Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2620/ZuvQbTH8ZAJqK3Bv4oQXcXDGOM8.roa
File: ZuvQbTH8ZAJqK3Bv4oQXcXDGOM8.roa (raw, json)
Hash identifier: vBuDQxOioQeWVe9lqMaBkRts1ZbtGfixeSvj7yTqxCE=
Subject key identifier: 66:EB:D0:6D:31:FC:64:02:6A:2B:70:6F:E2:84:17:71:70:C6:38:CF
Certificate issuer: /CN=21DC875965C2BA61D1DACBB48DEE140554AA5AEF
Certificate serial: 12AE
Authority key identifier: 21:DC:87:59:65:C2:BA:61:D1:DA:CB:B4:8D:EE:14:05:54:AA:5A:EF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IdyHWWXCumHR2su0je4UBVSqWu8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/ZuvQbTH8ZAJqK3Bv4oQXcXDGOM8.roa
Signing time: Fri 17 Jan 2025 01:26:13 +0000
ROA not before: Fri 17 Jan 2025 01:26:13 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 58593
IP address blocks: 40.72.0.0/15 maxlen: 32
40.72.0.0/16 maxlen: 32
40.72.0.0/17 maxlen: 32
40.72.128.0/17 maxlen: 32
40.72.254.0/24 maxlen: 32
40.72.255.0/24 maxlen: 32
40.73.0.0/17 maxlen: 32
40.73.99.0/24 maxlen: 32
40.73.128.0/17 maxlen: 32
40.125.128.0/17 maxlen: 32
40.126.64.0/18 maxlen: 32
40.162.0.0/16 maxlen: 32
52.130.0.0/20 maxlen: 32
52.130.16.0/20 maxlen: 32
52.130.32.0/19 maxlen: 32
52.130.64.0/19 maxlen: 32
52.130.96.0/20 maxlen: 32
52.130.112.0/20 maxlen: 32
52.130.128.0/18 maxlen: 32
52.130.192.0/18 maxlen: 32
52.131.0.0/17 maxlen: 32
52.131.128.0/17 maxlen: 32
139.217.0.0/16 maxlen: 32
139.217.0.0/17 maxlen: 32
139.217.128.0/17 maxlen: 32
139.219.0.0/16 maxlen: 32
139.219.0.0/17 maxlen: 32
139.219.128.0/17 maxlen: 32
143.64.0.0/16 maxlen: 32
159.27.0.0/16 maxlen: 32
Validation: OK
Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/IdyHWWXCumHR2su0je4UBVSqWu8.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/IdyHWWXCumHR2su0je4UBVSqWu8.mft
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IdyHWWXCumHR2su0je4UBVSqWu8.cer
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1xHsDTeBWKRHb-bqfXClSpUZWhE.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1xHsDTeBWKRHb-bqfXClSpUZWhE.mft
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/1xHsDTeBWKRHb-bqfXClSpUZWhE.cer
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 14 Apr 2025 14:06:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4782 (0x12ae)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21DC875965C2BA61D1DACBB48DEE140554AA5AEF
Validity
Not Before: Jan 17 01:26:13 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=66EBD06D31FC64026A2B706FE284177170C638CF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:8b:f5:7f:16:f7:b7:6f:d2:86:4d:e5:e1:f7:
43:e9:dc:96:87:73:af:66:0c:8d:90:51:18:0b:9f:
32:22:b2:5b:1d:ea:56:41:f9:2a:cf:99:e7:a0:4e:
36:43:9e:d8:e5:41:39:6d:91:ef:e2:05:05:14:af:
54:5a:bd:53:28:13:af:97:90:ac:b4:2c:f7:a4:e2:
b3:e4:7b:aa:d4:71:f5:6a:3a:dc:2a:10:3a:bb:8a:
41:f3:e8:ce:d2:6b:b4:a0:1a:d7:f9:54:37:24:32:
5b:76:f6:f0:63:b5:e5:95:83:93:87:83:24:87:3c:
16:30:eb:4c:b9:10:77:3a:98:06:9d:0c:f7:a4:84:
7d:17:ca:4d:57:b5:0f:f2:8d:61:44:30:2d:c3:37:
52:81:30:65:2c:7c:0c:63:2c:46:c9:cb:b1:d8:57:
69:64:37:a2:88:25:0b:f3:8e:c0:3b:84:4f:48:1f:
87:b0:53:f1:2c:0b:35:20:50:e0:c3:66:ea:02:7c:
2d:c9:bb:45:12:97:62:7d:1c:43:4b:88:bf:53:8a:
b1:3c:40:df:45:8b:e8:fb:16:7e:17:f0:4c:c6:4c:
32:a0:0c:cd:a1:9d:7e:1d:c3:43:48:62:6e:36:20:
22:45:3b:84:d6:bd:09:86:9b:c4:76:f9:9c:6a:23:
0e:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:EB:D0:6D:31:FC:64:02:6A:2B:70:6F:E2:84:17:71:70:C6:38:CF
X509v3 Authority Key Identifier:
keyid:21:DC:87:59:65:C2:BA:61:D1:DA:CB:B4:8D:EE:14:05:54:AA:5A:EF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/IdyHWWXCumHR2su0je4UBVSqWu8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IdyHWWXCumHR2su0je4UBVSqWu8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/ZuvQbTH8ZAJqK3Bv4oQXcXDGOM8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
40.72.0.0/15
40.125.128.0/17
40.126.64.0/18
40.162.0.0/16
52.130.0.0/15
139.217.0.0/16
139.219.0.0/16
143.64.0.0/16
159.27.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9d:5f:c2:a4:b7:9a:29:71:2b:ac:d4:b0:0a:83:df:e7:4d:8d:
dc:00:96:b4:47:a5:63:9c:bd:d1:0e:83:ba:c4:4c:61:aa:7d:
0a:6f:b8:ea:39:f6:54:f6:f8:33:f5:7c:a1:e0:31:f9:68:6b:
2f:a2:2b:fd:f2:dc:b6:f5:82:d3:a7:86:df:1c:44:32:bd:c9:
0a:32:46:83:4d:8f:c9:e2:ea:36:af:e1:86:59:b1:a9:5f:09:
20:37:71:13:a1:4d:9e:d7:14:28:26:6f:47:cd:52:56:c1:67:
9b:2b:7b:b4:74:f0:38:fa:13:ca:00:66:88:97:d9:0b:31:e5:
0d:1c:2e:b9:3e:34:8c:d3:96:68:25:70:a0:96:63:d7:db:e7:
63:ea:2a:3e:5c:c8:b1:9c:1b:05:04:03:04:b4:92:eb:c5:fd:
22:9f:3b:4b:f1:ab:51:d1:bd:68:47:36:a1:7c:2a:bb:1e:de:
60:1b:21:fa:30:d6:87:29:e7:eb:b5:01:37:d8:aa:af:98:7e:
9c:f4:2a:08:d9:bc:2a:30:17:1e:95:fc:f6:65:ff:a0:ac:b2:
fe:c7:af:d0:83:f4:5e:87:8c:6e:28:26:b4:a8:35:b5:2c:00:
60:cb:f7:71:fa:42:a5:e2:97:8c:f1:aa:7e:50:7b:a9:a5:1e:
44:84:cc:e0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgICEq4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMjFE
Qzg3NTk2NUMyQkE2MUQxREFDQkI0OERFRTE0MDU1NEFBNUFFRjAeFw0yNTAxMTcw
MTI2MTNaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDY2RUJEMDZEMzFGQzY0
MDI2QTJCNzA2RkUyODQxNzcxNzBDNjM4Q0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCui/V/Fve3b9KGTeXh90Pp3JaHc69mDI2QURgLnzIislsd6lZB
+SrPmeegTjZDntjlQTltke/iBQUUr1RavVMoE6+XkKy0LPek4rPke6rUcfVqOtwq
EDq7ikHz6M7Sa7SgGtf5VDckMlt29vBjteWVg5OHgySHPBYw60y5EHc6mAadDPek
hH0Xyk1XtQ/yjWFEMC3DN1KBMGUsfAxjLEbJy7HYV2lkN6KIJQvzjsA7hE9IH4ew
U/EsCzUgUODDZuoCfC3Ju0USl2J9HENLiL9TirE8QN9Fi+j7Fn4X8EzGTDKgDM2h
nX4dw0NIYm42ICJFO4TWvQmGm8R2+ZxqIw4vAgMBAAGjggIcMIICGDAdBgNVHQ4E
FgQUZuvQbTH8ZAJqK3Bv4oQXcXDGOM8wHwYDVR0jBBgwFoAUIdyHWWXCumHR2su0
je4UBVSqWu8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjYy
MC9JZHlIV1dYQ3VtSFIyc3UwamU0VUJWU3FXdTguY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL0lkeUhXV1hDdW1IUjJzdTBqZTRVQlZTcVd1OC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2MjAvWnV2UWJUSDhaQUpx
SzNCdjRvUVhjWERHT004LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDBIBggrBgEFBQcBBwEB/wQ5MDcwNQQCAAEw
LwMDAShIAwQHKH2AAwQGKH5AAwMAKKIDAwE0ggMDAIvZAwMAi9sDAwCPQAMDAJ8b
MA0GCSqGSIb3DQEBCwUAA4IBAQCdX8Kkt5opcSus1LAKg9/nTY3cAJa0R6VjnL3R
DoO6xExhqn0Kb7jqOfZU9vgz9Xyh4DH5aGsvoiv98ty29YLTp4bfHEQyvckKMkaD
TY/J4uo2r+GGWbGpXwkgN3EToU2e1xQoJm9HzVJWwWebK3u0dPA4+hPKAGaIl9kL
MeUNHC65PjSM05ZoJXCglmPX2+dj6io+XMixnBsFBAMEtJLrxf0inztL8atR0b1o
RzahfCq7Ht5gGyH6MNaHKefrtQE32KqvmH6c9CoI2bwqMBcelfz2Zf+grLL+x6/Q
g/Reh4xuKCa0qDW1LABgy/dx+kKl4peM8ap+UHuppR5EhMzg
-----END CERTIFICATE-----
Generated at Mon Apr 14 10:28:54 2025 by rpki-client