Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/561/I-ykZaN13GcR9wPHGlIjnvppNcM.roa
File:                     I-ykZaN13GcR9wPHGlIjnvppNcM.roa (raw, json)
Hash identifier:          YZ1qdBSy6eBs2MvMSZVJEF+r9BngmwopStQUth9pzcQ=
Subject key identifier:   23:EC:A4:65:A3:75:DC:67:11:F7:03:C7:1A:52:23:9E:FA:69:35:C3
Certificate issuer:       /CN=83E77F37B3B93850835BAA30EE8FC12D55F87054
Certificate serial:       15CC
Authority key identifier: 83:E7:7F:37:B3:B9:38:50:83:5B:AA:30:EE:8F:C1:2D:55:F8:70:54
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/g-d_N7O5OFCDW6ow7o_BLVX4cFQ.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/561/I-ykZaN13GcR9wPHGlIjnvppNcM.roa
Signing time:             Wed 13 Mar 2024 01:23:59 +0000
ROA not before:           Wed 13 Mar 2024 01:23:59 +0000
ROA not after:            Fri 31 Jan 2025 01:13:46 +0000
asID:                     56282
IP address blocks:        211.155.88.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/561/g-d_N7O5OFCDW6ow7o_BLVX4cFQ.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/561/g-d_N7O5OFCDW6ow7o_BLVX4cFQ.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/g-d_N7O5OFCDW6ow7o_BLVX4cFQ.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 23 Nov 2024 00:23:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5580 (0x15cc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83E77F37B3B93850835BAA30EE8FC12D55F87054
        Validity
            Not Before: Mar 13 01:23:59 2024 GMT
            Not After : Jan 31 01:13:46 2025 GMT
        Subject: CN=23ECA465A375DC6711F703C71A52239EFA6935C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:68:56:72:2c:a0:f9:23:c0:dc:8e:fa:86:42:
                    9e:96:dc:4b:36:fd:0b:b2:53:8a:d7:ea:b1:c4:36:
                    43:ae:e0:f5:af:26:48:98:6d:b8:e1:4e:8a:a1:12:
                    fb:d8:62:95:8a:f6:4e:88:c7:09:01:79:9a:19:03:
                    c3:a3:b4:ef:37:c4:21:bc:b2:b2:d7:95:71:e0:c0:
                    8c:42:4d:40:ff:a8:47:b8:54:27:02:c8:5e:99:a0:
                    bf:85:50:2d:16:2b:80:7a:0a:cd:72:42:4d:98:ed:
                    ac:5e:ab:97:2d:3f:95:dd:5b:a9:d8:e5:e9:50:33:
                    c3:4d:d8:66:4e:ed:e6:23:cf:74:ea:cd:51:7d:be:
                    b0:00:c7:cc:06:c6:2c:8e:4d:f5:7a:89:87:4f:82:
                    c7:45:3a:1e:f9:96:55:74:f8:43:57:c4:fc:a6:af:
                    72:1b:63:f6:cf:68:27:03:7c:f3:87:d2:e9:e3:38:
                    58:80:5b:e0:5f:48:fb:80:77:45:01:d8:ec:5e:b2:
                    29:e9:3a:3a:34:1a:dc:d6:7d:b4:46:4b:78:6a:b9:
                    65:cd:c6:60:10:42:af:0a:93:f0:5d:69:08:71:83:
                    b8:1b:9c:11:aa:55:73:bb:25:41:be:f1:a1:16:ac:
                    2f:7b:c8:62:b4:53:dc:8e:78:a0:2e:a6:df:45:36:
                    64:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:EC:A4:65:A3:75:DC:67:11:F7:03:C7:1A:52:23:9E:FA:69:35:C3
            X509v3 Authority Key Identifier:
                keyid:83:E7:7F:37:B3:B9:38:50:83:5B:AA:30:EE:8F:C1:2D:55:F8:70:54

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/561/g-d_N7O5OFCDW6ow7o_BLVX4cFQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/g-d_N7O5OFCDW6ow7o_BLVX4cFQ.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/561/I-ykZaN13GcR9wPHGlIjnvppNcM.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  211.155.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5a:c5:db:b0:da:ea:17:f1:9b:01:21:a4:49:02:bf:16:ff:bb:
         73:b3:d4:2d:36:69:23:9c:0b:a0:44:b9:2b:0c:19:22:86:a9:
         e1:cb:44:78:3a:62:8f:b7:5c:eb:7a:5c:2b:d4:b2:1a:54:c1:
         64:b9:e8:de:e0:54:77:5a:21:f1:3a:89:31:2f:be:36:6a:81:
         a5:36:13:f0:5e:3f:b6:6e:a2:df:fc:7f:49:2c:de:06:09:86:
         94:05:b9:cd:4e:7c:af:eb:38:70:22:1a:3a:68:6e:58:32:ca:
         3c:39:7c:37:23:54:d1:6e:4f:b0:34:0e:23:40:77:a2:62:e0:
         a9:57:84:c2:77:ff:71:21:34:f9:69:c8:0a:31:2f:b5:84:9e:
         23:d9:3d:e1:c9:5f:26:08:c6:35:43:3a:c6:d6:6c:da:df:ee:
         bb:9b:3a:28:a1:5a:a1:3f:df:2b:cf:48:d0:0f:15:cf:ef:ce:
         d0:f4:1d:6b:5a:4c:69:89:c5:5c:1f:6c:25:3b:08:db:21:f6:
         63:20:cd:5c:79:16:94:86:4d:ed:86:63:f5:12:bf:c2:1d:a8:
         3d:25:16:78:4e:52:8a:1e:32:59:14:96:bd:99:aa:45:e4:58:
         4d:7e:ed:35:1e:0b:3f:a4:e3:82:0a:38:0b:66:5a:a1:58:ee:
         39:a8:89:25
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICFcwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoODNF
NzdGMzdCM0I5Mzg1MDgzNUJBQTMwRUU4RkMxMkQ1NUY4NzA1NDAeFw0yNDAzMTMw
MTIzNTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIzRUNBNDY1QTM3NURD
NjcxMUY3MDNDNzFBNTIyMzlFRkE2OTM1QzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3aFZyLKD5I8DcjvqGQp6W3Es2/QuyU4rX6rHENkOu4PWvJkiY
bbjhToqhEvvYYpWK9k6IxwkBeZoZA8OjtO83xCG8srLXlXHgwIxCTUD/qEe4VCcC
yF6ZoL+FUC0WK4B6Cs1yQk2Y7axeq5ctP5XdW6nY5elQM8NN2GZO7eYjz3TqzVF9
vrAAx8wGxiyOTfV6iYdPgsdFOh75llV0+ENXxPymr3IbY/bPaCcDfPOH0unjOFiA
W+BfSPuAd0UB2OxesinpOjo0GtzWfbRGS3hquWXNxmAQQq8Kk/BdaQhxg7gbnBGq
VXO7JUG+8aEWrC97yGK0U9yOeKAupt9FNmSbAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUI+ykZaN13GcR9wPHGlIjnvppNcMwHwYDVR0jBBgwFoAUg+d/N7O5OFCDW6ow
7o/BLVX4cFQwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTYx
L2ctZF9ON081T0ZDRFc2b3c3b19CTFZYNGNGUS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZy1kX043TzVPRkNEVzZvdzdvX0JMVlg0Y0ZRLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTYxL0kteWtaYU4xM0djUjl3
UEhHbElqbnZwcE5jTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAPTm1gwDQYJKoZIhvcNAQELBQADggEBAFrF27Da6hfxmwEhpEkCvxb/u3Oz1C02
aSOcC6BEuSsMGSKGqeHLRHg6Yo+3XOt6XCvUshpUwWS56N7gVHdaIfE6iTEvvjZq
gaU2E/BeP7Zuot/8f0ks3gYJhpQFuc1OfK/rOHAiGjpoblgyyjw5fDcjVNFuT7A0
DiNAd6Ji4KlXhMJ3/3EhNPlpyAoxL7WEniPZPeHJXyYIxjVDOsbWbNrf7rubOiih
WqE/3yvPSNAPFc/vztD0HWtaTGmJxVwfbCU7CNsh9mMgzVx5FpSGTe2GY/USv8Id
qD0lFnhOUooeMlkUlr2ZqkXkWE1+7TUeCz+k44IKOAtmWqFY7jmoiSU=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:28:46 2024 by rpki-client on console-ams.rpki-client.org