Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2672/Vlrc3VwsFq3lzxFN9l-4fyj4WTA.roa
File:                     Vlrc3VwsFq3lzxFN9l-4fyj4WTA.roa (raw, json)
Hash identifier:          1oh8lxYnDbdqP/ARiql5+PlQgRVfOHzQZ3IiOtBLaQM=
Subject key identifier:   56:5A:DC:DD:5C:2C:16:AD:E5:CF:11:4D:F6:5F:B8:7F:28:F8:59:30
Certificate issuer:       /CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
Certificate serial:       D0
Authority key identifier: 94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/Vlrc3VwsFq3lzxFN9l-4fyj4WTA.roa
Signing time:             Fri 06 Jun 2025 02:32:43 +0000
ROA not before:           Fri 06 Jun 2025 02:32:43 +0000
ROA not after:            Wed 27 May 2026 07:38:41 +0000
asID:                     132525
IP address blocks:        240a:40c1:6000::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 10 Jun 2025 08:39:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 208 (0xd0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
        Validity
            Not Before: Jun  6 02:32:43 2025 GMT
            Not After : May 27 07:38:41 2026 GMT
        Subject: CN=565ADCDD5C2C16ADE5CF114DF65FB87F28F85930
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4f:38:8f:2f:ad:8c:d4:12:5b:29:55:9f:c0:
                    23:95:7e:6f:11:1e:43:bc:0c:e6:13:31:9a:94:19:
                    b3:ee:e4:8f:3d:ee:03:ca:85:3f:cb:5b:26:76:40:
                    59:1a:bd:ef:dd:51:de:dc:63:5b:f7:c8:0b:41:48:
                    cf:0c:f3:9d:fe:25:50:94:b0:32:bd:34:60:bf:e8:
                    88:97:5a:88:3d:be:dc:66:2c:69:3a:86:c5:ac:fe:
                    cc:0d:ce:86:90:32:40:63:d7:f3:2c:17:be:8a:6e:
                    87:40:4f:59:80:9d:44:d0:fe:44:6f:34:6d:fe:55:
                    12:64:d7:a1:12:b3:91:82:6b:1c:9e:01:24:9c:89:
                    da:05:b9:9b:7e:e4:e3:8b:d0:c6:6f:6e:97:23:74:
                    b7:40:73:f2:3e:e0:c3:24:a4:3a:17:91:32:f9:c8:
                    4c:79:8e:2e:4e:92:26:cc:f5:3c:c3:f0:9a:0d:91:
                    14:b2:d9:d4:98:4b:1d:86:c9:92:97:a9:59:13:0d:
                    14:13:d1:ee:ec:3a:53:0a:b4:23:15:47:b0:2f:f0:
                    5f:75:29:9d:7e:4e:4c:cc:f1:a7:88:72:36:57:a2:
                    26:2a:4f:ce:57:94:45:98:eb:86:fb:28:b2:04:a1:
                    8e:94:26:8c:e8:28:25:b5:1a:ae:77:70:7a:fb:d9:
                    24:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:5A:DC:DD:5C:2C:16:AD:E5:CF:11:4D:F6:5F:B8:7F:28:F8:59:30
            X509v3 Authority Key Identifier:
                keyid:94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/Vlrc3VwsFq3lzxFN9l-4fyj4WTA.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:40c1:6000::/44

    Signature Algorithm: sha256WithRSAEncryption
         4e:40:96:da:37:85:c2:2c:ea:30:ab:8e:6f:ea:00:61:b3:b9:
         df:39:65:61:8e:54:7f:63:d1:31:c3:03:31:ac:80:e1:16:e2:
         bd:4d:fa:ae:68:1a:3a:9a:31:61:6c:07:6b:c2:fb:b4:9d:85:
         cb:d3:f8:90:dc:63:4f:7e:31:48:c5:1e:af:e9:24:7d:ee:74:
         28:a8:d7:d3:8f:22:0b:f4:e1:05:11:d1:ca:8c:b9:25:64:b0:
         7f:40:4b:0d:0f:04:71:9f:ff:99:7f:24:f9:81:96:17:f3:07:
         e1:a5:28:1d:fa:fe:64:b8:c0:f7:3c:20:95:4a:20:e9:d9:10:
         ab:4f:8c:41:6f:04:dc:17:fb:c8:23:eb:3a:59:00:96:d6:10:
         18:89:2f:c3:fe:23:6b:b4:80:aa:d8:1c:f6:96:61:d9:07:a6:
         8e:21:c6:99:34:ed:02:7e:8f:f2:78:e3:d2:25:af:73:2e:43:
         e2:db:ea:1d:6f:a6:db:00:ac:30:4b:23:08:41:cd:3c:09:c4:
         24:3c:8c:e8:9b:e3:eb:79:7a:de:b7:7d:9f:bb:4f:37:e9:20:
         66:32:cc:7c:25:4b:35:9a:96:4f:25:6d:80:53:15:57:f8:33:
         dc:28:81:ab:d1:f2:95:7a:50:b9:51:81:06:9a:16:1b:b2:8a:
         e5:e1:88:a4
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICANAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOTRF
RkY3MzkyRTFFREMxMjI1RkM0Q0ZCOEZBQjZFQjYxN0E5RDI0RDAeFw0yNTA2MDYw
MjMyNDNaFw0yNjA1MjcwNzM4NDFaMDMxMTAvBgNVBAMTKDU2NUFEQ0RENUMyQzE2
QURFNUNGMTE0REY2NUZCODdGMjhGODU5MzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCWTziPL62M1BJbKVWfwCOVfm8RHkO8DOYTMZqUGbPu5I897gPK
hT/LWyZ2QFkave/dUd7cY1v3yAtBSM8M853+JVCUsDK9NGC/6IiXWog9vtxmLGk6
hsWs/swNzoaQMkBj1/MsF76KbodAT1mAnUTQ/kRvNG3+VRJk16ESs5GCaxyeASSc
idoFuZt+5OOL0MZvbpcjdLdAc/I+4MMkpDoXkTL5yEx5ji5OkibM9TzD8JoNkRSy
2dSYSx2GyZKXqVkTDRQT0e7sOlMKtCMVR7Av8F91KZ1+TkzM8aeIcjZXoiYqT85X
lEWY64b7KLIEoY6UJozoKCW1Gq53cHr72SQNAgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQUVlrc3VwsFq3lzxFN9l+4fyj4WTAwHwYDVR0jBBgwFoAUlO/3OS4e3BIl/Ez7
j6tuthep0k0wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjY3
Mi9sT18zT1M0ZTNCSWxfRXo3ajZ0dXRoZXAwazAuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2xPXzNPUzRlM0JJbF9FejdqNnR1dGhlcDBrMC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2NzIvVmxyYzNWd3NGcTNs
enhGTjlsLTRmeWo0V1RBLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHBCQKQMFgADANBgkqhkiG9w0BAQsFAAOCAQEATkCW2jeFwizqMKuOb+oAYbO5
3zllYY5Uf2PRMcMDMayA4RbivU36rmgaOpoxYWwHa8L7tJ2Fy9P4kNxjT34xSMUe
r+kkfe50KKjX048iC/ThBRHRyoy5JWSwf0BLDQ8EcZ//mX8k+YGWF/MH4aUoHfr+
ZLjA9zwglUog6dkQq0+MQW8E3Bf7yCPrOlkAltYQGIkvw/4ja7SAqtgc9pZh2Qem
jiHGmTTtAn6P8njj0iWvcy5D4tvqHW+m2wCsMEsjCEHNPAnEJDyM6Jvj63l63rd9
n7tPN+kgZjLMfCVLNZqWTyVtgFMVV/gz3CiBq9HylXpQuVGBBpoWG7KK5eGIpA==
-----END CERTIFICATE-----
Generated at Tue Jun 10 06:55:30 2025 by rpki-client