Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2672/aucmEmxoJef5jFCZ8UOY5YSLwpw.roa
File:                     aucmEmxoJef5jFCZ8UOY5YSLwpw.roa (raw, json)
Hash identifier:          hnurYXQgqCTg8CNBnDfmZFkE6fbxM+AISqTyE7LIsfE=
Subject key identifier:   6A:E7:26:12:6C:68:25:E7:F9:8C:50:99:F1:43:98:E5:84:8B:C2:9C
Certificate issuer:       /CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
Certificate serial:       9A
Authority key identifier: 94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/aucmEmxoJef5jFCZ8UOY5YSLwpw.roa
Signing time:             Fri 06 Jun 2025 01:44:56 +0000
ROA not before:           Fri 06 Jun 2025 01:44:56 +0000
ROA not after:            Wed 27 May 2026 07:38:41 +0000
asID:                     24445
IP address blocks:        240a:42be::/31 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 10 Jun 2025 08:39:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 154 (0x9a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
        Validity
            Not Before: Jun  6 01:44:56 2025 GMT
            Not After : May 27 07:38:41 2026 GMT
        Subject: CN=6AE726126C6825E7F98C5099F14398E5848BC29C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:93:0a:2e:32:37:6d:cf:4e:4c:28:ac:7f:ee:
                    ed:ad:e8:7c:d6:f7:a4:ca:ed:1b:42:41:3b:17:6c:
                    04:c7:8b:13:38:ff:21:26:28:06:cb:4d:76:2e:65:
                    8f:53:e3:0f:ee:7a:ee:8c:88:7e:ae:a1:fb:65:a3:
                    8f:93:7c:fa:85:b0:90:d6:10:23:81:a6:a2:23:3e:
                    7c:54:9a:0a:bd:b4:a9:7e:a4:1d:65:6e:b5:1c:3a:
                    5f:b6:86:79:af:f0:32:ca:41:58:ab:3b:ed:73:f1:
                    1c:a5:32:19:66:bb:bd:f7:35:48:77:e5:ad:0c:9f:
                    df:1d:d9:71:50:27:cd:55:eb:03:50:a5:61:05:d2:
                    c7:f0:75:88:5a:70:00:9a:9c:85:f6:0b:12:1b:43:
                    6d:e8:3c:3d:7f:bc:a6:b2:67:c6:f1:c6:03:c5:3d:
                    64:3f:a3:70:a3:fb:b3:f6:f7:31:f1:87:af:69:cd:
                    db:98:45:83:16:88:d6:34:90:c3:c0:ca:e4:bd:21:
                    ca:f3:a5:31:d0:c7:d9:d2:5c:7a:6d:6a:cd:3f:5a:
                    46:2b:9e:3e:30:50:70:3b:29:2d:37:18:15:f9:d3:
                    b0:e0:03:9e:22:3d:66:ec:44:1b:cd:fb:3d:13:4c:
                    a7:63:cc:6e:bd:b1:37:6a:0f:1e:bd:dd:cc:1a:09:
                    77:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:E7:26:12:6C:68:25:E7:F9:8C:50:99:F1:43:98:E5:84:8B:C2:9C
            X509v3 Authority Key Identifier:
                keyid:94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/aucmEmxoJef5jFCZ8UOY5YSLwpw.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:42be::/31

    Signature Algorithm: sha256WithRSAEncryption
         12:bf:5f:60:a9:a5:c8:68:95:fe:6d:98:ca:09:fd:05:d9:56:
         6c:14:42:d7:8c:d6:fb:3b:c2:8d:45:01:e7:a2:8a:54:66:84:
         17:74:c0:b8:3e:d0:02:24:e6:e0:aa:99:4d:0d:6f:f6:7a:df:
         62:bd:9d:12:0b:6d:a0:fa:5b:61:cd:c0:34:84:b3:0b:e4:0c:
         b0:d7:43:54:e7:b3:6b:69:2e:e0:92:b2:07:dc:ef:86:1b:0b:
         47:47:a2:11:6c:0c:22:af:9b:66:c2:38:df:84:7c:56:77:0a:
         54:bc:f2:8e:b9:0f:40:46:57:2f:19:fc:c0:fa:85:3f:01:3b:
         70:9a:42:db:0c:39:08:76:9c:7c:74:78:00:a0:6a:44:6c:d8:
         70:fc:ca:6b:b0:01:ff:ef:ad:55:3e:22:c5:51:b2:39:85:03:
         d7:99:e2:cc:c7:ff:24:c1:ad:e7:b3:11:23:da:74:a3:b4:a5:
         6c:6f:6a:6d:9b:d2:e1:33:93:6c:bd:e1:14:7a:e3:f6:ec:77:
         9c:4c:e7:4a:df:b9:fb:48:9f:14:fb:22:81:19:ba:93:0d:dd:
         02:c8:89:e4:27:4d:ad:3c:f0:a3:9b:6e:b7:85:86:fd:c4:0d:
         05:c0:68:7f:07:da:90:92:ce:13:86:06:4c:23:05:11:a2:c0:
         5f:9c:32:ff
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICAJowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOTRF
RkY3MzkyRTFFREMxMjI1RkM0Q0ZCOEZBQjZFQjYxN0E5RDI0RDAeFw0yNTA2MDYw
MTQ0NTZaFw0yNjA1MjcwNzM4NDFaMDMxMTAvBgNVBAMTKDZBRTcyNjEyNkM2ODI1
RTdGOThDNTA5OUYxNDM5OEU1ODQ4QkMyOUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMkwouMjdtz05MKKx/7u2t6HzW96TK7RtCQTsXbATHixM4/yEm
KAbLTXYuZY9T4w/ueu6MiH6uoftlo4+TfPqFsJDWECOBpqIjPnxUmgq9tKl+pB1l
brUcOl+2hnmv8DLKQVirO+1z8RylMhlmu733NUh35a0Mn98d2XFQJ81V6wNQpWEF
0sfwdYhacACanIX2CxIbQ23oPD1/vKayZ8bxxgPFPWQ/o3Cj+7P29zHxh69pzduY
RYMWiNY0kMPAyuS9IcrzpTHQx9nSXHptas0/WkYrnj4wUHA7KS03GBX507DgA54i
PWbsRBvN+z0TTKdjzG69sTdqDx693cwaCXelAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUaucmEmxoJef5jFCZ8UOY5YSLwpwwHwYDVR0jBBgwFoAUlO/3OS4e3BIl/Ez7
j6tuthep0k0wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjY3
Mi9sT18zT1M0ZTNCSWxfRXo3ajZ0dXRoZXAwazAuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2xPXzNPUzRlM0JJbF9FejdqNnR1dGhlcDBrMC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2NzIvYXVjbUVteG9KZWY1
akZDWjhVT1k1WVNMd3B3LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFASQKQr4wDQYJKoZIhvcNAQELBQADggEBABK/X2Cppcholf5tmMoJ/QXZVmwU
QteM1vs7wo1FAeeiilRmhBd0wLg+0AIk5uCqmU0Nb/Z632K9nRILbaD6W2HNwDSE
swvkDLDXQ1Tns2tpLuCSsgfc74YbC0dHohFsDCKvm2bCON+EfFZ3ClS88o65D0BG
Vy8Z/MD6hT8BO3CaQtsMOQh2nHx0eACgakRs2HD8ymuwAf/vrVU+IsVRsjmFA9eZ
4szH/yTBreezESPadKO0pWxvam2b0uEzk2y94RR64/bsd5xM50rfuftInxT7IoEZ
upMN3QLIieQnTa088KObbreFhv3EDQXAaH8H2pCSzhOGBkwjBRGiwF+cMv8=
-----END CERTIFICATE-----
Generated at Tue Jun 10 06:50:29 2025 by rpki-client