875965C2BA61D1DACBB48DEE140554AA5AEF Validity Not Before: Jan 26 06:52:56 2026 GMT Not After : Jan 9 08:23:18 2027 GMT Subject: CN=B64A953717A982BB2CD3FA6BA2E97E600DED38F5 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:bb:6f:69:ff:f7:9b:87:d0:33:fe:c4:d5:28:c8: 85:8e:51:3e:e0:8a:6a:27:1a:f7:63:8c:be:43:95: e0:a0:67:ef:43:c3:77:c9:dd:69:0a:90:45:5c:d4: 11:dc:2e:a8:0e:50:47:07:e9:1e:cf:d2:8c:d3:1d: ff:81:e7:17:07:f4:23:93:0f:64:ae:25:47:60:af: 5a:a9:d8:73:c4:3d:00:2c:0c:e6:48:32:1e:c7:03: 2c:5f:1a:b5:37:02:34:58:20:04:8a:7c:62:88:1b: 19:78:b5:f8:6e:b1:f4:81:35:a0:3f:ce:b0:3a:05: c7:af:bf:ed:72:32:ef:f4:5f:5d:dd:33:30:e6:96: b9:40:9c:b3:e4:ac:1f:47:a6:b0:bc:e2:36:5b:44: 77:90:0d:6e:05:dc:eb:19:d2:92:e0:b0:6d:f7:18: fe:8a:53:26:9d:06:fb:3b:e2:bc:de:c6:15:07:20: 0a:b3:e0:56:9a:78:8b:1c:cc:55:e1:83:a3:62:36: df:de:5f:20:2c:9b:3b:c1:c4:4c:1a:c0:0d:82:6d: bf:d9:81:9e:9c:af:df:44:95:d6:5e:16:ee:6d:3f: f6:40:ed:d8:6d:9f:00:61:52:c7:a9:b8:65:e3:78: 29:69:61:a9:1b:54:df:c6:52:34:33:94:d3:53:30: 95:93 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: B6:4A:95:37:17:A9:82:BB:2C:D3:FA:6B:A2:E9:7E:60:0D:ED:38:F5 X509v3 Authority Key Identifier: keyid:21:DC:87:59:65:C2:BA:61:D1:DA:CB:B4:8D:EE:14:05:54:AA:5A:EF X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/IdyHWWXCumHR2su0je4UBVSqWu8.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IdyHWWXCumHR2su0je4UBVSqWu8.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/tkqVNxepgrss0_proul-YA3tOPU.roa RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-ipAddrBlock: critical IPv4: 40.72.255.0/24 Signature Algorithm: sha256WithRSAEncryption 3a:65:8e:53:12:ae:31:38:fc:2c:45:59:6f:bb:bd:69:b6:00: fa:16:12:80:31:2e:58:97:5e:55:fa:e6:fb:74:52:e6:70:62: 29:ff:33:76:d0:96:4d:2d:21:02:91:47:78:9b:f2:b0:a1:10: ab:b0:45:10:4b:73:69:5c:94:a7:8c:6e:e9:d2:3c:81:c3:b5: 46:55:38:e0:a5:8c:f8:5c:63:9c:5a:33:d7:f2:64:3c:81:ad: e5:27:7d:72:15:b6:ca:f7:15:8a:6f:b8:39:5a:2f:b0:19:7f: 2e:9b:b5:2f:bc:f4:57:a5:87:8f:40:9f:34:a4:0e:f8:42:b4: 7e:25:3b:88:15:b0:06:40:d2:57:6b:b4:a0:37:11:4d:65:87: 95:15:e4:ec:a2:af:de:df:98:16:8e:2e:14:90:80:7c:b1:0b: e1:2b:b6:06:d0:68:68:bd:20:a1:4d:76:9d:83:6b:ee:5f:98: 97:c2:96:41:48:aa:36:87:9c:a2:ee:aa:d1:51:e1:07:ab:49: b6:2f:75:31:b6:c1:f7:94:1f:a2:a6:2c:84:b9:d5:e1:fe:32: c3:25:e8:4e:d0:3c:64:81:31:ac:df:f3:6a:4d:44:6b:c8:0f: 9d:22:2a:aa:89:aa:9a:47:d5:06:38:f5:ef:11:21:55:a8:c5: f3:e9:80:f2 -----BEGIN CERTIFICATE----- MIIE1zCCA7+gAwIBAgICGeowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMjFE Qzg3NTk2NUMyQkE2MUQxREFDQkI0OERFRTE0MDU1NEFBNUFFRjAeFw0yNjAxMjYw NjUyNTZaFw0yNzAxMDkwODIzMThaMDMxMTAvBgNVBAMTKEI2NEE5NTM3MTdBOTgy QkIyQ0QzRkE2QkEyRTk3RTYwMERFRDM4RjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQC7b2n/95uH0DP+xNUoyIWOUT7gimonGvdjjL5DleCgZ+9Dw3fJ 3WkKkEVc1BHcLqgOUEcH6R7P0ozTHf+B5xcH9COTD2SuJUdgr1qp2HPEPQAsDOZI Mh7HAyxfGrU3AjRYIASKfGKIGxl4tfhusfSBNaA/zrA6Bcevv+1yMu/0X13dMzDm lrlAnLPkrB9HprC84jZbRHeQDW4F3OsZ0pLgsG33GP6KUyadBvs74rzexhUHIAqz 4FaaeIsczFXhg6NiNt/eXyAsmzvBxEwawA2Cbb/ZgZ6cr99EldZeFu5tP/ZA7dht nwBhUsepuGXjeClpYakbVN/GUjQzlNNTMJWTAgMBAAGjggHzMIIB7zAdBgNVHQ4E FgQUtkqVNxepgrss0/proul+YA3tOPUwHwYDVR0jBBgwFoAUIdyHWWXCumHR2su0 je4UBVSqWu8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjYy MC9JZHlIV1dYQ3VtSFIyc3UwamU0VUJWU3FXdTguY3JsMGMGCCsGAQUFBwEBBFcw VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF M0QwMDAwL0lkeUhXV1hDdW1IUjJzdTBqZTRVQlZTcVd1OC5jZXIwDgYDVR0PAQH/ BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2MjAvdGtxVk54ZXBncnNz MF9wcm91bC1ZQTN0T1BVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw BgMEAChI/zANBgkqhkiG9w0BAQsFAAOCAQEAOmWOUxKuMTj8LEVZb7u9abYA+hYS gDEuWJdeVfrm+3RS5nBiKf8zdtCWTS0hApFHeJvysKEQq7BFEEtzaVyUp4xu6dI8 gcO1RlU44KWM+FxjnFoz1/JkPIGt5Sd9chW2yvcVim+4OVovsBl/Lpu1L7z0V6WH j0CfNKQO+EK0fiU7iBWwBkDSV2u0oDcRTWWHlRXk7KKv3t+YFo4uFJCAfLEL4Su2 BtBoaL0goU12nYNr7l+Yl8KWQUiqNoecou6q0VHhB6tJti91MbbB95QfoqYshLnV 4f4ywyXoTtA8ZIExrN/zak1Ea8gPnSIqqomqmkfVBjj17xEhVajF8+mA8g== -----END CERTIFICATE-----Generated at Mon Mar 2 13:10:48 2026 by rpki-client