Route Origin Authorization

$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1097099402905976835/1/AS17799.roa
File:                     AS17799.roa (raw, json)
Hash identifier:          7ONFT11nl6EVPk0VDl1QPqgi/gNYxrRz6JXCihPUICo=
Subject key identifier:   FD:21:2F:57:F2:3C:22:F8:F8:22:5E:74:8B:95:22:A2:C1:27:A7:F3
Certificate issuer:       /CN=A914EAE40000/serialNumber=196F2188A356D1C42D39F6D165719B596B4CD91E
Certificate serial:       34B6FEDA3A37414F6E90CDB8F27016E7B4913F70
Authority key identifier: 19:6F:21:88:A3:56:D1:C4:2D:39:F6:D1:65:71:9B:59:6B:4C:D9:1E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GW8hiKNW0cQtOfbRZXGbWWtM2R4.cer
Subject info access:      rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/AS17799.roa
Signing time:             Wed 17 Jun 2026 16:10:43 +0000
ROA not before:           Wed 17 Jun 2026 16:05:43 +0000
ROA not after:            Wed 16 Jun 2027 16:10:43 +0000
asID:                     17799
IP address blocks:        42.248.152.0/21 maxlen: 21
                          42.249.128.0/19 maxlen: 19
                          115.168.37.0/24 maxlen: 24
                          115.168.69.0/24 maxlen: 24
                          123.177.0.0/22 maxlen: 22
                          123.177.128.0/18 maxlen: 18
                          123.177.192.0/18 maxlen: 18
                          123.246.255.0/24 maxlen: 24
                          123.247.128.0/17 maxlen: 17
                          182.201.201.0/24 maxlen: 24
                          182.205.0.0/16 maxlen: 16
                          182.205.0.0/18 maxlen: 18
                          182.205.128.0/17 maxlen: 17
                          182.206.0.0/16 maxlen: 16
                          182.206.0.0/17 maxlen: 17
                          218.30.170.0/24 maxlen: 24
                          219.148.194.0/23 maxlen: 23
                          219.148.196.0/22 maxlen: 22
                          219.148.200.0/22 maxlen: 22
                          219.148.202.0/24 maxlen: 24
                          219.148.203.0/24 maxlen: 24
                          219.148.204.0/23 maxlen: 23
                          219.148.205.0/24 maxlen: 24
                          219.148.206.0/24 maxlen: 24
                          219.148.207.0/24 maxlen: 24
                          219.148.209.0/24 maxlen: 24
                          219.148.210.0/24 maxlen: 24
                          240e:1:f800::/37 maxlen: 37
                          240e:41:c000::/37 maxlen: 37
                          240e:86:8000::/36 maxlen: 36
                          240e:981:2600::/40 maxlen: 40
                          240e:983:203::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/196F2188A356D1C42D39F6D165719B596B4CD91E.crl
                          rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/196F2188A356D1C42D39F6D165719B596B4CD91E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GW8hiKNW0cQtOfbRZXGbWWtM2R4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 08 Jul 2026 04:56:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:b6:fe:da:3a:37:41:4f:6e:90:cd:b8:f2:70:16:e7:b4:91:3f:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914EAE40000, serialNumber=196F2188A356D1C42D39F6D165719B596B4CD91E
        Validity
            Not Before: Jun 17 16:05:43 2026 GMT
            Not After : Jun 16 16:10:43 2027 GMT
        Subject: CN=FD212F57F23C22F8F8225E748B9522A2C127A7F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ef:27:09:6a:83:8a:06:39:de:73:59:f9:9e:
                    2c:c7:5e:07:f0:76:10:dc:6e:d6:57:6c:f7:74:0f:
                    46:8b:69:f8:e8:04:f0:c1:c7:5a:87:3f:ea:39:a9:
                    65:c7:cd:e5:06:6b:9d:9e:c0:00:59:bf:e1:c7:cf:
                    fb:7c:9a:da:81:55:06:5f:06:0c:41:19:47:51:3f:
                    f2:63:3b:38:35:a4:d9:07:df:55:ba:7f:0f:4c:04:
                    40:46:1f:b3:e8:7f:28:78:61:6f:47:97:78:95:9a:
                    a8:c6:51:4d:5f:da:fa:4f:4b:3d:ed:3a:f6:fc:d5:
                    19:52:11:9d:db:2e:0c:1f:a9:39:bd:a9:2a:99:b4:
                    16:4e:86:12:b1:92:29:9f:22:e7:36:70:1f:82:c0:
                    49:5b:ba:a0:68:85:62:91:f3:c3:77:ab:a3:93:58:
                    7e:8b:c6:fb:ca:f0:62:6f:51:70:78:89:51:f4:e9:
                    af:aa:43:08:cf:fc:ab:3f:74:d0:16:98:96:47:b2:
                    2a:71:f4:68:1d:1c:0c:9d:ea:8d:50:ef:0c:83:e0:
                    77:e9:98:ed:54:18:90:c8:92:27:1a:9c:cf:18:de:
                    83:c4:69:2b:88:3f:b3:a7:2e:6c:c0:50:ac:1f:81:
                    9f:66:ba:d6:7b:07:bd:cc:ce:63:03:57:26:01:93:
                    39:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:21:2F:57:F2:3C:22:F8:F8:22:5E:74:8B:95:22:A2:C1:27:A7:F3
            X509v3 Authority Key Identifier:
                keyid:19:6F:21:88:A3:56:D1:C4:2D:39:F6:D1:65:71:9B:59:6B:4C:D9:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/196F2188A356D1C42D39F6D165719B596B4CD91E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GW8hiKNW0cQtOfbRZXGbWWtM2R4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/AS17799.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  42.248.152.0/21
                  42.249.128.0/19
                  115.168.37.0/24
                  115.168.69.0/24
                  123.177.0.0/22
                  123.177.128.0/17
                  123.246.255.0/24
                  123.247.128.0/17
                  182.201.201.0/24
                  182.205.0.0-182.206.255.255
                  218.30.170.0/24
                  219.148.194.0-219.148.207.255
                  219.148.209.0-219.148.210.255
                IPv6:
                  240e:1:f800::/37
                  240e:41:c000::/37
                  240e:86:8000::/36
                  240e:981:2600::/40
                  240e:983:203::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:da:f5:bf:a5:eb:59:c5:d7:63:87:0d:c3:b1:71:e9:6a:3e:
         ea:a0:b9:58:86:8d:dd:73:5b:fc:a2:3b:01:11:6c:2f:a8:83:
         fe:d0:fd:61:bb:1e:58:09:f1:46:c5:ee:19:37:56:a6:0b:11:
         f6:ff:23:2b:12:d0:20:bd:c4:bb:b7:99:6a:ac:e7:da:a3:10:
         55:63:8d:79:9b:75:ef:2a:bc:27:ab:52:15:f1:73:08:ad:ea:
         2e:ae:8c:f7:a5:8f:67:be:08:13:16:0a:30:8f:13:e6:0d:0f:
         62:b4:0b:69:4b:13:aa:9e:b5:dd:cb:fc:8c:0a:6f:e5:6f:04:
         65:dc:0d:b1:70:97:4b:e0:e4:e8:5a:f2:90:79:18:02:8c:6a:
         53:e3:bd:1e:21:46:ae:02:06:87:9d:42:0f:2c:36:39:fc:5d:
         df:cc:8e:9f:0f:f6:60:de:54:6c:51:51:e4:8d:70:e6:b2:72:
         1e:9e:62:33:96:e5:cb:02:7f:b6:c6:54:9a:97:ea:f7:8f:74:
         fd:5e:2b:2d:17:6f:f3:43:80:10:19:36:2c:4f:00:40:ef:d0:
         53:bb:65:41:1d:93:ac:1c:e2:1e:f0:96:10:0c:d4:44:69:57:
         97:62:1d:94:20:fe:cc:d6:14:c1:b9:47:dc:f1:bf:a2:88:40:
         6a:ab:fd:f0
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIUNLb+2jo3QU9ukM248nAW57SRP3AwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNEVBRTQwMDAwMTEwLwYDVQQFEygxOTZGMjE4OEEz
NTZEMUM0MkQzOUY2RDE2NTcxOUI1OTZCNENEOTFFMB4XDTI2MDYxNzE2MDU0M1oX
DTI3MDYxNjE2MTA0M1owMzExMC8GA1UEAxMoRkQyMTJGNTdGMjNDMjJGOEY4MjI1
RTc0OEI5NTIyQTJDMTI3QTdGMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKbvJwlqg4oGOd5zWfmeLMdeB/B2ENxu1lds93QPRotp+OgE8MHHWoc/6jmp
ZcfN5QZrnZ7AAFm/4cfP+3ya2oFVBl8GDEEZR1E/8mM7ODWk2QffVbp/D0wEQEYf
s+h/KHhhb0eXeJWaqMZRTV/a+k9LPe069vzVGVIRndsuDB+pOb2pKpm0Fk6GErGS
KZ8i5zZwH4LASVu6oGiFYpHzw3ero5NYfovG+8rwYm9RcHiJUfTpr6pDCM/8qz90
0BaYlkeyKnH0aB0cDJ3qjVDvDIPgd+mY7VQYkMiSJxqczxjeg8RpK4g/s6cubMBQ
rB+Bn2a61nsHvczOYwNXJgGTObcCAwEAAaOCAnUwggJxMB0GA1UdDgQWBBT9IS9X
8jwi+PgiXnSLlSKiwSen8zAfBgNVHSMEGDAWgBQZbyGIo1bRxC059tFlcZtZa0zZ
HjAOBgNVHQ8BAf8EBAMCB4AwcwYDVR0fBGwwajBooGagZIZicnN5bmM6Ly9ycGtp
LXJwcy5jbm5pYy5jbi9yZXBvL0ExMDk3MDk5NDAyOTA1OTc2ODM1LzEvMTk2RjIx
ODhBMzU2RDFDNDJEMzlGNkQxNjU3MTlCNTk2QjRDRDkxRS5jcmwwfgYIKwYBBQUH
AQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9z
aXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvR1c4aGlLTlcw
Y1F0T2ZiUlpYR2JXV3RNMlI0LmNlcjBdBggrBgEFBQcBCwRRME8wTQYIKwYBBQUH
MAuGQXJzeW5jOi8vcnBraS1ycHMuY25uaWMuY24vcmVwby9BMTA5NzA5OTQwMjkw
NTk3NjgzNS8xL0FTMTc3OTkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
gbAGCCsGAQUFBwEHAQH/BIGgMIGdMGoEAgABMGQDBAMq+JgDBAUq+YADBABzqCUD
BABzqEUDBAJ7sQADBAd7sYADBAB79v8DBAd794ADBAC2yckwCgMDALbNAwMAts4D
BADaHqowDAMEAduUwgMEBNuUwDAMAwQA25TRAwQA25TSMC8EAgACMCkDBgMkDgAB
+AMGAyQOAEHAAwYEJA4AhoADBgAkDgmBJgMHACQOCYMCAzANBgkqhkiG9w0BAQsF
AAOCAQEAPNr1v6XrWcXXY4cNw7Fx6Wo+6qC5WIaN3XNb/KI7ARFsL6iD/tD9Ybse
WAnxRsXuGTdWpgsR9v8jKxLQIL3Eu7eZaqzn2qMQVWONeZt17yq8J6tSFfFzCK3q
Lq6M96WPZ74IExYKMI8T5g0PYrQLaUsTqp613cv8jApv5W8EZdwNsXCXS+Dk6Fry
kHkYAoxqU+O9HiFGrgIGh51CDyw2Ofxd38yOnw/2YN5UbFFR5I1w5rJyHp5iM5bl
ywJ/tsZUmpfq9490/V4rLRdv80OAEBk2LE8AQO/QU7tlQR2TrBziHvCWEAzURGlX
l2IdlCD+zNYUwblH3PG/oohAaqv98A==
-----END CERTIFICATE-----
Generated at Tue Jul 7 16:00:17 2026 by rpki-client