$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1105044324229316617/0/AS17621.roa File: AS17621.roa (raw, json) Hash identifier: zqF/e4Ga8PYrOc0X3iakiBwylpQsSQJawT12rZTF/6w= Subject key identifier: E0:D9:13:33:FB:25:08:60:76:6E:C2:D3:A6:A4:B9:AD:EE:70:85:44 Certificate issuer: /CN=A9EF6BDE84A8B115C80721B280C9470B3BC0D886 Certificate serial: 23B0FC6C2F4091FF4B593D3DC2508453334D6E80 Authority key identifier: A9:EF:6B:DE:84:A8:B1:15:C8:07:21:B2:80:C9:47:0B:3B:C0:D8:86 Authority info access: rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A9EF6BDE84A8B115C80721B280C9470B3BC0D886.cer Subject info access: rsync://rpki-rps.cnnic.cn/repo/A1105044324229316617/0/AS17621.roa Signing time: Mon 11 May 2026 04:32:05 +0000 ROA not before: Mon 11 May 2026 04:27:05 +0000 ROA not after: Mon 10 May 2027 04:32:05 +0000 asID: 17621 IP address blocks: 110.43.128.0/21 maxlen: 21 110.43.136.0/21 maxlen: 21 110.43.144.0/21 maxlen: 21 110.43.152.0/21 maxlen: 21 120.92.128.0/21 maxlen: 21 120.92.136.0/21 maxlen: 21 120.92.144.0/21 maxlen: 21 120.92.152.0/21 maxlen: 21 120.92.160.0/21 maxlen: 21 120.92.168.0/21 maxlen: 21 120.92.176.0/21 maxlen: 21 120.92.184.0/21 maxlen: 21 120.92.184.0/23 maxlen: 23 120.92.186.0/23 maxlen: 23 120.92.224.0/23 maxlen: 23 120.92.226.0/23 maxlen: 23 120.92.228.0/23 maxlen: 23 120.92.230.0/23 maxlen: 23 120.92.232.0/23 maxlen: 23 120.92.234.0/23 maxlen: 23 120.92.236.0/23 maxlen: 23 120.92.238.0/23 maxlen: 23 2401:1d40:2000::/48 maxlen: 48 2401:1d40:2001::/48 maxlen: 48 2401:1d40:2100::/48 maxlen: 48 2401:1d40:2f00::/48 maxlen: 48 Validation: OK Signature path: rsync://rpki-rps.cnnic.cn/repo/A1105044324229316617/0/A9EF6BDE84A8B115C80721B280C9470B3BC0D886.crl rsync://rpki-rps.cnnic.cn/repo/A1105044324229316617/0/A9EF6BDE84A8B115C80721B280C9470B3BC0D886.mft rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A9EF6BDE84A8B115C80721B280C9470B3BC0D886.cer rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.crl rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pW6HKkA-e5zrlDGgj1QEAdL71xA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Wed 13 May 2026 13:31:00 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 23:b0:fc:6c:2f:40:91:ff:4b:59:3d:3d:c2:50:84:53:33:4d:6e:80 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A9EF6BDE84A8B115C80721B280C9470B3BC0D886 Validity Not Before: May 11 04:27:05 2026 GMT Not After : May 10 04:32:05 2027 GMT Subject: CN=E0D91333FB250860766EC2D3A6A4B9ADEE708544 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b3:8d:4c:67:3e:12:e4:c5:a4:20:f3:c1:9e:3a: c8:9b:ed:58:ee:cf:fe:ba:cf:9e:c3:4f:c4:76:40: 6e:b1:ab:e4:79:37:d1:a6:d3:cd:ff:6c:31:d2:8c: ec:43:11:b9:85:bd:dc:7f:73:c5:44:20:f8:e5:1e: 46:98:c7:ba:e2:70:39:a7:b1:83:0b:cb:e0:a7:c0: be:45:1b:19:60:55:08:10:14:1c:de:7b:f4:00:45: d5:2e:f2:2b:68:4f:ef:fc:03:a8:5a:aa:93:10:14: f9:d4:0c:d3:5e:6f:b7:cf:04:fc:d4:aa:fd:85:bc: 2c:a3:ef:72:de:6c:77:54:03:35:44:49:cc:ea:a0: a4:11:25:3c:c2:ce:e0:74:20:6e:44:6c:71:69:01: 4b:eb:25:b3:68:99:b1:c4:da:53:bc:ce:3e:86:86: c3:74:f7:ba:41:72:f0:d4:57:1c:f5:59:a8:fc:6a: c8:09:11:95:24:ca:42:82:33:01:2e:ae:48:a3:dc: 79:d9:99:86:9c:c8:6f:8e:8e:63:da:55:76:dc:5b: 32:fa:94:24:aa:a9:26:2d:73:3c:07:51:77:5c:cf: 2a:c1:af:d1:3b:42:da:69:b2:88:a2:a1:3f:1f:43: 34:0d:b0:84:30:08:83:38:8f:66:7a:16:28:61:25: 56:35 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: E0:D9:13:33:FB:25:08:60:76:6E:C2:D3:A6:A4:B9:AD:EE:70:85:44 X509v3 Authority Key Identifier: keyid:A9:EF:6B:DE:84:A8:B1:15:C8:07:21:B2:80:C9:47:0B:3B:C0:D8:86 X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rps.cnnic.cn/repo/A1105044324229316617/0/A9EF6BDE84A8B115C80721B280C9470B3BC0D886.crl Authority Information Access: CA Issuers - URI:rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A9EF6BDE84A8B115C80721B280C9470B3BC0D886.cer Subject Information Access: Signed Object - URI:rsync://rpki-rps.cnnic.cn/repo/A1105044324229316617/0/AS17621.roa X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 110.43.128.0/19 120.92.128.0/18 120.92.224.0/20 IPv6: 2401:1d40:2000::/47 2401:1d40:2100::/48 2401:1d40:2f00::/48 Signature Algorithm: sha256WithRSAEncryption 8d:4f:80:c6:20:7a:66:70:e3:0b:7f:c1:d5:64:22:e9:27:23: d1:11:60:49:b8:11:81:e5:66:80:69:75:f8:a3:e3:70:75:ee: ce:67:23:34:15:1f:cc:66:64:d0:78:76:47:fe:45:3a:1c:33: 27:33:ff:ee:a4:13:f4:3d:af:ca:3a:4e:ed:55:cb:a8:94:4b: 2d:c5:a8:da:2d:e9:57:85:2d:38:ff:21:ed:c5:ac:64:ff:66: 92:0a:53:e3:dd:09:05:cd:a5:d6:d6:49:0f:a1:2c:b7:96:a8: 8a:db:41:b0:af:c8:ed:79:3c:46:e3:c8:d0:8d:17:3a:96:e2: 6e:9b:e1:d0:62:89:07:99:63:c1:61:cd:d7:82:df:e5:d0:85: 8b:aa:91:21:d1:ab:8c:fb:74:c5:c6:93:4e:ed:6b:d2:64:9f: 33:af:62:1b:4e:50:60:98:78:1c:48:b9:76:2e:14:0b:90:c2: 9a:be:d6:ce:1f:34:a0:dd:2e:26:ef:b4:b9:1e:eb:da:8b:d0: e5:d7:c8:4c:85:db:18:a6:6a:b0:bf:0c:a6:25:75:1f:c1:ce: 81:c8:d0:7b:eb:ce:23:e3:4f:4c:0b:6d:ca:e6:df:4a:59:42: 18:d1:ed:73:6b:9d:34:29:5d:12:13:76:33:0b:f3:30:5e:d0: f3:f5:a7:0a -----BEGIN CERTIFICATE----- MIIFCDCCA/CgAwIBAgIUI7D8bC9Akf9LWT09wlCEUzNNboAwDQYJKoZIhvcNAQEL BQAwMzExMC8GA1UEAxMoQTlFRjZCREU4NEE4QjExNUM4MDcyMUIyODBDOTQ3MEIz QkMwRDg4NjAeFw0yNjA1MTEwNDI3MDVaFw0yNzA1MTAwNDMyMDVaMDMxMTAvBgNV BAMTKEUwRDkxMzMzRkIyNTA4NjA3NjZFQzJEM0E2QTRCOUFERUU3MDg1NDQwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzjUxnPhLkxaQg88GeOsib7Vju z/66z57DT8R2QG6xq+R5N9Gm083/bDHSjOxDEbmFvdx/c8VEIPjlHkaYx7ricDmn sYMLy+CnwL5FGxlgVQgQFBzee/QARdUu8itoT+/8A6haqpMQFPnUDNNeb7fPBPzU qv2FvCyj73LebHdUAzVESczqoKQRJTzCzuB0IG5EbHFpAUvrJbNombHE2lO8zj6G hsN097pBcvDUVxz1Waj8asgJEZUkykKCMwEurkij3HnZmYacyG+OjmPaVXbcWzL6 lCSqqSYtczwHUXdczyrBr9E7QtppsoiioT8fQzQNsIQwCIM4j2Z6FihhJVY1AgMB AAGjggISMIICDjAdBgNVHQ4EFgQU4NkTM/slCGB2bsLTpqS5re5whUQwHwYDVR0j BBgwFoAUqe9r3oSosRXIByGygMlHCzvA2IYwDgYDVR0PAQH/BAQDAgeAMHMGA1Ud HwRsMGowaKBmoGSGYnJzeW5jOi8vcnBraS1ycHMuY25uaWMuY24vcmVwby9BMTEw NTA0NDMyNDIyOTMxNjYxNy8wL0E5RUY2QkRFODRBOEIxMTVDODA3MjFCMjgwQzk0 NzBCM0JDMEQ4ODYuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5 bmM6Ly9ycGtpLXJwcy5jbm5pYy5jbi9yZXBvL0ExMDU1MzkwNzc1MDkwNjc1NzE1 LzEvQTlFRjZCREU4NEE4QjExNUM4MDcyMUIyODBDOTQ3MEIzQkMwRDg4Ni5jZXIw XQYIKwYBBQUHAQsEUTBPME0GCCsGAQUFBzALhkFyc3luYzovL3Jwa2ktcnBzLmNu bmljLmNuL3JlcG8vQTExMDUwNDQzMjQyMjkzMTY2MTcvMC9BUzE3NjIxLnJvYTAY BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAYBAIA ATASAwQFbiuAAwQGeFyAAwQEeFzgMCEEAgACMBsDBwEkAR1AIAADBwAkAR1AIQAD BwAkAR1ALwAwDQYJKoZIhvcNAQELBQADggEBAI1PgMYgemZw4wt/wdVkIuknI9ER YEm4EYHlZoBpdfij43B17s5nIzQVH8xmZNB4dkf+RTocMycz/+6kE/Q9r8o6Tu1V y6iUSy3FqNot6VeFLTj/Ie3FrGT/ZpIKU+PdCQXNpdbWSQ+hLLeWqIrbQbCvyO15 PEbjyNCNFzqW4m6b4dBiiQeZY8FhzdeC3+XQhYuqkSHRq4z7dMXGk07ta9JknzOv YhtOUGCYeBxIuXYuFAuQwpq+1s4fNKDdLibvtLke69qL0OXXyEyF2ximarC/DKYl dR/BzoHI0HvrziPjT0wLbcrm30pZQhjR7XNrnTQpXRITdjML8zBe0PP1pwo= -----END CERTIFICATE-----Generated at Wed May 13 02:38:42 2026 by rpki-client