Route Origin Authorization

$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1097099402905976835/1/AS134766.roa
File:                     AS134766.roa (raw, json)
Hash identifier:          ZEoqHnjN/b6+L7D0hh8FblAb8stVs7PsX89rRmiBz4I=
Subject key identifier:   38:A2:BD:21:42:08:91:65:74:6C:D8:6F:A5:DA:8B:55:8E:2D:5A:4A
Certificate issuer:       /CN=A914EAE40000/serialNumber=196F2188A356D1C42D39F6D165719B596B4CD91E
Certificate serial:       0CA0D89F414E245B763B1E08E39BBD62443F0A89
Authority key identifier: 19:6F:21:88:A3:56:D1:C4:2D:39:F6:D1:65:71:9B:59:6B:4C:D9:1E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GW8hiKNW0cQtOfbRZXGbWWtM2R4.cer
Subject info access:      rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/AS134766.roa
Signing time:             Mon 15 Jun 2026 17:14:10 +0000
ROA not before:           Mon 15 Jun 2026 17:09:10 +0000
ROA not after:            Mon 14 Jun 2027 17:14:10 +0000
asID:                     134766
IP address blocks:        42.243.147.0/24 maxlen: 24
                          42.243.148.0/24 maxlen: 24
                          60.161.16.0/22 maxlen: 22
                          106.56.217.0/24 maxlen: 24
                          106.56.218.0/23 maxlen: 23
                          106.60.56.0/22 maxlen: 22
                          106.60.60.0/22 maxlen: 22
                          106.60.64.0/19 maxlen: 19
                          106.60.70.0/24 maxlen: 24
                          106.60.71.0/24 maxlen: 24
                          106.60.74.0/24 maxlen: 24
                          106.60.78.0/24 maxlen: 24
                          112.113.248.0/22 maxlen: 22
                          116.53.36.0/22 maxlen: 22
                          116.53.37.0/24 maxlen: 24
                          116.55.221.0/24 maxlen: 24
                          116.55.222.0/24 maxlen: 24
                          182.240.160.0/22 maxlen: 22
                          182.240.161.0/24 maxlen: 24
                          182.240.162.0/24 maxlen: 24
                          182.242.56.0/21 maxlen: 21
                          182.242.80.0/21 maxlen: 21
                          182.242.88.0/21 maxlen: 21
                          182.242.91.0/24 maxlen: 24
                          182.242.93.0/24 maxlen: 24
                          182.242.152.0/21 maxlen: 21
                          182.242.152.0/24 maxlen: 24
                          182.242.153.0/24 maxlen: 24
                          182.242.159.0/24 maxlen: 24
                          182.242.208.0/21 maxlen: 21
                          182.242.211.0/24 maxlen: 24
                          182.242.215.0/24 maxlen: 24
                          182.242.216.0/21 maxlen: 21
                          182.242.216.0/24 maxlen: 24
                          182.242.217.0/24 maxlen: 24
                          182.242.218.0/24 maxlen: 24
                          182.242.219.0/24 maxlen: 24
                          182.245.40.0/22 maxlen: 22
                          182.247.112.0/22 maxlen: 22
                          218.63.8.0/23 maxlen: 23
                          218.63.8.0/24 maxlen: 24
                          220.163.254.0/24 maxlen: 24
                          222.220.212.0/22 maxlen: 22
                          222.220.212.0/24 maxlen: 24
                          222.220.213.0/24 maxlen: 24
                          222.220.214.0/24 maxlen: 24
                          222.220.216.0/22 maxlen: 22
                          222.221.96.0/20 maxlen: 20
                          222.221.102.0/23 maxlen: 23
                          222.221.106.0/24 maxlen: 24
                          222.221.108.0/24 maxlen: 24
                          240e:12:9000::/37 maxlen: 37
                          240e:94c:4000::/34 maxlen: 34
                          240e:983:1200::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/196F2188A356D1C42D39F6D165719B596B4CD91E.crl
                          rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/196F2188A356D1C42D39F6D165719B596B4CD91E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GW8hiKNW0cQtOfbRZXGbWWtM2R4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 08 Jul 2026 04:56:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:a0:d8:9f:41:4e:24:5b:76:3b:1e:08:e3:9b:bd:62:44:3f:0a:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914EAE40000, serialNumber=196F2188A356D1C42D39F6D165719B596B4CD91E
        Validity
            Not Before: Jun 15 17:09:10 2026 GMT
            Not After : Jun 14 17:14:10 2027 GMT
        Subject: CN=38A2BD2142089165746CD86FA5DA8B558E2D5A4A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:0d:a0:8c:12:d6:ce:13:1f:e5:09:8d:dc:02:
                    51:32:92:fc:de:27:55:74:96:0d:09:36:ba:a1:98:
                    61:f3:2c:01:c4:5e:98:1d:48:ea:38:a6:43:68:d9:
                    8e:3a:22:e1:f0:2e:a5:2d:18:24:72:0f:fc:8e:9e:
                    e6:d3:0e:24:aa:57:f7:b8:5a:e6:87:a1:db:2c:c6:
                    e2:97:a6:8d:1e:ed:b0:07:5f:34:25:aa:a5:73:af:
                    71:2e:7e:f7:3b:61:32:3d:6f:40:e3:7e:d7:59:b8:
                    09:e8:ff:c5:a5:3b:8f:e7:4d:07:3d:0c:39:a3:62:
                    72:39:31:e2:d1:d7:5f:ac:7a:a9:14:14:5e:94:5f:
                    19:fd:4a:fd:00:ef:71:b7:aa:3b:89:c8:18:16:22:
                    21:0a:a4:05:34:d1:62:48:53:d4:6d:06:c1:66:ec:
                    28:19:c4:d2:17:17:35:3d:50:8f:86:b7:3f:c9:0a:
                    c4:77:8c:c2:a8:3c:4e:da:89:12:2f:39:ac:4a:2f:
                    79:6d:c4:8f:29:a7:cd:ae:85:b1:aa:10:52:a1:d4:
                    81:18:aa:61:5e:02:9d:83:22:cc:74:0c:1d:d5:e9:
                    48:25:44:2a:b2:30:de:8d:d4:23:17:50:2b:ee:06:
                    a0:3f:98:e6:cd:6d:5e:52:3f:c4:e3:76:94:7b:8d:
                    67:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:A2:BD:21:42:08:91:65:74:6C:D8:6F:A5:DA:8B:55:8E:2D:5A:4A
            X509v3 Authority Key Identifier:
                keyid:19:6F:21:88:A3:56:D1:C4:2D:39:F6:D1:65:71:9B:59:6B:4C:D9:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/196F2188A356D1C42D39F6D165719B596B4CD91E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GW8hiKNW0cQtOfbRZXGbWWtM2R4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/AS134766.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  42.243.147.0-42.243.148.255
                  60.161.16.0/22
                  106.56.217.0-106.56.219.255
                  106.60.56.0-106.60.95.255
                  112.113.248.0/22
                  116.53.36.0/22
                  116.55.221.0-116.55.222.255
                  182.240.160.0/22
                  182.242.56.0/21
                  182.242.80.0/20
                  182.242.152.0/21
                  182.242.208.0/20
                  182.245.40.0/22
                  182.247.112.0/22
                  218.63.8.0/23
                  220.163.254.0/24
                  222.220.212.0-222.220.219.255
                  222.221.96.0/20
                IPv6:
                  240e:12:9000::/37
                  240e:94c:4000::/34
                  240e:983:1200::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:ee:4f:cb:71:1a:10:68:2c:dd:1f:f5:e1:f9:de:db:ec:8d:
         fe:cd:de:29:b8:f1:0e:06:6e:f3:86:b4:0a:3a:a9:21:6c:05:
         c1:87:97:27:f0:b6:d2:43:8a:33:d2:ba:93:c2:30:f1:aa:68:
         be:2b:88:45:72:a0:93:4b:ed:9a:f8:3c:bc:4d:5c:5b:58:58:
         9f:20:c3:8c:4a:2f:3d:c5:50:99:1c:86:6f:1b:e9:a5:a2:da:
         34:41:06:82:d2:2e:3d:f3:8d:1b:42:a6:7f:28:44:45:23:b8:
         35:93:52:b7:3e:cc:dc:97:42:37:d4:9b:86:f3:fd:92:b1:2f:
         67:0a:71:0b:1f:ac:81:fd:b4:38:8c:99:31:24:25:26:fd:ec:
         b1:33:d8:3c:9e:13:44:d5:c3:e4:bf:b9:e7:f7:ea:a2:76:93:
         7c:e8:60:7d:a6:06:a4:14:2e:90:a0:60:57:8a:5f:81:5f:80:
         e3:f6:7f:28:98:1d:72:35:b0:5c:04:2f:2a:40:3e:71:67:af:
         8f:8c:06:0b:f9:9a:53:3e:ef:de:a9:f0:42:60:ce:dc:2c:c1:
         af:d4:07:c2:6c:08:7e:f0:aa:b0:71:cc:d5:b0:b0:b0:d7:18:
         d4:3a:f6:87:39:26:c4:55:0f:9d:4e:6e:e1:20:11:cb:07:bb:
         38:dd:70:3c
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgIUDKDYn0FOJFt2Ox4I45u9YkQ/CokwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNEVBRTQwMDAwMTEwLwYDVQQFEygxOTZGMjE4OEEz
NTZEMUM0MkQzOUY2RDE2NTcxOUI1OTZCNENEOTFFMB4XDTI2MDYxNTE3MDkxMFoX
DTI3MDYxNDE3MTQxMFowMzExMC8GA1UEAxMoMzhBMkJEMjE0MjA4OTE2NTc0NkNE
ODZGQTVEQThCNTU4RTJENUE0QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANENoIwS1s4TH+UJjdwCUTKS/N4nVXSWDQk2uqGYYfMsAcRemB1I6jimQ2jZ
jjoi4fAupS0YJHIP/I6e5tMOJKpX97ha5oeh2yzG4pemjR7tsAdfNCWqpXOvcS5+
9zthMj1vQON+11m4Cej/xaU7j+dNBz0MOaNicjkx4tHXX6x6qRQUXpRfGf1K/QDv
cbeqO4nIGBYiIQqkBTTRYkhT1G0GwWbsKBnE0hcXNT1Qj4a3P8kKxHeMwqg8TtqJ
Ei85rEoveW3Ejymnza6FsaoQUqHUgRiqYV4CnYMizHQMHdXpSCVEKrIw3o3UIxdQ
K+4GoD+Y5s1tXlI/xON2lHuNZwcCAwEAAaOCApgwggKUMB0GA1UdDgQWBBQ4or0h
QgiRZXRs2G+l2otVji1aSjAfBgNVHSMEGDAWgBQZbyGIo1bRxC059tFlcZtZa0zZ
HjAOBgNVHQ8BAf8EBAMCB4AwcwYDVR0fBGwwajBooGagZIZicnN5bmM6Ly9ycGtp
LXJwcy5jbm5pYy5jbi9yZXBvL0ExMDk3MDk5NDAyOTA1OTc2ODM1LzEvMTk2RjIx
ODhBMzU2RDFDNDJEMzlGNkQxNjU3MTlCNTk2QjRDRDkxRS5jcmwwfgYIKwYBBQUH
AQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9z
aXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvR1c4aGlLTlcw
Y1F0T2ZiUlpYR2JXV3RNMlI0LmNlcjBeBggrBgEFBQcBCwRSMFAwTgYIKwYBBQUH
MAuGQnJzeW5jOi8vcnBraS1ycHMuY25uaWMuY24vcmVwby9BMTA5NzA5OTQwMjkw
NTk3NjgzNS8xL0FTMTM0NzY2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MIHSBggrBgEFBQcBBwEB/wSBwjCBvzCBmwQCAAEwgZQwDAMEACrzkwMEACrzlAME
AjyhEDAMAwQAajjZAwQCajjYMAwDBANqPDgDBAVqPEADBAJwcfgDBAJ0NSQwDAME
AHQ33QMEAHQ33gMEArbwoAMEA7byOAMEBLbyUAMEA7bymAMEBLby0AMEArb1KAME
Arb3cAMEAdo/CAMEANyj/jAMAwQC3tzUAwQC3tzYAwQE3t1gMB8EAgACMBkDBgMk
DgASkAMGBiQOCUxAAwcAJA4JgxIAMA0GCSqGSIb3DQEBCwUAA4IBAQAk7k/LcRoQ
aCzdH/Xh+d7b7I3+zd4puPEOBm7zhrQKOqkhbAXBh5cn8LbSQ4oz0rqTwjDxqmi+
K4hFcqCTS+2a+Dy8TVxbWFifIMOMSi89xVCZHIZvG+mloto0QQaC0i49840bQqZ/
KERFI7g1k1K3Pszcl0I31JuG8/2SsS9nCnELH6yB/bQ4jJkxJCUm/eyxM9g8nhNE
1cPkv7nn9+qidpN86GB9pgakFC6QoGBXil+BX4Dj9n8omB1yNbBcBC8qQD5xZ6+P
jAYL+ZpTPu/eqfBCYM7cLMGv1AfCbAh+8KqwcczVsLCw1xjUOvaHOSbEVQ+dTm7h
IBHLB7s43XA8
-----END CERTIFICATE-----
Generated at Tue Jul 7 16:00:35 2026 by rpki-client