$ rpki-client -vvf rpki-rps.cnnic.cn/repo/A1100955007496224770/0/AS17621.roa File: AS17621.roa (raw, json) Hash identifier: +S9yzE5SedN/6PzzHzifcAOrOx50eSUBrR2s+1+IdDQ= Subject key identifier: 1D:59:90:1D:2B:7C:DC:7F:EF:42:3C:26:B0:56:42:E3:C6:DB:26:67 Certificate issuer: /CN=78A1695C768D09B6CA7E1978308E54BE84FEBAAE Certificate serial: 737FAD512F54E486B66D38F58077542D3B0394CE Authority key identifier: 78:A1:69:5C:76:8D:09:B6:CA:7E:19:78:30:8E:54:BE:84:FE:BA:AE Authority info access: rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/78A1695C768D09B6CA7E1978308E54BE84FEBAAE.cer Subject info access: rsync://rpki-rps.cnnic.cn/repo/A1100955007496224770/0/AS17621.roa Signing time: Tue 09 Jun 2026 08:23:18 +0000 ROA not before: Tue 09 Jun 2026 08:18:18 +0000 ROA not after: Tue 08 Jun 2027 08:23:18 +0000 asID: 17621 IP address blocks: 211.95.33.0/24 maxlen: 24 211.95.34.0/24 maxlen: 24 211.95.35.0/24 maxlen: 24 211.95.36.0/24 maxlen: 24 211.95.37.0/24 maxlen: 24 211.95.38.0/24 maxlen: 24 211.95.48.0/24 maxlen: 24 211.95.49.0/24 maxlen: 24 211.95.51.0/24 maxlen: 24 211.95.52.0/24 maxlen: 24 211.95.53.0/24 maxlen: 24 211.95.60.0/23 maxlen: 23 211.95.70.0/24 maxlen: 24 211.95.71.0/24 maxlen: 24 211.95.72.0/24 maxlen: 24 211.95.77.0/24 maxlen: 24 220.196.2.0/23 maxlen: 23 220.196.22.0/24 maxlen: 24 220.196.48.0/24 maxlen: 24 220.196.51.0/24 maxlen: 24 220.196.58.0/23 maxlen: 23 220.196.224.0/21 maxlen: 21 220.196.232.0/22 maxlen: 22 220.196.235.0/24 maxlen: 24 220.196.236.0/24 maxlen: 24 220.196.237.0/24 maxlen: 24 220.196.238.0/24 maxlen: 24 220.196.239.0/24 maxlen: 24 Validation: OK Signature path: rsync://rpki-rps.cnnic.cn/repo/A1100955007496224770/0/78A1695C768D09B6CA7E1978308E54BE84FEBAAE.crl rsync://rpki-rps.cnnic.cn/repo/A1100955007496224770/0/78A1695C768D09B6CA7E1978308E54BE84FEBAAE.mft rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/78A1695C768D09B6CA7E1978308E54BE84FEBAAE.cer rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.crl rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/A56E872A403E7B9CEB9431A08F540401D2FBD710.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pW6HKkA-e5zrlDGgj1QEAdL71xA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Fri 12 Jun 2026 14:51:48 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 73:7f:ad:51:2f:54:e4:86:b6:6d:38:f5:80:77:54:2d:3b:03:94:ce Signature Algorithm: sha256WithRSAEncryption Issuer: CN=78A1695C768D09B6CA7E1978308E54BE84FEBAAE Validity Not Before: Jun 9 08:18:18 2026 GMT Not After : Jun 8 08:23:18 2027 GMT Subject: CN=1D59901D2B7CDC7FEF423C26B05642E3C6DB2667 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ad:fc:8f:e8:df:af:74:b9:41:b5:0c:f5:5f:99: dc:55:d5:91:36:4f:48:48:c8:fc:4b:75:3b:e1:da: 03:8f:a3:6a:fa:8f:0f:81:3f:01:14:f2:49:7a:9c: e1:ad:8d:5a:e2:0d:e2:cc:56:43:dc:c2:d1:21:7a: db:d5:ab:87:a9:70:1c:06:94:6b:eb:c0:44:4d:91: 6a:38:a6:86:15:f4:b7:c7:4f:66:13:fd:87:29:35: dc:78:e1:d6:ac:11:e1:4b:d0:b8:93:ea:e4:cd:ee: 1e:0c:d4:a7:e1:69:a6:8d:99:7a:7a:3f:e6:71:f6: 40:b0:53:b6:d9:18:81:11:a8:58:a6:4e:22:cc:6c: 6a:d5:17:0a:79:71:50:a8:a5:30:50:ae:2b:83:ee: c3:fb:62:4b:6a:8a:4b:14:aa:94:6e:a0:ce:41:05: b9:aa:28:37:8e:25:f7:4e:2e:3e:df:46:b3:0a:f9: ac:54:67:c8:f7:17:d4:03:65:ea:de:e8:14:01:02: 87:83:4e:95:ee:d5:15:16:66:25:32:f5:fb:69:64: 1a:6d:8c:b8:b4:6b:cd:08:4b:75:a4:11:73:e6:4d: 61:ab:da:f6:5b:cf:64:8e:19:08:2f:fb:79:09:78: cd:bb:72:fa:0f:d3:d2:26:10:c5:5b:77:6b:b8:79: 27:f5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 1D:59:90:1D:2B:7C:DC:7F:EF:42:3C:26:B0:56:42:E3:C6:DB:26:67 X509v3 Authority Key Identifier: keyid:78:A1:69:5C:76:8D:09:B6:CA:7E:19:78:30:8E:54:BE:84:FE:BA:AE X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rps.cnnic.cn/repo/A1100955007496224770/0/78A1695C768D09B6CA7E1978308E54BE84FEBAAE.crl Authority Information Access: CA Issuers - URI:rsync://rpki-rps.cnnic.cn/repo/A1055390775090675715/1/78A1695C768D09B6CA7E1978308E54BE84FEBAAE.cer Subject Information Access: Signed Object - URI:rsync://rpki-rps.cnnic.cn/repo/A1100955007496224770/0/AS17621.roa X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 211.95.33.0-211.95.38.255 211.95.48.0/23 211.95.51.0-211.95.53.255 211.95.60.0/23 211.95.70.0-211.95.72.255 211.95.77.0/24 220.196.2.0/23 220.196.22.0/24 220.196.48.0/24 220.196.51.0/24 220.196.58.0/23 220.196.224.0/20 Signature Algorithm: sha256WithRSAEncryption b4:c6:27:ff:70:36:26:4e:6f:cb:6c:76:cf:d1:35:d7:56:68: 0d:40:7b:ca:86:00:65:6b:33:c7:fc:b2:71:78:f7:72:81:65: 80:50:db:a6:24:50:f2:8e:a1:d6:e0:0d:3e:97:7c:13:22:a0: e2:eb:ce:55:0c:41:67:ca:45:18:19:2f:09:39:cf:5d:a3:83: 20:a6:57:63:18:c6:40:9a:e0:2d:99:e1:08:a4:c9:34:43:f6: 51:94:25:8f:8a:89:4b:56:61:bd:d2:c3:bf:48:68:7b:c9:8c: 49:26:c5:f8:44:e0:a2:9e:df:a8:80:8d:3d:04:94:3a:e1:66: ea:a9:49:38:1c:59:4b:54:d1:e6:45:e6:09:f6:64:6d:6c:5d: 79:89:a5:06:dd:c9:48:fe:2b:58:f3:92:b0:f1:10:9c:84:eb: 4b:47:d5:ff:68:92:62:4f:7b:a5:3f:ab:24:28:3a:ce:c6:76: 41:59:e3:82:c1:f2:3a:94:68:3b:4a:20:8d:a2:12:29:d5:c9: 45:ee:78:0a:b6:7d:da:6e:74:a3:4d:d3:47:35:8e:03:fd:5e: 6a:05:67:88:cd:a1:2c:7d:27:81:b4:5a:b5:68:54:5b:7c:f1: aa:02:85:f9:e3:42:65:0a:c0:75:6e:63:b1:f4:e9:4e:41:79: 3c:fa:3b:d3 -----BEGIN CERTIFICATE----- MIIFMzCCBBugAwIBAgIUc3+tUS9U5Ia2bTj1gHdULTsDlM4wDQYJKoZIhvcNAQEL BQAwMzExMC8GA1UEAxMoNzhBMTY5NUM3NjhEMDlCNkNBN0UxOTc4MzA4RTU0QkU4 NEZFQkFBRTAeFw0yNjA2MDkwODE4MThaFw0yNzA2MDgwODIzMThaMDMxMTAvBgNV BAMTKDFENTk5MDFEMkI3Q0RDN0ZFRjQyM0MyNkIwNTY0MkUzQzZEQjI2NjcwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt/I/o3690uUG1DPVfmdxV1ZE2 T0hIyPxLdTvh2gOPo2r6jw+BPwEU8kl6nOGtjVriDeLMVkPcwtEhetvVq4epcBwG lGvrwERNkWo4poYV9LfHT2YT/YcpNdx44dasEeFL0LiT6uTN7h4M1KfhaaaNmXp6 P+Zx9kCwU7bZGIERqFimTiLMbGrVFwp5cVCopTBQriuD7sP7YktqiksUqpRuoM5B BbmqKDeOJfdOLj7fRrMK+axUZ8j3F9QDZere6BQBAoeDTpXu1RUWZiUy9ftpZBpt jLi0a80IS3WkEXPmTWGr2vZbz2SOGQgv+3kJeM27cvoP09ImEMVbd2u4eSf1AgMB AAGjggI9MIICOTAdBgNVHQ4EFgQUHVmQHSt83H/vQjwmsFZC48bbJmcwHwYDVR0j BBgwFoAUeKFpXHaNCbbKfhl4MI5UvoT+uq4wDgYDVR0PAQH/BAQDAgeAMHMGA1Ud HwRsMGowaKBmoGSGYnJzeW5jOi8vcnBraS1ycHMuY25uaWMuY24vcmVwby9BMTEw MDk1NTAwNzQ5NjIyNDc3MC8wLzc4QTE2OTVDNzY4RDA5QjZDQTdFMTk3ODMwOEU1 NEJFODRGRUJBQUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5 bmM6Ly9ycGtpLXJwcy5jbm5pYy5jbi9yZXBvL0ExMDU1MzkwNzc1MDkwNjc1NzE1 LzEvNzhBMTY5NUM3NjhEMDlCNkNBN0UxOTc4MzA4RTU0QkU4NEZFQkFBRS5jZXIw XQYIKwYBBQUHAQsEUTBPME0GCCsGAQUFBzALhkFyc3luYzovL3Jwa2ktcnBzLmNu bmljLmNuL3JlcG8vQTExMDA5NTUwMDc0OTYyMjQ3NzAvMC9BUzE3NjIxLnJvYTAY BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIA ATBgMAwDBADTXyEDBADTXyYDBAHTXzAwDAMEANNfMwMEAdNfNAMEAdNfPDAMAwQB 019GAwQA019IAwQA019NAwQB3MQCAwQA3MQWAwQA3MQwAwQA3MQzAwQB3MQ6AwQE 3MTgMA0GCSqGSIb3DQEBCwUAA4IBAQC0xif/cDYmTm/LbHbP0TXXVmgNQHvKhgBl azPH/LJxePdygWWAUNumJFDyjqHW4A0+l3wTIqDi685VDEFnykUYGS8JOc9do4Mg pldjGMZAmuAtmeEIpMk0Q/ZRlCWPiolLVmG90sO/SGh7yYxJJsX4ROCint+ogI09 BJQ64WbqqUk4HFlLVNHmReYJ9mRtbF15iaUG3clI/itY85Kw8RCchOtLR9X/aJJi T3ulP6skKDrOxnZBWeOCwfI6lGg7SiCNohIp1clF7ngKtn3abnSjTdNHNY4D/V5q BWeIzaEsfSeBtFq1aFRbfPGqAoX540JlCsB1bmOx9OlOQXk8+jvT -----END CERTIFICATE-----Generated at Fri Jun 12 02:23:44 2026 by rpki-client