$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/zKOnHTJm7r_m8Yne7kKeqeBDpOc.cer File: zKOnHTJm7r_m8Yne7kKeqeBDpOc.cer (raw, json) Hash identifier: QNMx7PX92zSJSUa6lr04sqGEDLYo2UzDMJu+IeIxznc= Subject key identifier: CC:A3:A7:1D:32:66:EE:BF:E6:F1:89:DE:EE:42:9E:A9:E0:43:A4:E7 Authority key identifier: 04:16:29:B6:A9:EA:B7:CB:13:24:EA:39:78:F0:37:96:F8:89:B5:40 Certificate issuer: /CN=A9162E3D0000/serialNumber=041629B6A9EAB7CB1324EA3978F03796F889B540 Certificate serial: E3D2 Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer Manifest: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/473/zKOnHTJm7r_m8Yne7kKeqeBDpOc.mft caRepository: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/473/ Notify URL: https://rpki.cnnic.cn/rrdp/notify.xml Certificate not before: Fri 24 Oct 2025 07:30:29 +0000 Certificate not after: Fri 23 Oct 2026 03:01:03 +0000 Subordinate resources: IP: 103.28.204.0/22 Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Wed 05 Nov 2025 14:00:40 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 58322 (0xe3d2) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A9162E3D0000, serialNumber=041629B6A9EAB7CB1324EA3978F03796F889B540 Validity Not Before: Oct 24 07:30:29 2025 GMT Not After : Oct 23 03:01:03 2026 GMT Subject: CN=CCA3A71D3266EEBFE6F189DEEE429EA9E043A4E7 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c5:17:40:29:ae:04:e6:f1:9e:a3:3a:be:50:cc: 22:f2:25:13:59:b7:26:4f:04:c4:8e:be:a3:95:80: b6:cb:73:7e:c2:9f:51:75:57:82:f4:0e:c3:04:d9: c9:a2:d3:cd:c1:0d:ca:cb:49:c1:88:16:0e:26:57: 7b:80:7b:af:a2:f8:a2:04:2c:78:73:11:da:36:85: c3:dd:39:7c:32:62:79:ab:be:ec:50:aa:10:6c:31: 6a:4d:21:11:ec:f3:01:a7:41:75:2a:4c:15:ad:e5: 9d:72:6d:18:ba:41:11:04:79:2e:6b:b3:38:67:a5: 0f:52:5e:53:b0:fc:77:96:f9:cd:47:99:ee:c1:3f: 41:c0:f4:2a:5d:92:ce:e9:9c:a0:c9:bd:df:f6:71: b6:d3:67:2f:d3:fd:42:55:93:66:b6:0c:37:57:da: 8d:7e:b6:57:bd:ab:d7:a4:ae:f9:da:dc:fd:ba:b7: 8b:f9:31:43:fa:17:d6:0c:de:bd:e8:61:c6:88:f9: 23:65:f3:69:fd:59:8b:c2:68:bb:37:dc:19:ea:66: 0e:56:4a:fb:84:30:65:c8:d9:8f:74:40:03:09:aa: 5d:2d:20:8f:e6:4b:86:4e:63:2b:94:a4:d4:5c:dc: 47:65:a6:d0:06:88:d4:ff:56:5a:ba:11:ef:55:9f: b6:27 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: CC:A3:A7:1D:32:66:EE:BF:E6:F1:89:DE:EE:42:9E:A9:E0:43:A4:E7 X509v3 Authority Key Identifier: keyid:04:16:29:B6:A9:EA:B7:CB:13:24:EA:39:78:F0:37:96:F8:89:B5:40 X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign Subject Information Access: CA Repository - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/473/ RPKI Manifest - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/473/zKOnHTJm7r_m8Yne7kKeqeBDpOc.mft RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-ipAddrBlock: critical IPv4: 103.28.204.0/22 Signature Algorithm: sha256WithRSAEncryption 78:67:1a:c0:43:12:e9:f5:bb:df:23:3c:aa:61:df:ac:16:17: 3d:f1:9a:85:38:de:ce:dd:c7:00:a4:dc:96:a7:82:72:87:28: c6:79:84:26:8f:e7:6a:f1:e3:05:be:29:0b:42:8e:f5:84:98: 42:a6:d2:44:42:b3:f2:03:8a:81:fd:b3:c1:63:4b:c8:d9:fe: 74:f4:2e:90:4f:55:00:d3:96:01:58:e3:6b:3e:6d:98:5d:aa: 21:f8:20:93:29:3d:13:0a:82:04:b8:20:ae:f5:44:52:e1:79: 36:08:f6:67:05:85:a9:da:fd:bc:54:99:dd:01:6d:d7:f7:57: 3f:39:19:42:c7:7e:66:b6:fa:25:95:19:cd:c3:f5:e2:c3:ff: bd:58:4b:4a:59:4f:fe:87:59:82:66:7f:be:40:0f:f0:24:29: a3:d8:65:3d:f4:d7:eb:9b:81:d8:7d:6b:b1:18:f0:a3:8f:9a: b6:8b:41:76:e2:b4:da:31:13:b3:0f:90:96:bf:7d:4a:39:20: 26:9e:c9:db:06:a1:6e:92:71:00:64:71:a0:52:dc:cb:3e:98: 58:28:cf:53:65:51:1b:10:00:fa:95:c1:99:d3:b5:20:f4:5b: 0b:8c:85:e3:0b:22:67:e9:34:b3:b7:75:63:a7:f7:60:bb:dd: be:53:fd:80 -----BEGIN CERTIFICATE----- MIIFTzCCBDegAwIBAgIDAOPSMA0GCSqGSIb3DQEBCwUAMEoxFTATBgNVBAMTDEE5 MTYyRTNEMDAwMDExMC8GA1UEBRMoMDQxNjI5QjZBOUVBQjdDQjEzMjRFQTM5NzhG MDM3OTZGODg5QjU0MDAeFw0yNTEwMjQwNzMwMjlaFw0yNjEwMjMwMzAxMDNaMDMx MTAvBgNVBAMTKENDQTNBNzFEMzI2NkVFQkZFNkYxODlERUVFNDI5RUE5RTA0M0E0 RTcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFF0AprgTm8Z6jOr5Q zCLyJRNZtyZPBMSOvqOVgLbLc37Cn1F1V4L0DsME2cmi083BDcrLScGIFg4mV3uA e6+i+KIELHhzEdo2hcPdOXwyYnmrvuxQqhBsMWpNIRHs8wGnQXUqTBWt5Z1ybRi6 QREEeS5rszhnpQ9SXlOw/HeW+c1Hme7BP0HA9Cpdks7pnKDJvd/2cbbTZy/T/UJV k2a2DDdX2o1+tle9q9ekrvna3P26t4v5MUP6F9YM3r3oYcaI+SNl82n9WYvCaLs3 3BnqZg5WSvuEMGXI2Y90QAMJql0tII/mS4ZOYyuUpNRc3EdlptAGiNT/Vlq6Ee9V n7YnAgMBAAGjggJTMIICTzAdBgNVHQ4EFgQUzKOnHTJm7r/m8Yne7kKeqeBDpOcw HwYDVR0jBBgwFoAUBBYptqnqt8sTJOo5ePA3lviJtUAwGAYDVR0gAQH/BA4wDDAK BggrBgEFBQcOAjBYBgNVHR8EUTBPME2gS6BJhkdyc3luYzovL3Jwa2kuY25uaWMu Y24vcnBraS9BOTE2MkUzRDAwMDAvQkJZcHRxbnF0OHNUSk9vNWVQQTNsdmlKdFVB LmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5h cG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZE MUZGMi9CQllwdHFucXQ4c1RKT281ZVBBM2x2aUp0VUEuY2VyMA8GA1UdEwEB/wQF MAMBAf8wDgYDVR0PAQH/BAQDAgEGMIHWBggrBgEFBQcBCwSByTCBxjA4BggrBgEF BQcwBYYscnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzQ3 My8wVwYIKwYBBQUHMAqGS3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYy RTNEMDAwMC80NzMvektPbkhUSm03cl9tOFluZTdrS2VxZUJEcE9jLm1mdDAxBggr BgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNubmljLmNuL3JyZHAvbm90aWZ5LnhtbDAf BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAmcczDANBgkqhkiG9w0BAQsFAAOC AQEAeGcawEMS6fW73yM8qmHfrBYXPfGahTjezt3HAKTclqeCcocoxnmEJo/navHj Bb4pC0KO9YSYQqbSREKz8gOKgf2zwWNLyNn+dPQukE9VANOWAVjjaz5tmF2qIfgg kyk9EwqCBLggrvVEUuF5Ngj2ZwWFqdr9vFSZ3QFt1/dXPzkZQsd+Zrb6JZUZzcP1 4sP/vVhLSllP/odZgmZ/vkAP8CQpo9hlPfTX65uB2H1rsRjwo4+atotBduK02jET sw+Qlr99SjkgJp7J2wahbpJxAGRxoFLcyz6YWCjPU2VRGxAA+pXBmdO1IPRbC4yF 4wsiZ+k0s7d1Y6f3YLvdvlP9gA== -----END CERTIFICATE-----Generated at Wed Nov 5 13:36:26 2025 by rpki-client