Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/577/FqeiEWgxy-wr4MuOnk2BZGE_sXg.roa
File:                     FqeiEWgxy-wr4MuOnk2BZGE_sXg.roa (raw, json)
Hash identifier:          jg1NsKj6TKaYz8SCANEWGEX22O8ZLHwxr8Jcw/p9wVc=
Subject key identifier:   16:A7:A2:11:68:31:CB:EC:2B:E0:CB:8E:9E:4D:81:64:61:3F:B1:78
Certificate issuer:       /CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Certificate serial:       154A
Authority key identifier: 75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/FqeiEWgxy-wr4MuOnk2BZGE_sXg.roa
Signing time:             Wed 11 Sep 2024 03:59:20 +0000
ROA not before:           Wed 11 Sep 2024 03:59:20 +0000
ROA not after:            Fri 31 Jan 2025 01:13:46 +0000
asID:                     139259
IP address blocks:        103.221.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 23:51:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5450 (0x154a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
        Validity
            Not Before: Sep 11 03:59:20 2024 GMT
            Not After : Jan 31 01:13:46 2025 GMT
        Subject: CN=16A7A2116831CBEC2BE0CB8E9E4D8164613FB178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:43:bc:9a:1f:e5:b2:b6:e4:48:97:ea:32:c9:
                    34:80:85:77:86:da:0f:85:33:91:f0:4c:5e:c4:6d:
                    ca:93:aa:58:eb:49:39:c9:5d:9a:83:65:26:81:04:
                    61:4c:19:1a:f0:0a:40:7f:18:54:7f:b7:1f:45:9c:
                    ab:a2:ff:10:c7:35:35:55:56:44:fb:7d:00:34:c9:
                    01:57:86:32:02:79:74:d6:ca:ef:da:fe:ea:a2:4a:
                    9a:2f:db:07:1f:3c:d9:34:cf:9d:7d:4e:cc:f4:ac:
                    da:38:01:e8:eb:25:1d:a6:a2:da:47:a0:6b:a9:11:
                    ea:ac:ed:b9:ed:53:da:aa:67:d2:14:4d:6d:df:a9:
                    b8:ab:c6:e0:c0:73:be:b0:a3:e8:b1:24:de:2a:e3:
                    d5:dd:e8:56:47:96:06:37:1e:ff:39:a4:06:33:6f:
                    67:89:ce:8f:6a:b8:65:7e:39:9c:f0:58:b4:e5:f2:
                    80:74:6e:6c:37:3b:78:e3:9f:70:cf:3a:a7:5e:35:
                    82:98:3f:1b:b3:05:66:8d:5c:bd:b3:15:ff:8f:d8:
                    8c:14:13:89:b7:02:4e:f4:52:6d:a9:28:71:ee:4c:
                    8a:73:39:bd:1f:46:bd:ba:c5:d3:5b:cd:c1:f5:91:
                    21:eb:7b:0c:8d:6e:44:27:d1:f9:c6:19:0c:1f:54:
                    18:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:A7:A2:11:68:31:CB:EC:2B:E0:CB:8E:9E:4D:81:64:61:3F:B1:78
            X509v3 Authority Key Identifier:
                keyid:75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/FqeiEWgxy-wr4MuOnk2BZGE_sXg.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.221.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:e3:cb:98:b3:71:88:7d:52:82:66:fd:14:84:d5:37:2e:b7:
         8c:75:42:a4:e5:f9:05:3c:ce:81:32:cb:85:6e:60:c9:a0:c8:
         60:6f:fa:c2:af:76:05:da:95:8a:c3:cf:fa:9f:51:f7:c9:0f:
         c4:25:5f:32:24:e5:d2:d2:41:e2:f6:a5:80:7a:aa:24:6b:db:
         b2:d7:44:fa:18:aa:54:7a:fb:12:6c:91:cc:69:46:16:ce:79:
         bd:f9:a4:65:69:5b:a5:d3:d4:eb:6b:55:92:70:83:af:01:12:
         38:c9:c2:91:31:71:e8:64:4d:dd:11:54:df:8f:05:68:71:94:
         4c:13:6e:6e:89:52:a9:93:b7:c9:56:8e:59:e1:10:6a:fe:1d:
         35:cf:22:58:db:c3:7e:53:df:6b:3e:e9:3f:e6:4e:2b:70:0f:
         cb:8c:ea:49:5a:cf:88:42:23:d0:b5:89:d8:45:aa:5b:91:b6:
         41:6d:92:da:50:bb:23:98:2c:dd:72:5b:d2:95:42:02:8b:e3:
         71:c7:fd:12:c4:cf:e0:51:78:58:01:94:9e:0f:78:de:6d:76:
         28:49:7d:83:ab:d5:70:41:90:df:38:96:9d:17:42:df:a7:21:
         f0:61:fe:bf:02:91:e1:31:c9:64:6f:3b:58:b1:c6:bb:03:cd:
         74:98:da:4f
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICFUowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzVC
NDcxNEM0RjYxQkVBMDRBMDJDRjlDRjU2M0FFMTM0RjQ3OUM4NTAeFw0yNDA5MTEw
MzU5MjBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDE2QTdBMjExNjgzMUNC
RUMyQkUwQ0I4RTlFNEQ4MTY0NjEzRkIxNzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSQ7yaH+WytuRIl+oyyTSAhXeG2g+FM5HwTF7EbcqTqljrSTnJ
XZqDZSaBBGFMGRrwCkB/GFR/tx9FnKui/xDHNTVVVkT7fQA0yQFXhjICeXTWyu/a
/uqiSpov2wcfPNk0z519Tsz0rNo4AejrJR2motpHoGupEeqs7bntU9qqZ9IUTW3f
qbirxuDAc76wo+ixJN4q49Xd6FZHlgY3Hv85pAYzb2eJzo9quGV+OZzwWLTl8oB0
bmw3O3jjn3DPOqdeNYKYPxuzBWaNXL2zFf+P2IwUE4m3Ak70Um2pKHHuTIpzOb0f
Rr26xdNbzcH1kSHrewyNbkQn0fnGGQwfVBgbAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUFqeiEWgxy+wr4MuOnk2BZGE/sXgwHwYDVR0jBBgwFoAUdbRxTE9hvqBKAs+c
9WOuE09HnIUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3
L2RiUnhURTlodnFCS0FzLWM5V091RTA5SG5JVS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZGJSeFRFOWh2cUJLQXMtYzlXT3VFMDlIbklVLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3L0ZxZWlFV2d4eS13cjRN
dU9uazJCWkdFX3NYZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABn3RwwDQYJKoZIhvcNAQELBQADggEBADvjy5izcYh9UoJm/RSE1Tcut4x1QqTl
+QU8zoEyy4VuYMmgyGBv+sKvdgXalYrDz/qfUffJD8QlXzIk5dLSQeL2pYB6qiRr
27LXRPoYqlR6+xJskcxpRhbOeb35pGVpW6XT1OtrVZJwg68BEjjJwpExcehkTd0R
VN+PBWhxlEwTbm6JUqmTt8lWjlnhEGr+HTXPIljbw35T32s+6T/mTitwD8uM6kla
z4hCI9C1idhFqluRtkFtktpQuyOYLN1yW9KVQgKL43HH/RLEz+BReFgBlJ4PeN5t
dihJfYOr1XBBkN84lp0XQt+nIfBh/r8CkeExyWRvO1ixxrsDzXSY2k8=
-----END CERTIFICATE-----
Generated at Fri Nov 22 21:14:13 2024 by rpki-client on console-fra.rpki-client.org