Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2672/ZxMsfSySmo73F-9ChoECfq-KE3Y.roa
File:                     ZxMsfSySmo73F-9ChoECfq-KE3Y.roa (raw, json)
Hash identifier:          SkasEgwz5WCZ2TqKJciII9uEnCirfXPBtoV99vCbYgg=
Subject key identifier:   67:13:2C:7D:2C:92:9A:8E:F7:17:EF:42:86:81:02:7E:AF:8A:13:76
Certificate issuer:       /CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
Certificate serial:       C2
Authority key identifier: 94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/ZxMsfSySmo73F-9ChoECfq-KE3Y.roa
Signing time:             Fri 06 Jun 2025 02:29:17 +0000
ROA not before:           Fri 06 Jun 2025 02:29:17 +0000
ROA not after:            Wed 27 May 2026 07:38:41 +0000
asID:                     56046
IP address blocks:        240a:40c1:a010::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 11 Jun 2025 03:39:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 194 (0xc2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
        Validity
            Not Before: Jun  6 02:29:17 2025 GMT
            Not After : May 27 07:38:41 2026 GMT
        Subject: CN=67132C7D2C929A8EF717EF428681027EAF8A1376
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:fc:3c:9a:21:24:3b:63:68:4e:49:27:94:8f:
                    e0:f9:04:4f:b6:26:22:c5:83:6c:56:4d:0f:da:48:
                    02:56:28:34:8e:50:95:59:f0:52:32:1a:85:85:b4:
                    c0:eb:fc:ea:6f:b8:37:90:62:78:cf:ef:af:cb:f9:
                    62:d5:e5:75:4d:90:9e:b3:78:2c:aa:17:2d:c2:05:
                    ed:49:09:71:48:f7:e4:78:19:72:17:06:b7:c2:40:
                    78:f5:47:c9:57:c1:52:14:52:b3:01:1f:50:19:cc:
                    46:4d:3f:07:c0:12:82:62:a8:a2:e2:96:d6:50:11:
                    40:ba:b5:6f:d8:84:b4:a4:09:fb:28:80:3b:dc:10:
                    fc:33:46:7f:05:15:1d:78:aa:d0:c7:ec:ac:26:4b:
                    89:a0:69:fc:d2:c8:aa:bd:76:79:d5:01:4b:54:34:
                    7d:c5:ec:24:f2:ef:28:3e:7b:93:de:59:87:3e:20:
                    98:78:32:87:0e:d0:3f:05:87:d9:3f:1d:ea:cb:e6:
                    d2:d4:c7:ca:31:31:fc:7b:5e:65:ea:90:e3:4e:cc:
                    7a:32:d7:fd:39:dd:fa:c0:54:36:a5:8d:dc:a9:f8:
                    7e:fa:07:d0:b1:05:52:a7:87:b7:48:b9:d6:a2:c7:
                    ac:d1:c2:e5:c0:0b:8d:df:7a:0f:23:c9:d2:e8:7d:
                    af:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:13:2C:7D:2C:92:9A:8E:F7:17:EF:42:86:81:02:7E:AF:8A:13:76
            X509v3 Authority Key Identifier:
                keyid:94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/ZxMsfSySmo73F-9ChoECfq-KE3Y.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:40c1:a010::/44

    Signature Algorithm: sha256WithRSAEncryption
         1d:00:d3:24:b9:6c:48:b4:ec:9e:c2:b9:cf:15:f9:be:c4:30:
         6a:f9:8f:7b:0c:73:7c:51:bc:4f:15:ac:d3:fb:09:96:7b:7d:
         1c:6f:1d:d7:93:85:e1:2d:5b:9b:a2:65:05:c4:51:6a:24:1f:
         6b:cf:ff:e1:96:2b:5d:50:40:bf:34:49:08:89:f1:6c:7a:69:
         e7:7e:39:fb:8b:be:40:03:b0:b7:97:79:8e:b5:07:06:d3:96:
         6b:19:27:52:8f:ca:c4:f1:52:9b:ec:86:eb:d3:27:1f:74:05:
         25:cb:63:cd:97:c7:cc:d8:ec:b0:4e:33:61:83:82:09:6a:69:
         34:01:38:b1:f2:79:7c:84:e1:b1:05:64:9b:07:52:87:ba:54:
         1b:7a:f8:47:03:74:10:50:03:c3:51:1e:5c:07:c8:1b:a6:fa:
         a2:7b:ec:df:4f:27:28:59:88:0b:16:7a:fe:6b:9d:b7:51:93:
         48:8f:f3:b2:fb:72:0e:56:5e:58:31:cc:9c:b0:ed:01:cc:cb:
         b0:a6:96:7a:be:32:96:90:69:3d:87:d8:43:26:0d:4f:f5:f9:
         d1:82:21:dc:55:42:3b:8c:23:cd:80:7e:44:2f:5c:51:fc:6e:
         e0:dc:65:5e:2f:67:b3:62:d2:4c:c4:07:72:67:cf:17:34:48:
         7f:ec:69:6c
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICAMIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOTRF
RkY3MzkyRTFFREMxMjI1RkM0Q0ZCOEZBQjZFQjYxN0E5RDI0RDAeFw0yNTA2MDYw
MjI5MTdaFw0yNjA1MjcwNzM4NDFaMDMxMTAvBgNVBAMTKDY3MTMyQzdEMkM5MjlB
OEVGNzE3RUY0Mjg2ODEwMjdFQUY4QTEzNzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCa/DyaISQ7Y2hOSSeUj+D5BE+2JiLFg2xWTQ/aSAJWKDSOUJVZ
8FIyGoWFtMDr/OpvuDeQYnjP76/L+WLV5XVNkJ6zeCyqFy3CBe1JCXFI9+R4GXIX
BrfCQHj1R8lXwVIUUrMBH1AZzEZNPwfAEoJiqKLiltZQEUC6tW/YhLSkCfsogDvc
EPwzRn8FFR14qtDH7KwmS4mgafzSyKq9dnnVAUtUNH3F7CTy7yg+e5PeWYc+IJh4
MocO0D8Fh9k/HerL5tLUx8oxMfx7XmXqkONOzHoy1/053frAVDaljdyp+H76B9Cx
BVKnh7dIudaix6zRwuXAC43feg8jydLofa8XAgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQUZxMsfSySmo73F+9ChoECfq+KE3YwHwYDVR0jBBgwFoAUlO/3OS4e3BIl/Ez7
j6tuthep0k0wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjY3
Mi9sT18zT1M0ZTNCSWxfRXo3ajZ0dXRoZXAwazAuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2xPXzNPUzRlM0JJbF9FejdqNnR1dGhlcDBrMC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2NzIvWnhNc2ZTeVNtbzcz
Ri05Q2hvRUNmcS1LRTNZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHBCQKQMGgEDANBgkqhkiG9w0BAQsFAAOCAQEAHQDTJLlsSLTsnsK5zxX5vsQw
avmPewxzfFG8TxWs0/sJlnt9HG8d15OF4S1bm6JlBcRRaiQfa8//4ZYrXVBAvzRJ
CInxbHpp5345+4u+QAOwt5d5jrUHBtOWaxknUo/KxPFSm+yG69MnH3QFJctjzZfH
zNjssE4zYYOCCWppNAE4sfJ5fIThsQVkmwdSh7pUG3r4RwN0EFADw1EeXAfIG6b6
onvs308nKFmICxZ6/mudt1GTSI/zsvtyDlZeWDHMnLDtAczLsKaWer4ylpBpPYfY
QyYNT/X50YIh3FVCO4wjzYB+RC9cUfxu4NxlXi9ns2LSTMQHcmfPFzRIf+xpbA==
-----END CERTIFICATE-----
Generated at Wed Jun 11 01:59:16 2025 by rpki-client