Route Origin Authorization

$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1096265459348537346/1/AS0.roa
File:                     AS0.roa (raw, json)
Hash identifier:          132zAU1ahbknkNfBYBXQHL/eCue+m6AOBrdUkC7GbYY=
Subject key identifier:   0E:A9:34:EF:97:FD:53:66:16:1B:EF:04:30:3E:17:DD:21:F8:4D:55
Certificate issuer:       /CN=1C519CD1C415925E7FCE92FDA20FF18EC544C74B
Certificate serial:       3FC98893C3B7534BC06436DAE42C23EDDCECB59C
Authority key identifier: 1C:51:9C:D1:C4:15:92:5E:7F:CE:92:FD:A2:0F:F1:8E:C5:44:C7:4B
Authority info access:    rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/1C519CD1C415925E7FCE92FDA20FF18EC544C74B.cer
Subject info access:      rsync://rpki-rps.cnnic.cn/repo/A1096265459348537346/1/AS0.roa
Signing time:             Wed 17 Jun 2026 13:05:15 +0000
ROA not before:           Wed 17 Jun 2026 13:00:15 +0000
ROA not after:            Wed 16 Jun 2027 13:05:15 +0000
asID:                     0
IP address blocks:        58.83.0.0/17 maxlen: 24
                          101.134.0.0/15 maxlen: 24
                          118.30.0.0/16 maxlen: 24
                          118.195.0.0/17 maxlen: 24
                          123.61.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.cnnic.cn/repo/A1096265459348537346/1/1C519CD1C415925E7FCE92FDA20FF18EC544C74B.crl
                          rsync://rpki-rps.cnnic.cn/repo/A1096265459348537346/1/1C519CD1C415925E7FCE92FDA20FF18EC544C74B.mft
                          rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/1C519CD1C415925E7FCE92FDA20FF18EC544C74B.cer
                          rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.crl
                          rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pW6HKkA-e5zrlDGgj1QEAdL71xA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 08 Jul 2026 06:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:c9:88:93:c3:b7:53:4b:c0:64:36:da:e4:2c:23:ed:dc:ec:b5:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1C519CD1C415925E7FCE92FDA20FF18EC544C74B
        Validity
            Not Before: Jun 17 13:00:15 2026 GMT
            Not After : Jun 16 13:05:15 2027 GMT
        Subject: CN=0EA934EF97FD5366161BEF04303E17DD21F84D55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:01:4f:50:53:58:1e:3a:1f:52:81:d4:68:71:
                    d0:da:bb:73:36:d3:a4:7a:fc:6f:6c:96:8d:ce:11:
                    de:20:7b:ce:86:71:fc:48:8b:10:eb:55:96:05:72:
                    1d:ce:3b:9f:03:1d:c5:ac:b4:a3:e4:cc:a3:6a:3c:
                    6c:06:83:a7:6a:d1:a1:7a:41:02:63:39:3c:90:0c:
                    3c:6f:d9:74:57:8b:87:bc:e6:55:2d:bb:d3:4a:8a:
                    45:78:82:7c:21:4f:46:9d:63:10:c2:ae:11:d6:7f:
                    17:9b:c0:59:c8:ab:f0:6a:74:36:2c:eb:00:59:6e:
                    4d:67:4f:2f:28:8f:5c:12:0a:51:64:c5:0a:3a:80:
                    be:44:2e:32:27:13:13:1d:fc:e1:41:dc:eb:f4:88:
                    2c:bf:9d:c0:6c:41:15:c5:a9:5c:e0:b2:1b:f8:40:
                    cf:9a:ff:19:99:93:10:22:bc:a4:65:6f:4d:08:b2:
                    1b:20:06:66:b9:6d:b9:c2:ea:b6:3d:cb:ff:b3:50:
                    49:6c:c6:24:6f:e1:0f:a3:cf:b0:4e:12:cb:c3:a9:
                    58:7e:5d:b1:0c:9a:ed:c6:d4:dd:62:76:df:e7:52:
                    6f:16:cd:5e:dc:4f:86:50:81:af:76:22:d7:b4:f5:
                    85:dc:9e:12:de:99:94:11:c5:bc:52:25:07:1e:99:
                    ce:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:A9:34:EF:97:FD:53:66:16:1B:EF:04:30:3E:17:DD:21:F8:4D:55
            X509v3 Authority Key Identifier:
                keyid:1C:51:9C:D1:C4:15:92:5E:7F:CE:92:FD:A2:0F:F1:8E:C5:44:C7:4B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.cnnic.cn/repo/A1096265459348537346/1/1C519CD1C415925E7FCE92FDA20FF18EC544C74B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/1C519CD1C415925E7FCE92FDA20FF18EC544C74B.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.cnnic.cn/repo/A1096265459348537346/1/AS0.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  58.83.0.0/17
                  101.134.0.0/15
                  118.30.0.0/16
                  118.195.0.0/17
                  123.61.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         28:cb:4a:f9:06:80:9e:c0:aa:27:4f:5d:49:8b:88:ce:43:e3:
         95:ff:21:1e:9e:25:4a:5b:52:9b:20:78:6c:5c:17:87:b5:65:
         b2:c0:3e:83:26:08:79:49:30:08:56:f6:87:8e:7d:08:f6:bd:
         da:00:47:f3:26:8d:a1:bb:dc:c9:d2:de:8a:2e:83:f0:de:59:
         3c:05:ee:4a:32:37:0d:bd:61:49:62:5d:a6:13:7d:56:e4:87:
         20:1b:4e:d7:2c:88:11:e3:85:54:0e:40:35:b6:f6:5e:57:6c:
         5d:7d:da:ef:a9:03:af:97:17:a2:5a:e0:d7:8f:9a:62:fe:d9:
         11:e6:75:b1:03:5a:b3:f8:5a:34:f2:d0:eb:8f:4f:99:1b:3b:
         80:4f:6b:1c:45:02:93:91:d2:1e:af:d5:d0:f4:08:a0:cf:dd:
         4d:9d:66:27:47:2d:9a:07:12:ec:37:de:43:05:09:27:87:72:
         1b:90:75:72:b5:44:11:51:2a:1f:4a:e2:c1:1a:45:ba:94:74:
         82:3f:fa:eb:88:11:7f:dc:c2:8e:a4:bf:64:54:83:1e:7c:2b:
         cd:f3:46:b1:4c:13:eb:d0:48:d3:37:c2:71:64:6e:3d:ef:b2:
         a0:37:b4:44:fa:b5:04:5f:bd:3b:d4:fa:b3:a9:04:0e:fc:ae:
         b6:8d:1e:5e
-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgIUP8mIk8O3U0vAZDba5Cwj7dzstZwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMUM1MTlDRDFDNDE1OTI1RTdGQ0U5MkZEQTIwRkYxOEVD
NTQ0Qzc0QjAeFw0yNjA2MTcxMzAwMTVaFw0yNzA2MTYxMzA1MTVaMDMxMTAvBgNV
BAMTKDBFQTkzNEVGOTdGRDUzNjYxNjFCRUYwNDMwM0UxN0REMjFGODRENTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDAU9QU1geOh9SgdRocdDau3M2
06R6/G9slo3OEd4ge86GcfxIixDrVZYFch3OO58DHcWstKPkzKNqPGwGg6dq0aF6
QQJjOTyQDDxv2XRXi4e85lUtu9NKikV4gnwhT0adYxDCrhHWfxebwFnIq/BqdDYs
6wBZbk1nTy8oj1wSClFkxQo6gL5ELjInExMd/OFB3Ov0iCy/ncBsQRXFqVzgshv4
QM+a/xmZkxAivKRlb00IshsgBma5bbnC6rY9y/+zUElsxiRv4Q+jz7BOEsvDqVh+
XbEMmu3G1N1idt/nUm8WzV7cT4ZQga92Ite09YXcnhLemZQRxbxSJQcemc5BAgMB
AAGjggH0MIIB8DAdBgNVHQ4EFgQUDqk075f9U2YWG+8EMD4X3SH4TVUwHwYDVR0j
BBgwFoAUHFGc0cQVkl5/zpL9og/xjsVEx0swDgYDVR0PAQH/BAQDAgeAMHMGA1Ud
HwRsMGowaKBmoGSGYnJzeW5jOi8vcnBraS1ycHMuY25uaWMuY24vcmVwby9BMTA5
NjI2NTQ1OTM0ODUzNzM0Ni8xLzFDNTE5Q0QxQzQxNTkyNUU3RkNFOTJGREEyMEZG
MThFQzU0NEM3NEIuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5
bmM6Ly9ycGtpLXJwcy5jbm5pYy5jbi9yZXBvL0ExMDU1MzkwNzc1MDkwNjc1NzE1
LzEvMUM1MTlDRDFDNDE1OTI1RTdGQ0U5MkZEQTIwRkYxOEVDNTQ0Qzc0Qi5jZXIw
WQYIKwYBBQUHAQsETTBLMEkGCCsGAQUFBzALhj1yc3luYzovL3Jwa2ktcnBzLmNu
bmljLmNuL3JlcG8vQTEwOTYyNjU0NTkzNDg1MzczNDYvMS9BUzAucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwNAYIKwYBBQUHAQcBAf8EJTAjMCEEAgABMBsD
BAc6UwADAwFlhgMDAHYeAwQHdsMAAwMAez0wDQYJKoZIhvcNAQELBQADggEBACjL
SvkGgJ7AqidPXUmLiM5D45X/IR6eJUpbUpsgeGxcF4e1ZbLAPoMmCHlJMAhW9oeO
fQj2vdoAR/MmjaG73MnS3ooug/DeWTwF7koyNw29YUliXaYTfVbkhyAbTtcsiBHj
hVQOQDW29l5XbF192u+pA6+XF6Ja4NePmmL+2RHmdbEDWrP4WjTy0OuPT5kbO4BP
axxFApOR0h6v1dD0CKDP3U2dZidHLZoHEuw33kMFCSeHchuQdXK1RBFRKh9K4sEa
RbqUdII/+uuIEX/cwo6kv2RUgx58K83zRrFME+vQSNM3wnFkbj3vsqA3tET6tQRf
vTvU+rOpBA78rraNHl4=
-----END CERTIFICATE-----
Generated at Tue Jul 7 09:44:16 2026 by rpki-client