Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1232/VKEpN3RAbxgmZ9yUSqtTxpBptDg.roa
File:                     VKEpN3RAbxgmZ9yUSqtTxpBptDg.roa (raw, json)
Hash identifier:          36ot/7bo1oTTzWAYh4XEWTQP1K1ZBEg//u54hxwHtrQ=
Subject key identifier:   54:A1:29:37:74:40:6F:18:26:67:DC:94:4A:AB:53:C6:90:69:B4:38
Certificate issuer:       /CN=F1989B406901ADF8810B9DCDC4E0FC9E7E85EEB4
Certificate serial:       AF
Authority key identifier: F1:98:9B:40:69:01:AD:F8:81:0B:9D:CD:C4:E0:FC:9E:7E:85:EE:B4
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/VKEpN3RAbxgmZ9yUSqtTxpBptDg.roa
Signing time:             Thu 11 Sep 2025 05:56:37 +0000
ROA not before:           Thu 11 Sep 2025 05:56:37 +0000
ROA not after:            Thu 20 Aug 2026 07:49:18 +0000
asID:                     8075
IP address blocks:        103.61.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:36:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 175 (0xaf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F1989B406901ADF8810B9DCDC4E0FC9E7E85EEB4
        Validity
            Not Before: Sep 11 05:56:37 2025 GMT
            Not After : Aug 20 07:49:18 2026 GMT
        Subject: CN=54A1293774406F182667DC944AAB53C69069B438
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:52:be:66:4c:87:f1:85:83:6b:4d:cb:b8:eb:
                    ec:e3:75:36:e3:65:84:ec:4e:3c:96:1f:29:ae:89:
                    3a:c7:55:39:e0:ea:02:59:48:79:f6:5c:dc:16:17:
                    43:4c:4a:7b:80:20:75:ad:23:fc:83:b1:89:00:54:
                    20:d6:82:1e:66:f6:a5:2a:00:4b:ee:3c:23:82:ad:
                    6a:1f:56:d0:bf:a3:e4:f7:70:f5:4d:dc:31:5f:10:
                    96:88:88:0e:37:47:97:97:37:0a:64:fb:0d:db:c8:
                    08:47:db:d7:04:2a:39:ac:07:54:cd:4e:1c:e9:24:
                    80:04:25:90:92:48:b9:66:36:af:0a:c6:00:30:fe:
                    8b:b1:f5:e4:d1:fd:fd:b0:d1:a1:81:15:ab:a6:7c:
                    64:ae:56:3f:8f:e2:5b:ba:b0:ef:b4:82:53:ad:30:
                    b1:4d:1f:5a:90:dd:2d:e4:f8:31:8e:0b:b9:f3:62:
                    87:01:56:ed:e5:0b:bb:89:28:d4:4a:8d:ff:54:c8:
                    17:e1:60:8d:9f:e0:7c:fd:30:c7:75:dd:70:3f:4b:
                    c0:d7:86:11:5c:3c:8c:54:ec:fe:82:ff:19:e9:5a:
                    5e:e2:da:f2:1d:99:aa:90:b2:ad:10:08:f9:43:2f:
                    07:95:5c:e0:e1:af:41:b8:ce:87:80:a4:af:8f:11:
                    9c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:A1:29:37:74:40:6F:18:26:67:DC:94:4A:AB:53:C6:90:69:B4:38
            X509v3 Authority Key Identifier:
                keyid:F1:98:9B:40:69:01:AD:F8:81:0B:9D:CD:C4:E0:FC:9E:7E:85:EE:B4

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/VKEpN3RAbxgmZ9yUSqtTxpBptDg.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.61.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:e1:b4:d7:17:36:aa:33:fd:e6:c8:f9:9b:92:95:da:5c:2b:
         9a:f0:40:c0:e2:9b:0e:64:59:fe:7c:c2:1e:b2:e4:a8:1d:d0:
         a2:13:a0:f8:48:87:c4:39:f6:62:33:69:a4:a7:d5:79:3f:f4:
         45:94:8c:9b:4f:a1:98:25:c7:de:e8:d6:f8:b9:51:71:71:da:
         b7:b8:9a:8a:ad:b8:41:ba:ae:7e:46:04:c0:25:d1:b7:cf:58:
         bf:bf:cc:fd:05:06:35:c5:40:b4:19:4c:87:3f:78:35:03:a2:
         15:88:21:4b:16:c1:c7:c1:a7:47:99:27:43:2d:05:48:ed:09:
         77:56:dc:b4:4a:7b:51:bc:11:3f:ab:c8:f0:4e:fe:d5:25:36:
         61:a3:05:5a:2f:c5:34:97:f4:5e:13:44:15:2d:30:64:ae:96:
         47:b1:48:9c:d8:46:69:59:3e:03:81:5c:ee:4c:03:87:a3:0c:
         e2:15:39:90:df:eb:8b:4b:69:4f:33:ed:c7:de:b5:d5:46:3c:
         ff:e4:4c:7a:19:dd:39:ba:09:94:0b:6c:b8:4c:04:c2:f5:52:
         d1:ce:86:c8:2c:fd:89:2c:8a:68:f5:46:bb:e3:82:dd:b2:f5:
         cf:54:2a:d5:67:c8:2f:f0:37:bf:c4:78:cd:f1:e7:10:c5:6d:
         4e:80:05:15
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICAK8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRjE5
ODlCNDA2OTAxQURGODgxMEI5RENEQzRFMEZDOUU3RTg1RUVCNDAeFw0yNTA5MTEw
NTU2MzdaFw0yNjA4MjAwNzQ5MThaMDMxMTAvBgNVBAMTKDU0QTEyOTM3NzQ0MDZG
MTgyNjY3REM5NDRBQUI1M0M2OTA2OUI0MzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFUr5mTIfxhYNrTcu46+zjdTbjZYTsTjyWHymuiTrHVTng6gJZ
SHn2XNwWF0NMSnuAIHWtI/yDsYkAVCDWgh5m9qUqAEvuPCOCrWofVtC/o+T3cPVN
3DFfEJaIiA43R5eXNwpk+w3byAhH29cEKjmsB1TNThzpJIAEJZCSSLlmNq8KxgAw
/oux9eTR/f2w0aGBFaumfGSuVj+P4lu6sO+0glOtMLFNH1qQ3S3k+DGOC7nzYocB
Vu3lC7uJKNRKjf9UyBfhYI2f4Hz9MMd13XA/S8DXhhFcPIxU7P6C/xnpWl7i2vId
maqQsq0QCPlDLweVXODhr0G4zoeApK+PEZwXAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUVKEpN3RAbxgmZ9yUSqtTxpBptDgwHwYDVR0jBBgwFoAU8ZibQGkBrfiBC53N
xOD8nn6F7rQwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTIz
Mi84WmliUUdrQnJmaUJDNTNOeE9EOG5uNkY3clEuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzhaaWJRR2tCcmZpQkM1M054T0Q4bm42RjdyUS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzEyMzIvVktFcE4zUkFieGdt
Wjl5VVNxdFR4cEJwdERnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAGc9PDANBgkqhkiG9w0BAQsFAAOCAQEAfeG01xc2qjP95sj5m5KV2lwrmvBA
wOKbDmRZ/nzCHrLkqB3QohOg+EiHxDn2YjNppKfVeT/0RZSMm0+hmCXH3ujW+LlR
cXHat7iaiq24QbqufkYEwCXRt89Yv7/M/QUGNcVAtBlMhz94NQOiFYghSxbBx8Gn
R5knQy0FSO0Jd1bctEp7UbwRP6vI8E7+1SU2YaMFWi/FNJf0XhNEFS0wZK6WR7FI
nNhGaVk+A4Fc7kwDh6MM4hU5kN/ri0tpTzPtx9611UY8/+RMehndOboJlAtsuEwE
wvVS0c6GyCz9iSyKaPVGu+OC3bL1z1Qq1WfIL/A3v8R4zfHnEMVtToAFFQ==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:20:18 2025 by rpki-client