Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2620/at1w3aQ8pv-rnDv8DFVulwMAnx0.roa
File: at1w3aQ8pv-rnDv8DFVulwMAnx0.roa (raw, json)
Hash identifier: TD6E/O4qAYc9XInoBHUKPQQael3A9m1mMNdWDReSohc=
Subject key identifier: 6A:DD:70:DD:A4:3C:A6:FF:AB:9C:3B:FC:0C:55:6E:97:03:00:9F:1D
Certificate issuer: /CN=21DC875965C2BA61D1DACBB48DEE140554AA5AEF
Certificate serial: 174C
Authority key identifier: 21:DC:87:59:65:C2:BA:61:D1:DA:CB:B4:8D:EE:14:05:54:AA:5A:EF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IdyHWWXCumHR2su0je4UBVSqWu8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/at1w3aQ8pv-rnDv8DFVulwMAnx0.roa
Signing time: Sat 13 Sep 2025 03:03:32 +0000
ROA not before: Sat 13 Sep 2025 03:03:32 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 58593
IP address blocks: 40.72.0.0/15 maxlen: 32
40.72.0.0/16 maxlen: 32
40.72.0.0/17 maxlen: 32
40.72.128.0/17 maxlen: 32
40.72.254.0/24 maxlen: 32
40.72.255.0/24 maxlen: 32
40.73.0.0/17 maxlen: 32
40.73.99.0/24 maxlen: 32
40.73.128.0/17 maxlen: 32
40.125.128.0/17 maxlen: 32
40.126.64.0/18 maxlen: 32
40.162.0.0/16 maxlen: 32
52.130.0.0/20 maxlen: 32
52.130.16.0/20 maxlen: 32
52.130.32.0/19 maxlen: 32
52.130.64.0/19 maxlen: 32
52.130.96.0/20 maxlen: 32
52.130.112.0/20 maxlen: 32
52.130.128.0/18 maxlen: 32
52.130.192.0/18 maxlen: 32
52.131.0.0/17 maxlen: 32
52.131.128.0/17 maxlen: 32
139.217.0.0/16 maxlen: 32
139.217.0.0/17 maxlen: 32
139.217.128.0/17 maxlen: 32
139.219.0.0/16 maxlen: 32
139.219.0.0/17 maxlen: 32
139.219.128.0/17 maxlen: 32
143.64.0.0/16 maxlen: 32
159.27.0.0/16 maxlen: 32
Validation: OK
Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/IdyHWWXCumHR2su0je4UBVSqWu8.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/IdyHWWXCumHR2su0je4UBVSqWu8.mft
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IdyHWWXCumHR2su0je4UBVSqWu8.cer
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1xHsDTeBWKRHb-bqfXClSpUZWhE.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1xHsDTeBWKRHb-bqfXClSpUZWhE.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/1xHsDTeBWKRHb-bqfXClSpUZWhE.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 21 Oct 2025 04:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5964 (0x174c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21DC875965C2BA61D1DACBB48DEE140554AA5AEF
Validity
Not Before: Sep 13 03:03:32 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=6ADD70DDA43CA6FFAB9C3BFC0C556E9703009F1D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:47:81:e2:e4:81:73:cb:08:42:09:f1:13:a2:
29:a4:85:7e:cd:57:cc:c9:1b:59:5d:68:6c:4f:31:
48:8f:87:dc:8c:34:11:74:fe:89:d4:58:71:0b:10:
f3:53:fe:cf:97:9a:4d:63:92:62:aa:09:4d:da:f9:
ae:9f:03:d3:0f:f3:32:31:27:80:27:c4:49:66:25:
cb:5f:4e:ef:5b:7b:3b:42:97:2e:ec:9e:e6:ab:a0:
8d:15:28:d7:a5:a1:8c:93:21:c5:96:5b:5b:87:2b:
21:a4:50:9b:fa:eb:38:82:29:6e:e0:3f:14:96:dc:
83:a3:99:a3:98:fb:78:5f:7f:68:5e:62:63:6b:ca:
1f:08:56:71:e8:c5:a4:b3:a9:9e:a4:1d:c4:a2:07:
92:b7:1c:7d:ca:95:e4:5c:e3:bd:6c:69:1c:a4:8f:
47:e9:bc:1d:ad:bd:d0:1d:26:5e:bc:45:20:3d:93:
23:cd:ed:3a:17:97:db:4d:18:af:5e:3f:e0:00:8f:
72:4d:e1:28:14:18:d8:7c:85:e5:c6:10:6f:4b:71:
c1:ab:36:b3:11:b6:1f:9c:d1:35:c6:04:8e:2b:c1:
a3:f3:1b:32:01:dc:42:08:5f:cf:18:b0:0a:12:eb:
3b:30:8e:73:72:c3:27:34:b0:ac:f9:3a:c3:fe:03:
91:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:DD:70:DD:A4:3C:A6:FF:AB:9C:3B:FC:0C:55:6E:97:03:00:9F:1D
X509v3 Authority Key Identifier:
keyid:21:DC:87:59:65:C2:BA:61:D1:DA:CB:B4:8D:EE:14:05:54:AA:5A:EF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/IdyHWWXCumHR2su0je4UBVSqWu8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IdyHWWXCumHR2su0je4UBVSqWu8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/at1w3aQ8pv-rnDv8DFVulwMAnx0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
40.72.0.0/15
40.125.128.0/17
40.126.64.0/18
40.162.0.0/16
52.130.0.0/15
139.217.0.0/16
139.219.0.0/16
143.64.0.0/16
159.27.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b0:48:60:0a:a0:2e:c1:74:05:e9:ff:76:7c:c4:b3:b7:4e:e9:
8b:7f:95:d4:56:70:eb:48:39:3d:52:66:98:15:43:ea:82:56:
44:1b:83:93:b6:cf:ec:92:a3:5f:21:5e:6b:55:6f:5b:61:19:
d7:34:60:82:71:8f:8a:e7:0d:e8:ea:b2:ef:a3:89:78:bb:72:
3c:1f:2d:23:72:cc:02:b9:fb:95:a3:d7:55:92:3b:e4:a3:fa:
1d:38:1f:93:76:60:1e:61:cc:38:fa:9e:07:82:f3:51:3b:99:
8c:30:98:57:f9:1d:ce:e9:76:34:27:c8:8b:fe:2b:0e:d6:59:
a6:5b:42:05:ac:46:cc:e0:74:00:c9:46:32:1d:f7:82:92:f1:
d2:da:07:a9:34:8a:6e:02:c2:1c:68:20:dd:44:82:8b:93:66:
6e:35:8b:ba:f0:42:c3:2c:54:47:e0:88:60:b4:58:0a:ff:91:
0e:3d:a7:98:51:36:bd:43:5d:b1:02:4b:8e:eb:13:6b:74:a2:
a3:d2:3a:61:7d:e9:2c:d6:4a:8a:46:68:df:c6:d2:89:50:fd:
4a:7e:c3:93:b5:ae:0f:aa:a6:49:d0:b1:5e:0a:8e:49:75:49:
a8:d5:6b:60:84:f8:58:5f:2f:4c:47:2b:be:9b:0f:94:26:14:
ce:f8:dd:9c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgICF0wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMjFE
Qzg3NTk2NUMyQkE2MUQxREFDQkI0OERFRTE0MDU1NEFBNUFFRjAeFw0yNTA5MTMw
MzAzMzJaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDZBREQ3MEREQTQzQ0E2
RkZBQjlDM0JGQzBDNTU2RTk3MDMwMDlGMUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0R4Hi5IFzywhCCfEToimkhX7NV8zJG1ldaGxPMUiPh9yMNBF0
/onUWHELEPNT/s+Xmk1jkmKqCU3a+a6fA9MP8zIxJ4AnxElmJctfTu9beztCly7s
nuaroI0VKNeloYyTIcWWW1uHKyGkUJv66ziCKW7gPxSW3IOjmaOY+3hff2heYmNr
yh8IVnHoxaSzqZ6kHcSiB5K3HH3KleRc471saRykj0fpvB2tvdAdJl68RSA9kyPN
7ToXl9tNGK9eP+AAj3JN4SgUGNh8heXGEG9LccGrNrMRth+c0TXGBI4rwaPzGzIB
3EIIX88YsAoS6zswjnNywyc0sKz5OsP+A5HDAgMBAAGjggIcMIICGDAdBgNVHQ4E
FgQUat1w3aQ8pv+rnDv8DFVulwMAnx0wHwYDVR0jBBgwFoAUIdyHWWXCumHR2su0
je4UBVSqWu8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjYy
MC9JZHlIV1dYQ3VtSFIyc3UwamU0VUJWU3FXdTguY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL0lkeUhXV1hDdW1IUjJzdTBqZTRVQlZTcVd1OC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2MjAvYXQxdzNhUThwdi1y
bkR2OERGVnVsd01BbngwLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDBIBggrBgEFBQcBBwEB/wQ5MDcwNQQCAAEw
LwMDAShIAwQHKH2AAwQGKH5AAwMAKKIDAwE0ggMDAIvZAwMAi9sDAwCPQAMDAJ8b
MA0GCSqGSIb3DQEBCwUAA4IBAQCwSGAKoC7BdAXp/3Z8xLO3TumLf5XUVnDrSDk9
UmaYFUPqglZEG4OTts/skqNfIV5rVW9bYRnXNGCCcY+K5w3o6rLvo4l4u3I8Hy0j
cswCufuVo9dVkjvko/odOB+TdmAeYcw4+p4HgvNRO5mMMJhX+R3O6XY0J8iL/isO
1lmmW0IFrEbM4HQAyUYyHfeCkvHS2gepNIpuAsIcaCDdRIKLk2ZuNYu68ELDLFRH
4IhgtFgK/5EOPaeYUTa9Q12xAkuO6xNrdKKj0jphfeks1kqKRmjfxtKJUP1KfsOT
ta4PqqZJ0LFeCo5JdUmo1WtghPhYXy9MRyu+mw+UJhTO+N2c
-----END CERTIFICATE-----
Generated at Tue Oct 21 02:17:33 2025 by rpki-client