Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3014/v5sSEiiIc05FCCFyqe3iSFwVX18.roa
File:                     v5sSEiiIc05FCCFyqe3iSFwVX18.roa (raw, json)
Hash identifier:          pJxHsRboBUmVNtFG/8TiZn6p8j8nSgBsYNpXUY8Z0ac=
Subject key identifier:   BF:9B:12:12:28:88:73:4E:45:08:21:72:A9:ED:E2:48:5C:15:5F:5F
Certificate issuer:       /CN=C1D31291638F4A4040CD3D52DEC3FF2B9709C5F2
Certificate serial:       0DF7
Authority key identifier: C1:D3:12:91:63:8F:4A:40:40:CD:3D:52:DE:C3:FF:2B:97:09:C5:F2
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/wdMSkWOPSkBAzT1S3sP_K5cJxfI.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3014/v5sSEiiIc05FCCFyqe3iSFwVX18.roa
Signing time:             Wed 18 Sep 2024 07:51:21 +0000
ROA not before:           Wed 18 Sep 2024 07:51:21 +0000
ROA not after:            Fri 31 Jan 2025 01:13:46 +0000
asID:                     55990
IP address blocks:        139.9.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3014/wdMSkWOPSkBAzT1S3sP_K5cJxfI.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3014/wdMSkWOPSkBAzT1S3sP_K5cJxfI.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/wdMSkWOPSkBAzT1S3sP_K5cJxfI.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1xHsDTeBWKRHb-bqfXClSpUZWhE.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1xHsDTeBWKRHb-bqfXClSpUZWhE.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/1xHsDTeBWKRHb-bqfXClSpUZWhE.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 14:50:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3575 (0xdf7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C1D31291638F4A4040CD3D52DEC3FF2B9709C5F2
        Validity
            Not Before: Sep 18 07:51:21 2024 GMT
            Not After : Jan 31 01:13:46 2025 GMT
        Subject: CN=BF9B12122888734E45082172A9EDE2485C155F5F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:11:55:e2:13:53:e4:41:6a:92:ce:9f:e1:50:
                    cd:2d:27:7a:ac:62:1f:c5:0e:47:63:13:39:6d:30:
                    ac:83:d8:c6:bc:93:12:f7:b0:b6:20:03:b7:b6:d8:
                    e1:2f:99:df:5d:8f:4c:ad:7d:27:09:3d:d8:39:46:
                    30:67:f9:42:75:29:aa:7d:f0:ca:50:ea:22:f4:e1:
                    53:32:73:29:24:09:99:91:a3:b0:5d:cc:86:63:84:
                    22:45:58:25:b3:ae:d4:9c:7f:ec:8f:3a:85:7a:de:
                    a1:a6:00:81:64:7f:10:3c:2a:0d:fa:15:7f:28:0d:
                    36:18:29:8e:ef:ee:b2:da:24:55:af:f3:d8:cd:31:
                    c5:e4:e7:0b:71:05:06:97:dc:22:47:4f:26:3e:02:
                    ff:00:fc:46:c1:72:a0:a5:57:ec:59:21:91:47:52:
                    0c:17:b8:da:8d:47:dd:47:b1:78:94:4d:63:3f:b7:
                    80:94:dd:ba:ac:ef:83:64:b4:4b:08:48:58:1c:c5:
                    19:06:a3:64:c8:6e:7c:3a:fb:26:df:dc:0f:90:2b:
                    b8:ce:ad:40:b0:fe:91:55:43:59:91:e3:51:ce:10:
                    84:2f:4c:b2:40:24:f8:30:c7:dc:2b:28:1b:5e:a4:
                    49:8b:2b:eb:42:30:70:fd:72:37:58:46:13:8e:55:
                    d3:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:9B:12:12:28:88:73:4E:45:08:21:72:A9:ED:E2:48:5C:15:5F:5F
            X509v3 Authority Key Identifier:
                keyid:C1:D3:12:91:63:8F:4A:40:40:CD:3D:52:DE:C3:FF:2B:97:09:C5:F2

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3014/wdMSkWOPSkBAzT1S3sP_K5cJxfI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/wdMSkWOPSkBAzT1S3sP_K5cJxfI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3014/v5sSEiiIc05FCCFyqe3iSFwVX18.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.9.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:8d:0f:5a:bd:59:d9:1b:db:dd:d5:e2:3c:3d:40:3e:79:d0:
         21:55:ff:94:3f:59:6b:5a:af:1d:7d:26:ce:78:41:d5:9b:b3:
         4c:ef:cf:e1:bf:36:a6:85:e9:ba:b7:df:72:e7:81:3d:d9:45:
         a3:1e:f0:3f:f6:38:de:6b:e6:cb:5c:07:4c:d2:5b:0a:1b:bd:
         0a:f7:78:bd:c7:70:2a:ae:12:54:51:35:db:de:6b:31:4a:fc:
         1f:1e:24:a3:ce:1b:a3:1d:ad:6f:49:c7:50:5b:7d:1a:95:a0:
         83:54:6f:cf:90:ea:76:2a:16:67:93:de:b4:71:81:63:28:9b:
         20:29:6e:2e:72:ab:a8:3a:35:20:78:c6:4c:0d:9c:f6:29:1c:
         21:99:f6:dd:61:e0:47:fd:73:69:b4:e5:b0:4d:d1:b1:86:30:
         f9:af:87:6a:21:bb:54:4e:83:6b:d9:64:f3:00:9d:d4:33:22:
         20:2d:77:33:3f:98:e4:1c:65:02:0b:6f:8d:af:a2:6a:20:b0:
         47:0c:74:59:21:43:36:80:84:c8:f4:6f:6a:21:e2:14:bf:8b:
         c7:0e:1b:73:39:b6:09:e4:2a:17:b3:33:19:8e:a5:8b:33:2e:
         77:ad:48:c6:4b:d4:3e:82:01:3a:70:e5:50:05:de:94:72:45:
         af:67:6b:80
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICDfcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQzFE
MzEyOTE2MzhGNEE0MDQwQ0QzRDUyREVDM0ZGMkI5NzA5QzVGMjAeFw0yNDA5MTgw
NzUxMjFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEJGOUIxMjEyMjg4ODcz
NEU0NTA4MjE3MkE5RURFMjQ4NUMxNTVGNUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCuEVXiE1PkQWqSzp/hUM0tJ3qsYh/FDkdjEzltMKyD2Ma8kxL3
sLYgA7e22OEvmd9dj0ytfScJPdg5RjBn+UJ1Kap98MpQ6iL04VMycykkCZmRo7Bd
zIZjhCJFWCWzrtScf+yPOoV63qGmAIFkfxA8Kg36FX8oDTYYKY7v7rLaJFWv89jN
McXk5wtxBQaX3CJHTyY+Av8A/EbBcqClV+xZIZFHUgwXuNqNR91HsXiUTWM/t4CU
3bqs74NktEsISFgcxRkGo2TIbnw6+ybf3A+QK7jOrUCw/pFVQ1mR41HOEIQvTLJA
JPgwx9wrKBtepEmLK+tCMHD9cjdYRhOOVdMjAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUv5sSEiiIc05FCCFyqe3iSFwVX18wHwYDVR0jBBgwFoAUwdMSkWOPSkBAzT1S
3sP/K5cJxfIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzAx
NC93ZE1Ta1dPUFNrQkF6VDFTM3NQX0s1Y0p4ZkkuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL3dkTVNrV09QU2tCQXpUMVMzc1BfSzVjSnhmSS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwMTQvdjVzU0VpaUljMDVG
Q0NGeXFlM2lTRndWWDE4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAIsJYjANBgkqhkiG9w0BAQsFAAOCAQEAQY0PWr1Z2Rvb3dXiPD1APnnQIVX/
lD9Za1qvHX0mznhB1ZuzTO/P4b82poXpurffcueBPdlFox7wP/Y43mvmy1wHTNJb
Chu9Cvd4vcdwKq4SVFE1295rMUr8Hx4ko84box2tb0nHUFt9GpWgg1Rvz5DqdioW
Z5PetHGBYyibICluLnKrqDo1IHjGTA2c9ikcIZn23WHgR/1zabTlsE3RsYYw+a+H
aiG7VE6Da9lk8wCd1DMiIC13Mz+Y5BxlAgtvja+iaiCwRwx0WSFDNoCEyPRvaiHi
FL+Lxw4bczm2CeQqF7MzGY6lizMud61IxkvUPoIBOnDlUAXelHJFr2drgA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:38:14 2024 by rpki-client on console-fra.rpki-client.org