Route Origin Authorization
$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1097099402905976835/1/AS59223.roa
File: AS59223.roa (raw, json)
Hash identifier: f0TIKeNmvCiezagNhLWTAVhXAKN3ind5QfliyqVDdi0=
Subject key identifier: BF:CA:44:96:6B:D4:35:2C:E9:62:BB:A0:82:4B:EC:D4:09:B6:18:F9
Certificate issuer: /CN=A914EAE40000/serialNumber=196F2188A356D1C42D39F6D165719B596B4CD91E
Certificate serial: 66AB15DA44FEA6423F64EEE106C6D5CC0D70F99B
Authority key identifier: 19:6F:21:88:A3:56:D1:C4:2D:39:F6:D1:65:71:9B:59:6B:4C:D9:1E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GW8hiKNW0cQtOfbRZXGbWWtM2R4.cer
Subject info access: rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/AS59223.roa
Signing time: Thu 11 Jun 2026 16:06:42 +0000
ROA not before: Thu 11 Jun 2026 16:01:42 +0000
ROA not after: Thu 10 Jun 2027 16:06:42 +0000
asID: 59223
IP address blocks: 110.166.64.0/20 maxlen: 20
110.167.163.0/24 maxlen: 24
110.167.164.0/24 maxlen: 24
110.167.255.0/24 maxlen: 24
118.213.88.0/24 maxlen: 24
118.213.92.0/24 maxlen: 24
118.213.141.0/24 maxlen: 24
118.213.220.0/24 maxlen: 24
125.72.18.0/23 maxlen: 23
125.72.124.0/24 maxlen: 24
125.72.126.0/24 maxlen: 24
125.72.129.0/24 maxlen: 24
125.72.141.0/24 maxlen: 24
125.72.143.0/24 maxlen: 24
125.72.144.0/24 maxlen: 24
125.72.145.0/24 maxlen: 24
125.72.146.0/24 maxlen: 24
125.72.147.0/24 maxlen: 24
220.167.142.0/23 maxlen: 23
220.167.180.0/24 maxlen: 24
220.167.181.0/24 maxlen: 24
220.167.182.0/24 maxlen: 24
223.221.10.0/24 maxlen: 24
223.221.162.0/24 maxlen: 24
223.221.177.0/24 maxlen: 24
223.221.179.0/24 maxlen: 24
223.221.216.0/24 maxlen: 24
240e:981:7101::/48 maxlen: 48
240e:981:7102::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/196F2188A356D1C42D39F6D165719B596B4CD91E.crl
rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/196F2188A356D1C42D39F6D165719B596B4CD91E.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GW8hiKNW0cQtOfbRZXGbWWtM2R4.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 14 Jun 2026 12:26:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
66:ab:15:da:44:fe:a6:42:3f:64:ee:e1:06:c6:d5:cc:0d:70:f9:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914EAE40000, serialNumber=196F2188A356D1C42D39F6D165719B596B4CD91E
Validity
Not Before: Jun 11 16:01:42 2026 GMT
Not After : Jun 10 16:06:42 2027 GMT
Subject: CN=BFCA44966BD4352CE962BBA0824BECD409B618F9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:e5:21:d9:d9:00:14:7c:49:b1:e2:53:38:16:
f4:48:7b:af:d5:ce:79:9a:85:a1:39:9c:13:7f:61:
7c:eb:f9:2f:40:1b:28:2c:b6:bb:2e:6a:b6:65:92:
c6:f7:6a:8b:55:06:42:81:6f:df:2c:58:d7:7a:b8:
e9:9c:12:d9:bd:f7:e5:32:46:30:74:b7:9f:ef:02:
7b:43:25:aa:5a:c3:ef:7a:81:02:a2:32:0d:a2:b1:
4d:90:8f:f1:96:9f:bf:fc:2a:48:a8:ee:8d:63:27:
e1:f7:2b:db:ee:f7:07:a3:f3:71:09:b9:21:e3:60:
5c:fb:5e:16:6d:05:54:16:5f:d8:ad:d1:46:9a:ae:
8b:c1:50:75:da:98:9a:cf:98:3f:b9:2a:62:ad:93:
85:f1:2a:5c:b0:8b:31:df:de:a5:4b:d4:75:3c:24:
fe:ea:19:2d:ef:ab:8d:2f:b2:04:ac:34:12:c7:c3:
d9:19:c8:6a:d6:70:a2:f5:bb:d0:f1:05:be:da:4b:
96:b5:97:a0:e2:4e:95:43:69:79:6c:1a:00:86:6b:
93:9b:1c:dc:7a:82:7f:ad:14:c1:71:00:18:11:26:
ae:7b:1e:72:8c:87:ba:3a:fa:af:7c:29:6f:9c:9a:
b1:42:7b:e7:47:9e:2f:9d:ca:d3:56:8e:33:ca:b0:
f9:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:CA:44:96:6B:D4:35:2C:E9:62:BB:A0:82:4B:EC:D4:09:B6:18:F9
X509v3 Authority Key Identifier:
keyid:19:6F:21:88:A3:56:D1:C4:2D:39:F6:D1:65:71:9B:59:6B:4C:D9:1E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/196F2188A356D1C42D39F6D165719B596B4CD91E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GW8hiKNW0cQtOfbRZXGbWWtM2R4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/AS59223.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
110.166.64.0/20
110.167.163.0-110.167.164.255
110.167.255.0/24
118.213.88.0/24
118.213.92.0/24
118.213.141.0/24
118.213.220.0/24
125.72.18.0/23
125.72.124.0/24
125.72.126.0/24
125.72.129.0/24
125.72.141.0/24
125.72.143.0-125.72.147.255
220.167.142.0/23
220.167.180.0-220.167.182.255
223.221.10.0/24
223.221.162.0/24
223.221.177.0/24
223.221.179.0/24
223.221.216.0/24
IPv6:
240e:981:7101::-240e:981:7102:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
9f:e5:32:8d:9b:7c:94:11:e5:83:b8:bc:6b:19:c0:a4:45:29:
6e:59:31:b8:a0:27:fd:52:cf:6e:85:5a:1c:99:ec:47:ef:e3:
65:88:9c:aa:b8:cf:da:54:48:51:10:9c:af:db:3d:0d:11:69:
f3:fd:28:1b:ea:ef:9a:5f:83:d8:ef:9d:11:a0:82:aa:5b:fe:
42:11:85:6d:7e:4f:14:50:2c:3a:84:77:17:a5:05:fd:af:9a:
9d:98:e7:f0:a3:4a:29:aa:c5:ef:43:39:95:a1:a9:ac:95:66:
64:ac:67:be:52:a7:ab:9b:85:fd:11:ce:49:c9:23:62:6f:d7:
22:b3:69:9f:80:e4:08:c3:c1:ff:22:c6:91:ae:da:64:45:2c:
4d:b1:5b:e5:0e:85:5f:59:f7:15:b2:dc:ec:7c:16:7d:a9:13:
73:ef:40:4e:81:92:94:ce:1d:81:a6:e6:fd:c0:e9:38:7a:e5:
ce:08:3a:16:1d:9e:1a:49:84:81:74:a3:c5:2f:13:b1:5d:48:
db:ee:3a:b6:82:e4:da:40:8f:51:05:9f:94:4b:ee:65:83:7a:
1e:f3:88:2b:92:9a:a2:51:f2:d9:96:9d:2f:72:db:f0:b4:59:
24:1d:53:03:62:2b:df:f0:7a:7c:3a:84:21:a4:13:37:6f:48:
9b:62:68:cd
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUZqsV2kT+pkI/ZO7hBsbVzA1w+ZswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNEVBRTQwMDAwMTEwLwYDVQQFEygxOTZGMjE4OEEz
NTZEMUM0MkQzOUY2RDE2NTcxOUI1OTZCNENEOTFFMB4XDTI2MDYxMTE2MDE0MloX
DTI3MDYxMDE2MDY0MlowMzExMC8GA1UEAxMoQkZDQTQ0OTY2QkQ0MzUyQ0U5NjJC
QkEwODI0QkVDRDQwOUI2MThGOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANTlIdnZABR8SbHiUzgW9Eh7r9XOeZqFoTmcE39hfOv5L0AbKCy2uy5qtmWS
xvdqi1UGQoFv3yxY13q46ZwS2b335TJGMHS3n+8Ce0MlqlrD73qBAqIyDaKxTZCP
8Zafv/wqSKjujWMn4fcr2+73B6PzcQm5IeNgXPteFm0FVBZf2K3RRpqui8FQddqY
ms+YP7kqYq2ThfEqXLCLMd/epUvUdTwk/uoZLe+rjS+yBKw0EsfD2RnIatZwovW7
0PEFvtpLlrWXoOJOlUNpeWwaAIZrk5sc3HqCf60UwXEAGBEmrnsecoyHujr6r3wp
b5yasUJ750eeL53K01aOM8qw+ZcCAwEAAaOCAo4wggKKMB0GA1UdDgQWBBS/ykSW
a9Q1LOliu6CCS+zUCbYY+TAfBgNVHSMEGDAWgBQZbyGIo1bRxC059tFlcZtZa0zZ
HjAOBgNVHQ8BAf8EBAMCB4AwcwYDVR0fBGwwajBooGagZIZicnN5bmM6Ly9ycGtp
LXJwcy5jbm5pYy5jbi9yZXBvL0ExMDk3MDk5NDAyOTA1OTc2ODM1LzEvMTk2RjIx
ODhBMzU2RDFDNDJEMzlGNkQxNjU3MTlCNTk2QjRDRDkxRS5jcmwwfgYIKwYBBQUH
AQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9z
aXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvR1c4aGlLTlcw
Y1F0T2ZiUlpYR2JXV3RNMlI0LmNlcjBdBggrBgEFBQcBCwRRME8wTQYIKwYBBQUH
MAuGQXJzeW5jOi8vcnBraS1ycHMuY25uaWMuY24vcmVwby9BMTA5NzA5OTQwMjkw
NTk3NjgzNS8xL0FTNTkyMjMucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
gckGCCsGAQUFBwEHAQH/BIG5MIG2MIGXBAIAATCBkAMEBG6mQDAMAwQAbqejAwQA
bqekAwQAbqf/AwQAdtVYAwQAdtVcAwQAdtWNAwQAdtXcAwQBfUgSAwQAfUh8AwQA
fUh+AwQAfUiBAwQAfUiNMAwDBAB9SI8DBAJ9SJADBAHcp44wDAMEAtyntAMEANyn
tgMEAN/dCgMEAN/dogMEAN/dsQMEAN/dswMEAN/d2DAaBAIAAjAUMBIDBwAkDgmB
cQEDBwAkDgmBcQIwDQYJKoZIhvcNAQELBQADggEBAJ/lMo2bfJQR5YO4vGsZwKRF
KW5ZMbigJ/1Sz26FWhyZ7Efv42WInKq4z9pUSFEQnK/bPQ0RafP9KBvq75pfg9jv
nRGggqpb/kIRhW1+TxRQLDqEdxelBf2vmp2Y5/CjSimqxe9DOZWhqayVZmSsZ75S
p6ubhf0RzknJI2Jv1yKzaZ+A5AjDwf8ixpGu2mRFLE2xW+UOhV9Z9xWy3Ox8Fn2p
E3PvQE6BkpTOHYGm5v3A6Th65c4IOhYdnhpJhIF0o8UvE7FdSNvuOraC5NpAj1EF
n5RL7mWDeh7ziCuSmqJR8tmWnS9y2/C0WSQdUwNiK9/wenw6hCGkEzdvSJtiaM0=
-----END CERTIFICATE-----
Generated at Sun Jun 14 05:17:35 2026 by rpki-client