Route Origin Authorization
$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1094872834095775747/0/AS138407.roa
File: AS138407.roa (raw, json)
Hash identifier: mdEstKPY1PmZmoFkGYyReJHsModWrzGLYeFCK9C526M=
Subject key identifier: 39:B5:16:12:49:59:8B:90:6C:30:E6:C0:86:14:98:E3:D1:EC:10:CD
Certificate issuer: /CN=A91D5F3D0000/serialNumber=DBB23C7EE492212EA858B78E1C66BF2298E5ACD4
Certificate serial: 394C0BD031509836EB1C89DA85911C5F5A2DB0B2
Authority key identifier: DB:B2:3C:7E:E4:92:21:2E:A8:58:B7:8E:1C:66:BF:22:98:E5:AC:D4
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/27I8fuSSIS6oWLeOHGa_IpjlrNQ.cer
Subject info access: rsync://rpki-rps.cnnic.cn/repo/A1094872834095775747/0/AS138407.roa
Signing time: Wed 20 May 2026 01:47:42 +0000
ROA not before: Wed 20 May 2026 01:42:42 +0000
ROA not after: Wed 19 May 2027 01:47:42 +0000
asID: 138407
IP address blocks: 117.135.194.0/24 maxlen: 24
117.135.195.0/24 maxlen: 24
117.135.198.0/24 maxlen: 24
117.135.206.0/24 maxlen: 24
117.135.207.0/24 maxlen: 24
117.135.209.0/24 maxlen: 24
117.135.210.0/24 maxlen: 24
117.135.214.0/24 maxlen: 24
117.135.215.0/24 maxlen: 24
117.135.216.0/24 maxlen: 24
117.135.217.0/24 maxlen: 24
117.135.218.0/24 maxlen: 24
117.135.220.0/24 maxlen: 24
117.135.221.0/24 maxlen: 24
117.135.222.0/24 maxlen: 24
117.135.223.0/24 maxlen: 24
117.135.230.0/23 maxlen: 23
117.135.232.0/22 maxlen: 22
117.135.236.0/24 maxlen: 24
117.135.238.0/24 maxlen: 24
117.135.240.0/24 maxlen: 24
117.135.242.0/24 maxlen: 24
117.135.243.0/24 maxlen: 24
117.135.244.0/24 maxlen: 24
117.135.246.0/24 maxlen: 24
117.135.247.0/24 maxlen: 24
117.135.249.0/24 maxlen: 24
117.135.252.0/24 maxlen: 24
117.187.7.0/24 maxlen: 24
117.187.21.0/24 maxlen: 24
117.187.22.0/24 maxlen: 24
117.187.24.0/24 maxlen: 24
117.187.38.0/23 maxlen: 23
117.187.38.0/24 maxlen: 24
117.187.40.0/23 maxlen: 23
117.187.46.0/24 maxlen: 24
117.187.51.0/24 maxlen: 24
117.187.112.0/24 maxlen: 24
117.187.113.0/24 maxlen: 24
117.187.114.0/24 maxlen: 24
117.187.115.0/24 maxlen: 24
117.187.116.0/24 maxlen: 24
117.187.117.0/24 maxlen: 24
117.187.118.0/24 maxlen: 24
117.187.119.0/24 maxlen: 24
117.187.128.0/22 maxlen: 22
117.187.132.0/22 maxlen: 22
117.187.132.0/24 maxlen: 24
117.187.136.0/24 maxlen: 24
117.187.137.0/24 maxlen: 24
117.187.138.0/24 maxlen: 24
117.187.139.0/24 maxlen: 24
117.187.140.0/24 maxlen: 24
117.187.141.0/24 maxlen: 24
117.187.142.0/24 maxlen: 24
117.187.143.0/24 maxlen: 24
117.187.144.0/24 maxlen: 24
117.187.145.0/24 maxlen: 24
117.187.146.0/24 maxlen: 24
117.187.147.0/24 maxlen: 24
117.187.148.0/24 maxlen: 24
117.187.149.0/24 maxlen: 24
117.187.150.0/24 maxlen: 24
117.187.178.0/24 maxlen: 24
117.187.179.0/24 maxlen: 24
117.187.180.0/23 maxlen: 23
117.187.182.0/24 maxlen: 24
117.187.183.0/24 maxlen: 24
117.187.184.0/24 maxlen: 24
117.187.185.0/24 maxlen: 24
117.187.186.0/24 maxlen: 24
117.187.187.0/24 maxlen: 24
117.187.188.0/24 maxlen: 24
117.187.189.0/24 maxlen: 24
117.187.190.0/24 maxlen: 24
117.187.191.0/24 maxlen: 24
117.187.201.0/24 maxlen: 24
117.187.202.0/24 maxlen: 24
117.187.203.0/24 maxlen: 24
117.187.204.0/24 maxlen: 24
117.187.205.0/24 maxlen: 24
117.187.206.0/24 maxlen: 24
117.187.207.0/24 maxlen: 24
117.187.208.0/22 maxlen: 22
117.187.209.0/24 maxlen: 24
117.187.212.0/22 maxlen: 22
117.187.213.0/24 maxlen: 24
117.187.216.0/24 maxlen: 24
117.187.217.0/24 maxlen: 24
117.187.218.0/24 maxlen: 24
117.187.219.0/24 maxlen: 24
117.187.221.0/24 maxlen: 24
117.187.222.0/23 maxlen: 23
117.187.240.0/24 maxlen: 24
117.187.241.0/24 maxlen: 24
117.187.243.0/24 maxlen: 24
117.187.244.0/24 maxlen: 24
117.187.245.0/24 maxlen: 24
117.187.246.0/24 maxlen: 24
117.187.247.0/24 maxlen: 24
117.187.252.0/24 maxlen: 24
117.187.253.0/24 maxlen: 24
117.187.254.0/24 maxlen: 24
2409:806a:3000::/48 maxlen: 48
2409:806a:b020::/44 maxlen: 44
2409:8c6a:1412::/48 maxlen: 48
2409:8c6a:1e12::/48 maxlen: 48
2409:8c6a:3a10::/44 maxlen: 44
2409:8c6a:4c00::/40 maxlen: 40
2409:8c6a:5c12::/48 maxlen: 48
2409:8c6a:6c12::/48 maxlen: 48
2409:8c6a:6f10::/44 maxlen: 44
2409:8c6a:7812::/48 maxlen: 48
2409:8c6a:9812::/48 maxlen: 48
2409:8c6a:b010::/44 maxlen: 44
2409:8c6a:b011::/48 maxlen: 48
2409:8c6a:b012::/48 maxlen: 48
2409:8c6a:b020::/44 maxlen: 44
2409:8c6a:b021::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rps.cnnic.cn/repo/A1094872834095775747/0/DBB23C7EE492212EA858B78E1C66BF2298E5ACD4.crl
rsync://rpki-rps.cnnic.cn/repo/A1094872834095775747/0/DBB23C7EE492212EA858B78E1C66BF2298E5ACD4.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/27I8fuSSIS6oWLeOHGa_IpjlrNQ.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 22 May 2026 11:59:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
39:4c:0b:d0:31:50:98:36:eb:1c:89:da:85:91:1c:5f:5a:2d:b0:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91D5F3D0000, serialNumber=DBB23C7EE492212EA858B78E1C66BF2298E5ACD4
Validity
Not Before: May 20 01:42:42 2026 GMT
Not After : May 19 01:47:42 2027 GMT
Subject: CN=39B5161249598B906C30E6C0861498E3D1EC10CD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:b6:d6:80:98:b9:60:da:25:59:2f:e9:bb:e7:
24:08:44:7d:b3:c0:cf:0a:76:df:72:8e:98:fd:8f:
ab:6b:14:4a:67:37:ef:2a:ed:2f:f2:64:f1:ed:0d:
36:bd:2c:14:be:7c:b5:bb:41:1c:06:53:5f:2f:e2:
2a:f3:4a:8b:03:cf:ba:6e:7b:43:bf:11:14:79:85:
61:e3:92:a4:fa:d5:aa:32:e6:92:28:95:0b:46:a3:
90:29:61:84:97:96:8c:39:a9:e1:12:89:f9:29:31:
59:f4:bc:b4:6e:b8:8d:67:d7:d1:65:ba:22:32:22:
14:cb:f5:93:8b:04:d9:8a:11:43:78:c6:5d:f8:37:
66:7b:30:5c:42:fd:59:9d:74:6c:5c:0b:f1:76:2e:
c6:0f:cf:65:8c:ad:68:e1:10:3c:1f:3d:91:07:b8:
40:24:1b:a3:62:31:93:2e:1b:3c:7d:c6:09:05:61:
a3:0f:45:fd:1f:d6:bb:0b:b7:22:0c:ae:17:3c:bc:
db:57:23:5d:60:65:60:4b:a3:93:44:a3:76:02:7b:
50:a4:78:6d:75:9b:3f:67:e4:d8:af:57:62:ec:07:
e5:00:96:02:db:f0:3b:73:a5:49:71:da:79:61:c3:
f4:e4:9b:6c:07:7e:46:7e:d6:07:5b:66:a8:df:6f:
71:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:B5:16:12:49:59:8B:90:6C:30:E6:C0:86:14:98:E3:D1:EC:10:CD
X509v3 Authority Key Identifier:
keyid:DB:B2:3C:7E:E4:92:21:2E:A8:58:B7:8E:1C:66:BF:22:98:E5:AC:D4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rps.cnnic.cn/repo/A1094872834095775747/0/DBB23C7EE492212EA858B78E1C66BF2298E5ACD4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/27I8fuSSIS6oWLeOHGa_IpjlrNQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rps.cnnic.cn/repo/A1094872834095775747/0/AS138407.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
117.135.194.0/23
117.135.198.0/24
117.135.206.0/23
117.135.209.0-117.135.210.255
117.135.214.0-117.135.218.255
117.135.220.0/22
117.135.230.0-117.135.236.255
117.135.238.0/24
117.135.240.0/24
117.135.242.0-117.135.244.255
117.135.246.0/23
117.135.249.0/24
117.135.252.0/24
117.187.7.0/24
117.187.21.0-117.187.22.255
117.187.24.0/24
117.187.38.0-117.187.41.255
117.187.46.0/24
117.187.51.0/24
117.187.112.0/21
117.187.128.0-117.187.150.255
117.187.178.0-117.187.191.255
117.187.201.0-117.187.219.255
117.187.221.0-117.187.223.255
117.187.240.0/23
117.187.243.0-117.187.247.255
117.187.252.0-117.187.254.255
IPv6:
2409:806a:3000::/48
2409:806a:b020::/44
2409:8c6a:1412::/48
2409:8c6a:1e12::/48
2409:8c6a:3a10::/44
2409:8c6a:4c00::/40
2409:8c6a:5c12::/48
2409:8c6a:6c12::/48
2409:8c6a:6f10::/44
2409:8c6a:7812::/48
2409:8c6a:9812::/48
2409:8c6a:b010::-2409:8c6a:b02f:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
0a:2f:6f:c9:0a:8f:47:90:97:65:24:d7:fe:20:67:ea:c6:63:
3f:8a:bc:38:9b:de:fc:f2:0a:2e:52:c3:83:7d:a1:8b:0a:11:
ca:90:1f:e5:1e:c7:52:88:a9:7b:d1:4e:fd:ca:65:2f:c8:ac:
fd:cb:c7:dd:6b:8f:4e:2e:7b:31:71:75:e7:f0:91:46:a3:50:
72:20:15:d4:d4:d3:ed:24:87:e7:5c:9b:af:21:3b:6f:51:42:
fb:f8:90:20:92:78:13:48:4c:e2:d6:f4:fb:bf:5d:7b:b4:15:
11:d7:87:85:ff:be:e9:15:78:8e:bd:12:fa:08:83:4c:ee:02:
d1:ee:fa:97:3a:22:aa:dc:60:66:f6:1b:2a:58:de:57:77:50:
3c:b7:bf:03:2b:ff:ec:c8:f1:10:55:f4:c2:16:28:22:a5:7f:
46:03:cd:c5:8e:2d:97:f7:22:34:ec:61:2f:90:b0:b3:aa:f4:
7b:4d:a3:76:a4:1a:89:d3:03:c8:3b:13:0a:55:66:76:b3:b5:
a6:ba:c5:02:30:7e:d9:58:0b:b3:c2:c8:92:33:73:8c:e8:ea:
07:d7:b7:e2:e9:ba:fb:c9:a3:cd:7e:1d:19:66:d9:4c:84:8a:
16:76:f2:da:ac:f2:fd:fa:a5:b4:c7:9d:74:77:15:3d:85:8c:
53:15:4c:4d
-----BEGIN CERTIFICATE-----
MIIGdTCCBV2gAwIBAgIUOUwL0DFQmDbrHInahZEcX1otsLIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRDVGM0QwMDAwMTEwLwYDVQQFEyhEQkIyM0M3RUU0
OTIyMTJFQTg1OEI3OEUxQzY2QkYyMjk4RTVBQ0Q0MB4XDTI2MDUyMDAxNDI0MloX
DTI3MDUxOTAxNDc0MlowMzExMC8GA1UEAxMoMzlCNTE2MTI0OTU5OEI5MDZDMzBF
NkMwODYxNDk4RTNEMUVDMTBDRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM+21oCYuWDaJVkv6bvnJAhEfbPAzwp233KOmP2Pq2sUSmc37yrtL/Jk8e0N
Nr0sFL58tbtBHAZTXy/iKvNKiwPPum57Q78RFHmFYeOSpPrVqjLmkiiVC0ajkClh
hJeWjDmp4RKJ+SkxWfS8tG64jWfX0WW6IjIiFMv1k4sE2YoRQ3jGXfg3ZnswXEL9
WZ10bFwL8XYuxg/PZYytaOEQPB89kQe4QCQbo2Ixky4bPH3GCQVhow9F/R/Wuwu3
IgyuFzy821cjXWBlYEujk0SjdgJ7UKR4bXWbP2fk2K9XYuwH5QCWAtvwO3OlSXHa
eWHD9OSbbAd+Rn7WB1tmqN9vcZ0CAwEAAaOCA2gwggNkMB0GA1UdDgQWBBQ5tRYS
SVmLkGww5sCGFJjj0ewQzTAfBgNVHSMEGDAWgBTbsjx+5JIhLqhYt44cZr8imOWs
1DAOBgNVHQ8BAf8EBAMCB4AwcwYDVR0fBGwwajBooGagZIZicnN5bmM6Ly9ycGtp
LXJwcy5jbm5pYy5jbi9yZXBvL0ExMDk0ODcyODM0MDk1Nzc1NzQ3LzAvREJCMjND
N0VFNDkyMjEyRUE4NThCNzhFMUM2NkJGMjI5OEU1QUNENC5jcmwwfgYIKwYBBQUH
AQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9z
aXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvMjdJOGZ1U1NJ
UzZvV0xlT0hHYV9JcGpsck5RLmNlcjBeBggrBgEFBQcBCwRSMFAwTgYIKwYBBQUH
MAuGQnJzeW5jOi8vcnBraS1ycHMuY25uaWMuY24vcmVwby9BMTA5NDg3MjgzNDA5
NTc3NTc0Ny8wL0FTMTM4NDA3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MIIBoQYIKwYBBQUHAQcBAf8EggGQMIIBjDCCAQoEAgABMIIBAgMEAXWHwgMEAHWH
xgMEAXWHzjAMAwQAdYfRAwQAdYfSMAwDBAF1h9YDBAB1h9oDBAJ1h9wwDAMEAXWH
5gMEAHWH7AMEAHWH7gMEAHWH8DAMAwQBdYfyAwQAdYf0AwQBdYf2AwQAdYf5AwQA
dYf8AwQAdbsHMAwDBAB1uxUDBAB1uxYDBAB1uxgwDAMEAXW7JgMEAXW7KAMEAHW7
LgMEAHW7MwMEA3W7cDAMAwQHdbuAAwQAdbuWMAwDBAF1u7IDBAZ1u4AwDAMEAHW7
yQMEAnW72DAMAwQAdbvdAwQFdbvAAwQBdbvwMAwDBAB1u/MDBAN1u/AwDAMEAnW7
/AMEAHW7/jB8BAIAAjB2AwcAJAmAajAAAwcEJAmAarAgAwcAJAmMahQSAwcAJAmM
ah4SAwcEJAmMajoQAwYAJAmMakwDBwAkCYxqXBIDBwAkCYxqbBIDBwQkCYxqbxAD
BwAkCYxqeBIDBwAkCYxqmBIwEgMHBCQJjGqwEAMHBCQJjGqwIDANBgkqhkiG9w0B
AQsFAAOCAQEACi9vyQqPR5CXZSTX/iBn6sZjP4q8OJve/PIKLlLDg32hiwoRypAf
5R7HUoipe9FO/cplL8is/cvH3WuPTi57MXF15/CRRqNQciAV1NTT7SSH51ybryE7
b1FC+/iQIJJ4E0hM4tb0+79de7QVEdeHhf++6RV4jr0S+giDTO4C0e76lzoiqtxg
ZvYbKljeV3dQPLe/Ayv/7MjxEFX0whYoIqV/RgPNxY4tl/ciNOxhL5Cws6r0e02j
dqQaidMDyDsTClVmdrO1prrFAjB+2VgLs8LIkjNzjOjqB9e34um6+8mjzX4dGWbZ
TISKFnby2qzy/fqltMeddHcVPYWMUxVMTQ==
-----END CERTIFICATE-----
Generated at Thu May 21 10:24:58 2026 by rpki-client