Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2672/6N86itRkE1v3JS7bNqfOfAI6fy0.roa
File:                     6N86itRkE1v3JS7bNqfOfAI6fy0.roa (raw, json)
Hash identifier:          wqbBK3aPcRHo4paM8rtgaz2QdTmQBp/znZnWXSL95gk=
Subject key identifier:   E8:DF:3A:8A:D4:64:13:5B:F7:25:2E:DB:36:A7:CE:7C:02:3A:7F:2D
Certificate issuer:       /CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
Certificate serial:       93
Authority key identifier: 94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/6N86itRkE1v3JS7bNqfOfAI6fy0.roa
Signing time:             Fri 06 Jun 2025 01:44:53 +0000
ROA not before:           Fri 06 Jun 2025 01:44:53 +0000
ROA not after:            Wed 27 May 2026 07:38:41 +0000
asID:                     56047
IP address blocks:        240a:42c8::/31 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 09 Jun 2025 19:41:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 147 (0x93)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
        Validity
            Not Before: Jun  6 01:44:53 2025 GMT
            Not After : May 27 07:38:41 2026 GMT
        Subject: CN=E8DF3A8AD464135BF7252EDB36A7CE7C023A7F2D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:0c:b3:ff:20:d7:34:4c:59:24:83:83:b0:40:
                    6d:98:17:80:50:8b:68:0d:69:77:26:da:f2:51:97:
                    ee:ea:cb:71:2e:c2:5b:0d:cc:f7:94:eb:31:49:c5:
                    50:ad:75:ac:c8:3f:90:b9:22:77:59:1a:7c:dd:dd:
                    20:ea:a8:28:8a:7f:9b:b5:a6:e4:fc:c4:e5:21:d0:
                    d8:7f:78:02:e9:d4:43:c5:c7:9d:6d:0d:6a:9e:a0:
                    4c:74:84:13:61:6a:3d:1d:1d:58:58:4c:c0:6f:cf:
                    9f:17:d4:49:f9:ab:fb:5b:48:bc:66:97:d9:17:88:
                    d3:30:2a:24:2a:b0:c8:ee:d9:98:40:a9:61:1c:b8:
                    ae:50:03:d0:fa:ef:2a:fb:98:83:74:a7:a6:ac:c6:
                    ac:04:cc:ce:8a:21:aa:d5:bf:5d:00:bc:8a:3e:08:
                    a0:e5:77:50:d6:af:29:8a:3e:f9:38:b3:58:f5:ca:
                    7d:6c:5e:4e:e9:eb:ef:55:3f:ed:f8:71:24:5f:13:
                    55:98:6e:40:f0:3f:28:dd:35:26:98:88:9e:dd:47:
                    93:87:18:c3:16:62:4a:a9:53:2a:a3:9e:34:a3:79:
                    28:33:0c:75:2e:06:d0:80:ce:bf:cd:4b:9e:14:58:
                    0e:75:a7:1c:38:27:7a:2a:51:17:64:c7:d1:b7:f2:
                    7b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:DF:3A:8A:D4:64:13:5B:F7:25:2E:DB:36:A7:CE:7C:02:3A:7F:2D
            X509v3 Authority Key Identifier:
                keyid:94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/6N86itRkE1v3JS7bNqfOfAI6fy0.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:42c8::/31

    Signature Algorithm: sha256WithRSAEncryption
         51:12:44:83:4b:e4:9c:20:51:14:94:e4:e5:c7:c9:94:9f:01:
         1c:40:8c:05:f4:dc:8a:64:b8:5a:7d:ec:16:50:6d:b4:b7:6a:
         60:24:75:2d:07:5e:13:d8:3d:04:3c:f8:80:6f:55:99:d5:91:
         a0:fc:43:ef:21:ac:72:77:f6:f7:be:5d:f3:ab:71:b6:82:c2:
         0b:35:3c:af:ff:f7:53:a2:1b:64:cb:ca:3b:3c:0c:c8:7b:26:
         a5:18:b0:98:61:84:a3:e3:5a:43:3d:5b:71:4b:52:f6:8a:a2:
         e1:f8:d5:35:23:8d:ad:3b:c9:d6:5a:9d:16:85:7a:ae:65:a5:
         c9:b7:27:3e:2a:80:96:bb:63:71:12:f7:0f:e0:7b:76:10:06:
         48:12:1d:62:4d:02:b5:bd:d6:78:b9:62:32:55:db:62:74:c8:
         23:fa:e9:30:3b:f0:04:49:a2:54:65:71:3d:6b:bf:6d:32:ab:
         ba:7e:86:71:ee:97:07:bc:cf:cc:ba:57:70:15:a4:7b:d2:aa:
         1a:61:a4:f6:3b:c6:6b:22:ba:e1:ee:cb:15:cd:83:e0:03:cc:
         f9:21:49:71:84:ea:53:e0:29:14:54:ea:a1:46:ad:af:60:06:
         b5:7d:88:3a:e0:36:c0:6b:66:d7:fb:11:f7:14:94:79:de:f9:
         e8:14:34:fe
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICAJMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOTRF
RkY3MzkyRTFFREMxMjI1RkM0Q0ZCOEZBQjZFQjYxN0E5RDI0RDAeFw0yNTA2MDYw
MTQ0NTNaFw0yNjA1MjcwNzM4NDFaMDMxMTAvBgNVBAMTKEU4REYzQThBRDQ2NDEz
NUJGNzI1MkVEQjM2QTdDRTdDMDIzQTdGMkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCdDLP/INc0TFkkg4OwQG2YF4BQi2gNaXcm2vJRl+7qy3EuwlsN
zPeU6zFJxVCtdazIP5C5IndZGnzd3SDqqCiKf5u1puT8xOUh0Nh/eALp1EPFx51t
DWqeoEx0hBNhaj0dHVhYTMBvz58X1En5q/tbSLxml9kXiNMwKiQqsMju2ZhAqWEc
uK5QA9D67yr7mIN0p6asxqwEzM6KIarVv10AvIo+CKDld1DWrymKPvk4s1j1yn1s
Xk7p6+9VP+34cSRfE1WYbkDwPyjdNSaYiJ7dR5OHGMMWYkqpUyqjnjSjeSgzDHUu
BtCAzr/NS54UWA51pxw4J3oqURdkx9G38nvbAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU6N86itRkE1v3JS7bNqfOfAI6fy0wHwYDVR0jBBgwFoAUlO/3OS4e3BIl/Ez7
j6tuthep0k0wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjY3
Mi9sT18zT1M0ZTNCSWxfRXo3ajZ0dXRoZXAwazAuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2xPXzNPUzRlM0JJbF9FejdqNnR1dGhlcDBrMC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2NzIvNk44Nml0UmtFMXYz
SlM3Yk5xZk9mQUk2ZnkwLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFASQKQsgwDQYJKoZIhvcNAQELBQADggEBAFESRINL5JwgURSU5OXHyZSfARxA
jAX03IpkuFp97BZQbbS3amAkdS0HXhPYPQQ8+IBvVZnVkaD8Q+8hrHJ39ve+XfOr
cbaCwgs1PK//91OiG2TLyjs8DMh7JqUYsJhhhKPjWkM9W3FLUvaKouH41TUjja07
ydZanRaFeq5lpcm3Jz4qgJa7Y3ES9w/ge3YQBkgSHWJNArW91ni5YjJV22J0yCP6
6TA78ARJolRlcT1rv20yq7p+hnHulwe8z8y6V3AVpHvSqhphpPY7xmsiuuHuyxXN
g+ADzPkhSXGE6lPgKRRU6qFGra9gBrV9iDrgNsBrZtf7EfcUlHne+egUNP4=
-----END CERTIFICATE-----
Generated at Mon Jun 9 19:32:26 2025 by rpki-client