Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1232/McPtX4Kv5xAtNvk8BsjcUWhkeRg.roa
File:                     McPtX4Kv5xAtNvk8BsjcUWhkeRg.roa (raw, json)
Hash identifier:          Aa/xBLwQSn06ClBM3ArHzVThrBdErb8UuIQiqiFcZ7E=
Subject key identifier:   31:C3:ED:5F:82:AF:E7:10:2D:36:F9:3C:06:C8:DC:51:68:64:79:18
Certificate issuer:       /CN=F1989B406901ADF8810B9DCDC4E0FC9E7E85EEB4
Certificate serial:       AE
Authority key identifier: F1:98:9B:40:69:01:AD:F8:81:0B:9D:CD:C4:E0:FC:9E:7E:85:EE:B4
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/McPtX4Kv5xAtNvk8BsjcUWhkeRg.roa
Signing time:             Thu 11 Sep 2025 05:56:37 +0000
ROA not before:           Thu 11 Sep 2025 05:56:37 +0000
ROA not after:            Thu 20 Aug 2026 07:49:18 +0000
asID:                     8075
IP address blocks:        103.61.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:36:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 174 (0xae)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F1989B406901ADF8810B9DCDC4E0FC9E7E85EEB4
        Validity
            Not Before: Sep 11 05:56:37 2025 GMT
            Not After : Aug 20 07:49:18 2026 GMT
        Subject: CN=31C3ED5F82AFE7102D36F93C06C8DC5168647918
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d2:fc:a3:b6:25:da:75:b8:97:c4:91:b2:e9:
                    ac:5e:85:79:e6:a1:44:88:75:20:15:1a:7d:7c:5f:
                    e4:b1:19:47:56:0f:12:4b:89:b3:b2:bf:a3:00:d9:
                    11:0c:8d:ab:cf:01:a8:34:52:2d:09:d8:c8:bc:3a:
                    4c:1f:83:8c:35:8a:b8:66:87:39:5c:97:bc:03:d6:
                    3f:3a:6c:b6:a8:fe:ba:6f:0f:2f:66:27:3c:6c:08:
                    28:8a:8d:34:85:93:b0:d1:6e:ed:3b:6d:2a:e1:82:
                    1f:36:41:81:32:64:60:df:64:29:f3:66:f3:fa:4e:
                    c7:72:04:a6:2f:43:c9:65:6c:8d:1a:8d:29:f4:5d:
                    f8:8b:f2:7e:cf:2e:24:5e:4b:0e:0f:01:5a:b2:80:
                    4e:f7:db:f6:65:bd:9a:5d:f2:08:cc:de:7e:60:40:
                    81:b3:a6:fe:fc:d2:5b:56:cc:50:af:08:be:9e:c4:
                    16:7e:eb:2d:ad:1c:4c:d4:cf:59:48:d7:41:05:1b:
                    16:b9:52:cc:cc:0a:b6:a3:d7:3f:b0:be:00:f6:be:
                    61:dd:00:b1:3a:13:fc:a7:54:9c:d4:a9:75:b1:12:
                    0e:71:f1:12:6d:3b:b2:a3:a7:e1:00:c4:fe:82:72:
                    f1:8a:39:f0:a4:b9:bf:38:4a:66:a9:9e:9f:e5:06:
                    b8:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:C3:ED:5F:82:AF:E7:10:2D:36:F9:3C:06:C8:DC:51:68:64:79:18
            X509v3 Authority Key Identifier:
                keyid:F1:98:9B:40:69:01:AD:F8:81:0B:9D:CD:C4:E0:FC:9E:7E:85:EE:B4

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/McPtX4Kv5xAtNvk8BsjcUWhkeRg.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.61.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:a2:a2:d5:59:f7:54:85:ad:b0:07:db:2f:79:7c:40:72:55:
         85:9a:46:72:1f:01:94:5d:67:a7:be:cd:8a:0c:4d:ae:19:6b:
         f7:88:a8:41:05:d3:3a:4c:76:eb:30:7b:bc:76:f3:aa:57:fc:
         c8:11:5b:06:64:dd:de:29:dc:78:a0:b8:9b:92:55:d3:25:ff:
         ae:a4:24:19:98:9e:10:e1:50:cb:e2:40:6f:7c:76:c4:9b:fc:
         ec:6c:18:7f:1d:79:bd:ec:62:a6:be:5b:0b:73:f7:87:ac:22:
         b7:43:f4:0d:44:74:88:55:f4:52:47:36:b8:6d:d7:68:95:df:
         4b:cf:43:b0:f9:df:ec:aa:06:84:53:bc:12:04:0a:f9:83:9b:
         0d:42:ef:f8:bb:e4:50:a3:80:0b:46:a9:39:db:f0:61:c2:da:
         88:43:3a:3b:22:96:fb:71:9c:68:9c:67:7d:1f:76:74:dd:e0:
         cc:49:6d:46:99:69:6e:96:5e:dd:2a:80:74:b4:44:08:1e:e9:
         50:57:a3:57:77:45:6f:cc:80:3e:94:00:33:24:a7:a6:e9:b5:
         4c:94:4e:26:31:ef:8e:49:82:58:bc:54:47:15:a2:17:ce:be:
         11:01:e6:76:f5:df:7b:02:5f:37:a3:4d:02:ea:e2:df:e5:b6:
         00:5c:1a:54
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICAK4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRjE5
ODlCNDA2OTAxQURGODgxMEI5RENEQzRFMEZDOUU3RTg1RUVCNDAeFw0yNTA5MTEw
NTU2MzdaFw0yNjA4MjAwNzQ5MThaMDMxMTAvBgNVBAMTKDMxQzNFRDVGODJBRkU3
MTAyRDM2RjkzQzA2QzhEQzUxNjg2NDc5MTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC80vyjtiXadbiXxJGy6axehXnmoUSIdSAVGn18X+SxGUdWDxJL
ibOyv6MA2REMjavPAag0Ui0J2Mi8Okwfg4w1irhmhzlcl7wD1j86bLao/rpvDy9m
JzxsCCiKjTSFk7DRbu07bSrhgh82QYEyZGDfZCnzZvP6TsdyBKYvQ8llbI0ajSn0
XfiL8n7PLiReSw4PAVqygE732/ZlvZpd8gjM3n5gQIGzpv780ltWzFCvCL6exBZ+
6y2tHEzUz1lI10EFGxa5UszMCraj1z+wvgD2vmHdALE6E/ynVJzUqXWxEg5x8RJt
O7Kjp+EAxP6CcvGKOfCkub84Smapnp/lBrj9AgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUMcPtX4Kv5xAtNvk8BsjcUWhkeRgwHwYDVR0jBBgwFoAU8ZibQGkBrfiBC53N
xOD8nn6F7rQwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTIz
Mi84WmliUUdrQnJmaUJDNTNOeE9EOG5uNkY3clEuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzhaaWJRR2tCcmZpQkM1M054T0Q4bm42RjdyUS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzEyMzIvTWNQdFg0S3Y1eEF0
TnZrOEJzamNVV2hrZVJnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAGc9PTANBgkqhkiG9w0BAQsFAAOCAQEALKKi1Vn3VIWtsAfbL3l8QHJVhZpG
ch8BlF1np77NigxNrhlr94ioQQXTOkx26zB7vHbzqlf8yBFbBmTd3inceKC4m5JV
0yX/rqQkGZieEOFQy+JAb3x2xJv87GwYfx15vexipr5bC3P3h6wit0P0DUR0iFX0
Ukc2uG3XaJXfS89DsPnf7KoGhFO8EgQK+YObDULv+LvkUKOAC0apOdvwYcLaiEM6
OyKW+3GcaJxnfR92dN3gzEltRplpbpZe3SqAdLRECB7pUFejV3dFb8yAPpQAMySn
pum1TJROJjHvjkmCWLxURxWiF86+EQHmdvXfewJfN6NNAuri3+W2AFwaVA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:20:17 2025 by rpki-client