Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2329/HKDwIDf66kZXwr7Hy_Wozz5DkaQ.roa
File:                     HKDwIDf66kZXwr7Hy_Wozz5DkaQ.roa (raw, json)
Hash identifier:          BxkGFBfhsfuKtO3KsG396l1v4jaB+QwE6DSsCxpvYAw=
Subject key identifier:   1C:A0:F0:20:37:FA:EA:46:57:C2:BE:C7:CB:F5:A8:CF:3E:43:91:A4
Certificate issuer:       /CN=EC10C93455759C659D2BB819FB07FF7063CECC32
Certificate serial:       15EB
Authority key identifier: EC:10:C9:34:55:75:9C:65:9D:2B:B8:19:FB:07:FF:70:63:CE:CC:32
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/7BDJNFV1nGWdK7gZ-wf_cGPOzDI.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2329/HKDwIDf66kZXwr7Hy_Wozz5DkaQ.roa
Signing time:             Wed 13 Mar 2024 01:22:27 +0000
ROA not before:           Wed 13 Mar 2024 01:22:27 +0000
ROA not after:            Fri 31 Jan 2025 01:13:46 +0000
asID:                     138950
IP address blocks:        2404:6380::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2329/7BDJNFV1nGWdK7gZ-wf_cGPOzDI.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2329/7BDJNFV1nGWdK7gZ-wf_cGPOzDI.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/7BDJNFV1nGWdK7gZ-wf_cGPOzDI.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 23 Nov 2024 00:23:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5611 (0x15eb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=EC10C93455759C659D2BB819FB07FF7063CECC32
        Validity
            Not Before: Mar 13 01:22:27 2024 GMT
            Not After : Jan 31 01:13:46 2025 GMT
        Subject: CN=1CA0F02037FAEA4657C2BEC7CBF5A8CF3E4391A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e6:ac:3b:3f:d2:c7:3e:31:f6:c0:68:63:e1:
                    df:09:da:9a:b7:4a:1d:55:39:cd:f0:2e:bb:c4:18:
                    c2:60:61:6d:93:c7:25:8c:2b:f2:c1:28:bf:08:57:
                    4a:aa:e7:c8:93:51:04:86:01:73:6d:0d:be:4a:b4:
                    0b:f7:56:d1:14:ba:5a:21:15:76:be:51:e5:a3:9f:
                    c0:54:fe:50:d2:74:f3:57:c4:c1:85:2d:4c:90:aa:
                    49:39:78:da:ad:7f:49:f8:4c:ee:d0:e9:e0:af:c6:
                    a1:13:b2:60:27:09:5c:cd:e0:65:16:f6:65:e8:df:
                    96:6f:6f:38:59:64:0e:08:d0:f5:3e:80:a8:5b:d5:
                    d2:e1:a6:50:f7:fc:cb:f2:4d:6d:c3:4c:6e:07:fb:
                    7d:bf:64:98:38:66:13:53:0d:1c:29:cb:00:01:f1:
                    ca:8e:2a:08:55:fa:4c:b8:f8:79:f9:bf:0c:06:c2:
                    d8:63:c4:1b:c1:6c:41:1d:e2:2e:8d:4e:fd:af:3d:
                    aa:80:24:20:72:21:9c:70:c2:75:34:6f:dd:5a:f2:
                    52:fe:d6:f8:e4:1e:8a:71:9a:b7:f7:1a:4b:c0:63:
                    4d:de:17:36:29:39:e3:26:89:f4:d8:85:71:6e:89:
                    6f:9a:9a:fe:e7:40:0a:d3:d7:fa:b7:b9:39:8d:d5:
                    4b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:A0:F0:20:37:FA:EA:46:57:C2:BE:C7:CB:F5:A8:CF:3E:43:91:A4
            X509v3 Authority Key Identifier:
                keyid:EC:10:C9:34:55:75:9C:65:9D:2B:B8:19:FB:07:FF:70:63:CE:CC:32

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2329/7BDJNFV1nGWdK7gZ-wf_cGPOzDI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/7BDJNFV1nGWdK7gZ-wf_cGPOzDI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2329/HKDwIDf66kZXwr7Hy_Wozz5DkaQ.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:6380::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:f5:5b:69:16:26:f3:f8:d8:98:30:37:ab:05:ba:f4:b7:15:
         dd:94:72:76:f4:92:4f:e3:4b:04:75:0f:44:b3:7e:d3:a7:0e:
         8b:5a:30:77:89:38:15:67:f3:2c:9e:d9:5d:52:4d:a9:49:cb:
         2d:84:d1:11:5a:fc:ac:c4:a4:95:f2:54:92:d7:1d:98:19:40:
         95:64:f7:22:9a:44:57:ce:66:20:14:52:76:25:a9:f0:4b:5d:
         57:0e:7f:24:58:3f:9b:32:5d:78:05:9f:f7:6a:fd:e9:10:b2:
         6a:8c:a1:ee:52:73:dd:76:6e:9b:e4:61:44:74:ae:80:6a:69:
         75:38:a7:f5:c1:38:1d:18:90:9d:07:a4:9b:8b:e6:7b:17:3f:
         c2:fc:81:2a:02:ee:7f:95:48:f3:47:b2:e2:b4:b4:e6:77:24:
         b5:c5:79:ef:7a:e3:51:03:60:ec:6b:38:7b:7f:f9:f8:b1:c2:
         68:d3:7a:82:2b:22:ba:cb:cb:1b:bd:8a:e8:4d:9b:c2:ac:73:
         c0:1f:a9:e3:2d:44:44:86:a7:18:fd:06:09:50:ce:a5:74:77:
         e0:56:d0:d2:5b:2e:21:cb:61:27:25:fb:8d:73:62:6b:d4:09:
         25:30:1b:25:1f:18:90:af:6d:3d:db:ad:84:f0:22:bc:03:df:
         d7:28:18:6d
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICFeswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUMx
MEM5MzQ1NTc1OUM2NTlEMkJCODE5RkIwN0ZGNzA2M0NFQ0MzMjAeFw0yNDAzMTMw
MTIyMjdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFDQTBGMDIwMzdGQUVB
NDY1N0MyQkVDN0NCRjVBOENGM0U0MzkxQTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDa5qw7P9LHPjH2wGhj4d8J2pq3Sh1VOc3wLrvEGMJgYW2TxyWM
K/LBKL8IV0qq58iTUQSGAXNtDb5KtAv3VtEUulohFXa+UeWjn8BU/lDSdPNXxMGF
LUyQqkk5eNqtf0n4TO7Q6eCvxqETsmAnCVzN4GUW9mXo35ZvbzhZZA4I0PU+gKhb
1dLhplD3/MvyTW3DTG4H+32/ZJg4ZhNTDRwpywAB8cqOKghV+ky4+Hn5vwwGwthj
xBvBbEEd4i6NTv2vPaqAJCByIZxwwnU0b91a8lL+1vjkHopxmrf3GkvAY03eFzYp
OeMmifTYhXFuiW+amv7nQArT1/q3uTmN1UsHAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUHKDwIDf66kZXwr7Hy/Wozz5DkaQwHwYDVR0jBBgwFoAU7BDJNFV1nGWdK7gZ
+wf/cGPOzDIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjMy
OS83QkRKTkZWMW5HV2RLN2daLXdmX2NHUE96REkuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzdCREpORlYxbkdXZEs3Z1otd2ZfY0dQT3pESS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzIzMjkvSEtEd0lEZjY2a1pY
d3I3SHlfV296ejVEa2FRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQEY4AwDQYJKoZIhvcNAQELBQADggEBAHX1W2kWJvP42JgwN6sFuvS3Fd2U
cnb0kk/jSwR1D0SzftOnDotaMHeJOBVn8yye2V1STalJyy2E0RFa/KzEpJXyVJLX
HZgZQJVk9yKaRFfOZiAUUnYlqfBLXVcOfyRYP5syXXgFn/dq/ekQsmqMoe5Sc912
bpvkYUR0roBqaXU4p/XBOB0YkJ0HpJuL5nsXP8L8gSoC7n+VSPNHsuK0tOZ3JLXF
ee9641EDYOxrOHt/+fixwmjTeoIrIrrLyxu9iuhNm8Ksc8AfqeMtRESGpxj9BglQ
zqV0d+BW0NJbLiHLYScl+41zYmvUCSUwGyUfGJCvbT3brYTwIrwD39coGG0=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:28:44 2024 by rpki-client on console-ams.rpki-client.org