Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1232/Iw7sD3xzXPWftmeL46s3sTrkFqE.roa
File:                     Iw7sD3xzXPWftmeL46s3sTrkFqE.roa (raw, json)
Hash identifier:          SppF00wtPjwNeP/6aGb6k18kLA12GGwx14saGhDKVqg=
Subject key identifier:   23:0E:EC:0F:7C:73:5C:F5:9F:B6:67:8B:E3:AB:37:B1:3A:E4:16:A1
Certificate issuer:       /CN=F1989B406901ADF8810B9DCDC4E0FC9E7E85EEB4
Certificate serial:       B4
Authority key identifier: F1:98:9B:40:69:01:AD:F8:81:0B:9D:CD:C4:E0:FC:9E:7E:85:EE:B4
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/Iw7sD3xzXPWftmeL46s3sTrkFqE.roa
Signing time:             Thu 11 Sep 2025 05:58:04 +0000
ROA not before:           Thu 11 Sep 2025 05:58:04 +0000
ROA not after:            Thu 20 Aug 2026 07:49:18 +0000
asID:                     8075
IP address blocks:        2402:7d80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:36:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 180 (0xb4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F1989B406901ADF8810B9DCDC4E0FC9E7E85EEB4
        Validity
            Not Before: Sep 11 05:58:04 2025 GMT
            Not After : Aug 20 07:49:18 2026 GMT
        Subject: CN=230EEC0F7C735CF59FB6678BE3AB37B13AE416A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:b4:dc:e9:b3:d8:cf:c9:5c:a0:13:c5:b8:14:
                    ea:89:d4:2e:c6:55:2d:f7:32:3c:8f:5b:c2:ef:56:
                    3e:38:7d:ce:d3:4a:67:0e:c0:dc:0d:d2:05:61:75:
                    43:f3:54:10:41:2b:59:b5:2f:f1:22:12:f2:b2:b6:
                    54:1b:06:04:13:1b:af:dc:98:8e:a4:02:35:2a:e9:
                    c9:6e:77:c5:a8:80:c8:55:d1:02:fa:13:4e:eb:e9:
                    e2:5b:9b:80:df:fb:f0:c8:9a:3d:c0:7f:6d:e7:9c:
                    66:83:5d:a1:02:96:88:4c:72:9d:1c:19:6f:61:3d:
                    69:e8:cd:95:ab:78:91:98:4c:6e:79:85:d0:e0:75:
                    cb:09:50:87:d4:68:e4:eb:17:a6:13:95:1c:48:2d:
                    93:4d:c4:ef:38:73:c3:20:1a:49:f1:42:7f:9c:17:
                    7b:95:96:07:bc:1b:68:2e:74:87:14:51:82:79:63:
                    6d:ed:db:0e:68:09:26:b7:56:33:47:b8:dd:48:4c:
                    41:e9:3e:34:54:c5:2b:bf:34:29:76:08:ef:42:48:
                    38:0d:ad:a5:51:57:5f:6f:64:99:ce:ac:a7:78:46:
                    52:ef:54:b6:57:30:4c:35:a8:62:64:4b:01:35:51:
                    2a:a3:27:c4:da:7a:97:11:99:4d:67:e8:7f:87:de:
                    e5:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:0E:EC:0F:7C:73:5C:F5:9F:B6:67:8B:E3:AB:37:B1:3A:E4:16:A1
            X509v3 Authority Key Identifier:
                keyid:F1:98:9B:40:69:01:AD:F8:81:0B:9D:CD:C4:E0:FC:9E:7E:85:EE:B4

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/Iw7sD3xzXPWftmeL46s3sTrkFqE.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2402:7d80::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:99:7d:22:94:06:0b:da:83:8d:45:9f:7b:ba:bd:45:0b:1a:
         3d:23:cc:c5:41:78:69:18:22:05:3c:31:82:20:96:fa:3a:f1:
         fe:c0:eb:9e:43:c1:87:7f:ca:6d:50:40:96:ec:30:16:ef:2a:
         82:6e:d7:cd:b3:b7:57:14:7b:51:60:38:6e:f6:ed:1f:3e:c3:
         89:33:b8:7f:25:5e:e3:dc:17:b2:f0:77:4f:aa:91:cf:bc:0a:
         33:93:ea:45:3f:55:80:33:e2:c9:56:3a:64:9a:72:5a:06:84:
         69:95:d1:da:4c:f6:f9:25:8e:be:01:e5:53:11:d7:20:0d:84:
         98:27:03:1a:e3:12:61:ec:30:d7:70:b2:62:24:44:61:16:31:
         b7:65:5c:fb:03:e7:8f:9a:f3:30:5e:0c:89:9d:bc:63:bb:42:
         a4:39:5e:53:24:60:21:57:49:88:4b:88:9e:f5:b7:0b:58:cd:
         90:c7:fe:3d:40:eb:63:d2:88:16:16:8a:58:86:d9:d6:c2:67:
         69:b2:79:d6:3a:d8:b6:f7:9e:fa:34:40:d6:ec:96:48:f9:4b:
         88:02:cc:5a:58:4d:4a:ed:4b:3c:34:46:02:bc:c2:2b:69:fb:
         72:b7:59:b2:a6:ac:56:75:10:0a:61:12:2f:a8:0c:0f:14:66:
         dd:34:e8:9b
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICALQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRjE5
ODlCNDA2OTAxQURGODgxMEI5RENEQzRFMEZDOUU3RTg1RUVCNDAeFw0yNTA5MTEw
NTU4MDRaFw0yNjA4MjAwNzQ5MThaMDMxMTAvBgNVBAMTKDIzMEVFQzBGN0M3MzVD
RjU5RkI2Njc4QkUzQUIzN0IxM0FFNDE2QTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbtNzps9jPyVygE8W4FOqJ1C7GVS33MjyPW8LvVj44fc7TSmcO
wNwN0gVhdUPzVBBBK1m1L/EiEvKytlQbBgQTG6/cmI6kAjUq6clud8WogMhV0QL6
E07r6eJbm4Df+/DImj3Af23nnGaDXaEClohMcp0cGW9hPWnozZWreJGYTG55hdDg
dcsJUIfUaOTrF6YTlRxILZNNxO84c8MgGknxQn+cF3uVlge8G2gudIcUUYJ5Y23t
2w5oCSa3VjNHuN1ITEHpPjRUxSu/NCl2CO9CSDgNraVRV19vZJnOrKd4RlLvVLZX
MEw1qGJkSwE1USqjJ8TaepcRmU1n6H+H3uWNAgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQUIw7sD3xzXPWftmeL46s3sTrkFqEwHwYDVR0jBBgwFoAU8ZibQGkBrfiBC53N
xOD8nn6F7rQwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTIz
Mi84WmliUUdrQnJmaUJDNTNOeE9EOG5uNkY3clEuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzhaaWJRR2tCcmZpQkM1M054T0Q4bm42RjdyUS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzEyMzIvSXc3c0QzeHpYUFdm
dG1lTDQ2czNzVHJrRnFFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACQCfYAAADANBgkqhkiG9w0BAQsFAAOCAQEAiZl9IpQGC9qDjUWfe7q9RQsa
PSPMxUF4aRgiBTwxgiCW+jrx/sDrnkPBh3/KbVBAluwwFu8qgm7XzbO3VxR7UWA4
bvbtHz7DiTO4fyVe49wXsvB3T6qRz7wKM5PqRT9VgDPiyVY6ZJpyWgaEaZXR2kz2
+SWOvgHlUxHXIA2EmCcDGuMSYeww13CyYiREYRYxt2Vc+wPnj5rzMF4MiZ28Y7tC
pDleUyRgIVdJiEuInvW3C1jNkMf+PUDrY9KIFhaKWIbZ1sJnabJ51jrYtvee+jRA
1uyWSPlLiALMWlhNSu1LPDRGArzCK2n7crdZsqasVnUQCmESL6gMDxRm3TTomw==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:20:26 2025 by rpki-client