Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/Upm3NFNJTgjaImZFTPOwqDOsodw.roa
File:                     Upm3NFNJTgjaImZFTPOwqDOsodw.roa (raw, json)
Hash identifier:          kxTQwsh8Ui9oq+ANhu0QENlwzWm7FjQWP+tuXPa7kKg=
Subject key identifier:   52:99:B7:34:53:49:4E:08:DA:22:66:45:4C:F3:B0:A8:33:AC:A1:DC
Certificate issuer:       /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial:       1E7A
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/Upm3NFNJTgjaImZFTPOwqDOsodw.roa
Signing time:             Wed 13 Mar 2024 01:21:37 +0000
ROA not before:           Wed 13 Mar 2024 01:21:37 +0000
ROA not after:            Fri 31 Jan 2025 01:13:46 +0000
asID:                     134762
IP address blocks:        43.226.49.0/24 maxlen: 24
                          43.226.53.0/24 maxlen: 24
                          43.226.54.0/24 maxlen: 24
                          43.227.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 23 Nov 2024 00:23:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7802 (0x1e7a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
        Validity
            Not Before: Mar 13 01:21:37 2024 GMT
            Not After : Jan 31 01:13:46 2025 GMT
        Subject: CN=5299B73453494E08DA2266454CF3B0A833ACA1DC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:d9:44:2a:6d:21:36:a9:a8:54:52:e5:b9:9f:
                    4c:ab:27:92:f6:d1:6c:ed:c0:21:13:25:e1:30:1d:
                    69:b2:10:e3:96:80:0a:97:f5:4b:ff:66:6e:df:b0:
                    68:c2:4e:25:0f:78:a4:4c:01:9a:20:e7:a9:ab:0e:
                    18:07:64:fa:a0:a4:01:6a:74:c1:a1:e9:a8:0d:43:
                    c1:46:e3:45:11:26:e8:06:92:06:81:c6:d0:ae:3c:
                    d7:34:86:eb:ab:0a:89:b6:90:7e:14:17:bf:54:01:
                    cd:fd:ef:41:0f:d0:cd:29:c7:27:50:24:59:09:a9:
                    22:69:43:c3:ed:dd:f3:e9:1c:60:7d:cf:d8:f0:6a:
                    00:64:88:72:fa:95:f1:99:de:b3:46:64:60:ab:a7:
                    f7:1a:bf:0e:9e:a3:c0:63:0b:75:65:3a:32:14:27:
                    bd:00:c0:ed:27:3c:02:06:03:d7:fa:17:03:a6:84:
                    e3:46:c7:db:94:15:d2:13:df:ba:22:87:59:c6:69:
                    b1:57:1c:a6:48:3d:de:11:07:b2:d6:23:62:89:73:
                    34:b4:12:66:33:0e:33:bf:ea:5b:df:11:16:05:14:
                    ee:f8:29:80:b9:d8:e4:3d:32:a2:6f:ef:b0:79:96:
                    98:86:ae:ce:fa:85:46:f8:14:06:b3:c6:e3:fa:f1:
                    d4:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:99:B7:34:53:49:4E:08:DA:22:66:45:4C:F3:B0:A8:33:AC:A1:DC
            X509v3 Authority Key Identifier:
                keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/Upm3NFNJTgjaImZFTPOwqDOsodw.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.226.49.0/24
                  43.226.53.0-43.226.54.255
                  43.227.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:0f:2d:2c:2d:77:07:3e:de:dd:70:3b:43:63:10:8c:3a:24:
         c0:62:9d:98:37:19:5c:06:c8:69:a2:ab:63:94:b4:6f:14:4b:
         ec:bd:76:8f:30:ef:dd:c8:7f:a6:db:76:58:4d:d7:df:36:18:
         6f:54:e4:9a:95:61:f5:0f:a1:d5:ae:40:0c:8e:b9:ef:5b:9d:
         a7:51:a5:d8:bc:b8:24:11:01:fb:fe:7e:11:3e:ab:c8:43:1d:
         6f:60:15:64:38:55:5e:4a:ef:91:d8:8d:e0:2c:25:bc:81:aa:
         27:3b:92:24:34:f8:bb:86:f4:39:15:d8:2c:12:62:99:a3:97:
         ca:c5:c4:98:f8:7a:16:77:09:0f:09:b1:50:e1:e4:d3:e4:71:
         ab:ac:06:82:52:d4:fe:71:dc:4f:a9:3b:da:0f:26:3f:3b:3b:
         4d:b1:c0:b0:3e:97:29:d0:1a:23:66:04:14:ba:9b:d5:41:5c:
         f6:2c:65:6b:37:3a:cf:4a:38:8e:00:f0:25:f0:7e:38:a5:64:
         b9:94:9a:89:11:2a:57:4d:36:d9:d4:50:51:be:bd:30:c0:4c:
         0d:44:47:b5:2e:2d:b7:18:25:61:1b:54:f8:c1:8a:99:79:7c:
         ac:22:67:b7:6c:d1:97:6d:76:63:3e:2d:ab:62:5a:9f:57:79:
         b8:5c:d2:58
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgICHnowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOEFF
NENGNzhCNDlERjBCMkMxRDI5RDMyRTQ4QTk0M0FFNEY0MUFDQzAeFw0yNDAzMTMw
MTIxMzdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDUyOTlCNzM0NTM0OTRF
MDhEQTIyNjY0NTRDRjNCMEE4MzNBQ0ExREMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDZ2UQqbSE2qahUUuW5n0yrJ5L20WztwCETJeEwHWmyEOOWgAqX
9Uv/Zm7fsGjCTiUPeKRMAZog56mrDhgHZPqgpAFqdMGh6agNQ8FG40URJugGkgaB
xtCuPNc0huurCom2kH4UF79UAc3970EP0M0pxydQJFkJqSJpQ8Pt3fPpHGB9z9jw
agBkiHL6lfGZ3rNGZGCrp/cavw6eo8BjC3VlOjIUJ70AwO0nPAIGA9f6FwOmhONG
x9uUFdIT37oih1nGabFXHKZIPd4RB7LWI2KJczS0EmYzDjO/6lvfERYFFO74KYC5
2OQ9MqJv77B5lpiGrs76hUb4FAazxuP68dTDAgMBAAGjggIHMIICAzAdBgNVHQ4E
FgQUUpm3NFNJTgjaImZFTPOwqDOsodwwHwYDVR0jBBgwFoAUiuTPeLSd8LLB0p0y
5IqUOuT0GswwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTY2
My9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2l1VFBlTFNkOExMQjBwMHk1SXFVT3VUMEdzdy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2NjMvVXBtM05GTkpUZ2ph
SW1aRlRQT3dxRE9zb2R3LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAzBggrBgEFBQcBBwEB/wQkMCIwIAQCAAEw
GgMEACviMTAMAwQAK+I1AwQAK+I2AwQAK+NEMA0GCSqGSIb3DQEBCwUAA4IBAQCQ
Dy0sLXcHPt7dcDtDYxCMOiTAYp2YNxlcBshpoqtjlLRvFEvsvXaPMO/dyH+m23ZY
TdffNhhvVOSalWH1D6HVrkAMjrnvW52nUaXYvLgkEQH7/n4RPqvIQx1vYBVkOFVe
Su+R2I3gLCW8gaonO5IkNPi7hvQ5FdgsEmKZo5fKxcSY+HoWdwkPCbFQ4eTT5HGr
rAaCUtT+cdxPqTvaDyY/OztNscCwPpcp0BojZgQUupvVQVz2LGVrNzrPSjiOAPAl
8H44pWS5lJqJESpXTTbZ1FBRvr0wwEwNREe1Li23GCVhG1T4wYqZeXysIme3bNGX
bXZjPi2rYlqfV3m4XNJY
-----END CERTIFICATE-----
Generated at Fri Nov 22 21:14:09 2024 by rpki-client on console-fra.rpki-client.org