Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3130/c_xK-3L1H5aq4hkqGimx6fiNR34.roa
File:                     c_xK-3L1H5aq4hkqGimx6fiNR34.roa (raw, json)
Hash identifier:          S3I+CTElceBgERjFByP02U9n9x51lrs9o7yUJBeBIuo=
Subject key identifier:   73:FC:4A:FB:72:F5:1F:96:AA:E2:19:2A:1A:29:B1:E9:F8:8D:47:7E
Certificate issuer:       /CN=2B0C50542CA87AA3C12F30C32323062C87102221
Certificate serial:       1246
Authority key identifier: 2B:0C:50:54:2C:A8:7A:A3:C1:2F:30:C3:23:23:06:2C:87:10:22:21
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KwxQVCyoeqPBLzDDIyMGLIcQIiE.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3130/c_xK-3L1H5aq4hkqGimx6fiNR34.roa
Signing time:             Tue 20 Aug 2024 12:56:43 +0000
ROA not before:           Tue 20 Aug 2024 12:56:43 +0000
ROA not after:            Fri 31 Jan 2025 01:13:46 +0000
asID:                     984
IP address blocks:        180.223.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3130/KwxQVCyoeqPBLzDDIyMGLIcQIiE.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3130/KwxQVCyoeqPBLzDDIyMGLIcQIiE.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KwxQVCyoeqPBLzDDIyMGLIcQIiE.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 06:23:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4678 (0x1246)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2B0C50542CA87AA3C12F30C32323062C87102221
        Validity
            Not Before: Aug 20 12:56:43 2024 GMT
            Not After : Jan 31 01:13:46 2025 GMT
        Subject: CN=73FC4AFB72F51F96AAE2192A1A29B1E9F88D477E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a6:d3:cf:5e:a2:4a:d1:d1:e1:96:2c:81:f4:
                    09:86:3c:01:f1:12:20:db:89:ef:1f:ad:e0:59:1e:
                    29:5b:9a:d8:3c:7a:c3:98:e5:2d:f3:b7:64:12:45:
                    02:80:25:06:3f:94:07:bd:7f:c9:29:94:98:1a:6c:
                    7e:0d:93:a5:0c:d8:15:31:e1:ae:1b:bf:77:f1:6b:
                    23:45:56:ff:5d:2f:f5:49:f4:e4:f4:f9:32:fa:70:
                    51:bb:68:d5:fb:fe:0e:2c:57:20:7d:c4:3a:84:54:
                    c8:b9:47:b7:32:fe:d8:d3:39:8e:1d:42:ba:c4:34:
                    c8:b6:4d:f1:b9:69:35:5d:52:f0:e0:d0:e3:49:c9:
                    9b:84:0a:84:f4:6b:2b:18:42:5d:88:12:86:0e:ce:
                    1c:67:c7:26:a1:ed:1a:63:cd:57:a7:5f:f0:14:f0:
                    b7:2c:e4:e7:ec:92:ba:29:cc:17:c5:bd:95:04:8b:
                    91:fb:1d:f4:c7:9f:f2:e9:8b:70:ac:a4:f6:33:8e:
                    ce:4e:de:b0:7d:11:73:34:6c:f1:04:e0:77:9d:45:
                    f6:70:c7:cc:cd:be:0c:2a:3c:89:5a:52:d0:2c:57:
                    b3:d9:7c:72:fe:b3:14:fd:a7:c3:9e:e8:d4:76:14:
                    d2:53:6d:ad:e6:9c:bd:52:f0:2c:7f:99:a9:61:91:
                    27:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:FC:4A:FB:72:F5:1F:96:AA:E2:19:2A:1A:29:B1:E9:F8:8D:47:7E
            X509v3 Authority Key Identifier:
                keyid:2B:0C:50:54:2C:A8:7A:A3:C1:2F:30:C3:23:23:06:2C:87:10:22:21

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3130/KwxQVCyoeqPBLzDDIyMGLIcQIiE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KwxQVCyoeqPBLzDDIyMGLIcQIiE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3130/c_xK-3L1H5aq4hkqGimx6fiNR34.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  180.223.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:d8:26:55:8c:c7:63:eb:40:97:d7:67:7c:31:f1:56:31:86:
         40:b7:22:ae:d5:8c:6f:76:2b:1f:9f:f0:53:f5:8c:16:63:ae:
         ba:a9:d1:9c:9c:11:e5:92:f1:13:c3:67:f5:42:d5:94:a6:7c:
         0d:73:87:ab:03:97:3c:ad:e4:5c:17:21:b2:6d:d0:af:6a:26:
         6b:40:a9:be:2c:71:6a:94:d9:3e:2d:6a:aa:2c:b3:10:23:77:
         1c:27:80:79:59:47:ee:9c:9b:e9:8e:3c:d1:ec:87:62:56:bb:
         09:b9:e0:be:3e:7f:98:e8:81:25:46:fe:55:1f:8c:d7:b7:b4:
         00:d6:1c:69:58:3d:2d:f3:a5:43:a5:cb:12:a2:cf:56:ef:f3:
         89:7c:40:5d:db:50:6c:18:fe:ad:a1:8d:24:1f:11:3a:8d:48:
         70:e4:97:56:96:99:28:cc:e2:19:ef:ce:04:a7:5b:c7:5d:d1:
         41:02:8f:36:9f:e6:39:b2:1d:14:0b:ad:49:7e:f7:16:b9:f2:
         d0:c6:81:ce:2a:76:d9:a4:04:f0:26:0b:be:24:68:6a:84:cb:
         b9:e2:5a:47:98:0e:1d:3e:45:b1:53:cd:6a:c6:f1:70:82:8b:
         9d:77:9c:02:d3:25:3a:56:2c:28:a6:55:84:81:ad:18:bb:0f:
         56:fb:fb:b7
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICEkYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkIw
QzUwNTQyQ0E4N0FBM0MxMkYzMEMzMjMyMzA2MkM4NzEwMjIyMTAeFw0yNDA4MjAx
MjU2NDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDczRkM0QUZCNzJGNTFG
OTZBQUUyMTkyQTFBMjlCMUU5Rjg4RDQ3N0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2ptPPXqJK0dHhliyB9AmGPAHxEiDbie8freBZHilbmtg8esOY
5S3zt2QSRQKAJQY/lAe9f8kplJgabH4Nk6UM2BUx4a4bv3fxayNFVv9dL/VJ9OT0
+TL6cFG7aNX7/g4sVyB9xDqEVMi5R7cy/tjTOY4dQrrENMi2TfG5aTVdUvDg0ONJ
yZuECoT0aysYQl2IEoYOzhxnxyah7RpjzVenX/AU8Lcs5OfskropzBfFvZUEi5H7
HfTHn/Lpi3CspPYzjs5O3rB9EXM0bPEE4HedRfZwx8zNvgwqPIlaUtAsV7PZfHL+
sxT9p8Oe6NR2FNJTba3mnL1S8Cx/malhkSc5AgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUc/xK+3L1H5aq4hkqGimx6fiNR34wHwYDVR0jBBgwFoAUKwxQVCyoeqPBLzDD
IyMGLIcQIiEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzEz
MC9Ld3hRVkN5b2VxUEJMekRESXlNR0xJY1FJaUUuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL0t3eFFWQ3lvZXFQQkx6RERJeU1HTEljUUlpRS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMxMzAvY194Sy0zTDFINWFx
NGhrcUdpbXg2ZmlOUjM0LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALTffjANBgkqhkiG9w0BAQsFAAOCAQEAwdgmVYzHY+tAl9dnfDHxVjGGQLci
rtWMb3YrH5/wU/WMFmOuuqnRnJwR5ZLxE8Nn9ULVlKZ8DXOHqwOXPK3kXBchsm3Q
r2oma0CpvixxapTZPi1qqiyzECN3HCeAeVlH7pyb6Y480eyHYla7Cbngvj5/mOiB
JUb+VR+M17e0ANYcaVg9LfOlQ6XLEqLPVu/ziXxAXdtQbBj+raGNJB8ROo1IcOSX
VpaZKMziGe/OBKdbx13RQQKPNp/mObIdFAutSX73Frny0MaBzip22aQE8CYLviRo
aoTLueJaR5gOHT5FsVPNasbxcIKLnXecAtMlOlYsKKZVhIGtGLsPVvv7tw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 05:50:43 2024 by rpki-client on console-fra.rpki-client.org