$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1065576723371982850/0/AS23724.roa File: AS23724.roa (raw, json) Hash identifier: /F6ynpxiG0Y9J4j6nd4tFn4qsuryhr8Bp985PA0jKK8= Subject key identifier: 1E:75:F2:E0:2C:41:78:F6:C2:3A:CA:A0:28:CC:AC:26:70:A0:41:5D Certificate issuer: /CN=D55490FB885552307A1D271E02513B4D423A90AE Certificate serial: 4C8933E6A949DEFF2B8FA5CE5EA1DA28F7FA0208 Authority key identifier: D5:54:90:FB:88:55:52:30:7A:1D:27:1E:02:51:3B:4D:42:3A:90:AE Authority info access: rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/D55490FB885552307A1D271E02513B4D423A90AE.cer Subject info access: rsync://rpki-rps.cnnic.cn/repo/A1065576723371982850/0/AS23724.roa Signing time: Wed 13 May 2026 09:59:07 +0000 ROA not before: Wed 13 May 2026 09:54:07 +0000 ROA not after: Wed 12 May 2027 09:59:07 +0000 asID: 23724 IP address blocks: 43.243.232.0/22 maxlen: 22 103.254.188.0/22 maxlen: 22 123.103.4.0/22 maxlen: 22 123.103.8.0/22 maxlen: 22 123.103.8.0/24 maxlen: 24 123.103.12.0/24 maxlen: 24 123.103.13.0/24 maxlen: 24 123.103.14.0/24 maxlen: 24 123.103.15.0/24 maxlen: 24 123.103.16.0/22 maxlen: 22 123.103.20.0/22 maxlen: 22 123.103.40.0/21 maxlen: 21 123.103.48.0/21 maxlen: 21 123.103.56.0/21 maxlen: 21 123.103.72.0/21 maxlen: 21 123.103.80.0/20 maxlen: 20 123.103.112.0/20 maxlen: 20 203.130.40.0/21 maxlen: 21 220.243.144.0/20 maxlen: 20 220.243.153.0/24 maxlen: 24 220.243.154.0/24 maxlen: 24 220.243.155.0/24 maxlen: 24 220.243.156.0/24 maxlen: 24 220.243.157.0/24 maxlen: 24 220.243.158.0/24 maxlen: 24 220.243.160.0/20 maxlen: 20 220.243.176.0/20 maxlen: 20 Validation: OK Signature path: rsync://rpki-rps.cnnic.cn/repo/A1065576723371982850/0/D55490FB885552307A1D271E02513B4D423A90AE.crl rsync://rpki-rps.cnnic.cn/repo/A1065576723371982850/0/D55490FB885552307A1D271E02513B4D423A90AE.mft rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/D55490FB885552307A1D271E02513B4D423A90AE.cer rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.crl rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pW6HKkA-e5zrlDGgj1QEAdL71xA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Thu 14 May 2026 11:49:50 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 4c:89:33:e6:a9:49:de:ff:2b:8f:a5:ce:5e:a1:da:28:f7:fa:02:08 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=D55490FB885552307A1D271E02513B4D423A90AE Validity Not Before: May 13 09:54:07 2026 GMT Not After : May 12 09:59:07 2027 GMT Subject: CN=1E75F2E02C4178F6C23ACAA028CCAC2670A0415D Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e9:f8:ee:6b:83:d2:91:a4:ad:6c:2d:2f:96:98: 81:45:87:d5:1a:1a:98:dd:f3:5a:e4:70:d6:f9:2d: a6:84:95:2e:92:87:7e:cb:f2:6e:bc:b5:b7:a1:87: f2:8e:e6:37:59:c5:ee:5c:21:3a:c2:8a:c2:6a:ea: 60:4e:b2:45:67:f7:db:92:30:1f:fe:82:bf:c0:7e: 45:26:ef:20:53:07:e0:71:20:a4:75:d6:1d:f5:c0: 22:d1:e7:26:76:8c:48:96:f4:bb:bb:b9:1f:d3:04: fa:f0:4b:61:a4:5b:b0:72:70:d0:5d:b0:a6:6c:07: fc:1b:b7:55:2d:25:6f:9a:b3:4d:34:4c:c4:2b:fb: e8:ad:2e:a6:64:ae:2c:d8:12:4d:61:0b:91:91:47: 0b:86:65:89:60:41:e6:81:de:17:e8:60:eb:66:eb: 48:ce:ac:3e:66:05:d2:1d:9b:eb:88:15:36:a5:af: 50:ee:6d:12:4f:bd:01:fc:95:4e:f3:f2:ca:14:ff: ec:48:1a:d8:9e:7f:ff:00:22:61:df:02:83:e2:03: 19:f8:7d:0a:58:86:9d:af:a7:cc:a4:ab:08:66:25: 6b:f6:6e:9f:94:39:78:61:9d:61:95:f2:75:c7:59: 48:df:07:dc:59:7d:df:99:2b:1b:0d:f7:d7:47:ba: cf:59 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 1E:75:F2:E0:2C:41:78:F6:C2:3A:CA:A0:28:CC:AC:26:70:A0:41:5D X509v3 Authority Key Identifier: keyid:D5:54:90:FB:88:55:52:30:7A:1D:27:1E:02:51:3B:4D:42:3A:90:AE X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rps.cnnic.cn/repo/A1065576723371982850/0/D55490FB885552307A1D271E02513B4D423A90AE.crl Authority Information Access: CA Issuers - URI:rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/D55490FB885552307A1D271E02513B4D423A90AE.cer Subject Information Access: Signed Object - URI:rsync://rpki-rps.cnnic.cn/repo/A1065576723371982850/0/AS23724.roa X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 43.243.232.0/22 103.254.188.0/22 123.103.4.0-123.103.23.255 123.103.40.0-123.103.63.255 123.103.72.0-123.103.95.255 123.103.112.0/20 203.130.40.0/21 220.243.144.0-220.243.191.255 Signature Algorithm: sha256WithRSAEncryption 03:57:13:59:3b:ad:b8:49:9e:b4:19:a7:99:f2:52:2d:88:1e: 65:c5:eb:30:47:64:0f:24:f5:73:42:09:79:22:ae:ff:9e:49: 82:59:af:8f:07:2a:ec:e3:75:3a:1d:90:c5:6c:17:88:e2:bb: 95:9b:a1:9d:f0:d4:78:43:42:b4:17:85:c9:14:73:1a:19:0c: 01:0d:e7:b2:cf:bf:19:e7:0d:a8:0f:c4:3a:2c:b5:b9:4b:73: 60:15:94:f0:79:12:25:13:bd:5c:75:0c:22:37:35:c1:19:9a: c3:7f:af:83:d7:a1:c2:2a:89:28:59:4e:92:ee:60:f8:59:a6: 03:80:e6:52:45:8c:2c:27:02:d7:24:db:7f:76:91:65:cd:11: 66:8f:ee:43:30:fa:f0:cf:52:6d:ae:6f:a0:7f:41:b8:dd:91: b3:85:2b:b3:2e:f1:d3:a3:66:94:18:4a:fa:c6:d7:6b:95:38: e9:b3:ac:e6:0e:1b:e3:75:ab:ea:ec:90:36:f4:fe:5c:f9:d9: d3:5f:c5:47:3b:e0:56:89:51:15:c4:6d:ca:ed:0d:ed:aa:c3: 09:4f:3a:6e:b5:33:2d:9a:13:01:c4:a4:af:ec:df:ea:3b:f3: 00:f2:79:a0:1f:98:9e:96:20:12:c1:ea:10:9b:b5:d6:aa:4b: 8f:30:45:05 -----BEGIN CERTIFICATE----- MIIFIzCCBAugAwIBAgIUTIkz5qlJ3v8rj6XOXqHaKPf6AggwDQYJKoZIhvcNAQEL BQAwMzExMC8GA1UEAxMoRDU1NDkwRkI4ODU1NTIzMDdBMUQyNzFFMDI1MTNCNEQ0 MjNBOTBBRTAeFw0yNjA1MTMwOTU0MDdaFw0yNzA1MTIwOTU5MDdaMDMxMTAvBgNV BAMTKDFFNzVGMkUwMkM0MTc4RjZDMjNBQ0FBMDI4Q0NBQzI2NzBBMDQxNUQwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp+O5rg9KRpK1sLS+WmIFFh9Ua Gpjd81rkcNb5LaaElS6Sh37L8m68tbehh/KO5jdZxe5cITrCisJq6mBOskVn99uS MB/+gr/AfkUm7yBTB+BxIKR11h31wCLR5yZ2jEiW9Lu7uR/TBPrwS2GkW7BycNBd sKZsB/wbt1UtJW+as000TMQr++itLqZkrizYEk1hC5GRRwuGZYlgQeaB3hfoYOtm 60jOrD5mBdIdm+uIFTalr1DubRJPvQH8lU7z8soU/+xIGtief/8AImHfAoPiAxn4 fQpYhp2vp8ykqwhmJWv2bp+UOXhhnWGV8nXHWUjfB9xZfd+ZKxsN99dHus9ZAgMB AAGjggItMIICKTAdBgNVHQ4EFgQUHnXy4CxBePbCOsqgKMysJnCgQV0wHwYDVR0j BBgwFoAU1VSQ+4hVUjB6HSceAlE7TUI6kK4wDgYDVR0PAQH/BAQDAgeAMHMGA1Ud HwRsMGowaKBmoGSGYnJzeW5jOi8vcnBraS1ycHMuY25uaWMuY24vcmVwby9BMTA2 NTU3NjcyMzM3MTk4Mjg1MC8wL0Q1NTQ5MEZCODg1NTUyMzA3QTFEMjcxRTAyNTEz QjRENDIzQTkwQUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5 bmM6Ly9ycGtpLXJwcy5jbm5pYy5jbi9yZXBvL0ExMDU1MzkwNzc1MDkwNjc1NzE1 LzEvRDU1NDkwRkI4ODU1NTIzMDdBMUQyNzFFMDI1MTNCNEQ0MjNBOTBBRS5jZXIw XQYIKwYBBQUHAQsEUTBPME0GCCsGAQUFBzALhkFyc3luYzovL3Jwa2ktcnBzLmNu bmljLmNuL3JlcG8vQTEwNjU1NzY3MjMzNzE5ODI4NTAvMC9BUzIzNzI0LnJvYTAY BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIA ATBQAwQCK/PoAwQCZ/68MAwDBAJ7ZwQDBAN7ZxAwDAMEA3tnKAMEBntnADAMAwQD e2dIAwQFe2dAAwQEe2dwAwQDy4IoMAwDBATc85ADBAbc84AwDQYJKoZIhvcNAQEL BQADggEBAANXE1k7rbhJnrQZp5nyUi2IHmXF6zBHZA8k9XNCCXkirv+eSYJZr48H KuzjdTodkMVsF4jiu5WboZ3w1HhDQrQXhckUcxoZDAEN57LPvxnnDagPxDostblL c2AVlPB5EiUTvVx1DCI3NcEZmsN/r4PXocIqiShZTpLuYPhZpgOA5lJFjCwnAtck 2392kWXNEWaP7kMw+vDPUm2ub6B/QbjdkbOFK7Mu8dOjZpQYSvrG12uVOOmzrOYO G+N1q+rskDb0/lz52dNfxUc74FaJURXEbcrtDe2qwwlPOm61My2aEwHEpK/s3+o7 8wDyeaAfmJ6WIBLB6hCbtdaqS48wRQU= -----END CERTIFICATE-----Generated at Wed May 13 17:09:38 2026 by rpki-client