Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2672/PN7wo8SQkgb-XuuG3kB5Tzb489M.roa
File:                     PN7wo8SQkgb-XuuG3kB5Tzb489M.roa (raw, json)
Hash identifier:          Ez2jVLukwVkWAEkHy65Jk4TbkzoTWUA8W8uXtyV2zdU=
Subject key identifier:   3C:DE:F0:A3:C4:90:92:06:FE:5E:EB:86:DE:40:79:4F:36:F8:F3:D3
Certificate issuer:       /CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
Certificate serial:       AD
Authority key identifier: 94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/PN7wo8SQkgb-XuuG3kB5Tzb489M.roa
Signing time:             Fri 06 Jun 2025 02:21:23 +0000
ROA not before:           Fri 06 Jun 2025 02:21:23 +0000
ROA not after:            Wed 27 May 2026 07:38:41 +0000
asID:                     38019
IP address blocks:        240a:40c0:a010::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 12 Jun 2025 08:09:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 173 (0xad)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
        Validity
            Not Before: Jun  6 02:21:23 2025 GMT
            Not After : May 27 07:38:41 2026 GMT
        Subject: CN=3CDEF0A3C4909206FE5EEB86DE40794F36F8F3D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:65:a6:c1:cc:3d:06:d1:6f:03:f1:ba:8b:05:
                    6d:16:1a:4e:ca:c9:70:61:62:a3:e0:8a:32:52:d2:
                    73:2b:1a:41:2a:9c:a9:0c:c9:3f:37:52:cd:c7:75:
                    6d:be:fc:de:c3:11:6b:3e:d4:3e:0f:d8:81:9e:c4:
                    b2:1b:d4:01:e6:9a:f7:38:8b:ca:4e:c6:6d:34:5c:
                    ce:90:8f:c1:2f:0c:17:51:12:8d:c5:5e:32:07:71:
                    83:db:8b:bf:03:0d:84:28:5f:35:74:f7:e6:19:13:
                    7e:8b:e2:7b:79:bd:c8:7c:94:91:b6:87:e0:de:96:
                    aa:62:f4:e4:06:77:3f:22:a3:42:e6:8f:b9:43:f4:
                    40:eb:45:76:3c:ef:70:f7:74:45:f7:4c:cb:61:3e:
                    f2:8e:4a:c9:4d:7d:b7:55:15:f2:93:98:ef:8f:49:
                    84:76:dd:c0:57:d5:ad:f0:a5:4f:9c:cd:71:46:be:
                    87:92:09:4d:8b:e1:20:44:87:4f:c7:de:fe:37:10:
                    5a:dd:ad:e8:f9:18:c6:32:36:98:22:8b:de:50:14:
                    1a:5b:96:a6:4d:05:d4:7f:54:78:a5:72:aa:82:48:
                    9a:ec:f6:ad:95:4b:77:01:be:8d:80:60:71:3c:58:
                    6a:0b:19:ed:75:8a:07:a8:49:86:0a:f9:74:4e:86:
                    7a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:DE:F0:A3:C4:90:92:06:FE:5E:EB:86:DE:40:79:4F:36:F8:F3:D3
            X509v3 Authority Key Identifier:
                keyid:94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/PN7wo8SQkgb-XuuG3kB5Tzb489M.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:40c0:a010::/44

    Signature Algorithm: sha256WithRSAEncryption
         a9:3f:ea:fd:f5:aa:15:55:ab:17:25:ee:58:05:73:c6:e7:36:
         13:10:e3:7a:ae:2a:48:47:6e:c0:f4:d4:b7:d1:9e:62:4c:07:
         34:6f:26:5c:12:cb:07:92:bf:4d:f3:b2:f8:6e:a5:0f:90:2b:
         20:12:17:f5:cb:a5:76:ea:25:65:ea:e4:a4:c2:95:42:b1:0d:
         ed:05:c9:07:fb:89:ec:ff:eb:ff:31:56:c3:9b:c1:6d:b1:bf:
         27:5b:6d:d9:9a:f9:77:ba:73:b5:31:52:d4:c1:a2:8a:35:5e:
         92:8a:de:ac:e9:63:2e:b9:ef:a9:3d:a4:b5:83:0b:76:52:04:
         37:43:60:ef:09:c2:69:97:d3:1d:8d:7f:64:02:57:e7:61:f6:
         13:dc:52:cd:a0:bc:36:d2:f2:b0:43:f9:26:8e:cd:f1:91:5f:
         c7:67:b9:27:ac:20:45:49:24:23:7a:d0:99:04:43:6b:49:a0:
         8e:cb:b8:5b:11:4b:ec:44:b7:0d:21:3e:56:fa:a3:c0:94:76:
         e4:ae:df:bd:f8:03:db:db:14:ee:25:60:d2:02:5e:1c:de:fc:
         bc:4f:be:f1:45:ab:19:9f:c2:fe:37:ed:3d:3e:51:01:92:b3:
         e9:1b:2c:15:1c:b3:63:ec:71:88:a9:b4:b1:df:65:ff:da:86:
         de:11:b1:52
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICAK0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOTRF
RkY3MzkyRTFFREMxMjI1RkM0Q0ZCOEZBQjZFQjYxN0E5RDI0RDAeFw0yNTA2MDYw
MjIxMjNaFw0yNjA1MjcwNzM4NDFaMDMxMTAvBgNVBAMTKDNDREVGMEEzQzQ5MDky
MDZGRTVFRUI4NkRFNDA3OTRGMzZGOEYzRDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDrZabBzD0G0W8D8bqLBW0WGk7KyXBhYqPgijJS0nMrGkEqnKkM
yT83Us3HdW2+/N7DEWs+1D4P2IGexLIb1AHmmvc4i8pOxm00XM6Qj8EvDBdREo3F
XjIHcYPbi78DDYQoXzV09+YZE36L4nt5vch8lJG2h+Delqpi9OQGdz8io0Lmj7lD
9EDrRXY873D3dEX3TMthPvKOSslNfbdVFfKTmO+PSYR23cBX1a3wpU+czXFGvoeS
CU2L4SBEh0/H3v43EFrdrej5GMYyNpgii95QFBpblqZNBdR/VHilcqqCSJrs9q2V
S3cBvo2AYHE8WGoLGe11igeoSYYK+XROhnqtAgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQUPN7wo8SQkgb+XuuG3kB5Tzb489MwHwYDVR0jBBgwFoAUlO/3OS4e3BIl/Ez7
j6tuthep0k0wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjY3
Mi9sT18zT1M0ZTNCSWxfRXo3ajZ0dXRoZXAwazAuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2xPXzNPUzRlM0JJbF9FejdqNnR1dGhlcDBrMC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2NzIvUE43d284U1FrZ2It
WHV1RzNrQjVUemI0ODlNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHBCQKQMCgEDANBgkqhkiG9w0BAQsFAAOCAQEAqT/q/fWqFVWrFyXuWAVzxuc2
ExDjeq4qSEduwPTUt9GeYkwHNG8mXBLLB5K/TfOy+G6lD5ArIBIX9culduolZerk
pMKVQrEN7QXJB/uJ7P/r/zFWw5vBbbG/J1tt2Zr5d7pztTFS1MGiijVekorerOlj
LrnvqT2ktYMLdlIEN0Ng7wnCaZfTHY1/ZAJX52H2E9xSzaC8NtLysEP5Jo7N8ZFf
x2e5J6wgRUkkI3rQmQRDa0mgjsu4WxFL7ES3DSE+VvqjwJR25K7fvfgD29sU7iVg
0gJeHN78vE++8UWrGZ/C/jftPT5RAZKz6RssFRyzY+xxiKm0sd9l/9qG3hGxUg==
-----END CERTIFICATE-----
Generated at Thu Jun 12 07:50:12 2025 by rpki-client