Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/577/h4b5Bc0BrUDi5R1r7_vfb7lbCRA.roa
File:                     h4b5Bc0BrUDi5R1r7_vfb7lbCRA.roa (raw, json)
Hash identifier:          MLrdunMu/th8kRUbZLeoiRAlqklkc2efLxbs3oJeXTI=
Subject key identifier:   87:86:F9:05:CD:01:AD:40:E2:E5:1D:6B:EF:FB:DF:6F:B9:5B:09:10
Certificate issuer:       /CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Certificate serial:       1C92
Authority key identifier: 75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/h4b5Bc0BrUDi5R1r7_vfb7lbCRA.roa
Signing time:             Thu 17 Jul 2025 03:48:02 +0000
ROA not before:           Thu 17 Jul 2025 03:48:02 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     394881
IP address blocks:        103.220.248.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 20 Jul 2025 18:41:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7314 (0x1c92)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
        Validity
            Not Before: Jul 17 03:48:02 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=8786F905CD01AD40E2E51D6BEFFBDF6FB95B0910
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:93:d0:93:09:d8:0c:cd:d3:f4:10:99:31:c8:
                    a2:5a:52:1c:ee:9a:b3:86:76:93:c5:f2:b2:39:35:
                    f8:7a:96:68:05:49:80:4c:15:cf:a9:7a:61:d6:59:
                    79:93:0d:87:1c:82:34:e0:d1:ad:d7:ee:f1:04:ec:
                    71:a8:9e:60:ba:d0:68:f2:3a:b3:3f:68:1f:1c:2f:
                    96:f1:0d:fc:ec:99:5b:d0:0f:0a:50:ae:f8:0f:a1:
                    15:f7:82:1a:22:33:94:c3:9a:e2:81:85:4a:e5:e0:
                    4e:dc:29:ff:de:26:89:bc:9c:fc:9b:98:e5:f1:e8:
                    6f:06:1d:a8:6a:d8:0a:5f:b0:1a:d0:c2:72:32:9f:
                    b5:a6:f2:a7:8e:41:5b:5d:bf:2d:26:c8:39:16:e7:
                    3e:bc:06:8d:1a:a7:67:01:2b:13:ee:01:25:68:7f:
                    77:00:e5:0a:02:13:88:24:c3:ff:95:74:d5:7e:c9:
                    b6:a1:fd:7f:21:ee:20:23:d3:8c:26:63:3f:45:d7:
                    0b:cd:c1:8f:e9:9d:cc:e1:90:2f:05:b2:5b:0d:6f:
                    0b:5a:9b:ab:35:e4:33:da:20:d5:3b:10:ae:9a:14:
                    21:93:11:d0:4c:ff:33:9a:27:90:fc:7b:f9:da:9b:
                    4f:83:70:5f:08:9c:fe:0f:b8:cb:aa:00:08:f4:59:
                    a6:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:86:F9:05:CD:01:AD:40:E2:E5:1D:6B:EF:FB:DF:6F:B9:5B:09:10
            X509v3 Authority Key Identifier:
                keyid:75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/h4b5Bc0BrUDi5R1r7_vfb7lbCRA.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.220.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:ba:9b:f7:eb:36:52:e3:00:37:47:f5:f2:82:40:60:66:5a:
         4c:3b:2d:d9:70:b1:f3:be:53:b8:04:8e:2a:00:ec:7d:1e:f4:
         6f:4f:9b:21:9d:c0:0e:a2:84:68:c0:55:90:55:13:bb:0a:6b:
         13:cb:68:da:b4:d6:aa:58:8a:a0:8e:ed:fb:a2:00:7c:1b:60:
         ea:e4:84:80:3c:4c:5a:a0:3b:90:1b:39:49:a9:d1:c3:a3:5c:
         6a:e2:ac:75:0e:ef:a4:26:87:59:1a:e9:4c:e1:93:b6:c5:4f:
         9f:8b:5f:9e:47:59:7d:55:6b:4e:b4:e6:56:98:6b:e7:2e:4e:
         9e:ae:a6:2b:17:72:41:16:45:bc:12:75:ea:aa:b7:bd:b0:2a:
         fe:54:21:cc:d1:99:d7:40:ad:99:79:66:12:d3:d1:1e:54:80:
         fb:09:72:24:99:1d:88:20:65:ec:8a:03:fd:93:d1:4a:f9:ed:
         b1:5f:b9:14:ca:5a:38:49:e9:23:88:0a:21:f7:d2:0a:65:5d:
         6f:91:72:83:f2:dd:28:63:c1:1b:74:75:2f:7e:ae:a6:8f:9b:
         b3:09:51:5e:f5:fc:af:a5:b6:84:9c:22:90:b5:20:a0:22:51:
         41:a4:20:bd:6f:32:05:b3:bd:38:7b:dc:54:aa:04:31:59:e1:
         cb:e6:fc:7d
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICHJIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzVC
NDcxNEM0RjYxQkVBMDRBMDJDRjlDRjU2M0FFMTM0RjQ3OUM4NTAeFw0yNTA3MTcw
MzQ4MDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg3ODZGOTA1Q0QwMUFE
NDBFMkU1MUQ2QkVGRkJERjZGQjk1QjA5MTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+k9CTCdgMzdP0EJkxyKJaUhzumrOGdpPF8rI5Nfh6lmgFSYBM
Fc+pemHWWXmTDYccgjTg0a3X7vEE7HGonmC60GjyOrM/aB8cL5bxDfzsmVvQDwpQ
rvgPoRX3ghoiM5TDmuKBhUrl4E7cKf/eJom8nPybmOXx6G8GHahq2ApfsBrQwnIy
n7Wm8qeOQVtdvy0myDkW5z68Bo0ap2cBKxPuASVof3cA5QoCE4gkw/+VdNV+ybah
/X8h7iAj04wmYz9F1wvNwY/pnczhkC8FslsNbwtam6s15DPaINU7EK6aFCGTEdBM
/zOaJ5D8e/nam0+DcF8InP4PuMuqAAj0WaaNAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUh4b5Bc0BrUDi5R1r7/vfb7lbCRAwHwYDVR0jBBgwFoAUdbRxTE9hvqBKAs+c
9WOuE09HnIUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3
L2RiUnhURTlodnFCS0FzLWM5V091RTA5SG5JVS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZGJSeFRFOWh2cUJLQXMtYzlXT3VFMDlIbklVLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3L2g0YjVCYzBCclVEaTVS
MXI3X3ZmYjdsYkNSQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAJn3PgwDQYJKoZIhvcNAQELBQADggEBADe6m/frNlLjADdH9fKCQGBmWkw7Ldlw
sfO+U7gEjioA7H0e9G9PmyGdwA6ihGjAVZBVE7sKaxPLaNq01qpYiqCO7fuiAHwb
YOrkhIA8TFqgO5AbOUmp0cOjXGrirHUO76Qmh1ka6Uzhk7bFT5+LX55HWX1Va060
5laYa+cuTp6upisXckEWRbwSdeqqt72wKv5UIczRmddArZl5ZhLT0R5UgPsJciSZ
HYggZeyKA/2T0Ur57bFfuRTKWjhJ6SOICiH30gplXW+RcoPy3ShjwRt0dS9+rqaP
m7MJUV71/K+ltoScIpC1IKAiUUGkIL1vMgWzvTh73FSqBDFZ4cvm/H0=
-----END CERTIFICATE-----
Generated at Sun Jul 20 14:36:46 2025 by rpki-client