Route Origin Authorization
$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1100955007496224770/0/AS138421.roa
File: AS138421.roa (raw, json)
Hash identifier: JtKEVLMlZAkQEIF6yFuW7eYH15be2tmLAUjy2AiA2Uo=
Subject key identifier: AB:8C:A9:8F:EE:79:FC:09:0C:BF:35:77:FC:15:B5:B4:59:89:54:A1
Certificate issuer: /CN=78A1695C768D09B6CA7E1978308E54BE84FEBAAE
Certificate serial: 6153D783FB7E752446A829AE8F45C699959ACF5B
Authority key identifier: 78:A1:69:5C:76:8D:09:B6:CA:7E:19:78:30:8E:54:BE:84:FE:BA:AE
Authority info access: rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/78A1695C768D09B6CA7E1978308E54BE84FEBAAE.cer
Subject info access: rsync://rpki-rps.cnnic.cn/repo/A1100955007496224770/0/AS138421.roa
Signing time: Tue 09 Jun 2026 08:30:50 +0000
ROA not before: Tue 09 Jun 2026 08:25:50 +0000
ROA not after: Tue 08 Jun 2027 08:30:50 +0000
asID: 138421
IP address blocks: 116.128.149.0/24 maxlen: 24
116.128.189.0/24 maxlen: 24
116.128.190.0/24 maxlen: 24
116.128.191.0/24 maxlen: 24
211.95.22.0/24 maxlen: 24
211.95.54.0/24 maxlen: 24
211.95.55.0/24 maxlen: 24
211.95.60.0/24 maxlen: 24
211.95.73.0/24 maxlen: 24
211.95.75.0/24 maxlen: 24
211.95.76.0/24 maxlen: 24
211.95.79.0/24 maxlen: 24
220.196.42.0/24 maxlen: 24
220.196.53.0/24 maxlen: 24
220.196.58.0/24 maxlen: 24
220.196.88.0/24 maxlen: 24
220.196.89.0/24 maxlen: 24
220.196.90.0/24 maxlen: 24
220.196.91.0/24 maxlen: 24
220.196.92.0/24 maxlen: 24
220.196.93.0/24 maxlen: 24
220.196.94.0/24 maxlen: 24
220.196.95.0/24 maxlen: 24
220.196.164.0/22 maxlen: 22
220.196.168.0/22 maxlen: 22
220.196.172.0/22 maxlen: 22
220.196.180.0/22 maxlen: 22
220.196.184.0/24 maxlen: 24
220.196.185.0/24 maxlen: 24
220.196.186.0/23 maxlen: 23
220.196.186.0/24 maxlen: 24
220.196.187.0/24 maxlen: 24
220.196.188.0/24 maxlen: 24
220.196.189.0/24 maxlen: 24
220.196.190.0/23 maxlen: 23
220.196.240.0/21 maxlen: 21
220.196.240.0/24 maxlen: 24
220.196.241.0/24 maxlen: 24
220.196.242.0/24 maxlen: 24
220.196.243.0/24 maxlen: 24
220.196.244.0/24 maxlen: 24
220.196.245.0/24 maxlen: 24
220.196.246.0/24 maxlen: 24
220.196.247.0/24 maxlen: 24
220.196.248.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki-rps.cnnic.cn/repo/A1100955007496224770/0/78A1695C768D09B6CA7E1978308E54BE84FEBAAE.crl
rsync://rpki-rps.cnnic.cn/repo/A1100955007496224770/0/78A1695C768D09B6CA7E1978308E54BE84FEBAAE.mft
rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/78A1695C768D09B6CA7E1978308E54BE84FEBAAE.cer
rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.crl
rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pW6HKkA-e5zrlDGgj1QEAdL71xA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 13 Jun 2026 23:15:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:53:d7:83:fb:7e:75:24:46:a8:29:ae:8f:45:c6:99:95:9a:cf:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=78A1695C768D09B6CA7E1978308E54BE84FEBAAE
Validity
Not Before: Jun 9 08:25:50 2026 GMT
Not After : Jun 8 08:30:50 2027 GMT
Subject: CN=AB8CA98FEE79FC090CBF3577FC15B5B4598954A1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:1b:33:16:60:13:e1:3e:c6:95:c4:21:d4:02:
f5:66:08:18:1e:98:29:22:97:16:36:8a:b5:02:17:
ce:66:be:0c:7e:7a:05:6c:96:7e:f3:6c:fe:f0:7b:
b3:70:58:e1:a1:aa:11:1a:1c:50:08:4b:4a:4f:49:
d5:2f:7b:1f:11:b1:d4:80:6e:c2:1b:a6:0d:63:7b:
5d:18:bc:25:85:e5:3b:44:ff:c1:4a:3c:fe:4f:43:
04:9e:95:a3:27:74:69:d4:9e:00:33:f7:2e:77:f5:
c7:2d:b3:7f:5a:19:59:90:cf:8e:69:be:6d:a8:b8:
e0:a4:ea:6f:9d:65:8f:c1:3e:6d:a5:89:61:9f:f8:
9e:17:a2:92:f4:12:0e:c9:56:5f:72:e9:bf:50:d4:
b2:46:51:d5:41:09:32:bc:84:7f:34:d2:e7:74:a1:
29:e5:0e:b7:4f:fa:81:b0:1d:e4:e2:1c:9f:03:20:
13:c5:d3:37:62:9e:89:5b:e8:74:aa:91:bf:7e:3c:
c3:c5:d8:2f:26:8c:a5:83:09:1b:81:79:25:f0:03:
aa:73:f8:14:c6:ae:3e:8d:09:fc:41:ec:5d:2e:17:
ee:73:81:22:fe:ef:0d:ab:f5:e7:ab:d8:04:da:57:
be:99:89:bb:98:d3:35:5b:3a:c8:58:2e:08:f2:e1:
f6:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:8C:A9:8F:EE:79:FC:09:0C:BF:35:77:FC:15:B5:B4:59:89:54:A1
X509v3 Authority Key Identifier:
keyid:78:A1:69:5C:76:8D:09:B6:CA:7E:19:78:30:8E:54:BE:84:FE:BA:AE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rps.cnnic.cn/repo/A1100955007496224770/0/78A1695C768D09B6CA7E1978308E54BE84FEBAAE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/78A1695C768D09B6CA7E1978308E54BE84FEBAAE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rps.cnnic.cn/repo/A1100955007496224770/0/AS138421.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
116.128.149.0/24
116.128.189.0-116.128.191.255
211.95.22.0/24
211.95.54.0/23
211.95.60.0/24
211.95.73.0/24
211.95.75.0-211.95.76.255
211.95.79.0/24
220.196.42.0/24
220.196.53.0/24
220.196.58.0/24
220.196.88.0/21
220.196.164.0-220.196.175.255
220.196.180.0-220.196.191.255
220.196.240.0-220.196.251.255
Signature Algorithm: sha256WithRSAEncryption
8a:29:11:78:ad:38:7f:ad:88:3c:5a:d7:61:1b:1d:b3:2e:6e:
a5:e8:ab:50:0d:58:19:dd:73:13:1d:36:b7:ef:e3:b8:cf:78:
68:93:6e:8f:79:44:d5:88:23:c6:67:d9:3c:53:78:3f:44:fe:
eb:ef:6a:f5:69:8a:50:38:32:35:8d:9d:17:ef:3a:24:5e:36:
7d:3c:73:9f:09:28:62:04:13:f9:1c:dd:ce:76:29:ea:fc:5f:
0d:58:9c:2d:68:28:c9:bf:d7:6e:cc:57:c0:98:5d:e6:7f:06:
3a:81:f3:4f:e6:54:fc:d5:74:48:ec:ec:22:69:4c:1f:a4:5a:
d0:0a:ab:a2:55:b7:f8:12:61:e4:d7:85:b0:3c:67:ce:f2:b9:
dc:8e:16:ad:00:58:49:e8:9a:9a:de:ed:1c:3d:5f:cd:d4:d9:
94:2e:21:43:9a:41:5a:57:72:76:e9:6c:61:02:04:ab:b8:b0:
e9:51:d6:e7:93:fd:07:e8:0e:83:c6:4d:ba:55:29:a8:ce:69:
c4:65:c0:32:72:71:73:b2:86:3c:4b:fd:fb:bf:6c:63:ad:6f:
0a:39:a2:79:0d:27:6e:50:67:d1:1b:74:2a:84:7a:4c:d6:c6:
99:53:f5:8b:6b:e6:8f:e1:d2:83:b7:cf:7c:b8:6d:1e:76:7e:
aa:1b:44:c9
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgIUYVPXg/t+dSRGqCmuj0XGmZWaz1swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzhBMTY5NUM3NjhEMDlCNkNBN0UxOTc4MzA4RTU0QkU4
NEZFQkFBRTAeFw0yNjA2MDkwODI1NTBaFw0yNzA2MDgwODMwNTBaMDMxMTAvBgNV
BAMTKEFCOENBOThGRUU3OUZDMDkwQ0JGMzU3N0ZDMTVCNUI0NTk4OTU0QTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3GzMWYBPhPsaVxCHUAvVmCBge
mCkilxY2irUCF85mvgx+egVsln7zbP7we7NwWOGhqhEaHFAIS0pPSdUvex8RsdSA
bsIbpg1je10YvCWF5TtE/8FKPP5PQwSelaMndGnUngAz9y539ccts39aGVmQz45p
vm2ouOCk6m+dZY/BPm2liWGf+J4XopL0Eg7JVl9y6b9Q1LJGUdVBCTK8hH800ud0
oSnlDrdP+oGwHeTiHJ8DIBPF0zdinolb6HSqkb9+PMPF2C8mjKWDCRuBeSXwA6pz
+BTGrj6NCfxB7F0uF+5zgSL+7w2r9eer2ATaV76ZibuY0zVbOshYLgjy4fZDAgMB
AAGjggJlMIICYTAdBgNVHQ4EFgQUq4ypj+55/AkMvzV3/BW1tFmJVKEwHwYDVR0j
BBgwFoAUeKFpXHaNCbbKfhl4MI5UvoT+uq4wDgYDVR0PAQH/BAQDAgeAMHMGA1Ud
HwRsMGowaKBmoGSGYnJzeW5jOi8vcnBraS1ycHMuY25uaWMuY24vcmVwby9BMTEw
MDk1NTAwNzQ5NjIyNDc3MC8wLzc4QTE2OTVDNzY4RDA5QjZDQTdFMTk3ODMwOEU1
NEJFODRGRUJBQUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5
bmM6Ly9ycGtpLXJwcy5jbm5pYy5jbi9yZXBvL0ExMDU1MzkwNzc1MDkwNjc1NzE1
LzEvNzhBMTY5NUM3NjhEMDlCNkNBN0UxOTc4MzA4RTU0QkU4NEZFQkFBRS5jZXIw
XgYIKwYBBQUHAQsEUjBQME4GCCsGAQUFBzALhkJyc3luYzovL3Jwa2ktcnBzLmNu
bmljLmNuL3JlcG8vQTExMDA5NTUwMDc0OTYyMjQ3NzAvMC9BUzEzODQyMS5yb2Ew
GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCBnwYIKwYBBQUHAQcBAf8EgY8wgYww
gYkEAgABMIGCAwQAdICVMAwDBAB0gL0DBAZ0gIADBADTXxYDBAHTXzYDBADTXzwD
BADTX0kwDAMEANNfSwMEANNfTAMEANNfTwMEANzEKgMEANzENQMEANzEOgMEA9zE
WDAMAwQC3MSkAwQE3MSgMAwDBALcxLQDBAbcxIAwDAMEBNzE8AMEAtzE+DANBgkq
hkiG9w0BAQsFAAOCAQEAiikReK04f62IPFrXYRsdsy5upeirUA1YGd1zEx02t+/j
uM94aJNuj3lE1YgjxmfZPFN4P0T+6+9q9WmKUDgyNY2dF+86JF42fTxznwkoYgQT
+RzdznYp6vxfDVicLWgoyb/XbsxXwJhd5n8GOoHzT+ZU/NV0SOzsImlMH6Ra0Aqr
olW3+BJh5NeFsDxnzvK53I4WrQBYSeiamt7tHD1fzdTZlC4hQ5pBWldydulsYQIE
q7iw6VHW55P9B+gOg8ZNulUpqM5pxGXAMnJxc7KGPEv9+79sY61vCjmieQ0nblBn
0Rt0KoR6TNbGmVP1i2vmj+HSg7fPfLhtHnZ+qhtEyQ==
-----END CERTIFICATE-----
Generated at Sat Jun 13 15:16:33 2026 by rpki-client