Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3272/Qjf32VmCtmNjH_6Zx_n_ZbHTAy4.roa
File:                     Qjf32VmCtmNjH_6Zx_n_ZbHTAy4.roa (raw, json)
Hash identifier:          u5uvBTkGZaUzpMjb/HVAcJPApOyTE8w7c/L3ITMD10I=
Subject key identifier:   42:37:F7:D9:59:82:B6:63:63:1F:FE:99:C7:F9:FF:65:B1:D3:03:2E
Certificate issuer:       /CN=B52F0F3FF7371FF1CE9D823E9549FC1158B16A2A
Certificate serial:       03
Authority key identifier: B5:2F:0F:3F:F7:37:1F:F1:CE:9D:82:3E:95:49:FC:11:58:B1:6A:2A
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/tS8PP_c3H_HOnYI-lUn8EVixaio.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3272/Qjf32VmCtmNjH_6Zx_n_ZbHTAy4.roa
Signing time:             Fri 29 Mar 2024 04:34:05 +0000
ROA not before:           Fri 29 Mar 2024 04:34:04 +0000
ROA not after:            Sat 29 Mar 2025 01:10:17 +0000
asID:                     211392
IP address blocks:        157.66.42.0/23 maxlen: 24
                          157.66.42.0/24 maxlen: 24
                          157.66.43.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 05 Nov 2024 07:32:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=B52F0F3FF7371FF1CE9D823E9549FC1158B16A2A
        Validity
            Not Before: Mar 29 04:34:04 2024 GMT
            Not After : Mar 29 01:10:17 2025 GMT
        Subject: CN=4237F7D95982B663631FFE99C7F9FF65B1D3032E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:39:7d:81:54:2a:99:32:39:0e:0a:76:3e:70:
                    1f:60:5b:d9:ba:39:43:6e:af:d1:52:7a:6a:c4:41:
                    d7:f4:2a:35:2c:e4:37:c2:20:fd:d5:30:b7:ed:82:
                    1f:24:69:05:5f:9d:e9:c1:e2:5e:ea:26:a0:e4:a6:
                    8d:6d:c3:67:47:d5:09:2b:74:31:29:e8:f4:fb:e1:
                    c2:49:85:a6:68:5b:cc:62:f5:b5:3a:ae:69:e5:7b:
                    b8:18:23:a7:41:37:55:8f:7c:55:a8:54:fb:fe:87:
                    48:80:94:88:a6:22:2c:b0:a6:9f:9f:97:9d:8e:13:
                    a1:43:32:bb:b3:16:dd:47:0a:d5:cd:8a:01:ad:bc:
                    64:35:4e:9a:8a:f6:b3:6f:82:bb:8e:f3:5f:14:de:
                    24:6d:4b:3b:e1:6d:51:26:7a:63:c4:3a:a0:7b:f0:
                    e6:06:f2:51:b3:7a:8c:af:35:68:87:fc:fb:7c:b2:
                    cc:6c:70:98:c5:55:7b:a5:05:11:9b:1a:e5:cf:76:
                    39:be:95:17:d7:79:25:85:77:1f:50:f0:7e:d1:a3:
                    c4:ac:db:c3:3e:01:c1:d4:8e:f5:61:6d:31:e9:2a:
                    78:a6:cd:75:11:25:d2:6b:85:35:9e:ef:a3:bd:35:
                    c4:29:cf:44:50:98:e2:ac:81:ae:3b:15:49:fb:8e:
                    e5:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:37:F7:D9:59:82:B6:63:63:1F:FE:99:C7:F9:FF:65:B1:D3:03:2E
            X509v3 Authority Key Identifier:
                keyid:B5:2F:0F:3F:F7:37:1F:F1:CE:9D:82:3E:95:49:FC:11:58:B1:6A:2A

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3272/tS8PP_c3H_HOnYI-lUn8EVixaio.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/tS8PP_c3H_HOnYI-lUn8EVixaio.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3272/Qjf32VmCtmNjH_6Zx_n_ZbHTAy4.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.66.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:9e:b6:2c:a6:aa:b3:7b:e0:57:3e:80:4d:2e:f5:a6:58:0d:
         a1:67:0f:6a:5e:0c:ca:52:5a:5f:37:7d:dc:0d:28:30:0f:28:
         9c:3b:20:f4:59:89:98:50:4d:2e:97:34:df:fa:1b:00:74:d3:
         ea:22:1b:e1:b2:82:31:6c:85:1b:bd:2d:65:7c:21:bd:03:34:
         85:14:10:ab:e4:31:25:31:03:de:f9:98:74:52:87:bb:fe:6a:
         ea:e1:79:fd:6c:fe:ca:88:67:e4:a3:52:f4:c1:f5:88:cb:5d:
         d1:bf:08:d3:08:4c:7c:5f:e6:e6:21:8a:a2:48:76:4f:e2:76:
         c2:0d:ee:fb:31:b3:fc:0a:2d:1f:29:90:cd:8d:be:6b:d1:08:
         c8:3b:51:3d:43:5b:10:88:6d:25:5d:88:17:aa:6b:63:e9:f8:
         c0:dd:fd:79:eb:3d:6a:56:a9:31:8c:3d:75:70:70:e8:5c:fd:
         f0:7c:8a:d9:a3:b3:19:d6:97:5a:c5:75:94:6d:3e:19:15:14:
         e4:6a:19:be:26:42:6d:bb:8a:6d:ea:64:e6:64:73:5c:42:d3:
         47:a5:f4:52:89:3b:56:d5:96:67:80:5c:00:37:a1:3d:62:78:
         a9:2e:f4:a4:33:c9:e1:3d:a7:9e:51:6c:a0:cb:db:de:be:ee:
         46:35:db:bb
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhCNTJG
MEYzRkY3MzcxRkYxQ0U5RDgyM0U5NTQ5RkMxMTU4QjE2QTJBMB4XDTI0MDMyOTA0
MzQwNFoXDTI1MDMyOTAxMTAxN1owMzExMC8GA1UEAxMoNDIzN0Y3RDk1OTgyQjY2
MzYzMUZGRTk5QzdGOUZGNjVCMUQzMDMyRTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANI5fYFUKpkyOQ4Kdj5wH2Bb2bo5Q26v0VJ6asRB1/QqNSzkN8Ig
/dUwt+2CHyRpBV+d6cHiXuomoOSmjW3DZ0fVCSt0MSno9PvhwkmFpmhbzGL1tTqu
aeV7uBgjp0E3VY98VahU+/6HSICUiKYiLLCmn5+XnY4ToUMyu7MW3UcK1c2KAa28
ZDVOmor2s2+Cu47zXxTeJG1LO+FtUSZ6Y8Q6oHvw5gbyUbN6jK81aIf8+3yyzGxw
mMVVe6UFEZsa5c92Ob6VF9d5JYV3H1DwftGjxKzbwz4BwdSO9WFtMekqeKbNdREl
0muFNZ7vo701xCnPRFCY4qyBrjsVSfuO5RUCAwEAAaOCAfMwggHvMB0GA1UdDgQW
BBRCN/fZWYK2Y2Mf/pnH+f9lsdMDLjAfBgNVHSMEGDAWgBS1Lw8/9zcf8c6dgj6V
SfwRWLFqKjAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMF0GA1UdHwRWMFQwUqBQ
oE6GTHJzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8zMjcy
L3RTOFBQX2MzSF9IT25ZSS1sVW44RVZpeGFpby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdFM4UFBfYzNIX0hPbllJLWxVbjhFVml4YWlvLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZ0GCCsGAQUFBwELBIGQMIGNMFgGCCsGAQUFBzALhkxyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzI3Mi9RamYzMlZtQ3RtTmpI
XzZaeF9uX1piSFRBeTQucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25u
aWMuY24vcnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQBnUIqMA0GCSqGSIb3DQEBCwUAA4IBAQBOnrYspqqze+BXPoBNLvWmWA2hZw9q
XgzKUlpfN33cDSgwDyicOyD0WYmYUE0ulzTf+hsAdNPqIhvhsoIxbIUbvS1lfCG9
AzSFFBCr5DElMQPe+Zh0Uoe7/mrq4Xn9bP7KiGfko1L0wfWIy13RvwjTCEx8X+bm
IYqiSHZP4nbCDe77MbP8Ci0fKZDNjb5r0QjIO1E9Q1sQiG0lXYgXqmtj6fjA3f15
6z1qVqkxjD11cHDoXP3wfIrZo7MZ1pdaxXWUbT4ZFRTkahm+JkJtu4pt6mTmZHNc
QtNHpfRSiTtW1ZZngFwAN6E9YnipLvSkM8nhPaeeUWygy9vevu5GNdu7
-----END CERTIFICATE-----
Generated at Tue Nov 5 10:21:31 2024 by rpki-client on console-fra.rpki-client.org