Certificate
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/d1a8u4G6ySFoe23DL0DCd0K0b44.cer
File: d1a8u4G6ySFoe23DL0DCd0K0b44.cer (raw, json)
Hash identifier: h7RNyzERZlDpRV1DqrKSnZ/anLLXGaCr12x9kOWnnXE=
Subject key identifier: 77:56:BC:BB:81:BA:C9:21:68:7B:6D:C3:2F:40:C2:77:42:B4:6F:8E
Authority key identifier: 04:16:29:B6:A9:EA:B7:CB:13:24:EA:39:78:F0:37:96:F8:89:B5:40
Certificate issuer: /CN=A9162E3D0000/serialNumber=041629B6A9EAB7CB1324EA3978F03796F889B540
Certificate serial: EB45
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
Manifest: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3015/d1a8u4G6ySFoe23DL0DCd0K0b44.mft
caRepository: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3015/
Notify URL: https://rpki.cnnic.cn/rrdp/notify.xml
Certificate not before: Wed 11 Feb 2026 20:27:31 +0000
Certificate not after: Sat 09 Jan 2027 08:23:18 +0000
Subordinate resources: AS: 139128
IP: 43.241.248.0/22
IP: 43.243.148.0/22
IP: 60.195.248.0/21
IP: 103.37.176.0/22
IP: 103.38.232.0/22
IP: 103.156.28.0/23
IP: 115.182.0.0/16
IP: 118.144.64.0/19
IP: 118.145.0.0/19
IP: 118.244.192.0 -- 118.244.239.255
IP: 120.54.0.0/16
IP: 123.196.112.0/20
IP: 124.202.128.0/19
IP: 211.103.152.0/21
IP: 211.147.0.0/21
IP: 211.154.160.0/20
IP: 218.241.152.0/21
IP: 219.234.80.0/20
IP: 219.238.148.0/22
IP: 219.238.232.0/21
IP: 219.239.88.0/21
IP: 2401:7d80::/32
Validation: OK
Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 02 Mar 2026 05:59:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 60229 (0xeb45)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9162E3D0000, serialNumber=041629B6A9EAB7CB1324EA3978F03796F889B540
Validity
Not Before: Feb 11 20:27:31 2026 GMT
Not After : Jan 9 08:23:18 2027 GMT
Subject: CN=7756BCBB81BAC921687B6DC32F40C27742B46F8E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:ac:ff:cb:e7:e6:11:d0:f0:c2:e4:f6:11:b6:
69:d5:20:e1:c3:b7:62:d5:7b:21:9d:4f:ed:56:92:
0a:47:f1:01:0f:5f:cf:0d:ef:88:fd:03:67:ba:f6:
b0:ca:0e:2d:d2:dc:bd:b1:ad:cf:34:62:f4:47:10:
29:38:82:69:ba:3d:5b:a9:ee:0a:70:e5:ca:2c:ae:
92:7b:9d:16:0a:00:25:fe:7e:36:3f:d8:27:de:61:
63:e0:b8:23:bd:ad:88:1d:ca:f8:e9:a9:09:ff:26:
d8:6e:84:a9:b3:21:9e:25:d4:bb:2c:3f:48:4c:12:
06:e3:69:97:82:36:4d:0b:bf:c5:0e:2c:17:14:56:
05:01:e2:b5:6e:15:2d:20:d4:02:1a:ed:eb:d5:d4:
3d:98:af:62:09:ec:42:4a:8e:97:31:5e:90:b5:df:
d9:58:45:11:9e:9d:b5:b3:b6:ab:99:e1:d0:10:b9:
30:5e:45:9f:39:aa:db:c4:81:13:57:7a:27:45:1e:
29:a4:14:33:02:da:57:43:11:e7:5e:b3:1d:2b:03:
0a:8f:db:b2:fa:5d:c1:d8:1b:d6:63:ea:67:a1:f5:
95:1e:f6:56:d6:9f:3d:7c:48:a3:3d:d5:f5:98:ca:
29:1a:98:e7:53:45:8e:a4:89:70:72:6a:b3:30:f3:
2b:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:56:BC:BB:81:BA:C9:21:68:7B:6D:C3:2F:40:C2:77:42:B4:6F:8E
X509v3 Authority Key Identifier:
keyid:04:16:29:B6:A9:EA:B7:CB:13:24:EA:39:78:F0:37:96:F8:89:B5:40
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Subject Information Access:
CA Repository - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3015/
RPKI Manifest - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3015/d1a8u4G6ySFoe23DL0DCd0K0b44.mft
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
139128
sbgp-ipAddrBlock: critical
IPv4:
43.241.248.0/22
43.243.148.0/22
60.195.248.0/21
103.37.176.0/22
103.38.232.0/22
103.156.28.0/23
115.182.0.0/16
118.144.64.0/19
118.145.0.0/19
118.244.192.0-118.244.239.255
120.54.0.0/16
123.196.112.0/20
124.202.128.0/19
211.103.152.0/21
211.147.0.0/21
211.154.160.0/20
218.241.152.0/21
219.234.80.0/20
219.238.148.0/22
219.238.232.0/21
219.239.88.0/21
IPv6:
2401:7d80::/32
Signature Algorithm: sha256WithRSAEncryption
a6:e4:48:bb:fa:90:f4:e3:fe:e1:15:1a:68:e8:44:e9:5a:90:
d4:dc:63:e2:da:ad:5e:00:22:4e:5d:e3:41:ab:59:55:16:a3:
23:1d:7b:aa:b2:cf:04:6a:ed:c8:68:55:15:6f:74:d6:84:47:
13:1b:15:37:50:ca:ec:51:41:f1:46:11:4f:2c:d2:63:c4:23:
27:6f:a5:8e:3a:62:dd:84:38:37:eb:38:eb:f7:e0:01:f8:27:
63:d3:5e:aa:30:3b:39:ae:ca:c8:93:81:ed:ac:e3:24:5d:88:
8a:e7:c9:f3:0e:a3:5a:4f:86:b6:99:7e:b9:4f:12:cc:40:ec:
45:f2:db:c3:72:e9:69:37:28:e3:40:f7:ed:86:4d:e7:7e:c6:
23:fa:70:ae:58:43:66:68:dd:cc:c4:85:16:9f:7a:c9:f1:63:
ab:a9:ea:d5:26:65:71:cc:97:98:bf:d5:5d:4f:32:fa:e9:ec:
83:16:d1:09:f9:be:2c:c8:75:6d:96:c7:58:b4:cc:71:ca:19:
5b:9d:6c:99:78:09:93:3c:0f:3f:49:c2:16:5a:92:97:bf:4f:
13:06:06:d7:97:ee:a1:a9:07:37:07:1d:40:d9:05:9e:85:99:
51:83:2a:56:cc:8e:34:04:d0:ea:95:4e:50:dc:b3:13:69:bc:
9b:5d:aa:21
-----BEGIN CERTIFICATE-----
MIIF/zCCBOegAwIBAgIDAOtFMA0GCSqGSIb3DQEBCwUAMEoxFTATBgNVBAMTDEE5
MTYyRTNEMDAwMDExMC8GA1UEBRMoMDQxNjI5QjZBOUVBQjdDQjEzMjRFQTM5NzhG
MDM3OTZGODg5QjU0MDAeFw0yNjAyMTEyMDI3MzFaFw0yNzAxMDkwODIzMThaMDMx
MTAvBgNVBAMTKDc3NTZCQ0JCODFCQUM5MjE2ODdCNkRDMzJGNDBDMjc3NDJCNDZG
OEUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2rP/L5+YR0PDC5PYR
tmnVIOHDt2LVeyGdT+1WkgpH8QEPX88N74j9A2e69rDKDi3S3L2xrc80YvRHECk4
gmm6PVup7gpw5cosrpJ7nRYKACX+fjY/2CfeYWPguCO9rYgdyvjpqQn/JthuhKmz
IZ4l1LssP0hMEgbjaZeCNk0Lv8UOLBcUVgUB4rVuFS0g1AIa7evV1D2Yr2IJ7EJK
jpcxXpC139lYRRGenbWztquZ4dAQuTBeRZ85qtvEgRNXeidFHimkFDMC2ldDEede
sx0rAwqP27L6XcHYG9Zj6meh9ZUe9lbWnz18SKM91fWYyikamOdTRY6kiXByarMw
8yu7AgMBAAGjggMDMIIC/zAdBgNVHQ4EFgQUd1a8u4G6ySFoe23DL0DCd0K0b44w
HwYDVR0jBBgwFoAUBBYptqnqt8sTJOo5ePA3lviJtUAwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjBYBgNVHR8EUTBPME2gS6BJhkdyc3luYzovL3Jwa2kuY25uaWMu
Y24vcnBraS9BOTE2MkUzRDAwMDAvQkJZcHRxbnF0OHNUSk9vNWVQQTNsdmlKdFVB
LmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5h
cG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZE
MUZGMi9CQllwdHFucXQ4c1RKT281ZVBBM2x2aUp0VUEuY2VyMA8GA1UdEwEB/wQF
MAMBAf8wDgYDVR0PAQH/BAQDAgEGMIHYBggrBgEFBQcBCwSByzCByDA5BggrBgEF
BQcwBYYtcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMw
MTUvMFgGCCsGAQUFBzAKhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2
MkUzRDAwMDAvMzAxNS9kMWE4dTRHNnlTRm9lMjNETDBEQ2QwSzBiNDQubWZ0MDEG
CCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMuY24vcnJkcC9ub3RpZnkueG1s
MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwIfeDCBsAYIKwYBBQUHAQcBAf8EgaAw
gZ0wgYsEAgABMIGEAwQCK/H4AwQCK/OUAwQDPMP4AwQCZyWwAwQCZyboAwQBZ5wc
AwMAc7YDBAV2kEADBAV2kQAwDAMEBnb0wAMEBHb04AMDAHg2AwQEe8RwAwQFfMqA
AwQD02eYAwQD05MAAwQE05qgAwQD2vGYAwQE2+pQAwQC2+6UAwQD2+7oAwQD2+9Y
MA0EAgACMAcDBQAkAX2AMA0GCSqGSIb3DQEBCwUAA4IBAQCm5Ei7+pD04/7hFRpo
6ETpWpDU3GPi2q1eACJOXeNBq1lVFqMjHXuqss8Eau3IaFUVb3TWhEcTGxU3UMrs
UUHxRhFPLNJjxCMnb6WOOmLdhDg36zjr9+AB+Cdj016qMDs5rsrIk4HtrOMkXYiK
58nzDqNaT4a2mX65TxLMQOxF8tvDculpNyjjQPfthk3nfsYj+nCuWENmaN3MxIUW
n3rJ8WOrqerVJmVxzJeYv9VdTzL66eyDFtEJ+b4syHVtlsdYtMxxyhlbnWyZeAmT
PA8/ScIWWpKXv08TBgbXl+6hqQc3Bx1A2QWehZlRgypWzI40BNDqlU5Q3LMTabyb
Xaoh
-----END CERTIFICATE-----
Generated at Mon Mar 2 02:58:12 2026 by rpki-client