Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/817/ekrQ2H8Y7kK2OjtlUfog_0LDO9E.roa
File: ekrQ2H8Y7kK2OjtlUfog_0LDO9E.roa (raw, json)
Hash identifier: UR8yfOSNtZ8AIr4CYZRJyls32R0dt4IjVnP4OTe1F1E=
Subject key identifier: 7A:4A:D0:D8:7F:18:EE:42:B6:3A:3B:65:51:FA:20:FF:42:C3:3B:D1
Certificate issuer: /CN=2A711AA7DC60049B0B0D884897E015B1171F37B9
Certificate serial: 1D0E
Authority key identifier: 2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/ekrQ2H8Y7kK2OjtlUfog_0LDO9E.roa
Signing time: Fri 17 Jan 2025 01:26:48 +0000
ROA not before: Fri 17 Jan 2025 01:26:48 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 23724
IP address blocks: 101.237.34.0/24 maxlen: 24
101.237.37.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.mft
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 14 Apr 2025 23:36:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7438 (0x1d0e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2A711AA7DC60049B0B0D884897E015B1171F37B9
Validity
Not Before: Jan 17 01:26:48 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=7A4AD0D87F18EE42B63A3B6551FA20FF42C33BD1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:61:eb:0a:cf:32:2b:b1:b2:e7:86:f0:3f:90:
13:d3:9d:3d:7d:dc:ed:02:4b:d7:09:c4:16:07:96:
17:81:50:3b:5e:49:01:5f:a1:36:62:14:e5:f0:59:
23:22:d7:ba:78:d6:fa:9b:23:f9:bf:5f:0d:15:89:
6d:f2:28:a1:e2:ec:46:73:7d:5c:91:16:44:7c:4c:
11:b6:68:2f:e6:e5:ef:38:44:85:2c:11:62:34:a1:
87:10:93:a8:85:5c:35:de:ae:c2:5b:af:58:f0:c1:
b7:ae:c1:f4:45:71:8c:55:0f:09:5b:a9:7f:dd:7c:
e8:64:0d:78:11:36:26:7f:51:f7:0f:61:d4:62:e4:
88:fa:ea:b6:4b:0c:dd:86:aa:ad:b1:0f:06:ec:45:
41:2c:ab:4d:5f:ae:7e:11:62:26:af:6c:39:7b:de:
19:c8:23:a2:b0:47:6f:4c:11:b2:c8:53:d4:59:e0:
37:f9:e6:f0:32:cf:2c:5f:69:1f:7e:9c:1f:ae:22:
f3:89:f9:4a:a0:d0:70:74:e5:2e:af:eb:6d:5c:84:
69:93:da:5e:6f:d6:d7:0f:d8:95:e1:73:22:cb:c7:
ca:46:2b:9d:fb:39:32:58:0e:0c:79:23:88:88:32:
e3:20:ab:88:46:05:c4:78:24:e0:ca:1a:af:28:ab:
f3:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:4A:D0:D8:7F:18:EE:42:B6:3A:3B:65:51:FA:20:FF:42:C3:3B:D1
X509v3 Authority Key Identifier:
keyid:2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/ekrQ2H8Y7kK2OjtlUfog_0LDO9E.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
101.237.34.0/24
101.237.37.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:fc:c1:09:05:c1:c5:af:34:0b:6c:c9:bf:f8:04:8d:30:87:
ae:04:b2:08:c7:bc:83:e0:c7:d6:0f:a5:88:cc:92:c0:24:87:
fd:c3:b1:63:69:e7:6b:fb:3e:1e:eb:bb:07:d4:eb:4f:e9:1e:
70:b5:16:ff:9c:a6:2f:11:5c:b5:e8:a7:98:60:40:8d:70:ce:
fe:0d:ec:67:60:22:be:04:74:0d:82:5c:64:a7:59:16:9b:51:
a7:d7:bf:07:02:29:00:f9:4b:ca:11:2b:83:82:38:c0:6f:d7:
c3:70:0a:96:b5:8f:b1:56:76:40:b3:f1:62:7a:41:84:de:53:
02:74:2c:38:2b:29:cc:6f:95:b6:e1:39:90:db:d8:c2:67:b4:
be:70:10:b6:1e:ae:c5:4f:c3:1c:71:ab:80:c2:52:99:fe:28:
23:69:7a:c7:87:99:88:74:7a:2d:2e:30:73:1b:62:d1:82:11:
06:72:8e:45:a8:cc:11:08:da:f3:22:ae:d8:86:30:f2:64:83:
54:c6:b4:05:78:ab:83:6c:84:5c:f4:a8:2e:50:2d:7c:b7:cc:
8a:0e:64:99:0b:76:6c:a2:4f:90:62:65:57:86:ee:33:92:8c:
11:19:69:c5:71:db:7d:b2:90:3c:93:b4:21:48:65:96:8d:e7:
9a:b9:de:aa
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICHQ4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkE3
MTFBQTdEQzYwMDQ5QjBCMEQ4ODQ4OTdFMDE1QjExNzFGMzdCOTAeFw0yNTAxMTcw
MTI2NDhaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDdBNEFEMEQ4N0YxOEVF
NDJCNjNBM0I2NTUxRkEyMEZGNDJDMzNCRDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDYesKzzIrsbLnhvA/kBPTnT193O0CS9cJxBYHlheBUDteSQFf
oTZiFOXwWSMi17p41vqbI/m/Xw0ViW3yKKHi7EZzfVyRFkR8TBG2aC/m5e84RIUs
EWI0oYcQk6iFXDXersJbr1jwwbeuwfRFcYxVDwlbqX/dfOhkDXgRNiZ/UfcPYdRi
5Ij66rZLDN2Gqq2xDwbsRUEsq01frn4RYiavbDl73hnII6KwR29MEbLIU9RZ4Df5
5vAyzyxfaR9+nB+uIvOJ+Uqg0HB05S6v621chGmT2l5v1tcP2JXhcyLLx8pGK537
OTJYDgx5I4iIMuMgq4hGBcR4JODKGq8oq/OnAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUekrQ2H8Y7kK2OjtlUfog/0LDO9EwHwYDVR0jBBgwFoAUKnEap9xgBJsLDYhI
l+AVsRcfN7kwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3
L0tuRWFwOXhnQkpzTERZaElsLUFWc1JjZk43ay5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvS25FYXA5eGdCSnNMRFloSWwtQVZzUmNmTjdrLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3L2VrclEySDhZN2tLMk9q
dGxVZm9nXzBMRE85RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BABl7SIDBABl7SUwDQYJKoZIhvcNAQELBQADggEBAH/8wQkFwcWvNAtsyb/4BI0w
h64EsgjHvIPgx9YPpYjMksAkh/3DsWNp52v7Ph7ruwfU60/pHnC1Fv+cpi8RXLXo
p5hgQI1wzv4N7GdgIr4EdA2CXGSnWRabUafXvwcCKQD5S8oRK4OCOMBv18NwCpa1
j7FWdkCz8WJ6QYTeUwJ0LDgrKcxvlbbhOZDb2MJntL5wELYersVPwxxxq4DCUpn+
KCNpeseHmYh0ei0uMHMbYtGCEQZyjkWozBEI2vMirtiGMPJkg1TGtAV4q4NshFz0
qC5QLXy3zIoOZJkLdmyiT5BiZVeG7jOSjBEZacVx232ykDyTtCFIZZaN55q53qo=
-----END CERTIFICATE-----
Generated at Mon Apr 14 23:01:31 2025 by rpki-client