Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/58THhEXzjthXcJ3JkS4y2F974wo.roa
File:                     58THhEXzjthXcJ3JkS4y2F974wo.roa (raw, json)
Hash identifier:          n6B30sBXQzpOFqAYNXwpmNsB5fr8NsO+S1I7Nm70WUE=
Subject key identifier:   E7:C4:C7:84:45:F3:8E:D8:57:70:9D:C9:91:2E:32:D8:5F:7B:E3:0A
Certificate issuer:       /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial:       24ED
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/58THhEXzjthXcJ3JkS4y2F974wo.roa
Signing time:             Sat 13 Sep 2025 03:08:50 +0000
ROA not before:           Sat 13 Sep 2025 03:08:50 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     212237
IP address blocks:        103.31.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:37:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9453 (0x24ed)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
        Validity
            Not Before: Sep 13 03:08:50 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=E7C4C78445F38ED857709DC9912E32D85F7BE30A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a3:b9:69:bb:42:61:2b:f6:1c:5d:8f:8c:17:
                    7a:3e:23:13:3a:b4:03:e6:b0:1d:d8:f8:05:37:3b:
                    6a:ca:46:e9:c7:b7:17:cd:e4:ab:79:10:3a:25:41:
                    17:00:aa:4a:c4:92:ee:52:56:9e:2e:c9:e5:3d:56:
                    68:58:90:37:f1:35:4b:b7:e6:61:4b:97:61:94:3b:
                    73:a7:77:66:f5:9e:6a:10:17:91:ba:0d:ca:63:8d:
                    5c:85:41:7a:ba:73:0c:0a:5d:6e:bf:e9:47:2d:81:
                    fa:1c:64:d1:f2:d1:63:49:ff:4f:9a:9a:71:2a:5f:
                    98:b5:b3:c8:ab:8a:ed:f7:66:c5:75:d1:d7:19:99:
                    55:5f:12:d3:ec:9c:82:52:7b:04:8e:b5:59:3b:46:
                    55:2e:36:be:29:29:c4:1f:da:c6:76:77:ca:71:ea:
                    a2:73:0a:d9:ea:80:6b:b6:5a:57:8e:6a:66:e8:80:
                    42:35:d1:56:e9:84:88:99:ab:49:e3:ab:3c:01:72:
                    8f:70:50:da:e3:1b:0f:13:3f:d9:c7:dc:4b:4d:88:
                    59:f1:73:ef:d4:4c:a0:20:fd:29:31:ef:33:41:57:
                    7c:0c:33:e6:28:c0:c6:15:b0:c1:e9:7b:94:a2:b4:
                    e1:21:16:1c:a0:4a:65:37:d0:bb:5f:b3:3d:d6:aa:
                    6a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:C4:C7:84:45:F3:8E:D8:57:70:9D:C9:91:2E:32:D8:5F:7B:E3:0A
            X509v3 Authority Key Identifier:
                keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/58THhEXzjthXcJ3JkS4y2F974wo.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.31.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d9:5a:2d:76:f2:0d:57:50:a6:60:cd:2c:b9:a0:74:22:9d:8e:
         82:57:18:0d:2f:b6:3d:19:e8:95:2d:42:50:e3:ea:0d:34:bf:
         64:69:20:55:ff:78:9b:36:d9:6d:8a:ed:92:44:87:84:ec:53:
         b5:c8:61:e7:b4:e0:a9:e5:c7:65:24:e1:fc:dd:9a:77:2c:58:
         f6:a7:fa:72:3a:be:f3:21:e7:88:14:41:92:06:77:0a:1a:67:
         1b:cf:00:1d:d5:6f:d0:39:4f:58:7c:dd:81:44:4b:ed:23:03:
         42:17:68:93:88:10:13:1a:b4:11:21:1b:99:5c:1e:0c:01:a0:
         e2:f7:29:8a:85:67:48:65:f2:f7:4a:b4:c8:3b:b2:36:a0:14:
         b6:eb:b6:66:fa:71:78:33:36:45:af:16:2e:1f:a0:41:38:cf:
         88:d9:54:b9:32:2c:ce:75:80:31:e9:a2:be:d9:55:9c:d5:53:
         f7:af:97:5c:98:44:94:4d:b6:af:97:93:92:7d:3e:a2:3e:12:
         30:eb:43:83:87:f9:3a:b5:11:39:43:d8:b9:fa:30:ef:09:88:
         35:fc:60:2c:d6:b4:37:d9:98:75:2d:c8:00:cd:58:4a:0c:a0:
         af:26:3d:c1:33:52:ff:37:cf:e2:61:73:78:24:5c:00:a9:0f:
         28:3c:ec:74
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICJO0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTA5MTMw
MzA4NTBaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEU3QzRDNzg0NDVGMzhF
RDg1NzcwOURDOTkxMkUzMkQ4NUY3QkUzMEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpo7lpu0JhK/YcXY+MF3o+IxM6tAPmsB3Y+AU3O2rKRunHtxfN
5Kt5EDolQRcAqkrEku5SVp4uyeU9VmhYkDfxNUu35mFLl2GUO3Ond2b1nmoQF5G6
DcpjjVyFQXq6cwwKXW6/6UctgfocZNHy0WNJ/0+amnEqX5i1s8iriu33ZsV10dcZ
mVVfEtPsnIJSewSOtVk7RlUuNr4pKcQf2sZ2d8px6qJzCtnqgGu2WleOambogEI1
0VbphIiZq0njqzwBco9wUNrjGw8TP9nH3EtNiFnxc+/UTKAg/Skx7zNBV3wMM+Yo
wMYVsMHpe5SitOEhFhygSmU30Ltfsz3Wqmr1AgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQU58THhEXzjthXcJ3JkS4y2F974wowHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvNThUSGhFWHpqdGhY
Y0ozSmtTNHkyRjk3NHdvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAmcf7DANBgkqhkiG9w0BAQsFAAOCAQEA2VotdvINV1CmYM0suaB0Ip2OglcY
DS+2PRnolS1CUOPqDTS/ZGkgVf94mzbZbYrtkkSHhOxTtchh57TgqeXHZSTh/N2a
dyxY9qf6cjq+8yHniBRBkgZ3ChpnG88AHdVv0DlPWHzdgURL7SMDQhdok4gQExq0
ESEbmVweDAGg4vcpioVnSGXy90q0yDuyNqAUtuu2ZvpxeDM2Ra8WLh+gQTjPiNlU
uTIsznWAMemivtlVnNVT96+XXJhElE22r5eTkn0+oj4SMOtDg4f5OrUROUPYufow
7wmINfxgLNa0N9mYdS3IAM1YSgygryY9wTNS/zfP4mFzeCRcAKkPKDzsdA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:12 2025 by rpki-client