$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1096632062997168131/0/AS138421.roa File: AS138421.roa (raw, json) Hash identifier: dWv3A+njXqrUE8Mw7JZqCmOo2ZGwskZ3TQPEph8P4JE= Subject key identifier: EE:5D:B8:AA:A0:8F:39:FB:28:11:28:1C:CA:63:99:E2:00:C0:53:43 Certificate issuer: /CN=C89881B315F7E21BA948CF9CB11D1AC422106426 Certificate serial: 41FF073000B6AD58F6ECFCCDAE13EC1859055F8E Authority key identifier: C8:98:81:B3:15:F7:E2:1B:A9:48:CF:9C:B1:1D:1A:C4:22:10:64:26 Authority info access: rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/C89881B315F7E21BA948CF9CB11D1AC422106426.cer Subject info access: rsync://rpki-rps.cnnic.cn/repo/A1096632062997168131/0/AS138421.roa Signing time: Mon 20 Apr 2026 05:02:12 +0000 ROA not before: Mon 20 Apr 2026 04:57:12 +0000 ROA not after: Mon 19 Apr 2027 05:02:12 +0000 asID: 138421 IP address blocks: 43.240.124.0/24 maxlen: 24 43.240.125.0/24 maxlen: 24 43.240.126.0/23 maxlen: 23 43.240.128.0/23 maxlen: 23 43.240.130.0/23 maxlen: 23 43.240.192.0/22 maxlen: 22 43.254.44.0/23 maxlen: 23 43.254.46.0/23 maxlen: 23 43.254.104.0/24 maxlen: 24 43.254.105.0/24 maxlen: 24 43.254.106.0/24 maxlen: 24 43.254.144.0/24 maxlen: 24 43.254.145.0/24 maxlen: 24 43.254.146.0/24 maxlen: 24 43.254.147.0/24 maxlen: 24 43.254.148.0/22 maxlen: 22 103.6.222.0/24 maxlen: 24 103.6.223.0/24 maxlen: 24 103.20.249.0/24 maxlen: 24 103.36.174.0/23 maxlen: 23 103.220.164.0/22 maxlen: 22 103.220.167.0/24 maxlen: 24 Validation: OK Signature path: rsync://rpki-rps.cnnic.cn/repo/A1096632062997168131/0/C89881B315F7E21BA948CF9CB11D1AC422106426.crl rsync://rpki-rps.cnnic.cn/repo/A1096632062997168131/0/C89881B315F7E21BA948CF9CB11D1AC422106426.mft rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/C89881B315F7E21BA948CF9CB11D1AC422106426.cer rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.crl rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pW6HKkA-e5zrlDGgj1QEAdL71xA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Tue 21 Apr 2026 05:32:23 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 41:ff:07:30:00:b6:ad:58:f6:ec:fc:cd:ae:13:ec:18:59:05:5f:8e Signature Algorithm: sha256WithRSAEncryption Issuer: CN=C89881B315F7E21BA948CF9CB11D1AC422106426 Validity Not Before: Apr 20 04:57:12 2026 GMT Not After : Apr 19 05:02:12 2027 GMT Subject: CN=EE5DB8AAA08F39FB2811281CCA6399E200C05343 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:be:ff:5a:34:a7:62:2e:47:b1:61:43:22:7c:80: 95:1a:c3:35:24:80:f5:fa:f6:ab:34:50:90:4f:77: 80:0d:ff:a0:1a:76:e0:e6:e2:8d:2c:e1:c5:78:1b: ff:af:c1:a4:4e:91:7b:73:48:cb:38:8d:82:11:16: a1:bf:83:36:73:40:00:03:99:14:9c:ca:43:7d:ba: 35:b5:73:14:1b:82:60:c0:44:09:2f:f4:f2:f7:02: fa:77:f8:19:8c:61:4a:6f:f6:79:9f:79:45:79:53: 6e:bf:57:8f:c6:bc:21:2e:dc:c2:b7:07:7f:de:0e: ac:e6:cd:f9:59:05:62:5e:4c:6d:41:d6:2a:61:bd: c8:18:97:f0:4d:77:5b:1e:8a:e7:d2:44:66:d4:16: a6:67:a0:56:97:fd:eb:73:60:7c:dd:d7:42:39:9d: dd:9b:ac:1b:55:fb:9e:db:02:32:44:36:d7:50:61: 9c:fe:05:cf:8d:26:7a:0d:30:68:18:85:30:f7:86: 80:03:4e:c7:14:0f:76:e1:94:0d:c2:b1:30:4b:14: 8a:a5:91:65:1d:19:06:4c:16:a7:97:8a:56:28:77: 75:b0:25:96:75:ac:bc:0d:08:73:fd:22:36:71:0c: bc:83:c5:18:71:19:26:7a:30:35:24:32:36:7e:4f: 89:a3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: EE:5D:B8:AA:A0:8F:39:FB:28:11:28:1C:CA:63:99:E2:00:C0:53:43 X509v3 Authority Key Identifier: keyid:C8:98:81:B3:15:F7:E2:1B:A9:48:CF:9C:B1:1D:1A:C4:22:10:64:26 X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rps.cnnic.cn/repo/A1096632062997168131/0/C89881B315F7E21BA948CF9CB11D1AC422106426.crl Authority Information Access: CA Issuers - URI:rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/C89881B315F7E21BA948CF9CB11D1AC422106426.cer Subject Information Access: Signed Object - URI:rsync://rpki-rps.cnnic.cn/repo/A1096632062997168131/0/AS138421.roa X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 43.240.124.0-43.240.131.255 43.240.192.0/22 43.254.44.0/22 43.254.104.0-43.254.106.255 43.254.144.0/21 103.6.222.0/23 103.20.249.0/24 103.36.174.0/23 103.220.164.0/22 Signature Algorithm: sha256WithRSAEncryption c5:fe:5b:89:78:15:9b:d9:ec:1d:21:0b:b5:36:44:9f:dc:32: 15:a1:b0:79:e1:ad:2a:06:43:72:b4:da:3d:5f:89:43:0c:d0: a2:ef:8a:a6:6f:b8:a7:d9:1c:f9:e5:8c:ed:39:79:5b:be:48: cc:1c:a3:17:08:9a:cd:ca:3a:43:96:1c:6d:08:b6:c3:18:a1: 4a:30:0a:86:9c:c5:be:af:35:25:b4:b5:77:cf:ee:26:c5:81: de:55:b8:82:20:33:26:fa:6c:b7:10:8c:5a:6c:20:a9:68:5d: e4:38:de:38:0f:a2:c0:dc:f0:68:b6:34:e3:ca:c4:e4:82:5c: cf:60:f9:82:67:c2:33:fd:7b:cf:b1:ba:f1:33:78:d4:ab:6e: 8c:f0:69:b9:35:a9:86:cd:6d:20:0b:fb:a4:3b:44:27:9f:70: e3:57:f2:5e:b1:15:79:0c:02:d3:a4:ff:d0:a6:16:68:12:ed: 74:07:12:26:3e:66:09:86:a0:58:62:10:60:1c:45:c1:f2:50: 7f:11:b7:7c:95:4e:47:fb:9b:c4:47:af:27:63:9a:d3:bc:6d: 01:4e:8e:63:26:95:7a:21:46:09:dd:88:f3:11:b6:3b:65:39: 8f:14:6a:28:d2:23:ac:44:d5:b5:99:15:fb:88:e5:de:b0:97: 54:f5:92:98 -----BEGIN CERTIFICATE----- MIIFGjCCBAKgAwIBAgIUQf8HMAC2rVj27PzNrhPsGFkFX44wDQYJKoZIhvcNAQEL BQAwMzExMC8GA1UEAxMoQzg5ODgxQjMxNUY3RTIxQkE5NDhDRjlDQjExRDFBQzQy MjEwNjQyNjAeFw0yNjA0MjAwNDU3MTJaFw0yNzA0MTkwNTAyMTJaMDMxMTAvBgNV BAMTKEVFNURCOEFBQTA4RjM5RkIyODExMjgxQ0NBNjM5OUUyMDBDMDUzNDMwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+/1o0p2IuR7FhQyJ8gJUawzUk gPX69qs0UJBPd4AN/6AaduDm4o0s4cV4G/+vwaROkXtzSMs4jYIRFqG/gzZzQAAD mRScykN9ujW1cxQbgmDARAkv9PL3Avp3+BmMYUpv9nmfeUV5U26/V4/GvCEu3MK3 B3/eDqzmzflZBWJeTG1B1iphvcgYl/BNd1seiufSRGbUFqZnoFaX/etzYHzd10I5 nd2brBtV+57bAjJENtdQYZz+Bc+NJnoNMGgYhTD3hoADTscUD3bhlA3CsTBLFIql kWUdGQZMFqeXilYod3WwJZZ1rLwNCHP9IjZxDLyDxRhxGSZ6MDUkMjZ+T4mjAgMB AAGjggIkMIICIDAdBgNVHQ4EFgQU7l24qqCPOfsoESgcymOZ4gDAU0MwHwYDVR0j BBgwFoAUyJiBsxX34hupSM+csR0axCIQZCYwDgYDVR0PAQH/BAQDAgeAMHMGA1Ud HwRsMGowaKBmoGSGYnJzeW5jOi8vcnBraS1ycHMuY25uaWMuY24vcmVwby9BMTA5 NjYzMjA2Mjk5NzE2ODEzMS8wL0M4OTg4MUIzMTVGN0UyMUJBOTQ4Q0Y5Q0IxMUQx QUM0MjIxMDY0MjYuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5 bmM6Ly9ycGtpLXJwcy5jbm5pYy5jbi9yZXBvL0ExMDU1MzkwNzc1MDkwNjc1NzE1 LzEvQzg5ODgxQjMxNUY3RTIxQkE5NDhDRjlDQjExRDFBQzQyMjEwNjQyNi5jZXIw XgYIKwYBBQUHAQsEUjBQME4GCCsGAQUFBzALhkJyc3luYzovL3Jwa2ktcnBzLmNu bmljLmNuL3JlcG8vQTEwOTY2MzIwNjI5OTcxNjgxMzEvMC9BUzEzODQyMS5yb2Ew GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBfBggrBgEFBQcBBwEB/wRQME4wTAQC AAEwRjAMAwQCK/B8AwQCK/CAAwQCK/DAAwQCK/4sMAwDBAMr/mgDBAAr/moDBAMr /pADBAFnBt4DBABnFPkDBAFnJK4DBAJn3KQwDQYJKoZIhvcNAQELBQADggEBAMX+ W4l4FZvZ7B0hC7U2RJ/cMhWhsHnhrSoGQ3K02j1fiUMM0KLviqZvuKfZHPnljO05 eVu+SMwcoxcIms3KOkOWHG0ItsMYoUowCoacxb6vNSW0tXfP7ibFgd5VuIIgMyb6 bLcQjFpsIKloXeQ43jgPosDc8Gi2NOPKxOSCXM9g+YJnwjP9e8+xuvEzeNSrbozw abk1qYbNbSAL+6Q7RCefcONX8l6xFXkMAtOk/9CmFmgS7XQHEiY+ZgmGoFhiEGAc RcHyUH8Rt3yVTkf7m8RHrydjmtO8bQFOjmMmlXohRgndiPMRtjtlOY8UaijSI6xE 1bWZFfuI5d6wl1T1kpg= -----END CERTIFICATE-----Generated at Mon Apr 20 14:59:13 2026 by rpki-client