Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1232/o6HuQJH5hpPAN1ln47Hlpx9rgYI.roa
File:                     o6HuQJH5hpPAN1ln47Hlpx9rgYI.roa (raw, json)
Hash identifier:          lI3FubVDq0WT3iMf9E6HKfU90/xl9J+DMoyg8nru2KE=
Subject key identifier:   A3:A1:EE:40:91:F9:86:93:C0:37:59:67:E3:B1:E5:A7:1F:6B:81:82
Certificate issuer:       /CN=F1989B406901ADF8810B9DCDC4E0FC9E7E85EEB4
Certificate serial:       B3
Authority key identifier: F1:98:9B:40:69:01:AD:F8:81:0B:9D:CD:C4:E0:FC:9E:7E:85:EE:B4
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/o6HuQJH5hpPAN1ln47Hlpx9rgYI.roa
Signing time:             Thu 11 Sep 2025 05:58:03 +0000
ROA not before:           Thu 11 Sep 2025 05:58:03 +0000
ROA not after:            Thu 20 Aug 2026 07:49:18 +0000
asID:                     8075
IP address blocks:        2402:7d80:8888::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:36:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 179 (0xb3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F1989B406901ADF8810B9DCDC4E0FC9E7E85EEB4
        Validity
            Not Before: Sep 11 05:58:03 2025 GMT
            Not After : Aug 20 07:49:18 2026 GMT
        Subject: CN=A3A1EE4091F98693C0375967E3B1E5A71F6B8182
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:47:4e:c6:35:86:c7:17:c0:af:09:d5:02:82:
                    e3:a8:dc:26:be:77:12:25:f5:d7:6a:cf:a0:77:eb:
                    86:ac:8e:76:cb:f8:17:71:3b:e8:1f:e8:65:f0:6a:
                    6c:d7:fc:ba:3f:8c:bf:04:b5:f4:3a:0d:b7:93:62:
                    e6:a3:74:df:04:89:37:e8:f7:ff:94:38:65:fe:14:
                    72:cd:63:b3:e3:72:4d:15:f3:74:6b:5e:4f:a0:9c:
                    a4:ae:19:e3:98:06:06:74:87:f9:d6:30:54:66:94:
                    bc:96:f8:21:27:9c:15:45:3f:38:74:83:1c:6c:aa:
                    cd:21:7d:34:95:fa:67:36:85:f3:cb:2e:fe:51:e1:
                    84:98:79:80:c3:a7:14:df:47:31:0d:09:e8:1d:f8:
                    0c:1f:35:fd:a5:03:d4:4c:9d:12:aa:58:07:2c:05:
                    76:16:0c:1d:87:2b:43:51:97:2f:a6:37:75:af:6c:
                    de:20:e9:d9:43:a6:6b:f6:b6:0e:44:71:a3:1a:b8:
                    6c:72:88:27:7f:40:26:f3:40:fe:cd:28:39:bf:cd:
                    d2:d1:3f:1a:a0:42:59:e7:90:5e:e6:22:73:6c:4e:
                    8b:d6:dc:38:ba:c7:98:d1:00:bd:9a:c0:47:d5:05:
                    ad:fd:a3:47:3b:ad:8f:36:eb:27:3b:da:ac:a0:b5:
                    3d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:A1:EE:40:91:F9:86:93:C0:37:59:67:E3:B1:E5:A7:1F:6B:81:82
            X509v3 Authority Key Identifier:
                keyid:F1:98:9B:40:69:01:AD:F8:81:0B:9D:CD:C4:E0:FC:9E:7E:85:EE:B4

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/o6HuQJH5hpPAN1ln47Hlpx9rgYI.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2402:7d80:8888::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:e0:a0:af:f1:2b:ef:e3:e3:20:59:a6:86:43:d9:83:6f:b1:
         43:06:ad:17:4b:1c:f9:92:c6:84:20:0e:8a:28:5f:ec:cb:85:
         80:13:51:4f:59:bf:29:32:cd:d7:77:a7:1f:94:cc:58:6f:51:
         34:cb:ce:2b:80:d4:61:5d:ca:0c:30:99:46:5c:32:db:c6:cb:
         3a:8a:47:bb:f7:54:ee:55:43:e0:fb:67:95:54:1c:7b:b8:0c:
         d3:34:72:9c:fb:68:24:49:71:db:53:9e:a6:71:d4:1e:77:0f:
         dd:c4:4a:59:8d:06:f9:3f:17:74:70:60:12:ac:1a:d2:a0:b7:
         34:d8:19:92:dd:6a:01:63:4c:b6:a9:1b:bc:f7:11:9c:1e:f9:
         e2:dd:41:e0:ad:b4:a7:8d:29:e5:b5:f1:75:46:5e:9e:16:c4:
         b7:ec:c2:34:86:fd:69:28:52:27:74:28:94:b2:0c:26:88:e2:
         6e:73:fc:58:f6:1d:a7:d6:d7:4c:44:34:ab:96:1f:c6:8e:0f:
         91:b6:92:bf:1d:73:d3:24:ab:e7:9a:64:f7:1f:0c:84:d4:08:
         f5:d4:be:9c:ac:40:c2:c9:55:43:3b:03:01:eb:9f:0b:18:b2:
         0d:f7:3a:62:12:21:b0:d8:84:34:97:98:4f:19:5a:60:84:83:
         47:ea:d1:4a
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICALMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRjE5
ODlCNDA2OTAxQURGODgxMEI5RENEQzRFMEZDOUU3RTg1RUVCNDAeFw0yNTA5MTEw
NTU4MDNaFw0yNjA4MjAwNzQ5MThaMDMxMTAvBgNVBAMTKEEzQTFFRTQwOTFGOTg2
OTNDMDM3NTk2N0UzQjFFNUE3MUY2QjgxODIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIR07GNYbHF8CvCdUCguOo3Ca+dxIl9ddqz6B364asjnbL+Bdx
O+gf6GXwamzX/Lo/jL8EtfQ6DbeTYuajdN8EiTfo9/+UOGX+FHLNY7Pjck0V83Rr
Xk+gnKSuGeOYBgZ0h/nWMFRmlLyW+CEnnBVFPzh0gxxsqs0hfTSV+mc2hfPLLv5R
4YSYeYDDpxTfRzENCegd+AwfNf2lA9RMnRKqWAcsBXYWDB2HK0NRly+mN3WvbN4g
6dlDpmv2tg5EcaMauGxyiCd/QCbzQP7NKDm/zdLRPxqgQlnnkF7mInNsTovW3Di6
x5jRAL2awEfVBa39o0c7rY826yc72qygtT3LAgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQUo6HuQJH5hpPAN1ln47Hlpx9rgYIwHwYDVR0jBBgwFoAU8ZibQGkBrfiBC53N
xOD8nn6F7rQwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTIz
Mi84WmliUUdrQnJmaUJDNTNOeE9EOG5uNkY3clEuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzhaaWJRR2tCcmZpQkM1M054T0Q4bm42RjdyUS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzEyMzIvbzZIdVFKSDVocFBB
TjFsbjQ3SGxweDlyZ1lJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACQCfYCIiDANBgkqhkiG9w0BAQsFAAOCAQEAZeCgr/Er7+PjIFmmhkPZg2+x
QwatF0sc+ZLGhCAOiihf7MuFgBNRT1m/KTLN13enH5TMWG9RNMvOK4DUYV3KDDCZ
Rlwy28bLOopHu/dU7lVD4PtnlVQce7gM0zRynPtoJElx21OepnHUHncP3cRKWY0G
+T8XdHBgEqwa0qC3NNgZkt1qAWNMtqkbvPcRnB754t1B4K20p40p5bXxdUZenhbE
t+zCNIb9aShSJ3QolLIMJojibnP8WPYdp9bXTEQ0q5Yfxo4PkbaSvx1z0ySr55pk
9x8MhNQI9dS+nKxAwslVQzsDAeufCxiyDfc6YhIhsNiENJeYTxlaYISDR+rRSg==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:20:16 2025 by rpki-client