Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/21-A0JoGyCcKpZZ8vVoDWAAN40k.roa
File:                     21-A0JoGyCcKpZZ8vVoDWAAN40k.roa (raw, json)
Hash identifier:          8uiQ7I4+StvGCzuamlF3pk33/0d3/cX2h6MOf+zIW2g=
Subject key identifier:   DB:5F:80:D0:9A:06:C8:27:0A:A5:96:7C:BD:5A:03:58:00:0D:E3:49
Certificate issuer:       /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial:       24E5
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/21-A0JoGyCcKpZZ8vVoDWAAN40k.roa
Signing time:             Sat 13 Sep 2025 03:08:48 +0000
ROA not before:           Sat 13 Sep 2025 03:08:48 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     212237
IP address blocks:        2403:6380:40::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:37:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9445 (0x24e5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
        Validity
            Not Before: Sep 13 03:08:48 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=DB5F80D09A06C8270AA5967CBD5A0358000DE349
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:f6:58:88:19:53:22:3e:c2:62:a5:e5:a4:ee:
                    cd:df:f6:44:7c:8c:fa:f5:4b:a6:c4:98:0b:6e:31:
                    8c:f2:41:cf:13:08:76:ff:3a:12:0c:68:5e:bb:9e:
                    b6:6d:e6:b0:6a:76:9a:cd:f0:08:22:0a:39:99:9a:
                    2c:25:02:eb:b8:5e:da:fa:03:e3:23:75:6b:e0:b1:
                    3e:92:9f:00:3c:5b:49:71:10:cc:66:1a:3e:64:cd:
                    66:23:27:41:b1:22:39:c5:04:9e:69:2a:ad:62:eb:
                    f6:41:0a:62:60:7f:a4:19:08:4e:4f:9a:dd:93:03:
                    36:b3:11:16:0c:c2:b1:e3:87:e9:5b:32:da:49:ec:
                    54:b6:b8:35:95:eb:21:95:c5:9a:98:56:37:aa:b7:
                    a4:dc:22:c2:22:97:c6:9a:99:7a:ee:d7:ec:ee:f4:
                    bb:38:36:ec:8e:d8:bf:e8:74:82:0a:36:02:03:3c:
                    1a:4f:44:26:3d:6d:ec:0d:85:a1:42:33:d2:90:d5:
                    fb:1a:53:b2:97:21:fe:15:b5:30:1b:97:ba:60:72:
                    ad:df:ef:ba:9e:20:cb:60:d9:4d:2f:d8:91:51:de:
                    ab:e7:01:eb:2d:cc:e7:fb:68:af:c9:41:fb:3a:db:
                    cf:03:78:e5:43:4c:bd:97:fc:e9:ac:91:87:71:e4:
                    c5:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:5F:80:D0:9A:06:C8:27:0A:A5:96:7C:BD:5A:03:58:00:0D:E3:49
            X509v3 Authority Key Identifier:
                keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/21-A0JoGyCcKpZZ8vVoDWAAN40k.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:6380:40::/44

    Signature Algorithm: sha256WithRSAEncryption
         c1:d1:1f:9c:a8:bc:51:76:09:13:d4:f0:5d:7d:b9:ad:f0:d5:
         ee:d1:93:42:30:e8:10:e6:12:b2:2c:a4:38:e2:d5:31:fc:4f:
         7f:30:cb:6d:03:af:02:c3:8d:8f:53:22:60:dc:61:2b:67:6a:
         20:6d:46:1d:b0:cf:f8:46:17:8b:77:c4:4f:b7:3a:28:12:e8:
         e1:6e:73:0d:8f:b8:61:28:ee:e7:3e:bc:88:6f:39:09:f9:a0:
         56:af:0c:05:99:d8:4b:69:86:70:8e:27:5f:89:a6:68:01:a7:
         f1:0c:6b:94:e5:09:f7:bb:44:d2:f1:61:ff:35:ac:f0:d4:16:
         34:be:08:80:e7:35:25:e7:60:2c:f5:d0:39:e0:c7:80:6b:d3:
         c9:c8:eb:b1:be:e4:2e:bd:0b:e4:60:a2:94:68:08:f3:d5:06:
         4d:97:58:f6:6c:c6:8e:a4:a2:c0:33:2b:d0:12:e5:b4:3b:5f:
         ba:8a:2d:55:85:3a:22:08:11:e4:fd:38:a0:7e:8e:da:7a:e0:
         7b:c4:31:b3:fb:0c:9f:55:58:ad:2f:f0:16:5e:95:9b:ff:aa:
         2d:b5:12:b0:85:95:ba:f1:1b:c8:37:7f:d3:44:56:59:5a:4b:
         c6:1d:90:61:f1:ee:16:c3:03:a6:75:ba:6b:2b:9b:d6:36:be:
         61:19:ae:10
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICJOUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTA5MTMw
MzA4NDhaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKERCNUY4MEQwOUEwNkM4
MjcwQUE1OTY3Q0JENUEwMzU4MDAwREUzNDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDR9liIGVMiPsJipeWk7s3f9kR8jPr1S6bEmAtuMYzyQc8TCHb/
OhIMaF67nrZt5rBqdprN8AgiCjmZmiwlAuu4Xtr6A+MjdWvgsT6SnwA8W0lxEMxm
Gj5kzWYjJ0GxIjnFBJ5pKq1i6/ZBCmJgf6QZCE5Pmt2TAzazERYMwrHjh+lbMtpJ
7FS2uDWV6yGVxZqYVjeqt6TcIsIil8aamXru1+zu9Ls4NuyO2L/odIIKNgIDPBpP
RCY9bewNhaFCM9KQ1fsaU7KXIf4VtTAbl7pgcq3f77qeIMtg2U0v2JFR3qvnAest
zOf7aK/JQfs6288DeOVDTL2X/OmskYdx5MUnAgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQU21+A0JoGyCcKpZZ8vVoDWAAN40kwHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvMjEtQTBKb0d5Q2NL
cFpaOHZWb0RXQUFONDBrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHBCQDY4AAQDANBgkqhkiG9w0BAQsFAAOCAQEAwdEfnKi8UXYJE9TwXX25rfDV
7tGTQjDoEOYSsiykOOLVMfxPfzDLbQOvAsONj1MiYNxhK2dqIG1GHbDP+EYXi3fE
T7c6KBLo4W5zDY+4YSju5z68iG85CfmgVq8MBZnYS2mGcI4nX4mmaAGn8QxrlOUJ
97tE0vFh/zWs8NQWNL4IgOc1JedgLPXQOeDHgGvTycjrsb7kLr0L5GCilGgI89UG
TZdY9mzGjqSiwDMr0BLltDtfuootVYU6IggR5P04oH6O2nrge8Qxs/sMn1VYrS/w
Fl6Vm/+qLbUSsIWVuvEbyDd/00RWWVpLxh2QYfHuFsMDpnW6ayub1ja+YRmuEA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:08 2025 by rpki-client