Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2672/sZ3QLMDTAwvXCY2PqIVZI0Tg-J0.roa
File:                     sZ3QLMDTAwvXCY2PqIVZI0Tg-J0.roa (raw, json)
Hash identifier:          SpE+Kw+dmjwqbf+oqS1IIuJbUjxOWhBXZtdgXw966Jg=
Subject key identifier:   B1:9D:D0:2C:C0:D3:03:0B:D7:09:8D:8F:A8:85:59:23:44:E0:F8:9D
Certificate issuer:       /CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
Certificate serial:       A9
Authority key identifier: 94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/sZ3QLMDTAwvXCY2PqIVZI0Tg-J0.roa
Signing time:             Fri 06 Jun 2025 02:21:22 +0000
ROA not before:           Fri 06 Jun 2025 02:21:22 +0000
ROA not after:            Wed 27 May 2026 07:38:41 +0000
asID:                     38019
IP address blocks:        240a:40c0:a000::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 14 Jun 2025 03:18:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 169 (0xa9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94EFF7392E1EDC1225FC4CFB8FAB6EB617A9D24D
        Validity
            Not Before: Jun  6 02:21:22 2025 GMT
            Not After : May 27 07:38:41 2026 GMT
        Subject: CN=B19DD02CC0D3030BD7098D8FA885592344E0F89D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:dc:92:9f:4d:76:00:15:d1:dd:4c:1a:5a:bb:
                    db:6a:86:1b:99:ad:e1:46:24:40:e2:d0:21:d3:0a:
                    b7:0c:e9:97:f3:7c:82:4b:1e:a1:08:c0:ca:8a:15:
                    05:fb:49:06:ba:80:34:b1:1b:3d:23:98:70:01:69:
                    bd:3e:f6:b5:a1:19:44:cd:3d:dc:9e:19:2c:c5:fe:
                    09:bb:c7:6d:9b:6b:94:e8:a7:22:d5:ab:b6:62:55:
                    95:ac:8a:0b:94:dd:78:30:d8:ab:eb:0b:b3:88:32:
                    36:37:80:75:84:c8:81:da:2e:f7:a3:4e:60:ec:bf:
                    22:6f:a7:fc:c1:98:49:67:83:b4:1d:21:e5:22:53:
                    0f:de:a7:e9:fa:c2:8e:be:d5:11:66:cd:e9:fd:aa:
                    69:e4:4a:ff:aa:85:8f:20:2a:b0:05:4a:11:67:8f:
                    25:25:ee:d4:08:03:c1:90:d4:4d:81:1e:fe:fb:93:
                    f1:fa:fd:8e:84:e0:f8:71:a0:01:3f:ed:f4:46:3f:
                    a2:d5:4a:a9:01:85:75:bd:ed:39:30:c9:db:d1:15:
                    7d:c7:65:52:6c:e1:45:a1:c3:54:68:24:01:fe:40:
                    27:91:a5:0c:1d:2b:fe:45:71:38:1f:b1:b5:8e:69:
                    da:e9:6d:c8:6d:13:61:5e:a0:2f:22:2b:9a:f8:8a:
                    7b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:9D:D0:2C:C0:D3:03:0B:D7:09:8D:8F:A8:85:59:23:44:E0:F8:9D
            X509v3 Authority Key Identifier:
                keyid:94:EF:F7:39:2E:1E:DC:12:25:FC:4C:FB:8F:AB:6E:B6:17:A9:D2:4D

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/lO_3OS4e3BIl_Ez7j6tuthep0k0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/lO_3OS4e3BIl_Ez7j6tuthep0k0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2672/sZ3QLMDTAwvXCY2PqIVZI0Tg-J0.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:40c0:a000::/44

    Signature Algorithm: sha256WithRSAEncryption
         15:38:3f:00:ac:16:4b:21:3c:ff:7b:b4:62:ad:e5:c5:8f:87:
         ed:6f:97:6d:bf:21:41:83:9c:2f:50:39:5e:3e:1e:4b:e4:e6:
         17:4b:76:fe:b9:12:a7:1a:85:35:53:06:d1:34:80:8b:38:b8:
         0b:75:27:a4:05:07:4d:6c:f0:08:f1:30:4a:00:c1:33:0c:4a:
         04:7d:89:6e:cd:3e:51:03:89:b8:30:1b:e0:f2:46:1d:df:9f:
         e6:82:90:e4:7d:d3:20:11:89:4d:4e:2d:dd:1a:2d:d6:e6:03:
         09:bd:db:79:d1:78:00:fb:9b:40:cf:cb:ed:c0:1f:e9:1f:19:
         49:13:39:c6:6e:9f:a7:9d:3a:61:73:db:2a:a5:d8:bd:5b:a6:
         81:74:e8:7f:fe:7f:67:2e:a6:13:d7:f6:f5:a0:f0:b7:cc:51:
         66:db:3c:08:f3:c0:8e:e1:bc:3a:d4:ce:2c:1d:52:41:db:11:
         b8:ca:c5:9c:e4:ed:85:76:f3:9b:64:0c:0d:24:9a:90:fa:a6:
         d6:ea:fe:9c:73:1d:9c:c1:fc:6e:27:38:d1:8f:7b:1f:94:83:
         ee:c8:82:f2:88:34:36:d6:1e:88:7b:9b:37:fa:ef:ac:a3:9b:
         63:62:62:a3:8a:11:77:e0:e3:33:43:6d:32:2c:76:9b:1d:b2:
         ce:19:e6:bb
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICAKkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOTRF
RkY3MzkyRTFFREMxMjI1RkM0Q0ZCOEZBQjZFQjYxN0E5RDI0RDAeFw0yNTA2MDYw
MjIxMjJaFw0yNjA1MjcwNzM4NDFaMDMxMTAvBgNVBAMTKEIxOUREMDJDQzBEMzAz
MEJENzA5OEQ4RkE4ODU1OTIzNDRFMEY4OUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDA3JKfTXYAFdHdTBpau9tqhhuZreFGJEDi0CHTCrcM6ZfzfIJL
HqEIwMqKFQX7SQa6gDSxGz0jmHABab0+9rWhGUTNPdyeGSzF/gm7x22ba5TopyLV
q7ZiVZWsiguU3Xgw2KvrC7OIMjY3gHWEyIHaLvejTmDsvyJvp/zBmElng7QdIeUi
Uw/ep+n6wo6+1RFmzen9qmnkSv+qhY8gKrAFShFnjyUl7tQIA8GQ1E2BHv77k/H6
/Y6E4PhxoAE/7fRGP6LVSqkBhXW97TkwydvRFX3HZVJs4UWhw1RoJAH+QCeRpQwd
K/5FcTgfsbWOadrpbchtE2FeoC8iK5r4insPAgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQUsZ3QLMDTAwvXCY2PqIVZI0Tg+J0wHwYDVR0jBBgwFoAUlO/3OS4e3BIl/Ez7
j6tuthep0k0wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjY3
Mi9sT18zT1M0ZTNCSWxfRXo3ajZ0dXRoZXAwazAuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2xPXzNPUzRlM0JJbF9FejdqNnR1dGhlcDBrMC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2NzIvc1ozUUxNRFRBd3ZY
Q1kyUHFJVlpJMFRnLUowLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHBCQKQMCgADANBgkqhkiG9w0BAQsFAAOCAQEAFTg/AKwWSyE8/3u0Yq3lxY+H
7W+Xbb8hQYOcL1A5Xj4eS+TmF0t2/rkSpxqFNVMG0TSAizi4C3UnpAUHTWzwCPEw
SgDBMwxKBH2Jbs0+UQOJuDAb4PJGHd+f5oKQ5H3TIBGJTU4t3Rot1uYDCb3bedF4
APubQM/L7cAf6R8ZSRM5xm6fp506YXPbKqXYvVumgXTof/5/Zy6mE9f29aDwt8xR
Zts8CPPAjuG8OtTOLB1SQdsRuMrFnOTthXbzm2QMDSSakPqm1ur+nHMdnMH8bic4
0Y97H5SD7siC8og0NtYeiHubN/rvrKObY2Jio4oRd+DjM0NtMix2mx2yzhnmuw==
-----END CERTIFICATE-----
Generated at Sat Jun 14 01:52:03 2025 by rpki-client