Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2672/4pe_CPME7MUAuN5W62eWRxr8TkI.roa
File:                     4pe_CPME7MUAuN5W62eWRxr8TkI.roa (raw, json)
Hash identifier:          E543aEa9xmjVh33d13AijUtfpoTCP0Jm3LLZ0Mm7YAY=
Subject key identifier:   E2:97:BF:08:F3:04:EC:C5:00:B8:DE:56:EB:67:96:47:1A:FC:4E:42
Certificate issuer:       /CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
Certificate serial:       BD
Authority key identifier: 94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/4pe_CPME7MUAuN5W62eWRxr8TkI.roa
Signing time:             Fri 06 Jun 2025 02:29:16 +0000
ROA not before:           Fri 06 Jun 2025 02:29:16 +0000
ROA not after:            Wed 27 May 2026 07:38:41 +0000
asID:                     56044
IP address blocks:        240a:40c1:2010::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 10 Jun 2025 04:09:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 189 (0xbd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
        Validity
            Not Before: Jun  6 02:29:16 2025 GMT
            Not After : May 27 07:38:41 2026 GMT
        Subject: CN=E297BF08F304ECC500B8DE56EB6796471AFC4E42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:47:2c:34:10:0f:af:4f:a8:65:7f:cd:1e:43:
                    f5:32:e3:04:01:65:ad:a7:da:3f:86:b9:41:59:85:
                    43:87:2d:89:e9:ca:15:f2:e5:23:34:b8:ce:ac:3f:
                    3d:bc:ff:e6:f7:ff:ca:70:ba:7f:8e:aa:df:b7:8d:
                    ff:a5:a0:fd:2d:30:9e:5e:e8:19:d3:05:33:5f:eb:
                    0e:73:a6:84:c9:52:d0:c1:44:85:2b:7d:4e:0b:93:
                    1f:2d:c7:35:eb:ac:e7:d7:60:a5:ba:80:66:7d:6e:
                    f5:f9:cf:4f:7c:14:4c:74:05:95:57:69:a9:76:51:
                    4d:54:bf:4e:98:90:b6:5d:c8:64:d0:72:0f:6a:6c:
                    3d:3d:62:f3:78:2a:f7:a0:f6:18:35:e8:34:f0:26:
                    03:47:4f:61:58:f9:4d:e9:00:a8:a7:30:48:f6:06:
                    2c:35:87:62:4b:1e:4e:bb:72:91:5d:a4:17:4a:ad:
                    43:5f:43:9a:e7:3c:e2:87:e5:1e:1f:46:d5:fc:6a:
                    77:ae:b1:33:72:e6:9a:af:b8:8e:21:64:56:cb:36:
                    a0:16:e6:72:8c:01:1d:5f:38:46:61:dc:63:85:52:
                    68:29:49:ca:4c:b6:b4:18:ba:0d:4f:4d:76:50:be:
                    82:0a:c5:de:eb:a8:ab:bb:3c:8e:39:64:6a:d9:e6:
                    04:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:97:BF:08:F3:04:EC:C5:00:B8:DE:56:EB:67:96:47:1A:FC:4E:42
            X509v3 Authority Key Identifier:
                keyid:94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/4pe_CPME7MUAuN5W62eWRxr8TkI.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:40c1:2010::/44

    Signature Algorithm: sha256WithRSAEncryption
         0f:8b:51:59:0e:90:dd:27:d2:8d:a8:0b:d2:ac:99:73:fc:6a:
         7a:93:13:ba:df:1c:39:74:8c:02:27:ce:b0:e0:76:e0:92:9d:
         27:77:ff:72:3b:d0:34:70:e9:a2:78:a5:db:3a:10:ec:d4:dd:
         36:09:68:ff:ac:fb:00:2e:f4:2b:a7:f6:44:d6:d9:1b:c5:d3:
         a9:4a:0b:28:e5:74:ba:41:d2:70:f1:5b:77:42:de:bf:06:db:
         67:b4:d4:1c:db:18:8e:88:e5:b1:c8:2a:09:f6:57:f4:ae:b5:
         cd:06:ca:07:39:e7:bf:38:69:cf:72:39:e1:64:d9:a1:5f:e3:
         28:31:43:67:8a:6d:ef:7d:ec:30:d1:8c:54:7b:52:09:d0:d8:
         9b:d4:8e:85:f5:20:23:d5:22:63:13:30:2e:d0:d9:29:cd:31:
         f9:06:e0:1b:50:35:8e:52:d0:e8:32:38:76:a9:89:5b:8d:50:
         e5:6d:9a:a5:ca:1a:32:c4:4c:a5:c8:7e:86:ab:46:e8:02:e1:
         4c:62:d5:50:e8:c5:90:35:69:8a:63:20:d7:61:a1:09:f3:c2:
         bf:27:c7:67:8c:35:64:75:d9:13:8c:6a:db:60:f6:58:f0:90:
         8d:3f:1b:d8:4b:bc:0e:57:3c:85:5d:20:76:03:a7:a3:ec:8a:
         59:55:fa:dd
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICAL0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOTRF
RkY3MzkyRTFFREMxMjI1RkM0Q0ZCOEZBQjZFQjYxN0E5RDI0RDAeFw0yNTA2MDYw
MjI5MTZaFw0yNjA1MjcwNzM4NDFaMDMxMTAvBgNVBAMTKEUyOTdCRjA4RjMwNEVD
QzUwMEI4REU1NkVCNjc5NjQ3MUFGQzRFNDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCrRyw0EA+vT6hlf80eQ/Uy4wQBZa2n2j+GuUFZhUOHLYnpyhXy
5SM0uM6sPz28/+b3/8pwun+Oqt+3jf+loP0tMJ5e6BnTBTNf6w5zpoTJUtDBRIUr
fU4Lkx8txzXrrOfXYKW6gGZ9bvX5z098FEx0BZVXaal2UU1Uv06YkLZdyGTQcg9q
bD09YvN4Kveg9hg16DTwJgNHT2FY+U3pAKinMEj2Biw1h2JLHk67cpFdpBdKrUNf
Q5rnPOKH5R4fRtX8aneusTNy5pqvuI4hZFbLNqAW5nKMAR1fOEZh3GOFUmgpScpM
trQYug1PTXZQvoIKxd7rqKu7PI45ZGrZ5gTDAgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQU4pe/CPME7MUAuN5W62eWRxr8TkIwHwYDVR0jBBgwFoAUlO/3OS4e3BIl/Ez7
j6tuthep0k0wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjY3
Mi9sT18zT1M0ZTNCSWxfRXo3ajZ0dXRoZXAwazAuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2xPXzNPUzRlM0JJbF9FejdqNnR1dGhlcDBrMC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2NzIvNHBlX0NQTUU3TVVB
dU41VzYyZVdSeHI4VGtJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHBCQKQMEgEDANBgkqhkiG9w0BAQsFAAOCAQEAD4tRWQ6Q3SfSjagL0qyZc/xq
epMTut8cOXSMAifOsOB24JKdJ3f/cjvQNHDponil2zoQ7NTdNglo/6z7AC70K6f2
RNbZG8XTqUoLKOV0ukHScPFbd0LevwbbZ7TUHNsYjojlscgqCfZX9K61zQbKBznn
vzhpz3I54WTZoV/jKDFDZ4pt733sMNGMVHtSCdDYm9SOhfUgI9UiYxMwLtDZKc0x
+QbgG1A1jlLQ6DI4dqmJW41Q5W2apcoaMsRMpch+hqtG6ALhTGLVUOjFkDVpimMg
12GhCfPCvyfHZ4w1ZHXZE4xq22D2WPCQjT8b2Eu8Dlc8hV0gdgOno+yKWVX63Q==
-----END CERTIFICATE-----
Generated at Tue Jun 10 02:26:53 2025 by rpki-client