$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2988/sfuB7dNVQ9f1FokZ_OrVFV_UCvI.roa File: sfuB7dNVQ9f1FokZ_OrVFV_UCvI.roa (raw, json) Hash identifier: i3ZyghyUgF4y+pkbHG5zVgIztn5YNrIiihQP1pglqiE= Subject key identifier: B1:FB:81:ED:D3:55:43:D7:F5:16:89:19:FC:EA:D5:15:5F:D4:0A:F2 Certificate issuer: /CN=012D4317BCA1660F88066F890F8C04AF557000CB Certificate serial: 21DF Authority key identifier: 01:2D:43:17:BC:A1:66:0F:88:06:6F:89:0F:8C:04:AF:55:70:00:CB Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/AS1DF7yhZg-IBm-JD4wEr1VwAMs.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2988/sfuB7dNVQ9f1FokZ_OrVFV_UCvI.roa Signing time: Fri 17 Jan 2025 01:28:45 +0000 ROA not before: Fri 17 Jan 2025 01:28:45 +0000 ROA not after: Sat 27 Sep 2025 02:40:14 +0000 asID: 4538 IP address blocks: 2406:3340::/36 maxlen: 36 2406:3340:1000::/36 maxlen: 36 2406:3340:2000::/36 maxlen: 36 2406:3340:3000::/36 maxlen: 36 Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2988/AS1DF7yhZg-IBm-JD4wEr1VwAMs.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2988/AS1DF7yhZg-IBm-JD4wEr1VwAMs.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/AS1DF7yhZg-IBm-JD4wEr1VwAMs.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Sat 26 Apr 2025 14:39:44 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 8671 (0x21df) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=012D4317BCA1660F88066F890F8C04AF557000CB Validity Not Before: Jan 17 01:28:45 2025 GMT Not After : Sep 27 02:40:14 2025 GMT Subject: CN=B1FB81EDD35543D7F5168919FCEAD5155FD40AF2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a1:bd:68:18:a6:47:58:50:25:f4:9c:c4:bd:62: fe:8a:c5:9b:cb:ea:77:5a:a5:aa:08:67:d0:0f:52: 6b:63:8c:0f:2b:12:14:13:46:fa:0a:35:2a:5e:4e: 98:ba:a1:00:a0:62:f0:6d:fc:36:69:91:ad:18:fa: 75:56:0d:aa:46:c8:9e:17:82:9e:ee:72:f2:c9:01: 33:7b:01:74:64:f4:56:7b:0c:ee:df:b5:37:7b:6c: 10:6f:45:b1:f3:cc:35:82:2d:54:a0:60:f7:78:1b: 56:ae:75:c6:55:cc:43:9e:16:e9:7c:7f:10:7c:05: fd:b5:82:78:5c:66:a8:9f:da:33:1a:ff:af:e4:3d: f1:d1:b5:e2:9e:f8:f0:57:49:10:20:ef:df:34:3e: 7a:f1:6e:23:c1:4c:d5:b3:4f:9c:dc:09:62:95:3a: 66:c5:77:a4:e0:7f:3d:86:3f:22:f4:4e:80:5a:12: 69:60:f7:38:ec:95:19:c2:e1:ac:c5:15:42:fe:39: 25:fe:ff:1b:25:57:06:2f:db:19:6b:8e:3a:3f:ee: 1d:a7:e7:72:9f:73:34:48:f8:cd:07:63:cd:76:79: c0:1a:8a:a1:1f:34:77:70:40:bb:eb:1c:fd:09:cf: 7c:87:e8:96:d4:23:c4:74:3e:b8:d1:e7:31:95:c4: a5:83 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: B1:FB:81:ED:D3:55:43:D7:F5:16:89:19:FC:EA:D5:15:5F:D4:0A:F2 X509v3 Authority Key Identifier: keyid:01:2D:43:17:BC:A1:66:0F:88:06:6F:89:0F:8C:04:AF:55:70:00:CB X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2988/AS1DF7yhZg-IBm-JD4wEr1VwAMs.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/AS1DF7yhZg-IBm-JD4wEr1VwAMs.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2988/sfuB7dNVQ9f1FokZ_OrVFV_UCvI.roa RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-ipAddrBlock: critical IPv6: 2406:3340::/34 Signature Algorithm: sha256WithRSAEncryption 49:27:6a:48:47:07:d2:f2:e3:c6:e1:1b:33:9a:ab:f0:47:85: 54:92:8b:e8:62:d0:bf:98:1f:3a:ef:2d:a9:cd:ff:00:40:1e: fd:75:23:2c:c9:fd:a8:e8:80:64:7c:b3:a4:0e:4a:0b:15:60: 55:73:97:5b:86:ce:0a:6a:1e:d4:d6:05:ab:2f:54:95:d8:cc: 3f:9c:52:9a:2f:67:8f:f9:79:88:b4:c1:47:25:84:5c:84:5f: e3:ad:a8:96:4e:99:2f:76:27:55:e0:63:31:76:69:b8:48:41: 09:e1:e2:94:8a:97:51:1b:d3:55:fd:72:d0:2c:2e:99:e1:6d: 31:57:25:7a:d6:98:db:b3:e4:b2:dc:ae:f9:ea:c6:55:eb:88: 2d:c3:c3:bb:14:20:13:5a:c8:ef:a8:62:5e:e5:a9:67:61:16: f4:ec:3e:3d:61:97:f8:81:2b:59:d5:56:47:32:ab:58:a6:bc: 2b:24:a6:eb:a1:ac:1c:33:40:d0:e7:59:b2:9e:25:1b:08:a1: d6:12:50:b5:c6:46:20:8b:65:cf:29:55:5c:dd:be:0c:df:42: 45:f6:cb:57:8b:ff:cc:12:29:ff:a7:65:8c:e8:ac:a8:86:b5: 40:f8:e7:68:a6:fb:bd:43:b4:4d:36:3e:92:83:64:62:ca:9b: 38:ee:6e:84 -----BEGIN CERTIFICATE----- MIIE2TCCA8GgAwIBAgICId8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMDEy RDQzMTdCQ0ExNjYwRjg4MDY2Rjg5MEY4QzA0QUY1NTcwMDBDQjAeFw0yNTAxMTcw MTI4NDVaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKEIxRkI4MUVERDM1NTQz RDdGNTE2ODkxOUZDRUFENTE1NUZENDBBRjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQChvWgYpkdYUCX0nMS9Yv6KxZvL6ndapaoIZ9APUmtjjA8rEhQT RvoKNSpeTpi6oQCgYvBt/DZpka0Y+nVWDapGyJ4Xgp7ucvLJATN7AXRk9FZ7DO7f tTd7bBBvRbHzzDWCLVSgYPd4G1audcZVzEOeFul8fxB8Bf21gnhcZqif2jMa/6/k PfHRteKe+PBXSRAg7980PnrxbiPBTNWzT5zcCWKVOmbFd6Tgfz2GPyL0ToBaEmlg 9zjslRnC4azFFUL+OSX+/xslVwYv2xlrjjo/7h2n53KfczRI+M0HY812ecAaiqEf NHdwQLvrHP0Jz3yH6JbUI8R0PrjR5zGVxKWDAgMBAAGjggH1MIIB8TAdBgNVHQ4E FgQUsfuB7dNVQ9f1FokZ/OrVFV/UCvIwHwYDVR0jBBgwFoAUAS1DF7yhZg+IBm+J D4wEr1VwAMswGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjk4 OC9BUzFERjd5aFpnLUlCbS1KRDR3RXIxVndBTXMuY3JsMGMGCCsGAQUFBwEBBFcw VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF M0QwMDAwL0FTMURGN3loWmctSUJtLUpENHdFcjFWd0FNcy5jZXIwDgYDVR0PAQH/ BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI5ODgvc2Z1QjdkTlZROWYx Rm9rWl9PclZGVl9VQ3ZJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIw CAMGBiQGM0AAMA0GCSqGSIb3DQEBCwUAA4IBAQBJJ2pIRwfS8uPG4RszmqvwR4VU kovoYtC/mB867y2pzf8AQB79dSMsyf2o6IBkfLOkDkoLFWBVc5dbhs4Kah7U1gWr L1SV2Mw/nFKaL2eP+XmItMFHJYRchF/jraiWTpkvdidV4GMxdmm4SEEJ4eKUipdR G9NV/XLQLC6Z4W0xVyV61pjbs+Sy3K756sZV64gtw8O7FCATWsjvqGJe5alnYRb0 7D49YZf4gStZ1VZHMqtYprwrJKbroawcM0DQ51myniUbCKHWElC1xkYgi2XPKVVc 3b4M30JF9stXi//MEin/p2WM6KyohrVA+Odopvu9Q7RNNj6Sg2Riyps47m6E -----END CERTIFICATE-----Generated at Sat Apr 26 14:28:51 2025 by rpki-client