$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2927/0vXteHc651-iGtEnYAlVi-M2f4o.roa File: 0vXteHc651-iGtEnYAlVi-M2f4o.roa (raw, json) Hash identifier: F2CMw2t7dheHN9vVzrGGD4LZ1xy37GXKvI3rpHWp1GY= Subject key identifier: D2:F5:ED:78:77:3A:E7:5F:A2:1A:D1:27:60:09:55:8B:E3:36:7F:8A Certificate issuer: /CN=73D211D5B210E3B196054DB71892D8E38A4E09EF Certificate serial: 9C Authority key identifier: 73:D2:11:D5:B2:10:E3:B1:96:05:4D:B7:18:92:D8:E3:8A:4E:09:EF Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/c9IR1bIQ47GWBU23GJLY44pOCe8.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2927/0vXteHc651-iGtEnYAlVi-M2f4o.roa Signing time: Wed 23 Jul 2025 01:36:58 +0000 ROA not before: Wed 23 Jul 2025 01:36:58 +0000 ROA not after: Thu 25 Jun 2026 02:35:12 +0000 asID: 151302 IP address blocks: 43.249.169.0/24 maxlen: 24 Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2927/c9IR1bIQ47GWBU23GJLY44pOCe8.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2927/c9IR1bIQ47GWBU23GJLY44pOCe8.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/c9IR1bIQ47GWBU23GJLY44pOCe8.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Thu 14 Aug 2025 13:02:15 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 156 (0x9c) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=73D211D5B210E3B196054DB71892D8E38A4E09EF Validity Not Before: Jul 23 01:36:58 2025 GMT Not After : Jun 25 02:35:12 2026 GMT Subject: CN=D2F5ED78773AE75FA21AD1276009558BE3367F8A Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c7:b8:42:d6:2f:1b:35:ee:2f:5c:85:36:17:6a: fa:c0:71:0c:76:c7:e1:db:fd:97:db:66:80:d4:17: 4e:2b:c6:d9:af:61:f9:ad:07:a1:ed:00:d4:d5:64: 25:cf:04:50:55:f7:18:23:0b:fd:f7:e3:36:fa:b3: 9a:fe:aa:5b:19:3e:a2:dc:59:1e:42:60:7c:e1:39: e0:17:31:7d:f4:9b:99:e0:26:b3:e3:4d:9f:e7:0a: e0:24:e1:50:07:cf:b1:3f:d5:71:75:3a:87:fd:d5: bd:f5:fc:d9:af:af:83:ea:60:94:8c:ee:e0:e5:88: bc:a0:f7:23:ea:e7:c0:cb:6b:48:9e:bd:a3:f7:55: be:78:e1:75:83:15:a4:b7:33:8e:4f:95:4a:46:36: 2c:b8:74:44:14:df:3e:6d:fb:b0:78:d7:29:6f:d7: 5a:2b:05:04:07:85:d9:31:83:5c:1d:f8:a7:be:6d: 39:99:38:7c:cb:60:bd:d1:f5:0c:da:48:5c:d2:a4: 72:d1:50:6f:1c:4d:84:1d:db:18:00:81:e1:92:34: 1f:18:8d:70:d4:29:6a:c2:ab:6d:99:77:15:ab:f1: be:6c:61:c3:9f:0e:28:f0:08:4a:7e:44:84:cd:0d: b0:d6:ce:60:65:41:09:44:3d:c2:90:c7:37:32:8a: 4b:e9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: D2:F5:ED:78:77:3A:E7:5F:A2:1A:D1:27:60:09:55:8B:E3:36:7F:8A X509v3 Authority Key Identifier: keyid:73:D2:11:D5:B2:10:E3:B1:96:05:4D:B7:18:92:D8:E3:8A:4E:09:EF X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2927/c9IR1bIQ47GWBU23GJLY44pOCe8.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/c9IR1bIQ47GWBU23GJLY44pOCe8.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2927/0vXteHc651-iGtEnYAlVi-M2f4o.roa RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-ipAddrBlock: critical IPv4: 43.249.169.0/24 Signature Algorithm: sha256WithRSAEncryption 62:69:18:cb:ce:d9:73:b8:27:1b:db:58:10:d4:8f:cb:ea:c9: d9:d3:fb:d7:27:dd:6c:5d:f5:0f:e0:1f:1c:da:b0:f4:db:8d: c3:77:02:e9:e2:25:83:55:ae:2d:ad:2d:bc:59:f1:06:db:a3: fa:e6:11:ca:17:41:84:52:e9:b8:c1:19:d8:61:74:75:8c:87: e6:5f:b3:cf:f9:d1:32:37:d9:b8:a2:9c:ba:57:85:f7:1b:b2: 4a:50:0b:56:88:60:c8:94:19:c4:10:27:06:cb:82:23:da:56: 94:8a:2e:0f:a3:0a:3f:74:b3:ff:16:ac:c8:21:fa:96:d9:36: 69:fd:bb:3a:b7:73:28:d5:52:8a:43:d7:d6:2d:2b:7e:65:db: 4f:c6:68:9d:d6:d5:7f:61:53:0a:62:ca:28:e2:ab:fc:ce:c2: 12:6e:db:cf:37:95:90:98:72:ff:cd:30:bc:45:bd:fe:3e:42: 0e:f5:de:82:43:00:34:73:d3:97:1a:dd:08:fb:e1:93:8e:a6: d3:db:e6:68:01:fa:2e:cc:a1:a2:52:cd:2b:0d:be:9d:28:d5: 20:95:51:16:2b:5b:86:bc:30:37:a2:82:9b:f6:62:77:8e:53: db:18:3d:96:71:5c:fd:13:7b:04:f9:49:d2:83:53:40:2e:9c: d2:fc:5e:f6 -----BEGIN CERTIFICATE----- MIIE1zCCA7+gAwIBAgICAJwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzNE MjExRDVCMjEwRTNCMTk2MDU0REI3MTg5MkQ4RTM4QTRFMDlFRjAeFw0yNTA3MjMw MTM2NThaFw0yNjA2MjUwMjM1MTJaMDMxMTAvBgNVBAMTKEQyRjVFRDc4NzczQUU3 NUZBMjFBRDEyNzYwMDk1NThCRTMzNjdGOEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDHuELWLxs17i9chTYXavrAcQx2x+Hb/ZfbZoDUF04rxtmvYfmt B6HtANTVZCXPBFBV9xgjC/334zb6s5r+qlsZPqLcWR5CYHzhOeAXMX30m5ngJrPj TZ/nCuAk4VAHz7E/1XF1Oof91b31/Nmvr4PqYJSM7uDliLyg9yPq58DLa0ievaP3 Vb544XWDFaS3M45PlUpGNiy4dEQU3z5t+7B41ylv11orBQQHhdkxg1wd+Ke+bTmZ OHzLYL3R9QzaSFzSpHLRUG8cTYQd2xgAgeGSNB8YjXDUKWrCq22ZdxWr8b5sYcOf DijwCEp+RITNDbDWzmBlQQlEPcKQxzcyikvpAgMBAAGjggHzMIIB7zAdBgNVHQ4E FgQU0vXteHc651+iGtEnYAlVi+M2f4owHwYDVR0jBBgwFoAUc9IR1bIQ47GWBU23 GJLY44pOCe8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjky Ny9jOUlSMWJJUTQ3R1dCVTIzR0pMWTQ0cE9DZTguY3JsMGMGCCsGAQUFBwEBBFcw VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF M0QwMDAwL2M5SVIxYklRNDdHV0JVMjNHSkxZNDRwT0NlOC5jZXIwDgYDVR0PAQH/ BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI5MjcvMHZYdGVIYzY1MS1p R3RFbllBbFZpLU0yZjRvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw BgMEACv5qTANBgkqhkiG9w0BAQsFAAOCAQEAYmkYy87Zc7gnG9tYENSPy+rJ2dP7 1yfdbF31D+AfHNqw9NuNw3cC6eIlg1WuLa0tvFnxBtuj+uYRyhdBhFLpuMEZ2GF0 dYyH5l+zz/nRMjfZuKKculeF9xuySlALVohgyJQZxBAnBsuCI9pWlIouD6MKP3Sz /xasyCH6ltk2af27OrdzKNVSikPX1i0rfmXbT8ZondbVf2FTCmLKKOKr/M7CEm7b zzeVkJhy/80wvEW9/j5CDvXegkMANHPTlxrdCPvhk46m09vmaAH6LsyholLNKw2+ nSjVIJVRFitbhrwwN6KCm/Zid45T2xg9lnFc/RN7BPlJ0oNTQC6c0vxe9g== -----END CERTIFICATE-----Generated at Thu Aug 14 11:06:06 2025 by rpki-client