Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/577/kROLUB_S-GEBkGaL_mNmP6PTBSs.roa
File: kROLUB_S-GEBkGaL_mNmP6PTBSs.roa (raw, json)
Hash identifier: oomSJuKxjRnNINGmEKmJIlRTRF/e3CAz4IaIYV8YwHQ=
Subject key identifier: 91:13:8B:50:1F:D2:F8:61:01:90:66:8B:FE:63:66:3F:A3:D3:05:2B
Certificate issuer: /CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Certificate serial: 0E34
Authority key identifier: 75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/kROLUB_S-GEBkGaL_mNmP6PTBSs.roa
Signing time: Fri 17 May 2024 05:45:35 +0000
ROA not before: Fri 17 May 2024 05:45:35 +0000
ROA not after: Fri 07 Jun 2024 02:16:11 +0000
asID: 59083
IP address blocks: 43.254.152.0/22 maxlen: 24
43.254.153.0/24 maxlen: 24
43.254.154.0/23 maxlen: 24
43.254.154.0/24 maxlen: 24
43.254.155.0/24 maxlen: 24
59.153.168.0/23 maxlen: 24
103.5.192.0/22 maxlen: 24
103.10.0.0/23 maxlen: 24
103.10.0.0/24 maxlen: 24
103.10.1.0/24 maxlen: 24
103.10.2.0/23 maxlen: 24
103.10.2.0/24 maxlen: 24
103.10.3.0/24 maxlen: 24
103.24.116.0/22 maxlen: 24
103.24.117.0/24 maxlen: 24
150.242.238.0/23 maxlen: 24
202.89.108.0/22 maxlen: 24
202.89.108.0/23 maxlen: 24
202.89.110.0/23 maxlen: 24
202.136.248.0/22 maxlen: 24
202.136.248.0/23 maxlen: 24
202.136.249.0/24 maxlen: 24
202.136.250.0/23 maxlen: 24
202.136.250.0/24 maxlen: 24
202.174.124.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.mft
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 01 Jun 2024 16:25:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3636 (0xe34)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Validity
Not Before: May 17 05:45:35 2024 GMT
Not After : Jun 7 02:16:11 2024 GMT
Subject: CN=91138B501FD2F8610190668BFE63663FA3D3052B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:36:81:a7:c2:14:9e:0c:e0:dc:69:4a:2a:c5:
3c:64:76:f4:43:94:9d:87:ee:e8:87:37:3f:64:c3:
82:a4:87:43:97:f3:2b:82:05:a8:70:1f:91:d8:39:
3a:76:d9:49:f6:31:d1:8f:de:6e:db:ae:f5:1c:ce:
27:49:75:c4:1f:31:f0:46:c1:a6:0b:2f:84:c4:34:
3c:6f:5d:d0:d7:c7:98:d0:05:e9:73:a2:19:27:82:
71:e5:11:0d:18:c2:f2:aa:c7:37:5f:e8:d4:0c:3d:
b7:0c:11:4d:bb:1c:5f:a7:e8:64:bc:6b:a7:00:52:
49:61:5a:aa:ba:9d:cf:17:58:44:02:45:cf:13:7b:
22:df:c0:35:62:20:14:fb:fe:55:6d:3d:cc:08:06:
03:79:63:f5:86:c3:a8:72:9e:1b:ea:11:77:c1:27:
2d:9c:29:22:73:27:2b:95:4c:81:c6:ca:66:92:1b:
a3:54:78:82:fc:33:a5:a7:cb:6e:32:0a:50:29:46:
48:90:08:f0:0c:8d:f9:9d:cf:16:ac:9d:33:ca:04:
ad:ca:5d:97:72:3f:cd:94:f7:d5:91:63:d5:59:3c:
28:a6:78:2b:ad:14:78:ee:ca:50:d5:bf:05:e1:b9:
bb:10:1a:40:09:56:78:e4:9c:d3:f9:ca:92:57:34:
5d:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:13:8B:50:1F:D2:F8:61:01:90:66:8B:FE:63:66:3F:A3:D3:05:2B
X509v3 Authority Key Identifier:
keyid:75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/kROLUB_S-GEBkGaL_mNmP6PTBSs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.254.152.0/22
59.153.168.0/23
103.5.192.0/22
103.10.0.0/22
103.24.116.0/22
150.242.238.0/23
202.89.108.0/22
202.136.248.0/22
202.174.124.0/22
Signature Algorithm: sha256WithRSAEncryption
79:06:69:74:47:fb:f8:40:db:f9:ee:35:ee:37:1e:35:8c:71:
ca:e2:5c:98:fd:0d:a4:80:84:af:ea:34:75:b5:c7:9b:c4:89:
3e:d8:75:7f:f7:21:d4:1e:e1:49:cf:77:8d:fc:d9:03:c2:56:
66:c6:54:44:17:4d:6c:26:25:ba:85:43:67:03:da:1b:71:d5:
68:d2:be:14:65:8e:53:b2:57:49:c7:08:50:7a:f1:5f:6f:c6:
ed:e7:df:20:71:32:03:ed:0d:a1:32:4d:c2:b3:ba:3f:eb:04:
45:29:ad:18:0d:1f:a5:46:d7:35:5d:3d:90:49:e7:6f:1b:0c:
f4:f4:c5:10:67:85:1e:93:f7:4c:57:38:1f:7e:04:01:ff:1f:
c1:07:2b:dd:6d:1a:57:1a:dd:23:06:34:1a:c1:25:84:31:bd:
8e:39:4e:d1:f3:1c:2a:43:ca:db:f1:53:50:be:eb:d1:01:43:
b0:17:da:c4:aa:03:b5:25:5c:a2:70:40:03:f1:ac:df:6b:ed:
f5:e2:26:a6:7c:1d:8f:d6:36:ef:24:93:18:04:49:16:df:32:
2d:31:72:51:2c:63:28:48:ae:75:0b:b2:fb:c8:10:85:6a:3b:
e1:f0:92:57:db:c2:04:cb:84:4d:94:34:d9:70:80:66:12:e8:
a8:30:ab:45
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgICDjQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzVC
NDcxNEM0RjYxQkVBMDRBMDJDRjlDRjU2M0FFMTM0RjQ3OUM4NTAeFw0yNDA1MTcw
NTQ1MzVaFw0yNDA2MDcwMjE2MTFaMDMxMTAvBgNVBAMTKDkxMTM4QjUwMUZEMkY4
NjEwMTkwNjY4QkZFNjM2NjNGQTNEMzA1MkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDcNoGnwhSeDODcaUoqxTxkdvRDlJ2H7uiHNz9kw4Kkh0OX8yuC
BahwH5HYOTp22Un2MdGP3m7brvUczidJdcQfMfBGwaYLL4TENDxvXdDXx5jQBelz
ohkngnHlEQ0YwvKqxzdf6NQMPbcMEU27HF+n6GS8a6cAUklhWqq6nc8XWEQCRc8T
eyLfwDViIBT7/lVtPcwIBgN5Y/WGw6hynhvqEXfBJy2cKSJzJyuVTIHGymaSG6NU
eIL8M6Wny24yClApRkiQCPAMjfmdzxasnTPKBK3KXZdyP82U99WRY9VZPCimeCut
FHjuylDVvwXhubsQGkAJVnjknNP5ypJXNF3VAgMBAAGjggIhMIICHTAdBgNVHQ4E
FgQUkROLUB/S+GEBkGaL/mNmP6PTBSswHwYDVR0jBBgwFoAUdbRxTE9hvqBKAs+c
9WOuE09HnIUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3
L2RiUnhURTlodnFCS0FzLWM5V091RTA5SG5JVS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZGJSeFRFOWh2cUJLQXMtYzlXT3VFMDlIbklVLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3L2tST0xVQl9TLUdFQmtH
YUxfbU5tUDZQVEJTcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwTwYIKwYBBQUHAQcBAf8EQDA+MDwEAgABMDYD
BAIr/pgDBAE7magDBAJnBcADBAJnCgADBAJnGHQDBAGW8u4DBALKWWwDBALKiPgD
BALKrnwwDQYJKoZIhvcNAQELBQADggEBAHkGaXRH+/hA2/nuNe43HjWMccriXJj9
DaSAhK/qNHW1x5vEiT7YdX/3IdQe4UnPd4382QPCVmbGVEQXTWwmJbqFQ2cD2htx
1WjSvhRljlOyV0nHCFB68V9vxu3n3yBxMgPtDaEyTcKzuj/rBEUprRgNH6VG1zVd
PZBJ528bDPT0xRBnhR6T90xXOB9+BAH/H8EHK91tGlca3SMGNBrBJYQxvY45TtHz
HCpDytvxU1C+69EBQ7AX2sSqA7UlXKJwQAPxrN9r7fXiJqZ8HY/WNu8kkxgESRbf
Mi0xclEsYyhIrnULsvvIEIVqO+HwklfbwgTLhE2UNNlwgGYS6Kgwq0U=
-----END CERTIFICATE-----
Generated at Sat Jun 1 13:43:24 2024 by rpki-client on console-fra.rpki-client.org