Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1375/lfGXE2Dj7lPSTQBd4hoV-6JrI8o.roa
File:                     lfGXE2Dj7lPSTQBd4hoV-6JrI8o.roa (raw, json)
Hash identifier:          HDrnJP6wTiBFKf6i8gFKb+D6qpGFM3BL5iEQVngJdeI=
Subject key identifier:   95:F1:97:13:60:E3:EE:53:D2:4D:00:5D:E2:1A:15:FB:A2:6B:23:CA
Certificate issuer:       /CN=3ABA8B425232BE58968396DE32A8EB5A05EEA658
Certificate serial:       140D
Authority key identifier: 3A:BA:8B:42:52:32:BE:58:96:83:96:DE:32:A8:EB:5A:05:EE:A6:58
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/OrqLQlIyvliWg5beMqjrWgXuplg.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1375/lfGXE2Dj7lPSTQBd4hoV-6JrI8o.roa
Signing time:             Mon 11 Dec 2023 06:38:28 +0000
ROA not before:           Mon 11 Dec 2023 06:38:28 +0000
ROA not after:            Tue 08 Oct 2024 00:16:33 +0000
asID:                     31972
IP address blocks:        45.115.228.0/22 maxlen: 24
                          45.127.216.0/22 maxlen: 24
                          103.56.8.0/22 maxlen: 24
                          103.196.204.0/22 maxlen: 24
                          103.207.48.0/22 maxlen: 24
                          210.16.104.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1375/OrqLQlIyvliWg5beMqjrWgXuplg.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1375/OrqLQlIyvliWg5beMqjrWgXuplg.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/OrqLQlIyvliWg5beMqjrWgXuplg.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 16 Jun 2024 20:57:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5133 (0x140d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ABA8B425232BE58968396DE32A8EB5A05EEA658
        Validity
            Not Before: Dec 11 06:38:28 2023 GMT
            Not After : Oct  8 00:16:33 2024 GMT
        Subject: CN=95F1971360E3EE53D24D005DE21A15FBA26B23CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:33:b3:93:0d:37:89:87:bf:e7:8e:1e:f4:83:
                    b2:a7:14:73:08:3b:aa:39:91:76:45:46:90:36:b6:
                    8c:a0:9e:8b:60:86:2c:0d:da:9b:13:7f:b2:0e:b1:
                    eb:96:0c:87:ce:96:df:98:2f:02:d1:06:30:20:1c:
                    89:79:8e:88:f7:9c:c4:5f:41:b8:7d:29:c5:81:8f:
                    c9:fe:1e:80:a6:5f:27:6c:c6:6a:3e:16:9b:04:ef:
                    7f:bb:08:43:84:ee:7c:c8:f5:56:56:8c:46:98:4b:
                    5b:c5:cb:2a:51:76:8f:5c:d1:cc:a1:8e:64:4e:33:
                    9a:6a:f1:b4:6a:64:ea:f5:24:27:22:ee:7b:84:39:
                    e7:9c:d8:0c:bf:45:e0:0b:58:42:75:4f:53:9d:b1:
                    eb:72:48:71:32:c6:fd:5c:82:e9:5a:2b:f1:9a:3c:
                    a4:18:6d:50:e1:30:63:f4:70:08:0b:5f:71:d1:43:
                    4e:0d:b8:7c:0d:c3:08:2d:22:88:dc:81:a1:b4:36:
                    bf:85:9f:0f:32:01:ab:62:26:29:06:2f:98:c7:55:
                    15:9b:70:3d:95:ba:a1:c8:d9:0d:1c:5d:4d:71:fc:
                    7c:a0:d3:09:9a:5f:5f:e7:2b:c5:4f:b8:b5:38:86:
                    36:f8:bc:33:b0:a0:c3:86:67:fe:3e:4f:44:a0:6a:
                    39:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:F1:97:13:60:E3:EE:53:D2:4D:00:5D:E2:1A:15:FB:A2:6B:23:CA
            X509v3 Authority Key Identifier:
                keyid:3A:BA:8B:42:52:32:BE:58:96:83:96:DE:32:A8:EB:5A:05:EE:A6:58

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1375/OrqLQlIyvliWg5beMqjrWgXuplg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/OrqLQlIyvliWg5beMqjrWgXuplg.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1375/lfGXE2Dj7lPSTQBd4hoV-6JrI8o.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.115.228.0/22
                  45.127.216.0/22
                  103.56.8.0/22
                  103.196.204.0/22
                  103.207.48.0/22
                  210.16.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:b6:c0:53:68:50:93:a7:06:74:7d:a5:f3:55:2c:d0:db:1c:
         96:93:8f:6b:8d:4e:66:c3:98:7b:71:ea:60:c3:2b:48:7b:d7:
         85:f0:b3:0f:44:85:7a:48:ef:82:78:4d:91:66:3c:8b:39:b4:
         39:68:a1:38:b5:1a:0f:2a:ba:a9:52:07:2a:d3:8d:76:b8:dc:
         55:f6:42:7b:1d:cb:17:8e:70:4a:95:f5:41:37:99:45:80:dd:
         66:25:ee:d2:15:a2:db:85:68:8a:e8:97:91:af:08:dd:82:20:
         cf:bd:c8:09:4d:62:9d:04:67:ba:45:cc:55:0a:db:a9:9a:5d:
         76:1c:e9:95:c0:00:f6:5f:e5:4b:e5:7d:0d:f9:2c:d0:96:4e:
         c6:be:53:21:34:72:09:74:55:76:0e:34:ce:e5:cb:f4:56:5f:
         36:f9:40:44:90:69:e3:5c:91:8e:22:55:54:b3:31:82:9b:ea:
         54:6a:a5:93:8a:3a:08:e1:80:81:7c:f4:f4:1e:3c:db:7d:ad:
         b3:89:0b:ad:c7:bd:a2:35:23:5d:6c:03:19:4d:1a:8c:28:b2:
         c4:5d:04:83:86:e4:1d:3d:10:a4:55:c2:1e:10:d4:b5:b1:fd:
         e8:6c:96:20:df:e0:00:f6:99:6f:7c:f1:e9:d3:7b:38:bb:28:
         6a:5a:b3:a6
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgICFA0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoM0FC
QThCNDI1MjMyQkU1ODk2ODM5NkRFMzJBOEVCNUEwNUVFQTY1ODAeFw0yMzEyMTEw
NjM4MjhaFw0yNDEwMDgwMDE2MzNaMDMxMTAvBgNVBAMTKDk1RjE5NzEzNjBFM0VF
NTNEMjREMDA1REUyMUExNUZCQTI2QjIzQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFM7OTDTeJh7/njh70g7KnFHMIO6o5kXZFRpA2toygnotghiwN
2psTf7IOseuWDIfOlt+YLwLRBjAgHIl5joj3nMRfQbh9KcWBj8n+HoCmXydsxmo+
FpsE73+7CEOE7nzI9VZWjEaYS1vFyypRdo9c0cyhjmROM5pq8bRqZOr1JCci7nuE
Oeec2Ay/ReALWEJ1T1OdsetySHEyxv1cgulaK/GaPKQYbVDhMGP0cAgLX3HRQ04N
uHwNwwgtIojcgaG0Nr+Fnw8yAatiJikGL5jHVRWbcD2VuqHI2Q0cXU1x/Hyg0wma
X1/nK8VPuLU4hjb4vDOwoMOGZ/4+T0Sgajl5AgMBAAGjggIRMIICDTAdBgNVHQ4E
FgQUlfGXE2Dj7lPSTQBd4hoV+6JrI8owHwYDVR0jBBgwFoAUOrqLQlIyvliWg5be
MqjrWgXuplgwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
NS9PcnFMUWxJeXZsaVdnNWJlTXFqcldnWHVwbGcuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL09ycUxRbEl5dmxpV2c1YmVNcWpyV2dYdXBsZy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzEzNzUvbGZHWEUyRGo3bFBT
VFFCZDRob1YtNkpySThvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDA9BggrBgEFBQcBBwEB/wQuMCwwKgQCAAEw
JAMEAi1z5AMEAi1/2AMEAmc4CAMEAmfEzAMEAmfPMAMEAtIQaDANBgkqhkiG9w0B
AQsFAAOCAQEAXbbAU2hQk6cGdH2l81Us0NsclpOPa41OZsOYe3HqYMMrSHvXhfCz
D0SFekjvgnhNkWY8izm0OWihOLUaDyq6qVIHKtONdrjcVfZCex3LF45wSpX1QTeZ
RYDdZiXu0hWi24VoiuiXka8I3YIgz73ICU1inQRnukXMVQrbqZpddhzplcAA9l/l
S+V9Dfks0JZOxr5TITRyCXRVdg40zuXL9FZfNvlARJBp41yRjiJVVLMxgpvqVGql
k4o6COGAgXz09B48232ts4kLrce9ojUjXWwDGU0ajCiyxF0Eg4bkHT0QpFXCHhDU
tbH96GyWIN/gAPaZb3zx6dN7OLsoalqzpg==
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:35:05 2024 by rpki-client on console-ams.rpki-client.org