Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2672/7WwLFCBZ41lT3N2IQ7_4-pAuc0c.roa
File:                     7WwLFCBZ41lT3N2IQ7_4-pAuc0c.roa (raw, json)
Hash identifier:          cMDel/M7Ulyx2KGwgxbqrvNvnavd5YSl72NYcwOYeLI=
Subject key identifier:   ED:6C:0B:14:20:59:E3:59:53:DC:DD:88:43:BF:F8:FA:90:2E:73:47
Certificate issuer:       /CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
Certificate serial:       AA
Authority key identifier: 94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/7WwLFCBZ41lT3N2IQ7_4-pAuc0c.roa
Signing time:             Fri 06 Jun 2025 02:21:22 +0000
ROA not before:           Fri 06 Jun 2025 02:21:22 +0000
ROA not after:            Wed 27 May 2026 07:38:41 +0000
asID:                     56048
IP address blocks:        240a:40c0:8000::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 11 Jun 2025 03:39:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 170 (0xaa)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
        Validity
            Not Before: Jun  6 02:21:22 2025 GMT
            Not After : May 27 07:38:41 2026 GMT
        Subject: CN=ED6C0B142059E35953DCDD8843BFF8FA902E7347
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:86:b6:66:38:9e:3a:59:78:72:f8:55:98:15:
                    4e:9b:38:91:cc:0f:c0:37:79:1c:92:c3:42:1d:75:
                    cc:31:3b:e4:f7:86:80:40:64:e0:f0:0e:e3:97:43:
                    a0:c9:6a:4f:45:f1:19:50:42:cf:ec:61:23:1e:43:
                    64:cf:90:c4:7f:f8:e5:df:4b:6c:8f:f5:1c:88:a9:
                    f6:e4:df:7d:46:e5:87:f9:ff:42:bb:3d:5d:c8:cb:
                    f0:eb:b5:70:f9:70:4d:51:28:74:f9:d3:79:99:f6:
                    ef:fe:5f:b9:3c:ae:1e:64:1c:09:58:87:63:44:ef:
                    d3:de:a1:d0:f9:29:56:37:23:0e:c4:ba:9c:7f:97:
                    f3:03:00:87:d7:9b:9a:df:fb:cf:27:9c:9d:95:8d:
                    c5:a1:77:fd:d6:37:7b:ea:2c:d0:cf:90:1e:4f:62:
                    06:cc:68:68:8f:a2:26:aa:68:5d:05:81:0b:be:61:
                    1f:c5:75:ee:25:49:80:26:1f:a3:9a:92:1b:12:de:
                    9a:8f:3d:f5:58:46:0d:a5:83:91:b5:a9:b9:1e:02:
                    25:67:f0:2b:46:a0:2f:53:6e:b9:08:1f:df:48:94:
                    69:f7:13:e0:97:6f:8c:b8:2e:01:97:07:c8:67:f4:
                    10:54:31:a5:ac:c7:dd:bd:44:88:01:52:ea:96:6f:
                    b0:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:6C:0B:14:20:59:E3:59:53:DC:DD:88:43:BF:F8:FA:90:2E:73:47
            X509v3 Authority Key Identifier:
                keyid:94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/7WwLFCBZ41lT3N2IQ7_4-pAuc0c.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:40c0:8000::/44

    Signature Algorithm: sha256WithRSAEncryption
         54:7e:ce:51:7c:99:9c:f4:43:29:5c:fe:56:1b:be:37:f6:f5:
         ce:ce:4e:4d:ff:0b:e8:04:99:19:c6:f5:cf:a6:6b:c6:02:3b:
         f9:7f:11:b4:21:62:c2:d6:28:2e:12:4e:0d:a0:2a:19:b4:a8:
         c7:b6:26:29:ab:1c:47:eb:41:5f:82:66:87:05:60:34:91:c2:
         4b:c5:c0:c5:4f:2d:1a:54:25:08:47:63:52:3d:10:ef:33:79:
         26:be:aa:b3:bb:a8:c0:7a:fe:e5:ba:08:b1:f8:0e:f9:d6:a3:
         0a:14:d3:71:ee:72:38:06:75:c8:0f:97:1e:81:26:4e:b6:12:
         a5:9f:39:ef:ee:a2:eb:68:be:44:87:0a:33:21:fd:06:0d:fc:
         48:cd:74:0f:13:62:68:e2:2b:72:54:fc:ac:9e:07:01:5a:dd:
         ef:c9:6e:d1:4c:4b:e0:87:7d:dc:6a:00:bb:ee:39:e7:a6:20:
         56:6d:60:55:57:b1:9d:31:7f:3d:31:62:1f:a8:ca:4d:db:75:
         6e:2c:8c:99:fd:84:17:fc:3d:1a:ee:ec:ca:11:19:04:4e:4b:
         74:86:ee:8b:4c:9c:8b:42:fa:5b:18:91:bd:69:6f:84:e4:c2:
         66:6b:cd:e3:53:40:39:66:bd:f1:aa:5c:1f:43:d5:90:89:85:
         1f:b1:3d:d6
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICAKowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOTRF
RkY3MzkyRTFFREMxMjI1RkM0Q0ZCOEZBQjZFQjYxN0E5RDI0RDAeFw0yNTA2MDYw
MjIxMjJaFw0yNjA1MjcwNzM4NDFaMDMxMTAvBgNVBAMTKEVENkMwQjE0MjA1OUUz
NTk1M0RDREQ4ODQzQkZGOEZBOTAyRTczNDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCfhrZmOJ46WXhy+FWYFU6bOJHMD8A3eRySw0IddcwxO+T3hoBA
ZODwDuOXQ6DJak9F8RlQQs/sYSMeQ2TPkMR/+OXfS2yP9RyIqfbk331G5Yf5/0K7
PV3Iy/DrtXD5cE1RKHT503mZ9u/+X7k8rh5kHAlYh2NE79PeodD5KVY3Iw7Eupx/
l/MDAIfXm5rf+88nnJ2VjcWhd/3WN3vqLNDPkB5PYgbMaGiPoiaqaF0FgQu+YR/F
de4lSYAmH6OakhsS3pqPPfVYRg2lg5G1qbkeAiVn8CtGoC9TbrkIH99IlGn3E+CX
b4y4LgGXB8hn9BBUMaWsx929RIgBUuqWb7B1AgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQU7WwLFCBZ41lT3N2IQ7/4+pAuc0cwHwYDVR0jBBgwFoAUlO/3OS4e3BIl/Ez7
j6tuthep0k0wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjY3
Mi9sT18zT1M0ZTNCSWxfRXo3ajZ0dXRoZXAwazAuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2xPXzNPUzRlM0JJbF9FejdqNnR1dGhlcDBrMC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2NzIvN1d3TEZDQlo0MWxU
M04ySVE3XzQtcEF1YzBjLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHBCQKQMCAADANBgkqhkiG9w0BAQsFAAOCAQEAVH7OUXyZnPRDKVz+Vhu+N/b1
zs5OTf8L6ASZGcb1z6ZrxgI7+X8RtCFiwtYoLhJODaAqGbSox7YmKascR+tBX4Jm
hwVgNJHCS8XAxU8tGlQlCEdjUj0Q7zN5Jr6qs7uowHr+5boIsfgO+dajChTTce5y
OAZ1yA+XHoEmTrYSpZ857+6i62i+RIcKMyH9Bg38SM10DxNiaOIrclT8rJ4HAVrd
78lu0UxL4Id93GoAu+4556YgVm1gVVexnTF/PTFiH6jKTdt1biyMmf2EF/w9Gu7s
yhEZBE5LdIbui0yci0L6WxiRvWlvhOTCZmvN41NAOWa98apcH0PVkImFH7E91g==
-----END CERTIFICATE-----
Generated at Wed Jun 11 02:06:35 2025 by rpki-client