$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1097099402905976835/1/AS138570.roa File: AS138570.roa (raw, json) Hash identifier: nrdkVOwSyeGAK0nJjdCDQvXzQwknew2qpaCfdt3Z8ds= Subject key identifier: 00:73:45:FA:BB:C4:79:70:19:7E:17:FC:72:89:EC:AA:03:E6:A5:7B Certificate issuer: /CN=A914EAE40000/serialNumber=196F2188A356D1C42D39F6D165719B596B4CD91E Certificate serial: 3AFAD4FCCB62055223AAAACBD0C7B5E56515CE4A Authority key identifier: 19:6F:21:88:A3:56:D1:C4:2D:39:F6:D1:65:71:9B:59:6B:4C:D9:1E Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GW8hiKNW0cQtOfbRZXGbWWtM2R4.cer Subject info access: rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/AS138570.roa Signing time: Thu 21 May 2026 16:03:15 +0000 ROA not before: Thu 21 May 2026 15:58:15 +0000 ROA not after: Thu 20 May 2027 16:03:15 +0000 asID: 138570 IP address blocks: 117.66.24.0/21 maxlen: 21 Validation: OK Signature path: rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/196F2188A356D1C42D39F6D165719B596B4CD91E.crl rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/196F2188A356D1C42D39F6D165719B596B4CD91E.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GW8hiKNW0cQtOfbRZXGbWWtM2R4.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Sun 24 May 2026 06:28:32 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 3a:fa:d4:fc:cb:62:05:52:23:aa:aa:cb:d0:c7:b5:e5:65:15:ce:4a Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A914EAE40000, serialNumber=196F2188A356D1C42D39F6D165719B596B4CD91E Validity Not Before: May 21 15:58:15 2026 GMT Not After : May 20 16:03:15 2027 GMT Subject: CN=007345FABBC47970197E17FC7289ECAA03E6A57B Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:be:fe:67:24:10:04:ff:a8:b7:a8:8a:3d:c9:39: a5:70:30:24:ec:75:0b:f5:e0:9d:78:2c:0d:2b:3e: d6:e1:19:ae:a6:73:75:60:93:d9:96:c5:da:2a:c4: a4:48:83:bf:d5:48:d2:e9:f0:b8:be:24:a1:a5:f4: 25:17:44:51:73:ae:98:53:df:bf:e9:64:30:99:98: e2:05:5f:5a:ad:aa:59:8c:cb:a7:e3:7a:b2:55:a1: 02:20:9f:a8:58:36:4e:fb:6c:43:5d:b2:c5:95:51: 7a:61:2d:5e:67:b6:9c:54:5c:93:27:07:6b:bb:29: 02:35:7c:22:dc:6c:1e:45:3b:a2:10:4b:d9:09:20: 08:bd:77:e6:d5:87:4a:67:8a:e6:d7:70:6f:0a:8b: 3a:7b:dc:7e:e6:e7:c0:d9:38:cb:51:cc:41:03:b2: 9f:b9:78:38:56:b6:c0:2e:3c:5c:99:ea:d6:24:f7: f2:42:8c:2d:01:17:f6:43:16:c4:e2:60:35:d9:bb: f0:2c:d6:64:4e:0c:6b:9d:5e:c5:1c:cf:7c:c1:9d: f6:d7:82:5e:fe:73:03:6f:b8:3f:d7:72:55:b6:00: f0:03:6c:c1:a2:63:73:cb:00:b7:95:c4:71:07:d5: c9:9f:0d:df:f9:41:79:f5:38:c6:14:5e:1e:34:94: b5:03 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 00:73:45:FA:BB:C4:79:70:19:7E:17:FC:72:89:EC:AA:03:E6:A5:7B X509v3 Authority Key Identifier: keyid:19:6F:21:88:A3:56:D1:C4:2D:39:F6:D1:65:71:9B:59:6B:4C:D9:1E X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/196F2188A356D1C42D39F6D165719B596B4CD91E.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GW8hiKNW0cQtOfbRZXGbWWtM2R4.cer Subject Information Access: Signed Object - URI:rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/AS138570.roa X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 117.66.24.0/21 Signature Algorithm: sha256WithRSAEncryption 6d:a2:7b:3d:ca:4b:c4:c2:22:3b:cc:9d:f3:22:06:08:0a:e1: a6:17:75:08:ed:05:8a:c2:22:ec:a6:b3:c7:2b:21:4f:f1:70: 02:cf:50:90:32:03:a2:ff:f0:30:84:6f:ab:e7:f8:5a:6a:df: 3b:de:00:d9:78:77:2d:e6:97:25:5a:50:13:f5:9b:55:1b:72: d3:1e:88:cf:f6:bb:98:fd:e6:80:e2:c7:93:48:4b:03:a5:8f: a0:18:fe:20:e1:50:0c:9c:81:81:39:42:4f:af:7a:0c:b3:19: 77:9a:a3:7a:8f:d8:67:d2:01:a8:20:19:a6:31:16:23:b4:9c: f0:b9:63:7b:50:38:52:93:fa:05:d6:51:35:45:fb:f5:e1:ce: 56:b4:1f:c2:eb:df:14:dd:9f:37:1e:3b:eb:82:d3:2f:e0:9f: 08:df:b7:42:36:2d:7d:d5:d5:fe:66:e4:1b:56:1e:b0:e7:c5: 63:a8:06:b1:dc:2a:25:e0:54:7a:e3:fb:73:be:7b:96:45:9f: 06:e3:e8:ea:6e:bb:78:36:e2:4a:23:07:1d:f5:27:ea:90:d3: ef:fc:d1:9e:e5:94:83:dd:6a:00:77:ad:47:d2:96:2a:44:b8: 03:8e:c0:f9:54:79:bc:c9:d3:3a:d1:5b:93:25:97:90:e9:d9: 46:b7:48:a8 -----BEGIN CERTIFICATE----- MIIE8TCCA9mgAwIBAgIUOvrU/MtiBVIjqqrL0Me15WUVzkowDQYJKoZIhvcNAQEL BQAwSjEVMBMGA1UEAxMMQTkxNEVBRTQwMDAwMTEwLwYDVQQFEygxOTZGMjE4OEEz NTZEMUM0MkQzOUY2RDE2NTcxOUI1OTZCNENEOTFFMB4XDTI2MDUyMTE1NTgxNVoX DTI3MDUyMDE2MDMxNVowMzExMC8GA1UEAxMoMDA3MzQ1RkFCQkM0Nzk3MDE5N0Ux N0ZDNzI4OUVDQUEwM0U2QTU3QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAL7+ZyQQBP+ot6iKPck5pXAwJOx1C/XgnXgsDSs+1uEZrqZzdWCT2ZbF2irE pEiDv9VI0unwuL4koaX0JRdEUXOumFPfv+lkMJmY4gVfWq2qWYzLp+N6slWhAiCf qFg2TvtsQ12yxZVRemEtXme2nFRckycHa7spAjV8ItxsHkU7ohBL2QkgCL135tWH SmeK5tdwbwqLOnvcfubnwNk4y1HMQQOyn7l4OFa2wC48XJnq1iT38kKMLQEX9kMW xOJgNdm78CzWZE4Ma51exRzPfMGd9teCXv5zA2+4P9dyVbYA8ANswaJjc8sAt5XE cQfVyZ8N3/lBefU4xhReHjSUtQMCAwEAAaOCAeQwggHgMB0GA1UdDgQWBBQAc0X6 u8R5cBl+F/xyieyqA+alezAfBgNVHSMEGDAWgBQZbyGIo1bRxC059tFlcZtZa0zZ HjAOBgNVHQ8BAf8EBAMCB4AwcwYDVR0fBGwwajBooGagZIZicnN5bmM6Ly9ycGtp LXJwcy5jbm5pYy5jbi9yZXBvL0ExMDk3MDk5NDAyOTA1OTc2ODM1LzEvMTk2RjIx ODhBMzU2RDFDNDJEMzlGNkQxNjU3MTlCNTk2QjRDRDkxRS5jcmwwfgYIKwYBBQUH AQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9z aXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvR1c4aGlLTlcw Y1F0T2ZiUlpYR2JXV3RNMlI0LmNlcjBeBggrBgEFBQcBCwRSMFAwTgYIKwYBBQUH MAuGQnJzeW5jOi8vcnBraS1ycHMuY25uaWMuY24vcmVwby9BMTA5NzA5OTQwMjkw NTk3NjgzNS8xL0FTMTM4NTcwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDdUIYMA0GCSqGSIb3DQEBCwUA A4IBAQBtons9ykvEwiI7zJ3zIgYICuGmF3UI7QWKwiLsprPHKyFP8XACz1CQMgOi //AwhG+r5/haat873gDZeHct5pclWlAT9ZtVG3LTHojP9ruY/eaA4seTSEsDpY+g GP4g4VAMnIGBOUJPr3oMsxl3mqN6j9hn0gGoIBmmMRYjtJzwuWN7UDhSk/oF1lE1 Rfv14c5WtB/C698U3Z83HjvrgtMv4J8I37dCNi191dX+ZuQbVh6w58VjqAax3Col 4FR64/tzvnuWRZ8G4+jqbrt4NuJKIwcd9SfqkNPv/NGe5ZSD3WoAd61H0pYqRLgD jsD5VHm8ydM60VuTJZeQ6dlGt0io -----END CERTIFICATE-----Generated at Sat May 23 07:08:19 2026 by rpki-client