Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/40/XUqYO0gIBGKJdMnRrWNYofV9ASg.roa
File: XUqYO0gIBGKJdMnRrWNYofV9ASg.roa (raw, json)
Hash identifier: wk1aQuhsTJNh/QxRDGrQZqRt8vq+yd3VLEO5BonUzDY=
Subject key identifier: 5D:4A:98:3B:48:08:04:62:89:74:C9:D1:AD:63:58:A1:F5:7D:01:28
Certificate issuer: /CN=AECCCCB79DFE6C466CCADB39896710ECAC37B847
Certificate serial: 184D
Authority key identifier: AE:CC:CC:B7:9D:FE:6C:46:6C:CA:DB:39:89:67:10:EC:AC:37:B8:47
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/rszMt53-bEZsyts5iWcQ7Kw3uEc.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/40/XUqYO0gIBGKJdMnRrWNYofV9ASg.roa
Signing time: Fri 17 Jan 2025 01:30:00 +0000
ROA not before: Fri 17 Jan 2025 01:30:00 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 17429
IP address blocks: 2403:4300::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/40/rszMt53-bEZsyts5iWcQ7Kw3uEc.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/40/rszMt53-bEZsyts5iWcQ7Kw3uEc.mft
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/rszMt53-bEZsyts5iWcQ7Kw3uEc.cer
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 14 Apr 2025 06:07:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6221 (0x184d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=AECCCCB79DFE6C466CCADB39896710ECAC37B847
Validity
Not Before: Jan 17 01:30:00 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=5D4A983B480804628974C9D1AD6358A1F57D0128
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:5a:a4:f9:9e:d1:db:65:62:40:eb:d1:21:b9:
65:a5:25:a3:94:11:89:5e:77:5f:7e:87:f1:95:4a:
4a:d7:d7:40:93:13:3a:12:b5:c0:04:72:3f:d6:51:
44:6c:9b:41:4c:6b:16:d0:e6:51:b1:f4:0a:0b:a0:
2c:74:a7:70:1a:58:3c:06:33:40:4c:1e:62:26:38:
1f:4b:bf:cf:30:16:3f:2f:4a:6e:dd:a0:35:12:3e:
18:53:b7:d6:2f:e2:22:f7:99:f3:b6:73:cf:50:f8:
30:bc:30:43:3b:63:f6:84:47:c2:ec:e1:35:8a:a8:
8e:56:d3:69:1b:e8:06:af:d8:a6:f1:a6:11:f0:1c:
36:4b:9d:0d:d7:3c:db:1d:61:0f:c0:15:39:df:9f:
4f:48:f4:9e:fa:31:a5:d5:02:09:68:f8:0f:19:b0:
91:86:16:c0:78:70:31:3c:81:9b:5f:e8:4e:46:06:
10:d0:07:f8:1c:9e:b7:7b:01:e2:7b:e5:16:14:de:
4e:7a:b9:24:50:a4:2f:4c:f0:0f:51:34:a8:84:eb:
73:d3:64:0f:e9:45:4d:d7:a6:33:b2:72:b5:b2:d5:
a6:1e:fb:31:d3:94:b2:77:ca:7a:73:a7:7a:05:89:
23:e9:13:7b:12:00:d0:63:4b:ad:0e:e6:6c:af:a7:
7b:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:4A:98:3B:48:08:04:62:89:74:C9:D1:AD:63:58:A1:F5:7D:01:28
X509v3 Authority Key Identifier:
keyid:AE:CC:CC:B7:9D:FE:6C:46:6C:CA:DB:39:89:67:10:EC:AC:37:B8:47
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/40/rszMt53-bEZsyts5iWcQ7Kw3uEc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/rszMt53-bEZsyts5iWcQ7Kw3uEc.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/40/XUqYO0gIBGKJdMnRrWNYofV9ASg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2403:4300::/32
Signature Algorithm: sha256WithRSAEncryption
08:9d:e0:be:a9:c1:61:93:50:99:d1:f8:6a:c6:43:aa:69:fc:
ae:0d:b3:ef:6b:93:06:3c:cb:6a:67:73:93:84:fd:a3:9c:8d:
0e:b8:49:85:ad:db:3c:87:09:7f:de:3d:93:98:b6:af:00:97:
e1:51:5d:3e:9c:9d:6b:6f:73:48:70:b7:50:af:08:6a:e0:50:
f1:e3:a8:24:73:7b:c6:3c:c3:56:cf:36:d2:ed:32:91:d0:24:
6b:0a:f0:b8:ae:8b:6b:b8:77:c2:04:49:9f:63:92:21:bb:a1:
d6:d0:d7:2a:07:d7:5a:e7:89:d6:d2:a1:55:d4:ba:8b:28:3d:
98:dc:ad:02:d4:1e:4a:80:db:a1:d4:bb:d2:53:9d:6f:a0:32:
de:02:07:1f:fc:5f:78:e9:fb:4b:94:c0:1a:c6:a4:08:56:a8:
f3:75:fd:f8:02:21:92:91:1a:ac:71:ff:cb:0c:67:8a:4e:f8:
f0:fe:9e:6b:8b:66:ae:63:47:e2:b6:eb:09:3c:bd:4f:33:57:
ac:d0:b8:52:38:56:a1:93:b8:d2:a1:4f:ea:02:83:cb:c6:f6:
ae:a9:bf:4b:de:cb:1c:3d:bd:e9:42:b7:83:78:eb:2c:2f:84:
f3:e3:b3:cd:86:e8:65:0b:7b:b6:95:a8:27:b0:48:39:14:d9:
0e:6d:88:b7
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICGE0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQUVD
Q0NDQjc5REZFNkM0NjZDQ0FEQjM5ODk2NzEwRUNBQzM3Qjg0NzAeFw0yNTAxMTcw
MTMwMDBaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDVENEE5ODNCNDgwODA0
NjI4OTc0QzlEMUFENjM1OEExRjU3RDAxMjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpWqT5ntHbZWJA69EhuWWlJaOUEYled19+h/GVSkrX10CTEzoS
tcAEcj/WUURsm0FMaxbQ5lGx9AoLoCx0p3AaWDwGM0BMHmImOB9Lv88wFj8vSm7d
oDUSPhhTt9Yv4iL3mfO2c89Q+DC8MEM7Y/aER8Ls4TWKqI5W02kb6Aav2KbxphHw
HDZLnQ3XPNsdYQ/AFTnfn09I9J76MaXVAglo+A8ZsJGGFsB4cDE8gZtf6E5GBhDQ
B/gcnrd7AeJ75RYU3k56uSRQpC9M8A9RNKiE63PTZA/pRU3XpjOycrWy1aYe+zHT
lLJ3ynpzp3oFiSPpE3sSANBjS60O5myvp3s9AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUXUqYO0gIBGKJdMnRrWNYofV9ASgwHwYDVR0jBBgwFoAUrszMt53+bEZsyts5
iWcQ7Kw3uEcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDAv
cnN6TXQ1My1iRVpzeXRzNWlXY1E3S3czdUVjLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9yc3pNdDUzLWJFWnN5dHM1aVdjUTdLdzN1RWMuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC80MC9YVXFZTzBnSUJHS0pkTW5S
cldOWW9mVjlBU2cucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUA
JANDADANBgkqhkiG9w0BAQsFAAOCAQEACJ3gvqnBYZNQmdH4asZDqmn8rg2z72uT
BjzLamdzk4T9o5yNDrhJha3bPIcJf949k5i2rwCX4VFdPpyda29zSHC3UK8IauBQ
8eOoJHN7xjzDVs820u0ykdAkawrwuK6La7h3wgRJn2OSIbuh1tDXKgfXWueJ1tKh
VdS6iyg9mNytAtQeSoDbodS70lOdb6Ay3gIHH/xfeOn7S5TAGsakCFao83X9+AIh
kpEarHH/ywxnik748P6ea4tmrmNH4rbrCTy9TzNXrNC4UjhWoZO40qFP6gKDy8b2
rqm/S97LHD296UK3g3jrLC+E8+OzzYboZQt7tpWoJ7BIORTZDm2Itw==
-----END CERTIFICATE-----
Generated at Mon Apr 14 05:11:01 2025 by rpki-client