Route Origin Authorization
$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1096704593695342593/0/AS17621.roa
File: AS17621.roa (raw, json)
Hash identifier: MPH5fQOSeoHI6U1HZ3URNZsvIOI3vceEI3aV5nzoTco=
Subject key identifier: 01:C0:60:D2:A9:4B:46:E1:30:60:27:CA:A1:D9:AC:7F:7B:7A:DA:8E
Certificate issuer: /CN=A9143CB30000/serialNumber=EACB7B50F338DF2794EBA3F618C7233B2283E644
Certificate serial: 375A398C49D41C42086927FEA3B2FEADF08710D6
Authority key identifier: EA:CB:7B:50:F3:38:DF:27:94:EB:A3:F6:18:C7:23:3B:22:83:E6:44
Authority info access: rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/6st7UPM43yeU66P2GMcjOyKD5kQ.cer
Subject info access: rsync://rpki-rps.cnnic.cn/repo/A1096704593695342593/0/AS17621.roa
Signing time: Wed 10 Jun 2026 06:47:40 +0000
ROA not before: Wed 10 Jun 2026 06:42:40 +0000
ROA not after: Wed 09 Jun 2027 06:47:40 +0000
asID: 17621
IP address blocks: 139.227.166.0/24 maxlen: 24
139.227.224.0/24 maxlen: 24
139.227.225.0/24 maxlen: 24
140.206.54.0/24 maxlen: 24
140.206.205.0/24 maxlen: 24
140.206.206.0/24 maxlen: 24
140.206.207.0/24 maxlen: 24
140.206.210.0/24 maxlen: 24
140.207.62.0/24 maxlen: 24
140.207.63.0/24 maxlen: 24
140.207.98.0/24 maxlen: 24
140.207.132.0/24 maxlen: 24
140.207.133.0/24 maxlen: 24
140.207.136.0/23 maxlen: 23
140.207.161.0/24 maxlen: 24
140.207.190.0/24 maxlen: 24
140.207.192.0/24 maxlen: 24
140.207.193.0/24 maxlen: 24
140.207.194.0/24 maxlen: 24
140.207.195.0/24 maxlen: 24
140.207.197.0/24 maxlen: 24
140.207.198.0/24 maxlen: 24
140.207.199.0/24 maxlen: 24
140.207.200.0/24 maxlen: 24
140.207.201.0/24 maxlen: 24
140.207.202.0/24 maxlen: 24
140.207.203.0/24 maxlen: 24
140.207.204.0/24 maxlen: 24
140.207.205.0/24 maxlen: 24
140.207.206.0/24 maxlen: 24
140.207.207.0/24 maxlen: 24
140.207.232.0/24 maxlen: 24
140.207.234.0/24 maxlen: 24
140.207.236.0/24 maxlen: 24
140.207.242.0/24 maxlen: 24
140.207.243.0/24 maxlen: 24
140.207.247.0/24 maxlen: 24
140.207.250.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rps.cnnic.cn/repo/A1096704593695342593/0/EACB7B50F338DF2794EBA3F618C7233B2283E644.crl
rsync://rpki-rps.cnnic.cn/repo/A1096704593695342593/0/EACB7B50F338DF2794EBA3F618C7233B2283E644.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/6st7UPM43yeU66P2GMcjOyKD5kQ.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 12 Jun 2026 12:32:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
37:5a:39:8c:49:d4:1c:42:08:69:27:fe:a3:b2:fe:ad:f0:87:10:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9143CB30000, serialNumber=EACB7B50F338DF2794EBA3F618C7233B2283E644
Validity
Not Before: Jun 10 06:42:40 2026 GMT
Not After : Jun 9 06:47:40 2027 GMT
Subject: CN=01C060D2A94B46E1306027CAA1D9AC7F7B7ADA8E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:9e:92:c1:9b:d5:af:e2:96:1e:b3:e9:cd:1d:
ca:11:01:e1:a6:02:77:b5:c9:d6:39:8a:52:b7:da:
e5:62:28:76:4f:60:bb:9d:55:aa:59:55:7a:4f:76:
f5:18:34:f7:c2:7c:a0:23:3e:bd:1c:77:66:d9:e1:
c3:cd:a1:51:4e:a6:1e:08:09:aa:1b:df:32:34:1e:
fe:97:da:fe:5e:6e:52:72:0e:4e:ad:f4:7d:17:20:
81:e8:9f:22:e4:38:a8:8e:dd:49:67:4d:21:22:b5:
4a:b2:38:06:78:71:32:67:f5:ee:cd:d4:5f:a0:b2:
98:59:cb:87:25:96:b3:0e:be:7c:a4:e3:8d:fd:e8:
49:85:fb:29:04:4d:b2:49:ed:61:c4:ec:55:9a:4c:
b0:6c:88:a0:69:0e:3c:6b:55:19:7f:b7:a8:8e:4f:
8d:77:cf:ec:28:d9:29:0f:ef:3a:32:65:3f:c5:06:
5d:ad:21:01:29:c7:66:58:99:a3:25:6a:57:04:a5:
5f:d8:e1:98:a4:25:b1:36:16:e7:7a:6a:b5:78:f2:
45:3d:4d:b7:eb:43:43:1a:37:65:0b:75:2f:63:d7:
3b:c3:6b:3e:37:b9:ad:81:c1:06:87:e8:be:40:c2:
33:87:b1:48:ee:35:6e:77:94:b9:5a:c9:f5:fa:b9:
b2:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:C0:60:D2:A9:4B:46:E1:30:60:27:CA:A1:D9:AC:7F:7B:7A:DA:8E
X509v3 Authority Key Identifier:
keyid:EA:CB:7B:50:F3:38:DF:27:94:EB:A3:F6:18:C7:23:3B:22:83:E6:44
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rps.cnnic.cn/repo/A1096704593695342593/0/EACB7B50F338DF2794EBA3F618C7233B2283E644.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/6st7UPM43yeU66P2GMcjOyKD5kQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rps.cnnic.cn/repo/A1096704593695342593/0/AS17621.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
139.227.166.0/24
139.227.224.0/23
140.206.54.0/24
140.206.205.0-140.206.207.255
140.206.210.0/24
140.207.62.0/23
140.207.98.0/24
140.207.132.0/23
140.207.136.0/23
140.207.161.0/24
140.207.190.0/24
140.207.192.0/22
140.207.197.0-140.207.207.255
140.207.232.0/24
140.207.234.0/24
140.207.236.0/24
140.207.242.0/23
140.207.247.0/24
140.207.250.0/24
Signature Algorithm: sha256WithRSAEncryption
72:da:3c:1c:c8:e3:d8:10:2f:5a:97:b7:c9:cf:84:07:01:b8:
97:1f:2e:60:df:a1:65:ad:19:38:6f:2e:f6:0a:9b:cf:77:74:
92:bd:d3:32:37:21:08:28:7d:08:75:7a:39:4d:e9:6d:a3:72:
48:da:99:a6:a4:24:1f:59:51:5f:a8:cb:9d:91:ca:4b:3b:db:
9b:60:0a:c1:6c:de:30:68:3d:b7:9b:af:6e:a8:04:41:b1:eb:
64:18:77:40:a6:8a:f2:59:fa:82:d6:36:b1:a3:b3:4f:33:0b:
74:b3:0f:fb:15:3f:79:d0:21:c7:9e:fc:0b:b4:a2:73:8e:31:
fe:ee:d0:93:39:a1:cb:87:80:5e:bd:0e:64:6d:33:84:e8:9a:
cb:4b:81:ee:19:e0:ea:7d:b9:4e:cb:56:7f:25:ce:2d:0a:b0:
a0:0f:69:98:53:85:24:86:57:4b:f3:74:e7:01:35:a2:bf:0f:
bf:94:9b:6c:40:40:d0:80:c7:b3:33:ae:39:9a:0f:a0:84:63:
38:3c:e9:e8:56:d3:d1:4b:8f:b7:fb:77:77:80:f2:51:cb:ef:
7f:61:33:09:e6:6f:ce:3f:52:2e:b5:1a:b8:a2:88:0e:9d:1c:
ef:35:ee:1e:99:8c:53:76:5c:a9:ce:24:d2:11:21:d5:3c:e8:
b4:df:a9:39
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgIUN1o5jEnUHEIIaSf+o7L+rfCHENYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNDNDQjMwMDAwMTEwLwYDVQQFEyhFQUNCN0I1MEYz
MzhERjI3OTRFQkEzRjYxOEM3MjMzQjIyODNFNjQ0MB4XDTI2MDYxMDA2NDI0MFoX
DTI3MDYwOTA2NDc0MFowMzExMC8GA1UEAxMoMDFDMDYwRDJBOTRCNDZFMTMwNjAy
N0NBQTFEOUFDN0Y3QjdBREE4RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIWeksGb1a/ilh6z6c0dyhEB4aYCd7XJ1jmKUrfa5WIodk9gu51VqllVek92
9Rg098J8oCM+vRx3Ztnhw82hUU6mHggJqhvfMjQe/pfa/l5uUnIOTq30fRcggeif
IuQ4qI7dSWdNISK1SrI4BnhxMmf17s3UX6CymFnLhyWWsw6+fKTjjf3oSYX7KQRN
skntYcTsVZpMsGyIoGkOPGtVGX+3qI5PjXfP7CjZKQ/vOjJlP8UGXa0hASnHZliZ
oyVqVwSlX9jhmKQlsTYW53pqtXjyRT1Nt+tDQxo3ZQt1L2PXO8NrPje5rYHBBofo
vkDCM4exSO41bneUuVrJ9fq5srECAwEAAaOCAmQwggJgMB0GA1UdDgQWBBQBwGDS
qUtG4TBgJ8qh2ax/e3rajjAfBgNVHSMEGDAWgBTqy3tQ8zjfJ5Tro/YYxyM7IoPm
RDAOBgNVHQ8BAf8EBAMCB4AwcwYDVR0fBGwwajBooGagZIZicnN5bmM6Ly9ycGtp
LXJwcy5jbm5pYy5jbi9yZXBvL0ExMDk2NzA0NTkzNjk1MzQyNTkzLzAvRUFDQjdC
NTBGMzM4REYyNzk0RUJBM0Y2MThDNzIzM0IyMjgzRTY0NC5jcmwwfgYIKwYBBQUH
AQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9z
aXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJGRDFGRjIvNnN0N1VQTTQz
eWVVNjZQMkdNY2pPeUtENWtRLmNlcjBdBggrBgEFBQcBCwRRME8wTQYIKwYBBQUH
MAuGQXJzeW5jOi8vcnBraS1ycHMuY25uaWMuY24vcmVwby9BMTA5NjcwNDU5MzY5
NTM0MjU5My8wL0FTMTc2MjEucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
gZ8GCCsGAQUFBwEHAQH/BIGPMIGMMIGJBAIAATCBggMEAIvjpgMEAYvj4AMEAIzO
NjAMAwQAjM7NAwQEjM7AAwQAjM7SAwQBjM8+AwQAjM9iAwQBjM+EAwQBjM+IAwQA
jM+hAwQAjM++AwQCjM/AMAwDBACMz8UDBASMz8ADBACMz+gDBACMz+oDBACMz+wD
BAGMz/IDBACMz/cDBACMz/owDQYJKoZIhvcNAQELBQADggEBAHLaPBzI49gQL1qX
t8nPhAcBuJcfLmDfoWWtGThvLvYKm893dJK90zI3IQgofQh1ejlN6W2jckjamaak
JB9ZUV+oy52Ryks725tgCsFs3jBoPbebr26oBEGx62QYd0CmivJZ+oLWNrGjs08z
C3SzD/sVP3nQIcee/Au0onOOMf7u0JM5ocuHgF69DmRtM4TomstLge4Z4Op9uU7L
Vn8lzi0KsKAPaZhThSSGV0vzdOcBNaK/D7+Um2xAQNCAx7MzrjmaD6CEYzg86ehW
09FLj7f7d3eA8lHL739hMwnmb84/Ui61GriiiA6dHO817h6ZjFN2XKnOJNIRIdU8
6LTfqTk=
-----END CERTIFICATE-----
Generated at Fri Jun 12 02:23:44 2026 by rpki-client