$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1096632062997168131/0/AS138421.roa File: AS138421.roa (raw, json) Hash identifier: RdvvuAurshEGrv/XsRePVcIvpxj95fP+i0U9+SbYq6g= Subject key identifier: C0:EA:2D:61:A4:32:C5:4A:8B:3B:25:56:3C:A7:B4:81:C6:DB:BE:5B Certificate issuer: /CN=C89881B315F7E21BA948CF9CB11D1AC422106426 Certificate serial: 4762D93F7D8CB3D48F3A445DC7223A89864B44BC Authority key identifier: C8:98:81:B3:15:F7:E2:1B:A9:48:CF:9C:B1:1D:1A:C4:22:10:64:26 Authority info access: rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/C89881B315F7E21BA948CF9CB11D1AC422106426.cer Subject info access: rsync://rpki-rps.cnnic.cn/repo/A1096632062997168131/0/AS138421.roa Signing time: Thu 23 Apr 2026 06:49:21 +0000 ROA not before: Thu 23 Apr 2026 06:44:21 +0000 ROA not after: Thu 22 Apr 2027 06:49:21 +0000 asID: 138421 IP address blocks: 43.240.124.0/24 maxlen: 24 43.240.125.0/24 maxlen: 24 43.240.126.0/23 maxlen: 23 43.240.128.0/23 maxlen: 23 43.240.130.0/23 maxlen: 23 43.240.192.0/22 maxlen: 22 43.254.44.0/23 maxlen: 23 43.254.46.0/23 maxlen: 23 43.254.104.0/24 maxlen: 24 43.254.105.0/24 maxlen: 24 43.254.106.0/24 maxlen: 24 43.254.144.0/24 maxlen: 24 43.254.145.0/24 maxlen: 24 43.254.146.0/24 maxlen: 24 43.254.147.0/24 maxlen: 24 43.254.148.0/22 maxlen: 22 103.6.222.0/24 maxlen: 24 103.6.223.0/24 maxlen: 24 103.20.248.0/24 maxlen: 24 103.20.249.0/24 maxlen: 24 103.36.132.0/24 maxlen: 24 103.36.133.0/24 maxlen: 24 103.36.134.0/24 maxlen: 24 103.36.135.0/24 maxlen: 24 103.36.174.0/23 maxlen: 23 103.220.164.0/22 maxlen: 22 103.220.167.0/24 maxlen: 24 Validation: OK Signature path: rsync://rpki-rps.cnnic.cn/repo/A1096632062997168131/0/C89881B315F7E21BA948CF9CB11D1AC422106426.crl rsync://rpki-rps.cnnic.cn/repo/A1096632062997168131/0/C89881B315F7E21BA948CF9CB11D1AC422106426.mft rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/C89881B315F7E21BA948CF9CB11D1AC422106426.cer rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.crl rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pW6HKkA-e5zrlDGgj1QEAdL71xA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Wed 13 May 2026 13:50:28 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 47:62:d9:3f:7d:8c:b3:d4:8f:3a:44:5d:c7:22:3a:89:86:4b:44:bc Signature Algorithm: sha256WithRSAEncryption Issuer: CN=C89881B315F7E21BA948CF9CB11D1AC422106426 Validity Not Before: Apr 23 06:44:21 2026 GMT Not After : Apr 22 06:49:21 2027 GMT Subject: CN=C0EA2D61A432C54A8B3B25563CA7B481C6DBBE5B Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c4:bc:36:98:c2:64:c9:c8:8a:df:47:dc:40:40: 18:da:a5:93:d4:44:51:4d:72:62:fa:f5:48:ed:64: 02:68:f0:5b:6d:96:54:7b:42:af:c4:bb:c2:0e:60: a4:9a:d3:9b:62:e2:f1:5e:a9:32:6d:e2:65:4e:72: 0e:b2:24:d9:38:05:f4:ec:f1:39:dc:88:55:08:6c: b9:a7:1a:0d:84:8a:fc:cd:ec:1f:4d:29:17:59:9a: 8f:0b:6b:a3:d9:3f:a8:da:2b:82:b2:9b:53:f1:4e: 4a:33:01:62:f1:d2:21:a9:47:99:67:f8:02:6b:65: bb:e9:34:8a:e8:a7:55:d0:a7:04:65:b6:93:92:3f: 6c:95:9f:65:c5:7e:b5:bc:b3:c4:14:70:fd:0f:09: 7d:94:e8:2c:ff:95:30:6f:ed:72:06:a8:84:80:8e: a2:48:14:06:68:b3:9e:c3:2a:df:60:3f:28:cd:59: db:6b:6f:01:bf:7e:40:13:42:a7:2f:6e:19:0e:dc: 1f:b5:17:68:84:e7:64:97:6d:d9:94:ef:77:b1:12: 81:66:42:ec:14:c6:f8:03:41:0e:d9:f0:2f:a3:60: 37:ba:b8:31:0a:c1:0c:28:c0:0d:18:86:b8:3e:69: 56:28:0d:70:88:45:a4:ec:73:10:b2:f4:9d:24:c7: ee:67 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: C0:EA:2D:61:A4:32:C5:4A:8B:3B:25:56:3C:A7:B4:81:C6:DB:BE:5B X509v3 Authority Key Identifier: keyid:C8:98:81:B3:15:F7:E2:1B:A9:48:CF:9C:B1:1D:1A:C4:22:10:64:26 X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rps.cnnic.cn/repo/A1096632062997168131/0/C89881B315F7E21BA948CF9CB11D1AC422106426.crl Authority Information Access: CA Issuers - URI:rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/C89881B315F7E21BA948CF9CB11D1AC422106426.cer Subject Information Access: Signed Object - URI:rsync://rpki-rps.cnnic.cn/repo/A1096632062997168131/0/AS138421.roa X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 43.240.124.0-43.240.131.255 43.240.192.0/22 43.254.44.0/22 43.254.104.0-43.254.106.255 43.254.144.0/21 103.6.222.0/23 103.20.248.0/23 103.36.132.0/22 103.36.174.0/23 103.220.164.0/22 Signature Algorithm: sha256WithRSAEncryption 2e:cd:a5:dd:56:00:b8:e4:0e:1f:f3:ea:f1:e8:68:77:51:c0: b3:85:49:e5:5b:e2:b2:78:e7:fb:dd:cb:9b:35:08:e1:12:54: eb:64:be:cd:d5:52:10:b5:55:75:40:74:60:a8:d1:d1:ba:9b: e1:d5:32:98:c7:6b:37:87:e5:51:58:5a:e7:00:84:3e:b7:47: 0c:89:52:ba:85:03:cf:c3:d3:ae:81:81:7b:c3:2b:51:ce:b5: b3:b7:56:b6:d3:61:7f:21:a4:13:9e:a7:17:56:72:c3:19:8b: 78:0a:5d:0e:61:7b:03:f1:c7:49:ca:c7:a3:ed:0d:05:77:91: 16:2a:c8:06:cd:0c:58:2e:c3:e2:ba:90:aa:8a:b0:6e:38:e2: ee:12:c4:1d:90:f2:9d:ae:89:d9:3e:aa:ca:37:13:6b:d2:e9: 5f:f4:33:a3:e3:4c:28:e0:cd:a3:a8:58:40:58:c9:3c:b0:c2: cf:18:a3:de:f7:a8:20:a7:fe:34:c7:03:61:70:dc:c3:74:f1: 17:32:32:b6:0f:c1:85:79:ca:7a:4c:9f:01:24:9a:d1:a5:1f: 17:22:65:d9:ee:58:68:2b:86:59:78:79:d0:60:c6:b8:a6:93: 31:ed:f9:f6:d7:40:fb:69:7e:f7:be:82:cc:8f:7b:1e:ee:6b: 78:7c:90:02 -----BEGIN CERTIFICATE----- MIIFIDCCBAigAwIBAgIUR2LZP32Ms9SPOkRdxyI6iYZLRLwwDQYJKoZIhvcNAQEL BQAwMzExMC8GA1UEAxMoQzg5ODgxQjMxNUY3RTIxQkE5NDhDRjlDQjExRDFBQzQy MjEwNjQyNjAeFw0yNjA0MjMwNjQ0MjFaFw0yNzA0MjIwNjQ5MjFaMDMxMTAvBgNV BAMTKEMwRUEyRDYxQTQzMkM1NEE4QjNCMjU1NjNDQTdCNDgxQzZEQkJFNUIwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEvDaYwmTJyIrfR9xAQBjapZPU RFFNcmL69UjtZAJo8FttllR7Qq/Eu8IOYKSa05ti4vFeqTJt4mVOcg6yJNk4BfTs 8TnciFUIbLmnGg2EivzN7B9NKRdZmo8La6PZP6jaK4Kym1PxTkozAWLx0iGpR5ln +AJrZbvpNIrop1XQpwRltpOSP2yVn2XFfrW8s8QUcP0PCX2U6Cz/lTBv7XIGqISA jqJIFAZos57DKt9gPyjNWdtrbwG/fkATQqcvbhkO3B+1F2iE52SXbdmU73exEoFm QuwUxvgDQQ7Z8C+jYDe6uDEKwQwowA0Yhrg+aVYoDXCIRaTscxCy9J0kx+5nAgMB AAGjggIqMIICJjAdBgNVHQ4EFgQUwOotYaQyxUqLOyVWPKe0gcbbvlswHwYDVR0j BBgwFoAUyJiBsxX34hupSM+csR0axCIQZCYwDgYDVR0PAQH/BAQDAgeAMHMGA1Ud HwRsMGowaKBmoGSGYnJzeW5jOi8vcnBraS1ycHMuY25uaWMuY24vcmVwby9BMTA5 NjYzMjA2Mjk5NzE2ODEzMS8wL0M4OTg4MUIzMTVGN0UyMUJBOTQ4Q0Y5Q0IxMUQx QUM0MjIxMDY0MjYuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5 bmM6Ly9ycGtpLXJwcy5jbm5pYy5jbi9yZXBvL0ExMDU1MzkwNzc1MDkwNjc1NzE1 LzEvQzg5ODgxQjMxNUY3RTIxQkE5NDhDRjlDQjExRDFBQzQyMjEwNjQyNi5jZXIw XgYIKwYBBQUHAQsEUjBQME4GCCsGAQUFBzALhkJyc3luYzovL3Jwa2ktcnBzLmNu bmljLmNuL3JlcG8vQTEwOTY2MzIwNjI5OTcxNjgxMzEvMC9BUzEzODQyMS5yb2Ew GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBlBggrBgEFBQcBBwEB/wRWMFQwUgQC AAEwTDAMAwQCK/B8AwQCK/CAAwQCK/DAAwQCK/4sMAwDBAMr/mgDBAAr/moDBAMr /pADBAFnBt4DBAFnFPgDBAJnJIQDBAFnJK4DBAJn3KQwDQYJKoZIhvcNAQELBQAD ggEBAC7Npd1WALjkDh/z6vHoaHdRwLOFSeVb4rJ45/vdy5s1COESVOtkvs3VUhC1 VXVAdGCo0dG6m+HVMpjHazeH5VFYWucAhD63RwyJUrqFA8/D066BgXvDK1HOtbO3 VrbTYX8hpBOepxdWcsMZi3gKXQ5hewPxx0nKx6PtDQV3kRYqyAbNDFguw+K6kKqK sG444u4SxB2Q8p2uidk+qso3E2vS6V/0M6PjTCjgzaOoWEBYyTywws8Yo973qCCn /jTHA2Fw3MN08RcyMrYPwYV5ynpMnwEkmtGlHxciZdnuWGgrhll4edBgxrimkzHt +fbXQPtpfve+gsyPex7ua3h8kAI= -----END CERTIFICATE-----Generated at Wed May 13 06:38:29 2026 by rpki-client