Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2620/DvWpunTETXGaCcIPTyWFEQiHgAQ.roa
File: DvWpunTETXGaCcIPTyWFEQiHgAQ.roa (raw, json)
Hash identifier: nnsxEP8GrRnemX33e8rPEdZI+OwmPxeXc29U5dmxOB8=
Subject key identifier: 0E:F5:A9:BA:74:C4:4D:71:9A:09:C2:0F:4F:25:85:11:08:87:80:04
Certificate issuer: /CN=21DC875965C2BA61D1DACBB48DEE140554AA5AEF
Certificate serial: 0DF3
Authority key identifier: 21:DC:87:59:65:C2:BA:61:D1:DA:CB:B4:8D:EE:14:05:54:AA:5A:EF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IdyHWWXCumHR2su0je4UBVSqWu8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/DvWpunTETXGaCcIPTyWFEQiHgAQ.roa
Signing time: Fri 17 May 2024 08:22:26 +0000
ROA not before: Fri 17 May 2024 08:22:26 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 58593
IP address blocks: 40.72.0.0/15 maxlen: 32
40.72.0.0/16 maxlen: 32
40.72.0.0/17 maxlen: 32
40.72.128.0/17 maxlen: 32
40.72.254.0/24 maxlen: 32
40.72.255.0/24 maxlen: 32
40.73.0.0/17 maxlen: 32
40.73.99.0/24 maxlen: 32
40.73.128.0/17 maxlen: 32
40.125.128.0/17 maxlen: 32
40.126.64.0/18 maxlen: 32
40.162.0.0/16 maxlen: 32
52.130.0.0/20 maxlen: 32
52.130.16.0/20 maxlen: 32
52.130.32.0/19 maxlen: 32
52.130.64.0/19 maxlen: 32
52.130.96.0/20 maxlen: 32
52.130.112.0/20 maxlen: 32
52.130.128.0/18 maxlen: 32
52.130.192.0/18 maxlen: 32
52.131.0.0/17 maxlen: 32
52.131.128.0/17 maxlen: 32
139.217.0.0/16 maxlen: 32
139.217.0.0/17 maxlen: 32
139.217.128.0/17 maxlen: 32
139.219.0.0/16 maxlen: 32
139.219.0.0/17 maxlen: 32
139.219.128.0/17 maxlen: 32
143.64.0.0/16 maxlen: 32
159.27.0.0/16 maxlen: 32
Validation: OK
Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/IdyHWWXCumHR2su0je4UBVSqWu8.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/IdyHWWXCumHR2su0je4UBVSqWu8.mft
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IdyHWWXCumHR2su0je4UBVSqWu8.cer
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1xHsDTeBWKRHb-bqfXClSpUZWhE.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1xHsDTeBWKRHb-bqfXClSpUZWhE.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/1xHsDTeBWKRHb-bqfXClSpUZWhE.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Fri 22 Nov 2024 23:53:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3571 (0xdf3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21DC875965C2BA61D1DACBB48DEE140554AA5AEF
Validity
Not Before: May 17 08:22:26 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0EF5A9BA74C44D719A09C20F4F25851108878004
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:2e:50:cd:97:a0:11:59:8e:af:13:90:91:f7:
c1:6a:73:a9:3d:b2:50:61:78:f4:15:46:95:92:0c:
1d:2a:52:fe:af:0c:7b:b1:25:db:41:b3:13:fb:fb:
32:ea:be:ce:2d:20:f4:02:8d:0a:41:27:b2:8c:08:
61:f1:9e:8b:b8:e6:f1:79:11:b4:ac:85:b9:8e:c6:
7c:1e:b1:bf:d0:a0:22:41:ec:31:5b:f9:3b:96:a7:
f3:5e:59:fe:ee:01:ed:d4:ba:c2:17:30:0c:cc:01:
df:46:47:63:d9:fc:e7:45:04:e0:c5:8f:aa:b4:e0:
c9:55:4f:7d:f6:67:13:1b:f5:c6:3b:3b:cf:1f:c8:
33:8b:08:73:0c:8d:f7:06:a7:f5:ef:d7:3d:74:d5:
2c:3b:b8:cf:2e:9a:26:fd:21:e8:75:b1:bb:d0:c7:
a9:3e:ab:80:f3:fa:e2:f8:8e:45:7e:e9:fb:1a:e9:
be:ba:66:74:4d:68:13:c0:8a:cb:b4:87:38:04:b7:
64:bb:5e:f9:b1:19:e3:68:58:68:31:23:8e:78:a4:
c4:a2:2d:e6:b3:c3:38:cb:0f:2e:39:b3:fa:eb:45:
c1:a6:d7:99:7b:f8:41:61:15:77:b5:85:d1:49:df:
fd:08:8d:d3:2e:c2:40:74:cc:7a:1e:59:89:81:f9:
2c:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:F5:A9:BA:74:C4:4D:71:9A:09:C2:0F:4F:25:85:11:08:87:80:04
X509v3 Authority Key Identifier:
keyid:21:DC:87:59:65:C2:BA:61:D1:DA:CB:B4:8D:EE:14:05:54:AA:5A:EF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/IdyHWWXCumHR2su0je4UBVSqWu8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IdyHWWXCumHR2su0je4UBVSqWu8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/DvWpunTETXGaCcIPTyWFEQiHgAQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
40.72.0.0/15
40.125.128.0/17
40.126.64.0/18
40.162.0.0/16
52.130.0.0/15
139.217.0.0/16
139.219.0.0/16
143.64.0.0/16
159.27.0.0/16
Signature Algorithm: sha256WithRSAEncryption
47:f4:26:65:b2:77:db:88:68:86:6f:1d:ad:dd:53:8b:b8:76:
8d:b8:df:b6:57:24:fe:ca:6b:49:af:8c:0e:25:08:77:f9:85:
46:02:f6:18:53:ea:b8:42:c2:06:50:54:a8:0a:e4:e0:ea:9f:
3c:b9:bf:1c:12:d1:58:99:6f:d9:47:13:8d:b8:ae:18:fe:aa:
68:65:52:bd:ae:3a:d4:f2:45:b7:1c:cc:95:cf:bb:02:73:0d:
d3:79:68:66:6b:0b:38:b3:f4:56:9c:45:9e:6a:ee:38:03:9b:
0d:d9:b5:19:ab:03:5d:17:ad:e0:13:29:8c:fb:90:23:94:76:
42:6a:83:2f:db:7c:ce:78:0e:74:6f:16:13:14:9e:8f:fc:ec:
5d:b6:39:ce:82:fc:cf:4b:5a:82:f8:f3:9c:51:66:7a:d6:bf:
cf:45:c9:55:dd:ea:54:eb:eb:66:c6:90:c3:10:82:62:ec:ff:
fd:62:05:24:be:d0:3a:71:5e:28:70:55:6e:cb:83:78:6a:e9:
e5:02:91:12:a1:10:44:a0:de:b2:eb:1c:01:5d:68:69:24:46:
e5:f1:4d:f4:07:72:cf:ee:36:81:50:76:35:02:67:8d:09:69:
0f:e9:40:15:8a:6a:f4:06:ba:75:94:9c:ad:76:53:fc:b4:a8:
6b:d9:65:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgICDfMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMjFE
Qzg3NTk2NUMyQkE2MUQxREFDQkI0OERFRTE0MDU1NEFBNUFFRjAeFw0yNDA1MTcw
ODIyMjZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBFRjVBOUJBNzRDNDRE
NzE5QTA5QzIwRjRGMjU4NTExMDg4NzgwMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPLlDNl6ARWY6vE5CR98Fqc6k9slBhePQVRpWSDB0qUv6vDHux
JdtBsxP7+zLqvs4tIPQCjQpBJ7KMCGHxnou45vF5EbSshbmOxnwesb/QoCJB7DFb
+TuWp/NeWf7uAe3UusIXMAzMAd9GR2PZ/OdFBODFj6q04MlVT332ZxMb9cY7O88f
yDOLCHMMjfcGp/Xv1z101Sw7uM8umib9Ieh1sbvQx6k+q4Dz+uL4jkV+6fsa6b66
ZnRNaBPAisu0hzgEt2S7XvmxGeNoWGgxI454pMSiLeazwzjLDy45s/rrRcGm15l7
+EFhFXe1hdFJ3/0IjdMuwkB0zHoeWYmB+SwjAgMBAAGjggIcMIICGDAdBgNVHQ4E
FgQUDvWpunTETXGaCcIPTyWFEQiHgAQwHwYDVR0jBBgwFoAUIdyHWWXCumHR2su0
je4UBVSqWu8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjYy
MC9JZHlIV1dYQ3VtSFIyc3UwamU0VUJWU3FXdTguY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL0lkeUhXV1hDdW1IUjJzdTBqZTRVQlZTcVd1OC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2MjAvRHZXcHVuVEVUWEdh
Q2NJUFR5V0ZFUWlIZ0FRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDBIBggrBgEFBQcBBwEB/wQ5MDcwNQQCAAEw
LwMDAShIAwQHKH2AAwQGKH5AAwMAKKIDAwE0ggMDAIvZAwMAi9sDAwCPQAMDAJ8b
MA0GCSqGSIb3DQEBCwUAA4IBAQBH9CZlsnfbiGiGbx2t3VOLuHaNuN+2VyT+ymtJ
r4wOJQh3+YVGAvYYU+q4QsIGUFSoCuTg6p88ub8cEtFYmW/ZRxONuK4Y/qpoZVK9
rjrU8kW3HMyVz7sCcw3TeWhmaws4s/RWnEWeau44A5sN2bUZqwNdF63gEymM+5Aj
lHZCaoMv23zOeA50bxYTFJ6P/OxdtjnOgvzPS1qC+POcUWZ61r/PRclV3epU6+tm
xpDDEIJi7P/9YgUkvtA6cV4ocFVuy4N4aunlApESoRBEoN6y6xwBXWhpJEbl8U30
B3LP7jaBUHY1AmeNCWkP6UAVimr0Brp1lJytdlP8tKhr2WUv
-----END CERTIFICATE-----
Generated at Fri Nov 22 21:14:10 2024 by rpki-client on console-fra.rpki-client.org