Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3130/WsKlAONIqplgXIz3SXDxsiqI-RQ.roa
File:                     WsKlAONIqplgXIz3SXDxsiqI-RQ.roa (raw, json)
Hash identifier:          KOtV0+FM5aqoRcmTsHVmYfNdZCcUbdpqaWvURQf1SKo=
Subject key identifier:   5A:C2:A5:00:E3:48:AA:99:60:5C:8C:F7:49:70:F1:B2:2A:88:F9:14
Certificate issuer:       /CN=2B0C50542CA87AA3C12F30C32323062C87102221
Certificate serial:       1927
Authority key identifier: 2B:0C:50:54:2C:A8:7A:A3:C1:2F:30:C3:23:23:06:2C:87:10:22:21
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KwxQVCyoeqPBLzDDIyMGLIcQIiE.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3130/WsKlAONIqplgXIz3SXDxsiqI-RQ.roa
Signing time:             Mon 14 Jul 2025 11:52:36 +0000
ROA not before:           Mon 14 Jul 2025 11:52:36 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     4515
IP address blocks:        180.223.64.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3130/KwxQVCyoeqPBLzDDIyMGLIcQIiE.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3130/KwxQVCyoeqPBLzDDIyMGLIcQIiE.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KwxQVCyoeqPBLzDDIyMGLIcQIiE.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 21 Jul 2025 04:10:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6439 (0x1927)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2B0C50542CA87AA3C12F30C32323062C87102221
        Validity
            Not Before: Jul 14 11:52:36 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=5AC2A500E348AA99605C8CF74970F1B22A88F914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:40:1d:2a:db:55:e4:cb:5a:48:47:a2:e6:80:
                    08:bd:13:bb:f9:5c:80:bd:59:27:e0:96:b0:ae:49:
                    a1:95:10:86:a0:1f:be:24:75:94:3f:aa:a5:2c:63:
                    ec:34:84:41:e2:9d:5c:a5:b2:a9:81:30:0c:9a:66:
                    54:2f:32:9e:71:c0:f5:56:1c:c4:17:64:e6:41:5a:
                    89:e8:f1:e9:25:ae:37:2f:ed:17:20:6c:eb:46:8c:
                    1e:02:23:59:6f:0c:20:d8:32:b1:42:d0:82:6e:e2:
                    1d:b5:c3:2d:b5:a8:98:e2:40:aa:15:f2:cd:80:cb:
                    01:80:9f:ae:53:a0:87:f3:af:03:51:8d:f9:e4:5b:
                    6e:46:f2:6c:5c:96:b0:40:0e:49:f1:97:cf:a7:55:
                    b3:20:0c:54:9e:49:ef:0a:31:0e:76:a4:b7:51:0d:
                    a8:7a:2d:b3:d4:82:ba:14:32:cf:07:35:c5:b7:41:
                    ce:c8:f1:c4:09:77:f9:6e:0b:f1:80:da:93:a8:b4:
                    47:a2:c6:e9:87:84:c2:18:68:4c:c7:13:9c:bb:67:
                    a1:b8:04:ed:31:8f:8a:92:03:bc:13:db:f4:b9:92:
                    48:56:5b:45:cd:12:f0:94:23:e6:32:9b:27:01:28:
                    2f:dc:1c:c6:72:f5:e0:4d:86:c5:b0:5e:fd:1f:c2:
                    8d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:C2:A5:00:E3:48:AA:99:60:5C:8C:F7:49:70:F1:B2:2A:88:F9:14
            X509v3 Authority Key Identifier:
                keyid:2B:0C:50:54:2C:A8:7A:A3:C1:2F:30:C3:23:23:06:2C:87:10:22:21

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3130/KwxQVCyoeqPBLzDDIyMGLIcQIiE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KwxQVCyoeqPBLzDDIyMGLIcQIiE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3130/WsKlAONIqplgXIz3SXDxsiqI-RQ.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  180.223.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         cb:10:66:02:aa:75:f5:be:3c:da:0b:11:6a:8c:db:84:e3:9d:
         28:40:e9:45:7a:cf:7f:26:1d:ae:54:2a:da:47:52:35:c3:05:
         0c:8a:eb:ce:57:e9:35:f5:b4:48:b6:59:78:ac:b7:32:f0:4a:
         b8:34:1c:14:b8:f9:e3:f2:2f:42:fa:2b:af:7d:4b:af:94:8e:
         62:d7:83:53:34:ab:95:7e:de:bd:b7:a4:44:b8:8b:d9:ba:0f:
         06:a5:74:bc:59:30:f2:fe:4b:ba:6b:66:09:dd:d0:0b:51:b2:
         ea:af:2b:15:ce:3d:c5:5e:3c:9a:c7:64:cb:14:e5:80:3d:ef:
         66:b1:b0:71:6f:a8:b5:54:b1:23:a5:de:56:02:57:4c:4d:1c:
         9a:16:3f:1e:95:c4:77:5a:50:54:15:4c:a1:b5:cc:23:7a:0e:
         78:d2:24:de:5f:98:a1:7d:55:3b:68:93:c5:a1:84:dd:e9:0c:
         05:bd:2e:c2:9f:df:50:d6:fe:4a:c2:ba:77:2c:e4:66:60:0e:
         1a:b8:b8:17:06:71:89:9e:a4:f4:37:2e:52:ab:ba:30:7c:34:
         4d:cd:aa:d8:fe:0b:de:8b:3e:b1:01:d2:c8:5a:4e:9e:a0:b1:
         f5:fc:3e:3f:28:f1:13:64:52:22:e9:32:dd:d5:4c:cc:2a:35:
         77:c7:65:29
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICGScwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkIw
QzUwNTQyQ0E4N0FBM0MxMkYzMEMzMjMyMzA2MkM4NzEwMjIyMTAeFw0yNTA3MTQx
MTUyMzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVBQzJBNTAwRTM0OEFB
OTk2MDVDOENGNzQ5NzBGMUIyMkE4OEY5MTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvQB0q21Xky1pIR6LmgAi9E7v5XIC9WSfglrCuSaGVEIagH74k
dZQ/qqUsY+w0hEHinVylsqmBMAyaZlQvMp5xwPVWHMQXZOZBWono8eklrjcv7Rcg
bOtGjB4CI1lvDCDYMrFC0IJu4h21wy21qJjiQKoV8s2AywGAn65ToIfzrwNRjfnk
W25G8mxclrBADknxl8+nVbMgDFSeSe8KMQ52pLdRDah6LbPUgroUMs8HNcW3Qc7I
8cQJd/luC/GA2pOotEeixumHhMIYaEzHE5y7Z6G4BO0xj4qSA7wT2/S5kkhWW0XN
EvCUI+YymycBKC/cHMZy9eBNhsWwXv0fwo0NAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUWsKlAONIqplgXIz3SXDxsiqI+RQwHwYDVR0jBBgwFoAUKwxQVCyoeqPBLzDD
IyMGLIcQIiEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzEz
MC9Ld3hRVkN5b2VxUEJMekRESXlNR0xJY1FJaUUuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL0t3eFFWQ3lvZXFQQkx6RERJeU1HTEljUUlpRS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMxMzAvV3NLbEFPTklxcGxn
WEl6M1NYRHhzaXFJLVJRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEBrTfQDANBgkqhkiG9w0BAQsFAAOCAQEAyxBmAqp19b482gsRaozbhOOdKEDp
RXrPfyYdrlQq2kdSNcMFDIrrzlfpNfW0SLZZeKy3MvBKuDQcFLj54/IvQvorr31L
r5SOYteDUzSrlX7evbekRLiL2boPBqV0vFkw8v5LumtmCd3QC1Gy6q8rFc49xV48
msdkyxTlgD3vZrGwcW+otVSxI6XeVgJXTE0cmhY/HpXEd1pQVBVMobXMI3oOeNIk
3l+YoX1VO2iTxaGE3ekMBb0uwp/fUNb+SsK6dyzkZmAOGri4FwZxiZ6k9DcuUqu6
MHw0Tc2q2P4L3os+sQHSyFpOnqCx9fw+PyjxE2RSIuky3dVMzCo1d8dlKQ==
-----END CERTIFICATE-----
Generated at Mon Jul 21 00:33:42 2025 by rpki-client