Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/yASZAsuKpltkjXYnJ0q2zvTZQ0s.roa
File:                     yASZAsuKpltkjXYnJ0q2zvTZQ0s.roa (raw, json)
Hash identifier:          CwIh5fGnQ/SVdtUsyIfM2FJbYVKjc2PgFK4eHor269E=
Subject key identifier:   C8:04:99:02:CB:8A:A6:5B:64:8D:76:27:27:4A:B6:CE:F4:D9:43:4B
Certificate issuer:       /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial:       305C
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/yASZAsuKpltkjXYnJ0q2zvTZQ0s.roa
Signing time:             Sun 30 Mar 2025 19:58:18 +0000
ROA not before:           Sun 30 Mar 2025 19:58:18 +0000
ROA not after:            Sat 27 Sep 2025 02:40:14 +0000
asID:                     134762
IP address blocks:        43.227.64.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 04 Apr 2025 20:08:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12380 (0x305c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
        Validity
            Not Before: Mar 30 19:58:18 2025 GMT
            Not After : Sep 27 02:40:14 2025 GMT
        Subject: CN=C8049902CB8AA65B648D7627274AB6CEF4D9434B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:32:38:9d:46:bd:8c:61:e3:48:41:2f:59:64:
                    7c:0f:82:ff:94:f8:58:e6:37:a7:51:8d:33:38:7e:
                    fd:d0:9f:8e:2e:4b:ef:4e:a0:e8:31:78:e5:44:0a:
                    8a:7c:8d:bc:b5:bd:cb:75:e2:26:26:53:e7:87:8e:
                    a8:7b:dd:75:1c:a5:15:e1:e4:4a:bd:ca:aa:3c:90:
                    62:07:6d:23:05:fd:4b:9a:ab:48:24:95:08:ca:2e:
                    f4:83:cf:9d:82:a4:ab:30:26:f0:ea:b0:f9:64:ce:
                    1a:1b:a7:b6:55:a9:b7:43:7e:f6:3b:bc:db:16:49:
                    13:a6:25:0d:da:ba:2d:a7:72:19:38:d8:e8:70:a8:
                    7b:06:8f:cf:82:81:5b:58:e8:88:54:b9:54:5b:20:
                    86:9b:5d:f9:42:32:a4:cc:12:cc:a2:e4:ea:99:ef:
                    da:3d:4f:22:5a:5e:66:ed:7a:25:b6:c9:7b:2d:46:
                    bf:bf:27:ce:2d:5e:66:8d:92:9a:84:cd:71:af:34:
                    e8:2a:b5:a2:b7:28:c5:dc:dd:7c:24:2c:0d:23:8f:
                    9c:c0:08:59:cb:97:f4:f1:64:1e:a4:c7:63:dd:b6:
                    2f:a6:c2:1d:2d:94:51:ca:53:70:77:b9:b5:1c:27:
                    22:01:69:e5:26:8f:3c:60:b7:eb:db:3e:ab:cc:d0:
                    d4:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:04:99:02:CB:8A:A6:5B:64:8D:76:27:27:4A:B6:CE:F4:D9:43:4B
            X509v3 Authority Key Identifier:
                keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/yASZAsuKpltkjXYnJ0q2zvTZQ0s.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.227.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:f5:57:85:a3:38:69:69:b0:17:13:07:91:e1:2d:2f:db:08:
         1c:7c:51:5f:fa:3d:ac:37:3c:11:9b:83:c9:27:9c:93:99:3e:
         dd:72:fa:37:8d:ff:6a:9f:71:88:47:82:d8:23:6b:4c:51:5d:
         90:67:c7:6f:1e:97:da:3c:5c:44:85:ec:e9:e7:fb:2d:50:ab:
         33:30:e5:28:73:2f:36:f9:d6:09:1d:d3:eb:b5:4d:97:d2:d6:
         26:2c:3f:20:83:34:75:c8:7b:73:bc:27:fc:79:17:08:f5:8e:
         d7:c7:91:69:fb:3f:45:e6:80:3d:90:b6:f4:94:66:65:f2:71:
         0c:2b:af:50:38:63:2e:39:8d:7e:74:5e:83:61:f4:53:3d:ac:
         3d:85:05:db:a8:71:10:ec:3a:63:46:2c:8e:da:13:22:16:44:
         d9:14:14:fc:7a:a2:78:42:8a:7b:9d:66:46:11:79:08:22:36:
         9f:8f:17:1d:c1:77:b8:02:a8:93:6d:b7:6c:98:c5:56:f9:e7:
         04:c8:23:e7:45:28:47:e1:c1:51:78:2b:b9:31:27:d6:9f:8e:
         18:63:6c:9d:7b:19:d8:c8:47:af:ac:da:69:6e:be:92:8b:8b:
         c8:08:22:90:ed:ea:77:4f:29:77:c3:dd:3e:49:91:10:6a:80:
         49:f7:f2:5e
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICMFwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOEFF
NENGNzhCNDlERjBCMkMxRDI5RDMyRTQ4QTk0M0FFNEY0MUFDQzAeFw0yNTAzMzAx
OTU4MThaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKEM4MDQ5OTAyQ0I4QUE2
NUI2NDhENzYyNzI3NEFCNkNFRjREOTQzNEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDWMjidRr2MYeNIQS9ZZHwPgv+U+FjmN6dRjTM4fv3Qn44uS+9O
oOgxeOVECop8jby1vct14iYmU+eHjqh73XUcpRXh5Eq9yqo8kGIHbSMF/Uuaq0gk
lQjKLvSDz52CpKswJvDqsPlkzhobp7ZVqbdDfvY7vNsWSROmJQ3aui2nchk42Ohw
qHsGj8+CgVtY6IhUuVRbIIabXflCMqTMEsyi5OqZ79o9TyJaXmbteiW2yXstRr+/
J84tXmaNkpqEzXGvNOgqtaK3KMXc3XwkLA0jj5zACFnLl/TxZB6kx2Pdti+mwh0t
lFHKU3B3ubUcJyIBaeUmjzxgt+vbPqvM0NQ5AgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUyASZAsuKpltkjXYnJ0q2zvTZQ0swHwYDVR0jBBgwFoAUiuTPeLSd8LLB0p0y
5IqUOuT0GswwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTY2
My9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2l1VFBlTFNkOExMQjBwMHk1SXFVT3VUMEdzdy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2NjMveUFTWkFzdUtwbHRr
alhZbkowcTJ6dlRaUTBzLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAivjQDANBgkqhkiG9w0BAQsFAAOCAQEAVvVXhaM4aWmwFxMHkeEtL9sIHHxR
X/o9rDc8EZuDySeck5k+3XL6N43/ap9xiEeC2CNrTFFdkGfHbx6X2jxcRIXs6ef7
LVCrMzDlKHMvNvnWCR3T67VNl9LWJiw/IIM0dch7c7wn/HkXCPWO18eRafs/ReaA
PZC29JRmZfJxDCuvUDhjLjmNfnReg2H0Uz2sPYUF26hxEOw6Y0YsjtoTIhZE2RQU
/HqieEKKe51mRhF5CCI2n48XHcF3uAKok223bJjFVvnnBMgj50UoR+HBUXgruTEn
1p+OGGNsnXsZ2MhHr6zaaW6+kouLyAgikO3qd08pd8PdPkmREGqASffyXg==
-----END CERTIFICATE-----
Generated at Fri Apr 4 18:33:53 2025 by rpki-client