Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/577/HpsVFO6_Pl0eVKgFB0sZBcaRYJc.roa
File:                     HpsVFO6_Pl0eVKgFB0sZBcaRYJc.roa (raw, json)
Hash identifier:          VCwwcNDVcj6OUCOOXmn2X3wigBTfWtBzggXWQCkbUKU=
Subject key identifier:   1E:9B:15:14:EE:BF:3E:5D:1E:54:A8:05:07:4B:19:05:C6:91:60:97
Certificate issuer:       /CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Certificate serial:       16CF
Authority key identifier: 75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/HpsVFO6_Pl0eVKgFB0sZBcaRYJc.roa
Signing time:             Tue 19 Nov 2024 02:39:42 +0000
ROA not before:           Tue 19 Nov 2024 02:39:42 +0000
ROA not after:            Sat 27 Sep 2025 02:40:14 +0000
asID:                     139259
IP address blocks:        45.252.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 23:51:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5839 (0x16cf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
        Validity
            Not Before: Nov 19 02:39:42 2024 GMT
            Not After : Sep 27 02:40:14 2025 GMT
        Subject: CN=1E9B1514EEBF3E5D1E54A805074B1905C6916097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:be:5a:85:e4:a8:af:a0:30:bd:11:1f:7f:85:
                    a0:95:cf:9c:55:88:b0:10:d3:de:75:64:33:c9:5e:
                    8d:33:69:d8:05:31:2e:03:2d:13:4a:49:2e:98:60:
                    39:6c:b8:23:15:25:76:52:68:5e:c4:c4:3b:11:a1:
                    19:2a:29:91:14:be:98:96:0d:7c:61:3d:e0:ed:28:
                    44:03:bb:ee:fd:0f:21:19:2c:84:97:07:32:5c:66:
                    96:c4:2a:7d:7a:b8:c6:e8:1a:5c:ff:8c:bf:27:0e:
                    bb:aa:5d:a0:c3:88:71:06:b0:f0:2d:f8:09:a9:1f:
                    4e:70:d2:aa:bd:46:b8:bf:bd:a4:aa:fb:2b:4a:70:
                    1d:5b:4c:45:7f:b3:a9:f8:28:43:c3:0a:ed:36:a9:
                    ae:20:34:40:4e:7e:b1:03:69:8b:f3:9e:4b:f7:32:
                    6f:92:25:ea:a1:80:00:28:6f:45:fa:03:c6:d3:47:
                    cb:03:0e:6d:95:af:df:a4:99:56:c3:fe:a5:16:8f:
                    09:c0:3e:9a:59:8f:84:51:3c:51:18:46:6e:e2:1f:
                    42:b4:53:ca:d0:9c:50:72:07:46:de:2e:8e:e7:a9:
                    69:e4:7e:ec:42:c5:eb:5f:24:8d:bf:9f:37:e6:9a:
                    98:92:46:7d:e4:6b:81:e2:fa:2d:e7:d2:d8:40:cc:
                    9d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:9B:15:14:EE:BF:3E:5D:1E:54:A8:05:07:4B:19:05:C6:91:60:97
            X509v3 Authority Key Identifier:
                keyid:75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/HpsVFO6_Pl0eVKgFB0sZBcaRYJc.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.252.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:f2:07:90:4a:85:00:b5:4f:0c:74:58:05:eb:14:13:ea:ed:
         0b:25:f2:f8:91:ff:cf:bd:1a:1e:3e:c6:a1:63:dc:7f:ca:bf:
         b8:d8:c7:2c:55:60:1e:6e:76:be:8d:cf:30:e0:3b:17:7f:b9:
         1e:f9:d6:df:a1:e4:18:92:ed:83:45:e6:9b:ae:24:bb:b0:75:
         f1:ef:48:1b:27:c9:27:ae:a9:1e:dd:34:76:ac:60:66:a9:6e:
         5d:a0:9a:a3:db:5f:ea:43:87:8d:54:1b:bb:a7:15:ef:9b:22:
         3e:94:fe:e9:e2:1b:2c:3b:1e:ff:32:72:3c:d7:96:ed:84:54:
         1d:34:2d:ba:71:3b:fa:d6:91:c5:f2:37:7d:85:63:7d:03:2d:
         13:fd:f2:64:ce:40:af:a0:ad:aa:a3:d6:c2:9d:6b:95:e8:06:
         be:30:8a:e3:a5:3e:7e:8e:6a:ce:21:97:ea:23:b7:d2:01:10:
         68:b2:f1:ee:65:6a:2f:ee:98:56:43:52:ab:5d:f8:24:ea:85:
         1b:00:75:5c:6e:da:0e:ef:b3:ac:d2:69:f6:10:ed:7f:3a:a4:
         af:29:7b:e5:60:fc:30:eb:03:7b:aa:fc:4c:db:14:37:68:d4:
         44:70:dc:b4:0d:c7:16:ae:da:9c:58:5d:ad:5b:08:c5:f1:7d:
         76:d6:49:15
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICFs8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzVC
NDcxNEM0RjYxQkVBMDRBMDJDRjlDRjU2M0FFMTM0RjQ3OUM4NTAeFw0yNDExMTkw
MjM5NDJaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDFFOUIxNTE0RUVCRjNF
NUQxRTU0QTgwNTA3NEIxOTA1QzY5MTYwOTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/vlqF5KivoDC9ER9/haCVz5xViLAQ0951ZDPJXo0zadgFMS4D
LRNKSS6YYDlsuCMVJXZSaF7ExDsRoRkqKZEUvpiWDXxhPeDtKEQDu+79DyEZLISX
BzJcZpbEKn16uMboGlz/jL8nDruqXaDDiHEGsPAt+AmpH05w0qq9Rri/vaSq+ytK
cB1bTEV/s6n4KEPDCu02qa4gNEBOfrEDaYvznkv3Mm+SJeqhgAAob0X6A8bTR8sD
Dm2Vr9+kmVbD/qUWjwnAPppZj4RRPFEYRm7iH0K0U8rQnFByB0beLo7nqWnkfuxC
xetfJI2/nzfmmpiSRn3ka4Hi+i3n0thAzJ2/AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUHpsVFO6/Pl0eVKgFB0sZBcaRYJcwHwYDVR0jBBgwFoAUdbRxTE9hvqBKAs+c
9WOuE09HnIUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3
L2RiUnhURTlodnFCS0FzLWM5V091RTA5SG5JVS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZGJSeFRFOWh2cUJLQXMtYzlXT3VFMDlIbklVLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3L0hwc1ZGTzZfUGwwZVZL
Z0ZCMHNaQmNhUllKYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAAt/JEwDQYJKoZIhvcNAQELBQADggEBAMfyB5BKhQC1Twx0WAXrFBPq7Qsl8viR
/8+9Gh4+xqFj3H/Kv7jYxyxVYB5udr6NzzDgOxd/uR751t+h5BiS7YNF5puuJLuw
dfHvSBsnySeuqR7dNHasYGapbl2gmqPbX+pDh41UG7unFe+bIj6U/uniGyw7Hv8y
cjzXlu2EVB00LbpxO/rWkcXyN32FY30DLRP98mTOQK+graqj1sKda5XoBr4wiuOl
Pn6Oas4hl+ojt9IBEGiy8e5lai/umFZDUqtd+CTqhRsAdVxu2g7vs6zSafYQ7X86
pK8pe+Vg/DDrA3uq/EzbFDdo1ERw3LQNxxau2pxYXa1bCMXxfXbWSRU=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:28:46 2024 by rpki-client on console-ams.rpki-client.org