Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/WMANHMiWx1g3CI3Gqpc2-P8j_7k.roa
File: WMANHMiWx1g3CI3Gqpc2-P8j_7k.roa (raw, json)
Hash identifier: qNeI26rm2x8bpU/OqzZTNDcppRMsi9Yh3o3Np4XxV+s=
Subject key identifier: 58:C0:0D:1C:C8:96:C7:58:37:08:8D:C6:AA:97:36:F8:FF:23:FF:B9
Certificate issuer: /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial: 2030
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/WMANHMiWx1g3CI3Gqpc2-P8j_7k.roa
Signing time: Fri 17 Jan 2025 01:24:13 +0000
ROA not before: Fri 17 Jan 2025 01:24:13 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 212237
IP address blocks: 2403:6380:11::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.mft
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 11 Apr 2025 17:40:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8240 (0x2030)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Validity
Not Before: Jan 17 01:24:13 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=58C00D1CC896C75837088DC6AA9736F8FF23FFB9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:c4:32:c8:c9:33:62:b3:f9:3a:93:1b:31:9a:
d1:a3:6b:22:36:4e:23:be:74:3e:e1:51:eb:7d:4e:
61:2c:50:20:6c:53:88:43:f4:b5:25:44:f6:37:11:
a2:bb:d7:97:d2:5e:82:e8:5f:dd:12:5e:46:67:5b:
c1:c0:c5:08:bf:e5:38:07:fb:40:8d:c5:16:46:39:
2d:9d:2f:24:72:7e:41:5c:15:8e:22:bc:fa:90:8b:
7e:db:7f:66:01:e4:f2:33:14:93:7c:02:6e:3c:0d:
eb:26:c4:48:e0:58:22:90:24:35:fd:1a:70:10:d0:
fa:4d:e1:5d:91:6f:7e:dd:78:28:e1:29:c5:4b:f6:
59:7f:3f:62:49:fb:67:cf:c5:ff:9e:d5:99:f2:b0:
27:d7:1e:ea:cf:9a:8e:50:ba:c8:11:f7:3f:db:fd:
84:7c:75:b9:b8:41:53:68:4d:ff:37:99:7e:ed:0f:
12:e1:30:2b:f7:b2:44:54:1d:27:eb:78:76:0c:b7:
ac:77:b6:4b:f8:a5:9b:cf:06:ee:55:9c:c0:bd:d7:
08:27:89:e3:99:10:c3:1e:ad:f4:08:2d:8e:7a:2a:
78:b5:af:fd:b7:ac:41:b4:75:da:09:03:4c:28:f4:
d8:6c:f6:20:92:7a:fb:4d:d6:f4:56:9c:71:0e:41:
1c:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:C0:0D:1C:C8:96:C7:58:37:08:8D:C6:AA:97:36:F8:FF:23:FF:B9
X509v3 Authority Key Identifier:
keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/WMANHMiWx1g3CI3Gqpc2-P8j_7k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2403:6380:11::/48
Signature Algorithm: sha256WithRSAEncryption
9d:33:3b:9f:2c:f4:f2:36:82:a5:ab:39:f8:7b:24:30:e2:37:
35:73:9a:b1:e3:98:c8:9b:77:59:ff:cf:0c:24:af:31:8e:c6:
3a:71:af:94:ff:0a:4f:7b:6d:3b:6a:f2:6d:eb:c0:14:ae:89:
90:b3:26:53:c5:42:7d:81:b7:d3:d6:1a:44:64:94:cf:10:62:
71:1e:81:cb:8e:49:0d:5a:83:d4:30:71:8c:c2:45:35:d7:d8:
38:cc:83:d9:30:c4:b3:ba:30:82:f2:0c:bc:84:ad:0e:f6:74:
e5:79:24:5c:cc:ee:e0:9d:23:79:19:3f:bf:38:52:02:41:8e:
e0:9a:45:27:d7:a1:f5:16:f5:fe:e5:5b:71:20:a4:e7:fe:2a:
6a:e4:ad:4e:2e:6f:fa:21:60:ef:38:2d:b4:af:a8:16:ae:57:
2d:cb:62:85:fb:f7:28:fd:ba:6a:46:61:49:26:70:c7:6e:86:
37:89:45:bd:df:87:df:17:2c:1e:6d:63:ba:39:83:af:f2:bf:
f7:03:31:8a:02:3f:91:21:77:26:c1:8b:38:a5:28:d5:46:79:
3a:80:a5:d4:72:e1:ea:89:e6:fd:e4:d5:fc:4e:26:e6:dd:57:
af:5b:97:41:27:72:a2:10:64:0a:fd:15:d4:88:ab:02:12:57:
1c:96:2c:43
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICIDAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTAxMTcw
MTI0MTNaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDU4QzAwRDFDQzg5NkM3
NTgzNzA4OERDNkFBOTczNkY4RkYyM0ZGQjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/xDLIyTNis/k6kxsxmtGjayI2TiO+dD7hUet9TmEsUCBsU4hD
9LUlRPY3EaK715fSXoLoX90SXkZnW8HAxQi/5TgH+0CNxRZGOS2dLyRyfkFcFY4i
vPqQi37bf2YB5PIzFJN8Am48DesmxEjgWCKQJDX9GnAQ0PpN4V2Rb37deCjhKcVL
9ll/P2JJ+2fPxf+e1ZnysCfXHurPmo5QusgR9z/b/YR8dbm4QVNoTf83mX7tDxLh
MCv3skRUHSfreHYMt6x3tkv4pZvPBu5VnMC91wgnieOZEMMerfQILY56Kni1r/23
rEG0ddoJA0wo9Nhs9iCSevtN1vRWnHEOQRzRAgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQUWMANHMiWx1g3CI3Gqpc2+P8j/7kwHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvV01BTkhNaVd4MWcz
Q0kzR3FwYzItUDhqXzdrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACQDY4AAETANBgkqhkiG9w0BAQsFAAOCAQEAnTM7nyz08jaCpas5+HskMOI3
NXOaseOYyJt3Wf/PDCSvMY7GOnGvlP8KT3ttO2rybevAFK6JkLMmU8VCfYG309Ya
RGSUzxBicR6By45JDVqD1DBxjMJFNdfYOMyD2TDEs7owgvIMvIStDvZ05XkkXMzu
4J0jeRk/vzhSAkGO4JpFJ9eh9Rb1/uVbcSCk5/4qauStTi5v+iFg7zgttK+oFq5X
Lctihfv3KP26akZhSSZwx26GN4lFvd+H3xcsHm1jujmDr/K/9wMxigI/kSF3JsGL
OKUo1UZ5OoCl1HLh6onm/eTV/E4m5t1Xr1uXQSdyohBkCv0V1IirAhJXHJYsQw==
-----END CERTIFICATE-----
Generated at Fri Apr 11 17:35:27 2025 by rpki-client