Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2716/Y8AwDTSOazOUu_IAjmV-cKFXhOw.roa
File:                     Y8AwDTSOazOUu_IAjmV-cKFXhOw.roa (raw, json)
Hash identifier:          Ik/VB9Qw5ubTU/JUDgHk263xQgvcLKzX2eDAIXZoFXA=
Subject key identifier:   63:C0:30:0D:34:8E:6B:33:94:BB:F2:00:8E:65:7E:70:A1:57:84:EC
Certificate issuer:       /CN=39EE852FE138CDEDC5B42D11A34295D109AD4925
Certificate serial:       024F
Authority key identifier: 39:EE:85:2F:E1:38:CD:ED:C5:B4:2D:11:A3:42:95:D1:09:AD:49:25
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/Oe6FL-E4ze3FtC0Ro0KV0QmtSSU.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2716/Y8AwDTSOazOUu_IAjmV-cKFXhOw.roa
Signing time:             Wed 16 Jul 2025 10:01:54 +0000
ROA not before:           Wed 16 Jul 2025 10:01:54 +0000
ROA not after:            Wed 15 Apr 2026 09:08:30 +0000
asID:                     137508
IP address blocks:        103.118.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2716/Oe6FL-E4ze3FtC0Ro0KV0QmtSSU.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2716/Oe6FL-E4ze3FtC0Ro0KV0QmtSSU.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/Oe6FL-E4ze3FtC0Ro0KV0QmtSSU.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 20 Jul 2025 18:39:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 591 (0x24f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39EE852FE138CDEDC5B42D11A34295D109AD4925
        Validity
            Not Before: Jul 16 10:01:54 2025 GMT
            Not After : Apr 15 09:08:30 2026 GMT
        Subject: CN=63C0300D348E6B3394BBF2008E657E70A15784EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:71:56:4e:21:d3:7a:01:a8:b1:a0:f2:98:fc:
                    e5:15:70:f5:52:36:f3:a8:72:da:aa:e0:52:c3:06:
                    85:f5:38:0f:d8:55:f2:c8:46:14:44:8b:69:0b:d3:
                    70:ee:90:c1:a2:29:58:da:c5:e2:1e:22:ec:80:b5:
                    b9:76:15:72:82:c5:fb:48:39:c6:3a:93:20:7d:5d:
                    cb:41:67:86:a7:6a:dd:51:09:4e:58:d3:53:6d:42:
                    44:eb:3b:f2:07:5f:fb:7b:86:98:29:fb:3b:3f:fd:
                    09:82:9b:80:de:71:ba:4c:70:98:7e:55:01:35:01:
                    fe:43:da:70:ea:04:86:6e:88:8e:47:4f:c6:e6:6b:
                    ef:ef:6a:6d:9b:f4:92:52:c5:c9:9d:4d:0e:d1:6c:
                    a3:c4:ca:68:35:92:4c:a7:40:69:cf:7a:20:7b:7c:
                    b1:eb:33:df:d2:8f:99:07:7c:46:d0:f0:56:5e:98:
                    22:2a:06:24:08:40:e7:85:94:14:ad:8b:00:1a:6b:
                    af:bf:37:0b:35:19:e4:3f:c6:05:68:f1:52:09:31:
                    ce:df:39:57:88:6c:c8:3e:63:58:0a:5f:0f:6b:16:
                    e0:9a:15:98:30:13:fc:b2:5e:8d:68:13:9e:af:8d:
                    99:4a:73:29:8b:db:25:4a:41:f8:a9:10:d6:5c:13:
                    5c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:C0:30:0D:34:8E:6B:33:94:BB:F2:00:8E:65:7E:70:A1:57:84:EC
            X509v3 Authority Key Identifier:
                keyid:39:EE:85:2F:E1:38:CD:ED:C5:B4:2D:11:A3:42:95:D1:09:AD:49:25

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2716/Oe6FL-E4ze3FtC0Ro0KV0QmtSSU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/Oe6FL-E4ze3FtC0Ro0KV0QmtSSU.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2716/Y8AwDTSOazOUu_IAjmV-cKFXhOw.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.118.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:4a:b5:4f:ae:01:30:b7:76:5a:35:98:5d:d7:49:5e:d5:a2:
         22:5b:58:14:8e:9d:01:b1:ef:44:52:12:a7:68:87:c8:33:86:
         53:ba:0f:92:81:e6:8a:81:42:2e:2e:52:97:73:ef:55:82:fd:
         fe:da:ae:9d:94:57:19:04:31:d4:9b:82:16:19:a7:a6:98:53:
         40:89:86:cb:89:c0:57:f6:d6:2b:eb:4d:40:0e:94:f2:05:4c:
         13:3f:cf:0a:a7:93:80:4d:1f:28:94:6b:bd:4c:56:26:8e:f2:
         bb:c3:7d:d5:24:61:5a:15:2b:8f:ef:b4:30:f6:ce:fc:e0:e9:
         c2:e4:38:f8:54:ed:40:e8:94:24:30:8a:38:bb:4e:d2:ea:82:
         87:34:12:e3:a1:4f:53:7d:25:85:2d:70:91:bf:f8:3e:53:86:
         cd:b7:4b:80:7b:d1:d7:42:c3:85:65:f7:d0:05:56:d3:2c:bd:
         47:ac:bc:af:7e:2e:79:6b:40:d3:f4:2e:4c:4f:c5:ae:f2:8f:
         a7:81:00:0b:7f:3f:13:46:48:bc:be:b2:cf:be:3f:35:14:c9:
         19:19:55:64:6e:35:4d:34:a0:25:54:01:32:8a:78:5b:03:d0:
         2e:14:dc:f2:a8:27:fa:64:6f:54:c4:9e:28:24:f1:80:09:6c:
         86:bc:ce:86
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICAk8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzlF
RTg1MkZFMTM4Q0RFREM1QjQyRDExQTM0Mjk1RDEwOUFENDkyNTAeFw0yNTA3MTYx
MDAxNTRaFw0yNjA0MTUwOTA4MzBaMDMxMTAvBgNVBAMTKDYzQzAzMDBEMzQ4RTZC
MzM5NEJCRjIwMDhFNjU3RTcwQTE1Nzg0RUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8cVZOIdN6AaixoPKY/OUVcPVSNvOoctqq4FLDBoX1OA/YVfLI
RhREi2kL03DukMGiKVjaxeIeIuyAtbl2FXKCxftIOcY6kyB9XctBZ4anat1RCU5Y
01NtQkTrO/IHX/t7hpgp+zs//QmCm4DecbpMcJh+VQE1Af5D2nDqBIZuiI5HT8bm
a+/vam2b9JJSxcmdTQ7RbKPEymg1kkynQGnPeiB7fLHrM9/Sj5kHfEbQ8FZemCIq
BiQIQOeFlBStiwAaa6+/Nws1GeQ/xgVo8VIJMc7fOVeIbMg+Y1gKXw9rFuCaFZgw
E/yyXo1oE56vjZlKcymL2yVKQfipENZcE1xzAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUY8AwDTSOazOUu/IAjmV+cKFXhOwwHwYDVR0jBBgwFoAUOe6FL+E4ze3FtC0R
o0KV0QmtSSUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjcx
Ni9PZTZGTC1FNHplM0Z0QzBSbzBLVjBRbXRTU1UuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL09lNkZMLUU0emUzRnRDMFJvMEtWMFFtdFNTVS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI3MTYvWThBd0RUU09hek9V
dV9JQWptVi1jS0ZYaE93LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAmd2zDANBgkqhkiG9w0BAQsFAAOCAQEAdEq1T64BMLd2WjWYXddJXtWiIltY
FI6dAbHvRFISp2iHyDOGU7oPkoHmioFCLi5Sl3PvVYL9/tqunZRXGQQx1JuCFhmn
pphTQImGy4nAV/bWK+tNQA6U8gVMEz/PCqeTgE0fKJRrvUxWJo7yu8N91SRhWhUr
j++0MPbO/ODpwuQ4+FTtQOiUJDCKOLtO0uqChzQS46FPU30lhS1wkb/4PlOGzbdL
gHvR10LDhWX30AVW0yy9R6y8r34ueWtA0/QuTE/FrvKPp4EAC38/E0ZIvL6yz74/
NRTJGRlVZG41TTSgJVQBMop4WwPQLhTc8qgn+mRvVMSeKCTxgAlshrzOhg==
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:38:13 2025 by rpki-client