Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/577/sH_Gw7pHS8Qs0QnqPnJtoZVmzCE.roa
File:                     sH_Gw7pHS8Qs0QnqPnJtoZVmzCE.roa (raw, json)
Hash identifier:          ohYEJVvjbodyRwHtpW/8BXSPeZTcQ+10mKlDnBLeTYQ=
Subject key identifier:   B0:7F:C6:C3:BA:47:4B:C4:2C:D1:09:EA:3E:72:6D:A1:95:66:CC:21
Certificate issuer:       /CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Certificate serial:       1C94
Authority key identifier: 75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/sH_Gw7pHS8Qs0QnqPnJtoZVmzCE.roa
Signing time:             Thu 17 Jul 2025 03:48:03 +0000
ROA not before:           Thu 17 Jul 2025 03:48:03 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     25734
IP address blocks:        45.252.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 22 Jul 2025 09:11:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7316 (0x1c94)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
        Validity
            Not Before: Jul 17 03:48:03 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=B07FC6C3BA474BC42CD109EA3E726DA19566CC21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:dc:08:1a:2b:64:5a:d3:f2:c4:60:af:2c:f0:
                    3f:43:81:59:0e:17:45:6b:3e:b5:ed:d5:2e:6d:d4:
                    79:17:da:56:3a:ed:08:6f:cc:a3:71:c4:79:93:6d:
                    b2:69:da:6d:7a:4e:ff:0c:0d:11:10:27:ff:37:e9:
                    06:b5:96:ec:bf:de:ae:8e:f3:e2:77:82:7e:6b:e7:
                    88:89:45:e9:3f:10:9f:3b:42:c2:fb:3b:ab:1d:7d:
                    0e:27:7a:c1:5d:8a:84:d3:bc:0f:28:8b:5f:63:ff:
                    16:df:49:e6:3c:25:8c:5a:cf:1c:8c:d2:3f:30:45:
                    30:18:7c:67:55:9f:de:15:c5:2a:2a:22:59:42:cc:
                    15:47:40:21:8d:0d:57:8a:d5:1b:05:80:34:47:f7:
                    37:fd:81:15:29:47:87:d4:b3:a2:83:66:69:61:d8:
                    ec:ef:74:6a:df:66:80:b0:cb:89:1e:f8:b6:b7:db:
                    a7:3f:45:b3:bc:6b:25:e4:22:85:cf:4a:69:b5:a8:
                    4d:bc:9d:71:d1:b0:d4:76:4e:72:9f:a1:80:48:f9:
                    c7:ac:0b:22:33:fa:bb:ef:46:4f:d5:78:5d:07:ff:
                    84:43:1a:3a:f5:a0:e4:0d:fc:1d:67:8f:ab:1c:43:
                    1c:00:d2:d0:f6:29:f3:b2:a4:a9:97:4b:33:bd:15:
                    84:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:7F:C6:C3:BA:47:4B:C4:2C:D1:09:EA:3E:72:6D:A1:95:66:CC:21
            X509v3 Authority Key Identifier:
                keyid:75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/sH_Gw7pHS8Qs0QnqPnJtoZVmzCE.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.252.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:5d:7d:1e:dd:1c:13:ed:5e:fe:c5:b5:a0:a1:9a:c3:5c:af:
         b9:be:46:1d:d6:2a:1c:e1:c7:e8:3f:f1:cc:3d:b5:83:7f:96:
         25:40:f3:50:b8:17:b2:f8:5f:d8:24:c5:8f:1c:75:c6:25:5c:
         7a:6c:b3:f0:e1:2e:b5:75:66:1f:d9:3f:1b:92:14:32:a8:ec:
         97:4b:76:9f:69:64:7e:5e:ab:47:d4:b5:79:bb:68:1b:98:0f:
         31:69:63:a0:c2:ac:2f:16:68:9a:7d:7b:da:08:0b:35:3a:25:
         8e:ef:bf:61:c0:ac:1b:32:f7:5f:f8:99:9d:3c:1a:87:d9:b5:
         67:06:27:fd:d7:38:d8:27:3b:83:17:c5:2b:40:92:9b:63:bd:
         49:52:7d:2b:01:7a:2b:49:4d:e6:b7:d1:ed:7a:32:f6:4d:ba:
         d0:77:2e:3d:34:45:79:91:42:d2:02:3f:6a:94:d7:6c:ce:66:
         5c:ef:0b:02:d8:d2:ff:4a:8f:b3:41:89:37:8e:e4:91:64:65:
         21:f9:78:ae:79:84:de:41:8a:7f:40:94:79:0c:aa:38:ca:0a:
         93:a5:1d:c6:23:7c:6f:e7:22:2e:97:1f:68:3f:85:9f:71:41:
         0b:27:61:4f:5b:5f:12:e7:bb:a0:01:bb:2a:de:a0:0c:4c:87:
         6a:f2:11:e9
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICHJQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzVC
NDcxNEM0RjYxQkVBMDRBMDJDRjlDRjU2M0FFMTM0RjQ3OUM4NTAeFw0yNTA3MTcw
MzQ4MDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIwN0ZDNkMzQkE0NzRC
QzQyQ0QxMDlFQTNFNzI2REExOTU2NkNDMjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC73AgaK2Ra0/LEYK8s8D9DgVkOF0VrPrXt1S5t1HkX2lY67Qhv
zKNxxHmTbbJp2m16Tv8MDREQJ/836Qa1luy/3q6O8+J3gn5r54iJRek/EJ87QsL7
O6sdfQ4nesFdioTTvA8oi19j/xbfSeY8JYxazxyM0j8wRTAYfGdVn94VxSoqIllC
zBVHQCGNDVeK1RsFgDRH9zf9gRUpR4fUs6KDZmlh2OzvdGrfZoCwy4ke+La326c/
RbO8ayXkIoXPSmm1qE28nXHRsNR2TnKfoYBI+cesCyIz+rvvRk/VeF0H/4RDGjr1
oOQN/B1nj6scQxwA0tD2KfOypKmXSzO9FYTxAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUsH/Gw7pHS8Qs0QnqPnJtoZVmzCEwHwYDVR0jBBgwFoAUdbRxTE9hvqBKAs+c
9WOuE09HnIUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3
L2RiUnhURTlodnFCS0FzLWM5V091RTA5SG5JVS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZGJSeFRFOWh2cUJLQXMtYzlXT3VFMDlIbklVLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3L3NIX0d3N3BIUzhRczBR
bnFQbkp0b1pWbXpDRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAAt/GYwDQYJKoZIhvcNAQELBQADggEBAB9dfR7dHBPtXv7FtaChmsNcr7m+Rh3W
Khzhx+g/8cw9tYN/liVA81C4F7L4X9gkxY8cdcYlXHpss/DhLrV1Zh/ZPxuSFDKo
7JdLdp9pZH5eq0fUtXm7aBuYDzFpY6DCrC8WaJp9e9oICzU6JY7vv2HArBsy91/4
mZ08GofZtWcGJ/3XONgnO4MXxStAkptjvUlSfSsBeitJTea30e16MvZNutB3Lj00
RXmRQtICP2qU12zOZlzvCwLY0v9Kj7NBiTeO5JFkZSH5eK55hN5Bin9AlHkMqjjK
CpOlHcYjfG/nIi6XH2g/hZ9xQQsnYU9bXxLnu6ABuyreoAxMh2ryEek=
-----END CERTIFICATE-----
Generated at Tue Jul 22 05:59:23 2025 by rpki-client