Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/577/l6saPbBC_NE9U_YAT3lyer0j0hM.roa
File:                     l6saPbBC_NE9U_YAT3lyer0j0hM.roa (raw, json)
Hash identifier:          IxYE/QMJGCZo1ig4YdMgXhu9UXykbeXxHa8Hebeo2fI=
Subject key identifier:   97:AB:1A:3D:B0:42:FC:D1:3D:53:F6:00:4F:79:72:7A:BD:23:D2:13
Certificate issuer:       /CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Certificate serial:       1C95
Authority key identifier: 75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/l6saPbBC_NE9U_YAT3lyer0j0hM.roa
Signing time:             Thu 17 Jul 2025 03:48:03 +0000
ROA not before:           Thu 17 Jul 2025 03:48:03 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     25734
IP address blocks:        45.252.144.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 22 Jul 2025 09:11:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7317 (0x1c95)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
        Validity
            Not Before: Jul 17 03:48:03 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=97AB1A3DB042FCD13D53F6004F79727ABD23D213
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:91:da:74:70:24:5a:3f:cc:2a:75:3a:ab:6b:
                    e5:aa:d6:38:1b:fc:5f:56:5c:d6:db:9e:9d:c6:92:
                    2b:30:8c:00:3e:3e:ab:91:45:27:a0:b6:ae:e2:53:
                    d9:dc:fa:1a:4e:b7:bf:34:fd:03:f4:ab:40:66:a7:
                    67:61:15:c1:67:0b:8b:8e:63:46:3a:f6:d8:11:ae:
                    4f:06:c2:f2:e0:1e:b7:ad:6b:78:f7:dd:bd:ef:11:
                    ca:39:ec:10:83:49:7d:09:14:28:d8:9c:cd:62:09:
                    5f:20:9e:bc:21:40:71:c1:9a:ee:4e:cb:ba:b4:e2:
                    39:87:43:30:fc:fb:0b:91:d7:e2:7c:c4:e8:a0:0a:
                    23:d4:65:20:5c:c2:55:9c:0f:28:fd:4a:d7:46:74:
                    f5:b2:ed:5c:f4:5c:fe:b8:3d:9a:7d:34:b8:db:74:
                    33:e5:84:4f:87:ec:64:eb:99:4e:76:1f:83:55:83:
                    b9:4f:a9:05:27:c9:fd:aa:e1:b0:aa:4d:bf:43:99:
                    d9:c4:4f:64:83:cd:69:0a:a3:78:e9:df:50:2e:00:
                    1e:40:2f:df:a1:44:1a:6e:3d:37:6c:c4:ed:8b:24:
                    19:44:10:70:b7:5e:b8:cf:6d:2a:2b:a0:b0:03:b2:
                    ce:e4:e0:ea:a2:a7:6d:0f:dd:87:35:64:fd:f4:1c:
                    c1:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:AB:1A:3D:B0:42:FC:D1:3D:53:F6:00:4F:79:72:7A:BD:23:D2:13
            X509v3 Authority Key Identifier:
                keyid:75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/l6saPbBC_NE9U_YAT3lyer0j0hM.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.252.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:c6:ac:87:f9:ce:f5:b9:b5:cd:60:ed:88:50:bd:13:3e:49:
         f1:de:49:7b:0d:73:02:53:44:09:f8:d2:8d:72:e6:02:be:ef:
         cc:6f:b2:f2:1e:2f:15:e6:eb:16:45:1a:7a:94:93:61:19:ff:
         79:b4:14:b4:53:71:0d:e0:8f:35:a4:27:f2:33:52:0e:5d:3b:
         38:d1:2a:77:51:d8:7e:bc:cd:c0:aa:cf:9b:aa:6f:5d:e2:ad:
         00:f9:b5:a7:3e:2b:a3:ce:cd:a9:22:71:bd:1b:d6:60:75:26:
         85:b0:a0:75:8f:e6:e3:5b:bc:2d:ed:14:9f:48:9c:a1:3c:ed:
         06:87:74:ec:75:91:82:c4:24:d5:05:e1:ef:f3:e3:ee:9d:5a:
         d1:f1:bf:dd:48:d1:3b:ee:50:a6:d6:4a:ef:7c:cc:3b:03:57:
         81:7c:24:8e:7e:d4:6a:b2:46:3e:5f:37:4d:10:fc:85:bf:f3:
         ea:91:97:4b:2a:0c:05:b7:87:b4:b8:6a:d2:c5:0d:be:2a:13:
         f4:2a:05:3b:49:99:57:cc:37:ce:6c:20:e0:01:2f:d9:d7:81:
         46:9b:17:53:35:b6:b7:28:76:1b:b1:2f:ed:7c:18:2f:d1:fd:
         ac:8b:4b:ca:9b:ad:c1:b7:5e:98:e6:3c:4e:cb:b3:c9:6a:c4:
         29:b6:35:c5
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICHJUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzVC
NDcxNEM0RjYxQkVBMDRBMDJDRjlDRjU2M0FFMTM0RjQ3OUM4NTAeFw0yNTA3MTcw
MzQ4MDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk3QUIxQTNEQjA0MkZD
RDEzRDUzRjYwMDRGNzk3MjdBQkQyM0QyMTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDTkdp0cCRaP8wqdTqra+Wq1jgb/F9WXNbbnp3GkiswjAA+PquR
RSegtq7iU9nc+hpOt780/QP0q0Bmp2dhFcFnC4uOY0Y69tgRrk8GwvLgHreta3j3
3b3vEco57BCDSX0JFCjYnM1iCV8gnrwhQHHBmu5Oy7q04jmHQzD8+wuR1+J8xOig
CiPUZSBcwlWcDyj9StdGdPWy7Vz0XP64PZp9NLjbdDPlhE+H7GTrmU52H4NVg7lP
qQUnyf2q4bCqTb9DmdnET2SDzWkKo3jp31AuAB5AL9+hRBpuPTdsxO2LJBlEEHC3
XrjPbSoroLADss7k4Oqip20P3Yc1ZP30HMFlAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUl6saPbBC/NE9U/YAT3lyer0j0hMwHwYDVR0jBBgwFoAUdbRxTE9hvqBKAs+c
9WOuE09HnIUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3
L2RiUnhURTlodnFCS0FzLWM5V091RTA5SG5JVS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZGJSeFRFOWh2cUJLQXMtYzlXT3VFMDlIbklVLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3L2w2c2FQYkJDX05FOVVf
WUFUM2x5ZXIwajBoTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAIt/JAwDQYJKoZIhvcNAQELBQADggEBAELGrIf5zvW5tc1g7YhQvRM+SfHeSXsN
cwJTRAn40o1y5gK+78xvsvIeLxXm6xZFGnqUk2EZ/3m0FLRTcQ3gjzWkJ/IzUg5d
OzjRKndR2H68zcCqz5uqb13irQD5tac+K6POzakicb0b1mB1JoWwoHWP5uNbvC3t
FJ9InKE87QaHdOx1kYLEJNUF4e/z4+6dWtHxv91I0TvuUKbWSu98zDsDV4F8JI5+
1GqyRj5fN00Q/IW/8+qRl0sqDAW3h7S4atLFDb4qE/QqBTtJmVfMN85sIOABL9nX
gUabF1M1trcodhuxL+18GC/R/ayLS8qbrcG3XpjmPE7Ls8lqxCm2NcU=
-----END CERTIFICATE-----
Generated at Tue Jul 22 06:00:33 2025 by rpki-client