Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2672/V2xr4_DkefRu6i66VOdhA0FFA10.roa
File:                     V2xr4_DkefRu6i66VOdhA0FFA10.roa (raw, json)
Hash identifier:          iF3CORPR/sQ2f38h6ehaSeXGFHowiAYEU7Oz0xvt35o=
Subject key identifier:   57:6C:6B:E3:F0:E4:79:F4:6E:EA:2E:BA:54:E7:61:03:41:45:03:5D
Certificate issuer:       /CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
Certificate serial:       F6
Authority key identifier: 94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/V2xr4_DkefRu6i66VOdhA0FFA10.roa
Signing time:             Fri 06 Jun 2025 02:54:38 +0000
ROA not before:           Fri 06 Jun 2025 02:54:38 +0000
ROA not after:            Wed 27 May 2026 07:38:41 +0000
asID:                     56048
IP address blocks:        240a:4020:83a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 12 Jun 2025 05:11:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 246 (0xf6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
        Validity
            Not Before: Jun  6 02:54:38 2025 GMT
            Not After : May 27 07:38:41 2026 GMT
        Subject: CN=576C6BE3F0E479F46EEA2EBA54E761034145035D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:5a:4c:90:64:b0:a0:a0:4e:3f:04:9f:67:b9:
                    7e:73:ed:a8:b6:b3:d4:5b:7b:a7:be:60:78:59:a7:
                    84:4e:ff:65:ab:11:6d:35:90:1e:17:e2:46:51:54:
                    40:43:39:16:aa:29:f1:25:81:8b:fb:66:10:67:c4:
                    9d:2a:24:bd:a5:04:f2:1f:f8:d1:a3:61:f2:f1:1b:
                    2f:46:76:46:dd:69:50:0a:fd:fc:e8:f4:49:1e:3b:
                    05:9f:f8:21:a9:79:4d:bf:aa:01:49:d9:cd:8a:90:
                    af:67:6c:06:30:72:2b:ac:c1:d4:37:32:4d:6f:5b:
                    bd:aa:17:fc:ac:8c:5a:06:4d:32:68:a9:bb:1a:e5:
                    5c:e9:84:41:9e:30:51:7d:33:b5:73:94:db:6b:6e:
                    62:7a:60:99:8a:df:8b:f6:c5:cb:6f:fa:a1:24:ed:
                    86:7b:64:f3:b2:94:5b:db:1f:be:97:2c:c7:ce:cf:
                    03:2c:cf:d2:0c:33:7b:d9:c5:ad:c2:1e:98:f2:ca:
                    a7:82:91:08:ec:61:17:2c:93:b3:93:57:98:80:62:
                    37:28:b9:a0:6d:eb:f3:34:b4:a0:09:4c:12:33:bd:
                    52:da:76:d7:4a:e1:5b:1a:52:39:8a:1b:ee:a8:9e:
                    63:fa:1e:70:08:19:d6:43:b9:d0:fd:a1:b3:93:2b:
                    af:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:6C:6B:E3:F0:E4:79:F4:6E:EA:2E:BA:54:E7:61:03:41:45:03:5D
            X509v3 Authority Key Identifier:
                keyid:94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/V2xr4_DkefRu6i66VOdhA0FFA10.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:4020:83a::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:e5:6f:43:5e:0c:68:c7:70:c6:9d:ff:b6:0e:5a:8e:96:42:
         c6:00:19:fd:b5:8b:ce:2f:39:c4:6a:96:66:5e:23:54:e5:26:
         aa:c4:52:3a:ee:3c:75:78:95:cc:a5:05:5d:d3:e0:4e:52:ae:
         3b:94:e6:16:a5:de:4c:19:6c:19:3a:31:5e:73:6e:33:b0:bb:
         0e:9a:4c:94:a3:2b:09:77:e1:a4:54:f3:15:23:55:8e:6f:25:
         aa:6e:38:8c:93:3a:ff:3f:61:7a:3d:9d:f2:84:7e:05:31:81:
         95:ae:59:1a:23:af:9a:44:54:b7:4c:0e:ed:a5:66:1f:58:be:
         1a:4e:7e:fb:05:0d:9b:a6:56:99:4b:53:c8:1e:0d:02:18:67:
         a2:0e:7e:45:fc:ee:f2:1f:73:ff:0a:d1:e5:ff:a5:fa:e2:a0:
         49:aa:a8:18:79:0b:98:94:7f:86:47:e3:c6:b9:c1:ae:49:3d:
         4d:a9:1f:05:63:8a:72:26:1b:36:9e:54:4f:f4:9e:cb:28:5c:
         eb:c1:54:30:2a:f8:75:f9:78:17:1b:cb:ef:6f:4b:de:42:51:
         c7:a7:1a:3a:dc:d8:0a:56:e7:33:36:9a:26:52:99:da:04:de:
         4e:1e:67:ed:b4:4a:9b:eb:7d:dd:cd:46:6e:6a:44:c7:a2:0f:
         dc:a6:a7:be
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICAPYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOTRF
RkY3MzkyRTFFREMxMjI1RkM0Q0ZCOEZBQjZFQjYxN0E5RDI0RDAeFw0yNTA2MDYw
MjU0MzhaFw0yNjA1MjcwNzM4NDFaMDMxMTAvBgNVBAMTKDU3NkM2QkUzRjBFNDc5
RjQ2RUVBMkVCQTU0RTc2MTAzNDE0NTAzNUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDrWkyQZLCgoE4/BJ9nuX5z7ai2s9Rbe6e+YHhZp4RO/2WrEW01
kB4X4kZRVEBDORaqKfElgYv7ZhBnxJ0qJL2lBPIf+NGjYfLxGy9GdkbdaVAK/fzo
9EkeOwWf+CGpeU2/qgFJ2c2KkK9nbAYwciuswdQ3Mk1vW72qF/ysjFoGTTJoqbsa
5VzphEGeMFF9M7VzlNtrbmJ6YJmK34v2xctv+qEk7YZ7ZPOylFvbH76XLMfOzwMs
z9IMM3vZxa3CHpjyyqeCkQjsYRcsk7OTV5iAYjcouaBt6/M0tKAJTBIzvVLadtdK
4VsaUjmKG+6onmP6HnAIGdZDudD9obOTK68/AgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQUV2xr4/DkefRu6i66VOdhA0FFA10wHwYDVR0jBBgwFoAUlO/3OS4e3BIl/Ez7
j6tuthep0k0wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjY3
Mi9sT18zT1M0ZTNCSWxfRXo3ajZ0dXRoZXAwazAuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2xPXzNPUzRlM0JJbF9FejdqNnR1dGhlcDBrMC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2NzIvVjJ4cjRfRGtlZlJ1
Nmk2NlZPZGhBMEZGQTEwLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACQKQCAIOjANBgkqhkiG9w0BAQsFAAOCAQEAN+VvQ14MaMdwxp3/tg5ajpZC
xgAZ/bWLzi85xGqWZl4jVOUmqsRSOu48dXiVzKUFXdPgTlKuO5TmFqXeTBlsGTox
XnNuM7C7DppMlKMrCXfhpFTzFSNVjm8lqm44jJM6/z9hej2d8oR+BTGBla5ZGiOv
mkRUt0wO7aVmH1i+Gk5++wUNm6ZWmUtTyB4NAhhnog5+Rfzu8h9z/wrR5f+l+uKg
SaqoGHkLmJR/hkfjxrnBrkk9TakfBWOKciYbNp5UT/Seyyhc68FUMCr4dfl4FxvL
729L3kJRx6caOtzYClbnMzaaJlKZ2gTeTh5n7bRKm+t93c1GbmpEx6IP3Kanvg==
-----END CERTIFICATE-----
Generated at Thu Jun 12 05:05:34 2025 by rpki-client