Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2672/NoSXkYq9MORIxl9mzDYIjAgS6Xg.roa
File:                     NoSXkYq9MORIxl9mzDYIjAgS6Xg.roa (raw, json)
Hash identifier:          Ee7udWNpZvKUhk5snOyYCVs183AAsgQFz9UI4nY6VeI=
Subject key identifier:   36:84:97:91:8A:BD:30:E4:48:C6:5F:66:CC:36:08:8C:08:12:E9:78
Certificate issuer:       /CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
Certificate serial:       C8
Authority key identifier: 94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/NoSXkYq9MORIxl9mzDYIjAgS6Xg.roa
Signing time:             Fri 06 Jun 2025 02:31:08 +0000
ROA not before:           Fri 06 Jun 2025 02:31:08 +0000
ROA not after:            Wed 27 May 2026 07:38:41 +0000
asID:                     24445
IP address blocks:        240a:40c2:6010::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 12 Jun 2025 08:09:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 200 (0xc8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
        Validity
            Not Before: Jun  6 02:31:08 2025 GMT
            Not After : May 27 07:38:41 2026 GMT
        Subject: CN=368497918ABD30E448C65F66CC36088C0812E978
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:20:d5:21:65:d3:71:33:3d:25:1e:9c:6e:ab:
                    42:8e:fd:13:09:e4:b6:a0:aa:90:8a:28:be:a6:16:
                    09:1d:20:46:95:e9:50:0e:21:87:50:3c:e0:e8:65:
                    c2:ea:12:2c:1b:1b:90:e3:0b:3a:4b:80:2f:99:99:
                    b5:b6:b4:63:d5:6b:11:cd:88:3c:8f:e7:9c:d5:7e:
                    63:86:9e:f6:ec:13:55:9a:bd:6a:6f:fb:86:d0:88:
                    84:79:81:06:64:5e:8a:0d:f1:b3:3c:7f:e1:23:ba:
                    ec:5e:18:ed:01:18:ab:31:25:c4:ea:73:47:9c:c9:
                    69:92:32:42:ac:d3:d8:1e:4a:a1:06:c3:57:18:9b:
                    1d:94:92:7f:47:e1:73:10:4b:53:68:36:84:35:4f:
                    c5:da:a5:f7:c5:ad:99:f9:1b:13:6f:e6:5e:91:bf:
                    0a:32:e2:cd:50:c2:e6:87:4c:41:9f:e6:f7:0e:c2:
                    f8:df:97:58:67:58:c1:a3:6a:c0:b6:58:f6:6d:b8:
                    ec:6c:a5:d4:4b:31:aa:0a:cd:db:8a:db:06:19:40:
                    9c:97:a1:6e:a3:68:c8:a0:de:7e:59:b3:b6:2a:bc:
                    91:f4:bb:07:ce:42:a2:c6:c3:d5:16:44:f5:ea:95:
                    fc:e1:0c:c2:b2:75:7e:17:c9:56:38:b9:2b:1a:df:
                    58:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:84:97:91:8A:BD:30:E4:48:C6:5F:66:CC:36:08:8C:08:12:E9:78
            X509v3 Authority Key Identifier:
                keyid:94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/NoSXkYq9MORIxl9mzDYIjAgS6Xg.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:40c2:6010::/44

    Signature Algorithm: sha256WithRSAEncryption
         be:5c:b8:90:e0:d5:0f:32:60:d5:23:a0:a6:25:bb:5f:f7:53:
         35:46:0e:8e:8e:62:bf:a6:4b:86:c3:5c:97:af:fa:50:8e:2e:
         cf:4c:b9:b3:79:d9:b5:91:50:bd:36:fe:e4:68:0f:eb:a8:e4:
         a0:69:dc:9b:a6:d2:65:7d:3f:ed:4a:ea:27:fe:84:fd:50:ab:
         1c:af:cc:0c:bb:c7:f4:d8:ac:a0:5e:9e:2f:39:03:64:65:d6:
         71:36:f5:8c:33:be:91:81:9d:fc:18:e8:76:ef:03:0b:7e:db:
         ef:5d:da:16:b6:f0:ee:af:82:38:86:63:03:19:ef:5f:b2:98:
         b5:8d:a4:20:80:6b:26:40:2a:93:99:42:da:4a:e7:ef:ff:01:
         8b:d4:d2:1a:08:33:59:66:70:51:07:49:47:d3:8c:bb:a4:ae:
         e6:64:0b:a2:c9:ef:e1:32:0e:85:0a:ba:ab:1d:a8:7a:81:d8:
         60:a0:8d:1d:94:64:34:ae:61:d6:93:5f:e1:62:ac:ed:b6:7d:
         3f:60:22:79:07:19:59:2b:f0:5d:ee:07:38:eb:be:a5:10:5e:
         45:e5:b2:ac:24:45:ab:56:3c:94:51:21:f3:b1:f4:c3:db:27:
         4c:12:19:9a:38:9c:b0:87:dd:50:a1:32:06:33:62:94:89:ff:
         3b:ee:97:ae
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOTRF
RkY3MzkyRTFFREMxMjI1RkM0Q0ZCOEZBQjZFQjYxN0E5RDI0RDAeFw0yNTA2MDYw
MjMxMDhaFw0yNjA1MjcwNzM4NDFaMDMxMTAvBgNVBAMTKDM2ODQ5NzkxOEFCRDMw
RTQ0OEM2NUY2NkNDMzYwODhDMDgxMkU5NzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbINUhZdNxMz0lHpxuq0KO/RMJ5LagqpCKKL6mFgkdIEaV6VAO
IYdQPODoZcLqEiwbG5DjCzpLgC+ZmbW2tGPVaxHNiDyP55zVfmOGnvbsE1WavWpv
+4bQiIR5gQZkXooN8bM8f+EjuuxeGO0BGKsxJcTqc0ecyWmSMkKs09geSqEGw1cY
mx2Ukn9H4XMQS1NoNoQ1T8XapffFrZn5GxNv5l6Rvwoy4s1QwuaHTEGf5vcOwvjf
l1hnWMGjasC2WPZtuOxspdRLMaoKzduK2wYZQJyXoW6jaMig3n5Zs7YqvJH0uwfO
QqLGw9UWRPXqlfzhDMKydX4XyVY4uSsa31jTAgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQUNoSXkYq9MORIxl9mzDYIjAgS6XgwHwYDVR0jBBgwFoAUlO/3OS4e3BIl/Ez7
j6tuthep0k0wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjY3
Mi9sT18zT1M0ZTNCSWxfRXo3ajZ0dXRoZXAwazAuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2xPXzNPUzRlM0JJbF9FejdqNnR1dGhlcDBrMC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2NzIvTm9TWGtZcTlNT1JJ
eGw5bXpEWUlqQWdTNlhnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHBCQKQMJgEDANBgkqhkiG9w0BAQsFAAOCAQEAvly4kODVDzJg1SOgpiW7X/dT
NUYOjo5iv6ZLhsNcl6/6UI4uz0y5s3nZtZFQvTb+5GgP66jkoGncm6bSZX0/7Urq
J/6E/VCrHK/MDLvH9NisoF6eLzkDZGXWcTb1jDO+kYGd/Bjodu8DC37b713aFrbw
7q+COIZjAxnvX7KYtY2kIIBrJkAqk5lC2krn7/8Bi9TSGggzWWZwUQdJR9OMu6Su
5mQLosnv4TIOhQq6qx2oeoHYYKCNHZRkNK5h1pNf4WKs7bZ9P2AieQcZWSvwXe4H
OOu+pRBeReWyrCRFq1Y8lFEh87H0w9snTBIZmjicsIfdUKEyBjNilIn/O+6Xrg==
-----END CERTIFICATE-----
Generated at Thu Jun 12 07:50:23 2025 by rpki-client