Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1232/nuY1nD91BbwqI2IY7dzVO0U3czI.roa
File:                     nuY1nD91BbwqI2IY7dzVO0U3czI.roa (raw, json)
Hash identifier:          nhUL14EqqSUpTfPN5TnCY256m+7549FDlo9W4Jfo3Uw=
Subject key identifier:   9E:E6:35:9C:3F:75:05:BC:2A:23:62:18:ED:DC:D5:3B:45:37:73:32
Certificate issuer:       /CN=F1989B406901ADF8810B9DCDC4E0FC9E7E85EEB4
Certificate serial:       B0
Authority key identifier: F1:98:9B:40:69:01:AD:F8:81:0B:9D:CD:C4:E0:FC:9E:7E:85:EE:B4
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/nuY1nD91BbwqI2IY7dzVO0U3czI.roa
Signing time:             Thu 11 Sep 2025 05:56:37 +0000
ROA not before:           Thu 11 Sep 2025 05:56:37 +0000
ROA not after:            Thu 20 Aug 2026 07:49:18 +0000
asID:                     8075
IP address blocks:        103.61.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:36:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 176 (0xb0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F1989B406901ADF8810B9DCDC4E0FC9E7E85EEB4
        Validity
            Not Before: Sep 11 05:56:37 2025 GMT
            Not After : Aug 20 07:49:18 2026 GMT
        Subject: CN=9EE6359C3F7505BC2A236218EDDCD53B45377332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:cb:f1:1f:6e:86:bb:84:ca:f0:14:e0:ca:1c:
                    1b:98:2e:32:98:1a:bd:15:27:09:e7:54:20:76:0b:
                    1a:50:7d:8b:21:b7:1f:03:ce:f7:40:93:83:93:12:
                    b4:a0:3f:b1:6c:ab:fc:7a:d8:22:2d:95:22:22:a3:
                    d8:e2:08:7f:bd:da:91:4a:4b:9b:c3:ff:74:a6:67:
                    90:e4:95:29:69:6b:79:b1:73:e3:b2:c6:07:99:f6:
                    80:0d:75:06:a6:49:dc:8b:4e:20:03:4e:26:7b:90:
                    73:40:46:b8:6b:ef:bb:80:dc:79:31:41:d7:fc:b8:
                    4f:9f:a5:87:ca:ab:4b:ea:56:95:4a:20:6d:4b:c6:
                    87:43:32:09:39:1d:01:c2:3a:36:e9:51:44:a6:78:
                    0b:62:4a:df:a6:04:78:d7:03:19:db:c0:00:34:96:
                    25:ed:5b:ad:99:92:d5:97:68:92:2e:4d:52:3a:31:
                    c2:f0:99:69:e9:13:89:fb:b5:ae:ba:78:38:0f:32:
                    d9:04:b9:43:d2:ec:37:e0:65:1f:0d:cf:7f:64:fc:
                    d0:63:29:be:d4:02:f9:cf:f1:9c:0d:f3:65:16:d5:
                    11:91:6e:ad:6b:53:8e:29:b8:a4:06:aa:0f:29:5e:
                    85:94:9f:3b:c1:7e:d6:63:ba:23:13:52:49:aa:58:
                    bc:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:E6:35:9C:3F:75:05:BC:2A:23:62:18:ED:DC:D5:3B:45:37:73:32
            X509v3 Authority Key Identifier:
                keyid:F1:98:9B:40:69:01:AD:F8:81:0B:9D:CD:C4:E0:FC:9E:7E:85:EE:B4

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/nuY1nD91BbwqI2IY7dzVO0U3czI.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.61.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:0d:10:ae:ea:4d:39:2b:70:5c:27:8d:67:69:11:5e:e3:ed:
         1c:1f:ef:19:9d:3d:85:02:03:6c:0f:dd:a6:8c:2c:9e:d7:a8:
         41:4f:99:0f:96:78:d8:8a:db:44:4a:4d:28:1c:8c:ea:89:bd:
         0f:7c:d3:4f:f0:66:c9:3f:18:39:ca:f6:65:e1:d9:f8:f6:d8:
         25:7b:24:fc:28:51:81:92:d2:0c:4d:a7:82:0d:8b:76:a6:62:
         a9:e1:01:3c:ba:3b:9d:7e:75:2a:c5:d2:a8:e4:ca:c9:17:c7:
         ca:56:20:96:2b:4b:c6:67:a5:04:fe:18:7b:af:71:78:44:89:
         f1:cd:34:5c:49:12:d9:96:7c:ed:a9:31:35:66:28:b3:85:37:
         1c:87:98:a7:0a:c3:4e:f3:7c:40:f1:29:19:34:ac:76:fc:bf:
         01:d5:12:7f:aa:b7:ae:15:62:3b:30:28:f7:33:79:f2:5b:23:
         81:3a:79:f9:8e:20:d3:ea:7f:e9:5e:83:ec:86:29:8e:07:d1:
         a0:d7:ea:68:1e:60:a9:d0:98:fe:7f:22:87:f9:0f:58:e8:b0:
         84:f8:d7:df:8a:88:06:d1:3e:d8:35:f8:0d:26:db:ce:6a:95:
         10:cc:82:5e:0c:79:7e:80:b0:0d:e4:bb:33:47:33:a9:1e:9b:
         75:78:b9:e7
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICALAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRjE5
ODlCNDA2OTAxQURGODgxMEI5RENEQzRFMEZDOUU3RTg1RUVCNDAeFw0yNTA5MTEw
NTU2MzdaFw0yNjA4MjAwNzQ5MThaMDMxMTAvBgNVBAMTKDlFRTYzNTlDM0Y3NTA1
QkMyQTIzNjIxOEVERENENTNCNDUzNzczMzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIy/Efboa7hMrwFODKHBuYLjKYGr0VJwnnVCB2CxpQfYshtx8D
zvdAk4OTErSgP7Fsq/x62CItlSIio9jiCH+92pFKS5vD/3SmZ5DklSlpa3mxc+Oy
xgeZ9oANdQamSdyLTiADTiZ7kHNARrhr77uA3HkxQdf8uE+fpYfKq0vqVpVKIG1L
xodDMgk5HQHCOjbpUUSmeAtiSt+mBHjXAxnbwAA0liXtW62ZktWXaJIuTVI6McLw
mWnpE4n7ta66eDgPMtkEuUPS7DfgZR8Nz39k/NBjKb7UAvnP8ZwN82UW1RGRbq1r
U44puKQGqg8pXoWUnzvBftZjuiMTUkmqWLxZAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUnuY1nD91BbwqI2IY7dzVO0U3czIwHwYDVR0jBBgwFoAU8ZibQGkBrfiBC53N
xOD8nn6F7rQwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTIz
Mi84WmliUUdrQnJmaUJDNTNOeE9EOG5uNkY3clEuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzhaaWJRR2tCcmZpQkM1M054T0Q4bm42RjdyUS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzEyMzIvbnVZMW5EOTFCYndx
STJJWTdkelZPMFUzY3pJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAGc9PjANBgkqhkiG9w0BAQsFAAOCAQEAKg0QrupNOStwXCeNZ2kRXuPtHB/v
GZ09hQIDbA/dpowsnteoQU+ZD5Z42IrbREpNKByM6om9D3zTT/BmyT8YOcr2ZeHZ
+PbYJXsk/ChRgZLSDE2ngg2LdqZiqeEBPLo7nX51KsXSqOTKyRfHylYglitLxmel
BP4Ye69xeESJ8c00XEkS2ZZ87akxNWYos4U3HIeYpwrDTvN8QPEpGTSsdvy/AdUS
f6q3rhViOzAo9zN58lsjgTp5+Y4g0+p/6V6D7IYpjgfRoNfqaB5gqdCY/n8ih/kP
WOiwhPjX34qIBtE+2DX4DSbbzmqVEMyCXgx5foCwDeS7M0czqR6bdXi55w==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:20:21 2025 by rpki-client