Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/2KvTCWJY-8XB99EyqNSPZ59JoJM.roa
File:                     2KvTCWJY-8XB99EyqNSPZ59JoJM.roa (raw, json)
Hash identifier:          8ocBPTG+0U3a7fMjZX+xzYgUziL/LaAZWje4DdvJauw=
Subject key identifier:   D8:AB:D3:09:62:58:FB:C5:C1:F7:D1:32:A8:D4:8F:67:9F:49:A0:93
Certificate issuer:       /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial:       24F7
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/2KvTCWJY-8XB99EyqNSPZ59JoJM.roa
Signing time:             Sat 13 Sep 2025 03:08:52 +0000
ROA not before:           Sat 13 Sep 2025 03:08:52 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     212237
IP address blocks:        2403:6380:10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:37:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9463 (0x24f7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
        Validity
            Not Before: Sep 13 03:08:52 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=D8ABD3096258FBC5C1F7D132A8D48F679F49A093
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:11:3f:1f:3d:b1:7e:cb:3a:72:55:b3:77:f3:
                    db:67:2f:a8:3a:15:49:34:7f:96:60:3f:c7:6e:1b:
                    7f:8d:e8:96:ad:09:cd:9e:18:77:5b:ff:b0:64:56:
                    94:38:af:e4:ca:30:c4:bf:71:08:bd:95:34:26:3b:
                    07:93:5c:d1:2f:13:b6:b5:8e:f7:10:fd:9f:cf:bf:
                    dd:7d:e5:3f:95:2c:02:8e:20:95:af:32:39:56:36:
                    eb:c6:9b:94:66:97:01:b8:55:5a:33:b8:6c:a9:b7:
                    2f:ad:b1:d9:ff:90:56:69:75:88:80:7c:c3:06:b0:
                    26:14:fd:d1:cf:f2:f4:13:97:b3:81:66:e8:e7:f5:
                    84:f1:8a:da:03:b7:dc:84:1a:5c:39:40:43:62:ed:
                    39:97:5b:74:f9:03:51:8f:0e:2f:a3:ac:8f:4f:86:
                    d3:f2:43:3b:de:eb:a5:a6:84:59:a8:67:02:d3:1a:
                    13:a7:55:e2:bc:09:00:3b:d6:84:e0:2c:43:36:16:
                    c1:fc:be:da:7a:58:78:91:84:fb:9b:71:b8:c4:0a:
                    cf:33:9f:19:d0:c9:1b:5b:5a:a6:42:cb:f1:93:f5:
                    80:81:8f:61:43:c7:5f:c3:61:24:c3:0b:34:d6:8d:
                    92:5e:02:04:44:ed:68:19:ba:6d:58:c6:8d:d1:31:
                    19:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:AB:D3:09:62:58:FB:C5:C1:F7:D1:32:A8:D4:8F:67:9F:49:A0:93
            X509v3 Authority Key Identifier:
                keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/2KvTCWJY-8XB99EyqNSPZ59JoJM.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:6380:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         a6:00:33:97:0d:6d:27:ed:99:23:c8:ed:19:c6:52:ba:5e:b2:
         6a:71:fb:de:d6:55:0a:bd:15:f1:23:5b:f2:a1:14:83:6a:d7:
         5a:96:24:9f:06:e6:2d:53:f0:5b:7f:96:f1:9f:fc:53:29:65:
         45:ff:c8:c8:79:2e:c6:43:1a:1a:94:1c:ec:a0:e9:a2:d4:86:
         9d:cd:67:90:c8:29:e0:9e:b7:1e:35:67:42:54:9a:68:30:f7:
         a1:91:24:b1:29:b7:62:67:3c:7c:32:57:3a:06:31:e8:a3:a1:
         0d:1b:78:c3:aa:d9:38:4e:7a:57:3a:03:6d:8d:76:bc:83:88:
         0e:c8:90:2f:71:4d:73:74:f4:7b:e1:73:fe:02:b4:cb:8a:38:
         b6:aa:c7:03:6b:89:36:40:3e:b0:40:07:92:2a:9f:88:cb:cc:
         ad:18:49:1a:ba:b6:78:ad:44:76:9d:ce:28:c9:0a:e8:54:01:
         56:f6:85:f7:ec:77:06:ed:64:83:d5:ed:50:75:e1:89:26:21:
         c5:35:de:cb:eb:7e:b0:f0:52:86:d2:b0:a3:30:53:7a:75:68:
         fa:16:52:47:59:3d:9a:5e:81:50:c4:29:d4:99:4b:23:03:e6:
         7c:f4:91:01:d0:88:ec:86:16:56:fd:af:d3:63:bf:65:f6:86:
         09:29:0d:89
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICJPcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTA5MTMw
MzA4NTJaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEQ4QUJEMzA5NjI1OEZC
QzVDMUY3RDEzMkE4RDQ4RjY3OUY0OUEwOTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDqET8fPbF+yzpyVbN389tnL6g6FUk0f5ZgP8duG3+N6JatCc2e
GHdb/7BkVpQ4r+TKMMS/cQi9lTQmOweTXNEvE7a1jvcQ/Z/Pv9195T+VLAKOIJWv
MjlWNuvGm5RmlwG4VVozuGypty+tsdn/kFZpdYiAfMMGsCYU/dHP8vQTl7OBZujn
9YTxitoDt9yEGlw5QENi7TmXW3T5A1GPDi+jrI9PhtPyQzve66WmhFmoZwLTGhOn
VeK8CQA71oTgLEM2FsH8vtp6WHiRhPubcbjECs8znxnQyRtbWqZCy/GT9YCBj2FD
x1/DYSTDCzTWjZJeAgRE7WgZum1Yxo3RMRkrAgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQU2KvTCWJY+8XB99EyqNSPZ59JoJMwHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvMkt2VENXSlktOFhC
OTlFeXFOU1BaNTlKb0pNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHBCQDY4AAEDANBgkqhkiG9w0BAQsFAAOCAQEApgAzlw1tJ+2ZI8jtGcZSul6y
anH73tZVCr0V8SNb8qEUg2rXWpYknwbmLVPwW3+W8Z/8UyllRf/IyHkuxkMaGpQc
7KDpotSGnc1nkMgp4J63HjVnQlSaaDD3oZEksSm3Ymc8fDJXOgYx6KOhDRt4w6rZ
OE56VzoDbY12vIOIDsiQL3FNc3T0e+Fz/gK0y4o4tqrHA2uJNkA+sEAHkiqfiMvM
rRhJGrq2eK1Edp3OKMkK6FQBVvaF9+x3Bu1kg9XtUHXhiSYhxTXey+t+sPBShtKw
ozBTenVo+hZSR1k9ml6BUMQp1JlLIwPmfPSRAdCI7IYWVv2v02O/ZfaGCSkNiQ==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:13 2025 by rpki-client