Route Origin Authorization
$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1097099402905976835/1/AS23650.roa
File: AS23650.roa (raw, json)
Hash identifier: AjpM0VlAHH867Ege0T2aVSEsDddEyUbI2eVD93uxCLk=
Subject key identifier: 16:0D:14:36:E7:B0:69:A6:FE:81:60:58:AB:3F:BB:99:97:7E:12:30
Certificate issuer: /CN=A914EAE40000/serialNumber=196F2188A356D1C42D39F6D165719B596B4CD91E
Certificate serial: 2EB24D022B61AAFA1F5106C87728566D6842BA15
Authority key identifier: 19:6F:21:88:A3:56:D1:C4:2D:39:F6:D1:65:71:9B:59:6B:4C:D9:1E
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GW8hiKNW0cQtOfbRZXGbWWtM2R4.cer
Subject info access: rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/AS23650.roa
Signing time: Thu 11 Jun 2026 16:14:49 +0000
ROA not before: Thu 11 Jun 2026 16:09:49 +0000
ROA not after: Thu 10 Jun 2027 16:14:49 +0000
asID: 23650
IP address blocks: 58.215.32.0/23 maxlen: 23
58.215.73.0/24 maxlen: 24
58.215.96.0/20 maxlen: 20
58.215.112.0/21 maxlen: 21
58.215.120.0/22 maxlen: 22
58.215.124.0/23 maxlen: 23
58.215.128.0/24 maxlen: 24
58.215.144.0/22 maxlen: 22
58.215.151.0/24 maxlen: 24
58.215.159.0/24 maxlen: 24
61.147.189.0/24 maxlen: 24
61.147.190.0/23 maxlen: 23
61.147.197.0/24 maxlen: 24
61.147.198.0/24 maxlen: 24
61.160.134.0/24 maxlen: 24
61.160.140.0/24 maxlen: 24
61.160.150.0/24 maxlen: 24
61.160.158.0/24 maxlen: 24
61.160.236.0/24 maxlen: 24
61.160.240.0/24 maxlen: 24
61.177.113.0/24 maxlen: 24
117.84.172.0/24 maxlen: 24
180.97.172.0/24 maxlen: 24
180.101.198.0/24 maxlen: 24
221.228.19.0/24 maxlen: 24
221.228.66.0/23 maxlen: 23
221.228.216.0/22 maxlen: 22
221.228.224.0/24 maxlen: 24
221.228.225.0/24 maxlen: 24
221.228.226.0/24 maxlen: 24
221.228.253.0/24 maxlen: 24
221.228.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/196F2188A356D1C42D39F6D165719B596B4CD91E.crl
rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/196F2188A356D1C42D39F6D165719B596B4CD91E.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GW8hiKNW0cQtOfbRZXGbWWtM2R4.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 12 Jun 2026 18:29:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2e:b2:4d:02:2b:61:aa:fa:1f:51:06:c8:77:28:56:6d:68:42:ba:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A914EAE40000, serialNumber=196F2188A356D1C42D39F6D165719B596B4CD91E
Validity
Not Before: Jun 11 16:09:49 2026 GMT
Not After : Jun 10 16:14:49 2027 GMT
Subject: CN=160D1436E7B069A6FE816058AB3FBB99977E1230
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:68:02:d6:50:35:33:ae:ab:88:12:22:dd:4c:
20:9b:87:31:e7:dc:7a:77:cc:30:c1:58:dd:2b:ca:
46:51:82:15:3c:e9:7b:e4:9f:71:7b:ad:61:3a:d7:
17:bc:44:ed:ba:33:3b:fd:04:20:0f:d2:b4:51:b0:
c2:df:53:9b:e8:38:a9:99:09:ea:7d:47:5c:5e:ac:
30:66:d2:4c:fd:72:5f:ad:38:83:5f:a4:a0:db:82:
50:9d:57:6c:4e:d4:3e:6d:f3:a3:c9:a6:ce:a9:98:
f1:31:98:66:85:d9:1b:61:e5:2d:5f:ee:d9:31:eb:
3e:04:62:6b:e7:41:c9:d6:00:3b:78:9b:fe:10:95:
d3:19:f3:8b:61:cb:67:be:fa:95:96:75:dd:08:3b:
4e:0c:9c:f0:e6:92:5a:44:0b:1c:55:20:07:26:96:
10:4d:73:00:19:23:04:65:8f:7e:02:98:6d:26:bd:
1f:4d:aa:5a:75:20:6d:2a:40:b9:04:e6:14:c0:c5:
83:c2:62:fc:65:14:ed:20:8a:bb:b6:ad:9d:e8:f2:
45:3d:75:fa:a0:44:0a:f6:dc:7c:ae:76:fa:16:64:
95:f8:91:f0:ee:12:dd:dc:1c:47:bb:c8:15:59:e6:
69:2b:41:2c:cd:a3:cb:ce:6b:45:25:72:f4:51:41:
a8:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:0D:14:36:E7:B0:69:A6:FE:81:60:58:AB:3F:BB:99:97:7E:12:30
X509v3 Authority Key Identifier:
keyid:19:6F:21:88:A3:56:D1:C4:2D:39:F6:D1:65:71:9B:59:6B:4C:D9:1E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/196F2188A356D1C42D39F6D165719B596B4CD91E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GW8hiKNW0cQtOfbRZXGbWWtM2R4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rps.cnnic.cn/repo/A1097099402905976835/1/AS23650.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
58.215.32.0/23
58.215.73.0/24
58.215.96.0-58.215.125.255
58.215.128.0/24
58.215.144.0/22
58.215.151.0/24
58.215.159.0/24
61.147.189.0-61.147.191.255
61.147.197.0-61.147.198.255
61.160.134.0/24
61.160.140.0/24
61.160.150.0/24
61.160.158.0/24
61.160.236.0/24
61.160.240.0/24
61.177.113.0/24
117.84.172.0/24
180.97.172.0/24
180.101.198.0/24
221.228.19.0/24
221.228.66.0/23
221.228.216.0/22
221.228.224.0-221.228.226.255
221.228.253.0-221.228.254.255
Signature Algorithm: sha256WithRSAEncryption
52:a4:37:31:e7:9b:d7:6e:61:78:ff:93:77:50:41:87:29:17:
76:82:0f:08:0b:b2:39:60:ac:84:19:8f:b9:d3:b2:8c:a6:77:
41:dc:bd:52:8a:29:dd:82:ed:08:d3:10:6d:ac:8b:c4:14:f3:
20:7e:3a:83:6b:31:ac:25:03:57:f2:2e:3d:61:bb:6d:78:a9:
89:a9:f5:ae:ad:cc:e2:bd:b5:ea:ee:56:83:9f:11:09:f4:b2:
fb:ed:51:7d:09:04:25:f5:3d:df:f3:36:83:59:a0:67:3e:d3:
35:30:91:63:6f:8d:77:8a:ef:a3:2f:6c:72:80:e1:85:05:97:
e6:d7:d3:34:ec:ca:78:ab:23:a1:f2:75:e8:cd:7c:fe:23:40:
d3:08:a0:b4:d7:0c:a7:df:f0:f0:3e:0e:51:3a:e1:05:bd:1f:
74:00:5b:f0:c2:e2:6e:8b:ea:55:82:79:74:17:a9:6e:c6:80:
5e:0a:45:8f:df:25:30:3b:ca:2a:97:38:04:56:77:da:87:4b:
44:23:d8:0b:1f:62:3b:fc:76:4f:8a:fd:fc:cf:e5:57:91:76:
e3:6f:8c:27:69:fa:5c:7b:21:21:7b:bf:77:e4:96:09:4c:cb:
1f:27:ce:af:2a:5f:27:bc:25:8e:ad:8a:77:b5:b7:4e:fd:79:
35:60:f1:c1
-----BEGIN CERTIFICATE-----
MIIFpzCCBI+gAwIBAgIULrJNAithqvofUQbIdyhWbWhCuhUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNEVBRTQwMDAwMTEwLwYDVQQFEygxOTZGMjE4OEEz
NTZEMUM0MkQzOUY2RDE2NTcxOUI1OTZCNENEOTFFMB4XDTI2MDYxMTE2MDk0OVoX
DTI3MDYxMDE2MTQ0OVowMzExMC8GA1UEAxMoMTYwRDE0MzZFN0IwNjlBNkZFODE2
MDU4QUIzRkJCOTk5NzdFMTIzMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKJoAtZQNTOuq4gSIt1MIJuHMefcenfMMMFY3SvKRlGCFTzpe+SfcXutYTrX
F7xE7bozO/0EIA/StFGwwt9Tm+g4qZkJ6n1HXF6sMGbSTP1yX604g1+koNuCUJ1X
bE7UPm3zo8mmzqmY8TGYZoXZG2HlLV/u2THrPgRia+dBydYAO3ib/hCV0xnzi2HL
Z776lZZ13Qg7Tgyc8OaSWkQLHFUgByaWEE1zABkjBGWPfgKYbSa9H02qWnUgbSpA
uQTmFMDFg8Ji/GUU7SCKu7atnejyRT11+qBECvbcfK52+hZklfiR8O4S3dwcR7vI
FVnmaStBLM2jy85rRSVy9FFBqJ0CAwEAAaOCApowggKWMB0GA1UdDgQWBBQWDRQ2
57Bppv6BYFirP7uZl34SMDAfBgNVHSMEGDAWgBQZbyGIo1bRxC059tFlcZtZa0zZ
HjAOBgNVHQ8BAf8EBAMCB4AwcwYDVR0fBGwwajBooGagZIZicnN5bmM6Ly9ycGtp
LXJwcy5jbm5pYy5jbi9yZXBvL0ExMDk3MDk5NDAyOTA1OTc2ODM1LzEvMTk2RjIx
ODhBMzU2RDFDNDJEMzlGNkQxNjU3MTlCNTk2QjRDRDkxRS5jcmwwfgYIKwYBBQUH
AQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9z
aXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvR1c4aGlLTlcw
Y1F0T2ZiUlpYR2JXV3RNMlI0LmNlcjBdBggrBgEFBQcBCwRRME8wTQYIKwYBBQUH
MAuGQXJzeW5jOi8vcnBraS1ycHMuY25uaWMuY24vcmVwby9BMTA5NzA5OTQwMjkw
NTk3NjgzNS8xL0FTMjM2NTAucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
gdUGCCsGAQUFBwEHAQH/BIHFMIHCMIG/BAIAATCBuAMEATrXIAMEADrXSTAMAwQF
OtdgAwQBOtd8AwQAOteAAwQCOteQAwQAOteXAwQAOtefMAwDBAA9k70DBAY9k4Aw
DAMEAD2TxQMEAD2TxgMEAD2ghgMEAD2gjAMEAD2glgMEAD2gngMEAD2g7AMEAD2g
8AMEAD2xcQMEAHVUrAMEALRhrAMEALRlxgMEAN3kEwMEAd3kQgMEAt3k2DAMAwQF
3eTgAwQA3eTiMAwDBADd5P0DBADd5P4wDQYJKoZIhvcNAQELBQADggEBAFKkNzHn
m9duYXj/k3dQQYcpF3aCDwgLsjlgrIQZj7nTsoymd0HcvVKKKd2C7QjTEG2si8QU
8yB+OoNrMawlA1fyLj1hu214qYmp9a6tzOK9teruVoOfEQn0svvtUX0JBCX1Pd/z
NoNZoGc+0zUwkWNvjXeK76MvbHKA4YUFl+bX0zTsynirI6HydejNfP4jQNMIoLTX
DKff8PA+DlE64QW9H3QAW/DC4m6L6lWCeXQXqW7GgF4KRY/fJTA7yiqXOARWd9qH
S0Qj2AsfYjv8dk+K/fzP5VeRduNvjCdp+lx7ISF7v3fklglMyx8nzq8qXye8JY6t
ine1t079eTVg8cE=
-----END CERTIFICATE-----
Generated at Fri Jun 12 02:23:43 2026 by rpki-client