Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3040/RKrRwdp1VyFPQ7YbOEvL0wAMGbA.roa
File:                     RKrRwdp1VyFPQ7YbOEvL0wAMGbA.roa (raw, json)
Hash identifier:          oU8zQEw2eThFvF/D8BoL4kKFFC2d3GWIrdQQ9ZEQibs=
Subject key identifier:   44:AA:D1:C1:DA:75:57:21:4F:43:B6:1B:38:4B:CB:D3:00:0C:19:B0
Certificate issuer:       /CN=03F075D9C6F18DC09BDA62B7087EA80DC5B711C5
Certificate serial:       26B0
Authority key identifier: 03:F0:75:D9:C6:F1:8D:C0:9B:DA:62:B7:08:7E:A8:0D:C5:B7:11:C5
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/A_B12cbxjcCb2mK3CH6oDcW3EcU.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3040/RKrRwdp1VyFPQ7YbOEvL0wAMGbA.roa
Signing time:             Mon 26 Jan 2026 06:54:44 +0000
ROA not before:           Mon 26 Jan 2026 06:54:44 +0000
ROA not after:            Sat 09 Jan 2027 08:23:18 +0000
asID:                     131484
IP address blocks:        2406:d140:8000::/34 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3040/A_B12cbxjcCb2mK3CH6oDcW3EcU.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3040/A_B12cbxjcCb2mK3CH6oDcW3EcU.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/A_B12cbxjcCb2mK3CH6oDcW3EcU.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 23 Feb 2026 07:29:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9904 (0x26b0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03F075D9C6F18DC09BDA62B7087EA80DC5B711C5
        Validity
            Not Before: Jan 26 06:54:44 2026 GMT
            Not After : Jan  9 08:23:18 2027 GMT
        Subject: CN=44AAD1C1DA7557214F43B61B384BCBD3000C19B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b9:3e:59:17:b0:ce:06:2e:5e:76:e7:95:6e:
                    05:10:1c:63:92:0e:3c:0d:d4:41:08:41:66:89:f6:
                    35:c5:62:ac:13:cd:4d:af:c8:93:81:2b:5a:94:58:
                    02:08:7e:e0:fe:bc:86:5c:b3:9c:f6:a8:0d:fb:69:
                    54:d7:8c:fb:8d:5b:d2:63:3d:9c:07:c3:d9:cd:2d:
                    fe:58:27:b3:ad:3f:cd:83:5d:7d:ca:b9:4c:59:a1:
                    be:68:1d:21:8a:73:68:bc:c2:5a:69:31:a2:04:f0:
                    92:05:23:4b:e6:01:b2:99:8a:dc:43:be:34:65:e2:
                    69:99:ca:76:8e:66:0b:c3:a8:db:ae:9e:6c:6d:fa:
                    d6:da:e1:a0:1a:79:ee:70:49:42:f7:2d:c8:ae:c1:
                    91:15:d2:6e:83:68:f4:05:58:67:4b:10:e6:97:cf:
                    dc:2c:0b:1c:96:bb:27:83:d5:bf:c7:6e:8d:f1:f9:
                    c2:f2:66:5b:10:4a:f9:a5:fd:69:d2:16:cd:62:91:
                    a0:d0:4d:64:da:59:cb:cb:e9:66:86:55:bf:36:7f:
                    5e:81:1e:48:c6:f6:9e:54:0b:5a:e3:91:9c:10:80:
                    5a:07:51:2a:a6:07:e2:38:1f:31:da:b2:ec:c1:8c:
                    38:25:73:47:71:c5:48:62:e5:e5:25:96:0e:eb:d6:
                    b3:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:AA:D1:C1:DA:75:57:21:4F:43:B6:1B:38:4B:CB:D3:00:0C:19:B0
            X509v3 Authority Key Identifier:
                keyid:03:F0:75:D9:C6:F1:8D:C0:9B:DA:62:B7:08:7E:A8:0D:C5:B7:11:C5

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3040/A_B12cbxjcCb2mK3CH6oDcW3EcU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/A_B12cbxjcCb2mK3CH6oDcW3EcU.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3040/RKrRwdp1VyFPQ7YbOEvL0wAMGbA.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:d140:8000::/34

    Signature Algorithm: sha256WithRSAEncryption
         89:aa:ee:24:d1:32:09:b3:aa:fe:40:5b:00:fb:25:f7:d7:50:
         a0:cb:e1:13:c4:5f:6c:51:f0:8e:e2:21:91:35:23:b5:5f:a5:
         e6:e6:ac:d3:50:a4:bc:2f:c2:98:fd:70:12:3b:76:03:3c:61:
         b3:33:65:21:aa:0e:86:4d:40:1d:d5:25:73:e9:82:f4:d4:2b:
         cf:ee:98:29:98:a6:73:e9:6c:89:58:58:14:0c:cb:64:f2:3b:
         3a:d7:96:99:b2:e2:9e:02:01:78:40:7c:6d:65:9f:34:e8:54:
         e0:7f:c5:3d:6a:59:04:2e:1c:ed:df:0a:01:28:bf:ba:f7:d9:
         61:b6:0c:ff:80:fb:f6:9d:63:72:ae:b2:8b:ca:85:a8:d1:4e:
         16:0e:16:0b:24:35:33:fd:8b:2f:aa:bd:39:b5:e5:65:90:e5:
         bf:98:96:15:19:0f:03:0b:37:72:14:31:20:fd:8d:3b:86:08:
         ca:32:36:dd:41:9f:da:55:08:cb:d9:8b:a3:ca:94:51:52:05:
         07:63:0a:a8:15:c9:9a:01:35:ce:1c:4a:03:ac:84:a5:7d:27:
         9d:b3:87:32:bf:9b:e2:9a:ff:7a:31:8a:4c:72:c7:51:ca:cf:
         cb:57:fd:87:bc:7f:c0:b2:99:10:0e:1b:ae:dd:7e:b4:2b:ae:
         7d:25:f7:21
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgICJrAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMDNG
MDc1RDlDNkYxOERDMDlCREE2MkI3MDg3RUE4MERDNUI3MTFDNTAeFw0yNjAxMjYw
NjU0NDRaFw0yNzAxMDkwODIzMThaMDMxMTAvBgNVBAMTKDQ0QUFEMUMxREE3NTU3
MjE0RjQzQjYxQjM4NEJDQkQzMDAwQzE5QjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOuT5ZF7DOBi5edueVbgUQHGOSDjwN1EEIQWaJ9jXFYqwTzU2v
yJOBK1qUWAIIfuD+vIZcs5z2qA37aVTXjPuNW9JjPZwHw9nNLf5YJ7OtP82DXX3K
uUxZob5oHSGKc2i8wlppMaIE8JIFI0vmAbKZitxDvjRl4mmZynaOZgvDqNuunmxt
+tba4aAaee5wSUL3LciuwZEV0m6DaPQFWGdLEOaXz9wsCxyWuyeD1b/Hbo3x+cLy
ZlsQSvml/WnSFs1ikaDQTWTaWcvL6WaGVb82f16BHkjG9p5UC1rjkZwQgFoHUSqm
B+I4HzHasuzBjDglc0dxxUhi5eUllg7r1rMpAgMBAAGjggH1MIIB8TAdBgNVHQ4E
FgQURKrRwdp1VyFPQ7YbOEvL0wAMGbAwHwYDVR0jBBgwFoAUA/B12cbxjcCb2mK3
CH6oDcW3EcUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA0
MC9BX0IxMmNieGpjQ2IybUszQ0g2b0RjVzNFY1UuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL0FfQjEyY2J4amNDYjJtSzNDSDZvRGNXM0VjVS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwNDAvUktyUndkcDFWeUZQ
UTdZYk9Fdkwwd0FNR2JBLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIw
CAMGBiQG0UCAMA0GCSqGSIb3DQEBCwUAA4IBAQCJqu4k0TIJs6r+QFsA+yX311Cg
y+ETxF9sUfCO4iGRNSO1X6Xm5qzTUKS8L8KY/XASO3YDPGGzM2Uhqg6GTUAd1SVz
6YL01CvP7pgpmKZz6WyJWFgUDMtk8js615aZsuKeAgF4QHxtZZ806FTgf8U9alkE
Lhzt3woBKL+699lhtgz/gPv2nWNyrrKLyoWo0U4WDhYLJDUz/Ysvqr05teVlkOW/
mJYVGQ8DCzdyFDEg/Y07hgjKMjbdQZ/aVQjL2YujypRRUgUHYwqoFcmaATXOHEoD
rISlfSeds4cyv5vimv96MYpMcsdRys/LV/2HvH/AspkQDhuu3X60K659Jfch
-----END CERTIFICATE-----
Generated at Mon Feb 23 06:03:13 2026 by rpki-client