Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3095/ZTFBOS4TbQI5wTD2it0iJvmbjGI.roa
File: ZTFBOS4TbQI5wTD2it0iJvmbjGI.roa (raw, json)
Hash identifier: 7qjP02DOJKY/YQWYXGBMCl7w4KEpappIbd5+rUbZdQg=
Subject key identifier: 65:31:41:39:2E:13:6D:02:39:C1:30:F6:8A:DD:22:26:F9:9B:8C:62
Certificate issuer: /CN=CB16707EAF0BDFD1326AFD9BDEC6AFFA6E63BA98
Certificate serial: 0712
Authority key identifier: CB:16:70:7E:AF:0B:DF:D1:32:6A:FD:9B:DE:C6:AF:FA:6E:63:BA:98
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/yxZwfq8L39Eyav2b3sav-m5jupg.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3095/ZTFBOS4TbQI5wTD2it0iJvmbjGI.roa
Signing time: Tue 24 Sep 2024 00:17:54 +0000
ROA not before: Tue 24 Sep 2024 00:17:54 +0000
ROA not after: Sat 20 Sep 2025 07:41:26 +0000
asID: 135061
IP address blocks: 202.46.224.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3095/yxZwfq8L39Eyav2b3sav-m5jupg.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3095/yxZwfq8L39Eyav2b3sav-m5jupg.mft
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/yxZwfq8L39Eyav2b3sav-m5jupg.cer
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 14 Apr 2025 15:08:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1810 (0x712)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=CB16707EAF0BDFD1326AFD9BDEC6AFFA6E63BA98
Validity
Not Before: Sep 24 00:17:54 2024 GMT
Not After : Sep 20 07:41:26 2025 GMT
Subject: CN=653141392E136D0239C130F68ADD2226F99B8C62
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:8b:b3:f6:49:12:02:7f:23:5e:da:eb:5d:5c:
10:9c:c3:1a:95:78:1d:72:35:30:de:91:f0:ce:8f:
2e:19:35:df:09:f4:66:8b:e7:09:b4:7c:20:62:46:
04:f2:42:91:5e:95:f9:16:38:8e:e2:f0:16:99:6c:
91:3f:a2:d3:80:08:8f:14:cd:a3:f0:ed:5f:a3:4f:
43:c4:d6:94:be:12:61:a5:63:20:69:82:3e:44:a4:
e2:aa:72:74:14:16:23:43:2a:15:70:fa:84:f7:2d:
cd:b0:97:b0:8f:23:96:9a:28:5e:43:28:b9:db:ca:
c9:43:43:33:ef:d0:36:73:ea:fd:eb:a0:b7:07:ee:
a0:b1:d6:dc:a5:05:13:f9:9f:b5:63:fa:cd:f1:b4:
2e:65:42:07:d0:4e:56:7e:84:51:be:a8:b8:f6:38:
93:2d:0a:15:76:77:e9:cb:9c:d7:f6:a9:fe:74:63:
34:15:d5:7f:19:8a:e3:c0:6d:f6:c4:83:23:c8:fa:
0f:5d:04:75:47:13:0a:8d:54:38:4f:a0:35:c2:a8:
4c:aa:60:56:6a:74:95:0d:c6:6c:43:d4:b7:06:87:
ed:7a:50:b7:99:08:a6:83:5c:dc:99:5c:bf:d6:d8:
ab:04:1b:24:5c:53:92:ba:7c:e9:34:a1:3f:12:9f:
12:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:31:41:39:2E:13:6D:02:39:C1:30:F6:8A:DD:22:26:F9:9B:8C:62
X509v3 Authority Key Identifier:
keyid:CB:16:70:7E:AF:0B:DF:D1:32:6A:FD:9B:DE:C6:AF:FA:6E:63:BA:98
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3095/yxZwfq8L39Eyav2b3sav-m5jupg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/yxZwfq8L39Eyav2b3sav-m5jupg.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3095/ZTFBOS4TbQI5wTD2it0iJvmbjGI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
202.46.224.0/22
Signature Algorithm: sha256WithRSAEncryption
05:ec:c4:5f:76:fd:b4:1b:4f:ce:b3:b8:14:48:66:7b:8d:06:
8e:93:eb:27:06:3b:13:1b:7a:58:43:d6:ea:4c:cd:f8:a2:dc:
f3:bb:1f:33:d7:84:e8:64:0f:c2:6b:9a:9c:0b:b4:9a:80:77:
3f:dc:b8:5d:d3:27:e6:5f:3a:6c:9f:5a:47:4b:f0:3c:2d:98:
94:25:d7:b9:ba:46:5d:12:01:64:f5:37:0f:6a:55:04:ef:1a:
50:e8:97:ad:d6:90:3e:33:9f:e0:66:53:31:0b:05:f1:d1:c1:
67:19:62:ef:7a:23:61:0a:b2:5a:af:94:01:e5:c6:a6:06:68:
f1:63:a8:f1:87:2f:ad:d1:a3:4f:67:61:24:80:4b:2e:8a:19:
74:e3:95:60:31:18:0d:a2:5f:5a:da:5b:8a:4b:5f:46:c9:7f:
f3:f9:53:8b:6b:58:6a:1e:bc:d1:63:1b:63:62:a8:34:08:4a:
81:7d:41:48:18:84:cb:44:11:3f:6b:1b:41:f7:ca:4e:7d:97:
e6:18:dc:1a:f9:5c:d9:32:21:38:9b:7b:ea:d1:86:40:0f:ce:
88:3a:da:f5:4f:75:00:12:d1:a0:4f:b3:09:da:66:dc:dc:5c:
29:32:44:f0:09:84:7b:38:9f:13:14:64:45:d5:02:90:e2:e5:
30:31:1f:c8
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICBxIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQ0Ix
NjcwN0VBRjBCREZEMTMyNkFGRDlCREVDNkFGRkE2RTYzQkE5ODAeFw0yNDA5MjQw
MDE3NTRaFw0yNTA5MjAwNzQxMjZaMDMxMTAvBgNVBAMTKDY1MzE0MTM5MkUxMzZE
MDIzOUMxMzBGNjhBREQyMjI2Rjk5QjhDNjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJi7P2SRICfyNe2utdXBCcwxqVeB1yNTDekfDOjy4ZNd8J9GaL
5wm0fCBiRgTyQpFelfkWOI7i8BaZbJE/otOACI8UzaPw7V+jT0PE1pS+EmGlYyBp
gj5EpOKqcnQUFiNDKhVw+oT3Lc2wl7CPI5aaKF5DKLnbyslDQzPv0DZz6v3roLcH
7qCx1tylBRP5n7Vj+s3xtC5lQgfQTlZ+hFG+qLj2OJMtChV2d+nLnNf2qf50YzQV
1X8ZiuPAbfbEgyPI+g9dBHVHEwqNVDhPoDXCqEyqYFZqdJUNxmxD1LcGh+16ULeZ
CKaDXNyZXL/W2KsEGyRcU5K6fOk0oT8SnxLFAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUZTFBOS4TbQI5wTD2it0iJvmbjGIwHwYDVR0jBBgwFoAUyxZwfq8L39Eyav2b
3sav+m5jupgwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
NS95eFp3ZnE4TDM5RXlhdjJiM3Nhdi1tNWp1cGcuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL3l4WndmcThMMzlFeWF2MmIzc2F2LW01anVwZy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTUvWlRGQk9TNFRiUUk1
d1REMml0MGlKdm1iakdJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAsou4DANBgkqhkiG9w0BAQsFAAOCAQEABezEX3b9tBtPzrO4FEhme40GjpPr
JwY7Ext6WEPW6kzN+KLc87sfM9eE6GQPwmuanAu0moB3P9y4XdMn5l86bJ9aR0vw
PC2YlCXXubpGXRIBZPU3D2pVBO8aUOiXrdaQPjOf4GZTMQsF8dHBZxli73ojYQqy
Wq+UAeXGpgZo8WOo8YcvrdGjT2dhJIBLLooZdOOVYDEYDaJfWtpbiktfRsl/8/lT
i2tYah680WMbY2KoNAhKgX1BSBiEy0QRP2sbQffKTn2X5hjcGvlc2TIhOJt76tGG
QA/OiDra9U91ABLRoE+zCdpm3NxcKTJE8AmEezifExRkRdUCkOLlMDEfyA==
-----END CERTIFICATE-----
Generated at Mon Apr 14 11:28:16 2025 by rpki-client