Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/GfHRxJhcv-CnwuNLSEA-xhPJnYo.roa
File:                     GfHRxJhcv-CnwuNLSEA-xhPJnYo.roa (raw, json)
Hash identifier:          O3uOJ7ULj6RN4qPWvVPqEv5fXFHCsZWl9JOQw0hzgy0=
Subject key identifier:   19:F1:D1:C4:98:5C:BF:E0:A7:C2:E3:4B:48:40:3E:C6:13:C9:9D:8A
Certificate issuer:       /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial:       24F2
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/GfHRxJhcv-CnwuNLSEA-xhPJnYo.roa
Signing time:             Sat 13 Sep 2025 03:08:51 +0000
ROA not before:           Sat 13 Sep 2025 03:08:51 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     139648
IP address blocks:        103.244.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:37:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9458 (0x24f2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
        Validity
            Not Before: Sep 13 03:08:51 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=19F1D1C4985CBFE0A7C2E34B48403EC613C99D8A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:24:fa:22:40:b3:fb:4a:f0:ed:1a:84:55:2e:
                    f0:de:99:da:d7:6e:bb:63:1e:e3:28:8c:5a:8a:54:
                    68:8b:bb:74:54:06:5c:91:38:35:97:25:65:64:98:
                    8c:41:11:5d:45:b5:6d:1b:aa:40:f0:ec:49:e0:d4:
                    b7:5b:f9:70:6f:24:a8:2b:42:72:75:36:c8:65:51:
                    e5:2a:ab:12:fe:95:1b:fd:cc:cf:b3:5b:12:16:9e:
                    3b:51:af:ba:84:b3:00:47:da:ef:fa:75:86:fe:b4:
                    ba:e3:39:40:e7:2d:3f:c3:22:59:bb:5b:08:6a:2e:
                    e5:ce:f9:14:da:5f:e4:84:ac:f6:05:92:cd:f8:85:
                    e6:51:d0:a8:7b:67:22:f8:c1:6f:36:f4:a3:b1:55:
                    ee:18:d8:be:3b:b1:e0:48:4b:e3:85:cb:25:c4:24:
                    ef:7f:82:2e:5c:28:ce:8e:19:2a:58:26:71:70:1c:
                    b8:38:ee:72:ec:db:eb:2b:b8:c9:4c:0a:f9:c5:da:
                    55:23:b4:0c:99:b7:41:48:51:86:69:5f:65:e7:13:
                    00:3f:4d:90:55:c4:a9:ec:79:0a:c3:92:3b:1c:fc:
                    47:d5:dd:10:a5:50:78:97:a0:70:43:d0:d9:2f:7c:
                    73:a7:eb:0f:d4:03:ed:fe:c4:77:ba:ad:44:14:93:
                    bb:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:F1:D1:C4:98:5C:BF:E0:A7:C2:E3:4B:48:40:3E:C6:13:C9:9D:8A
            X509v3 Authority Key Identifier:
                keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/GfHRxJhcv-CnwuNLSEA-xhPJnYo.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.244.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:56:2b:d5:4e:d3:4f:c9:e7:b4:3c:ed:73:79:a0:6e:17:92:
         ed:06:74:3d:0d:bd:90:c0:e0:2b:a7:61:47:eb:0e:6b:b7:d8:
         19:f9:b1:b2:29:7c:2d:af:3a:c0:af:0f:7c:7f:66:6d:4b:96:
         3c:df:71:25:a3:17:04:07:95:db:b5:09:88:81:38:ce:ca:90:
         19:66:15:f6:94:e0:a3:ac:4a:8d:3d:cb:d2:9a:20:d5:dc:70:
         7a:cd:0e:c6:da:88:67:1c:1b:d6:7e:06:83:2b:62:b8:a5:d9:
         de:b6:61:27:7d:ea:81:15:9e:9c:d6:1a:a8:b4:64:46:2e:4a:
         11:f7:0c:84:6a:c3:f2:59:f9:66:58:25:0c:c5:3e:13:a4:97:
         48:4e:c5:d0:eb:cf:4d:e7:38:e7:4b:fa:86:e8:3e:88:db:d8:
         31:5e:46:d7:48:ea:1c:1f:78:46:d9:0a:e5:79:3e:96:04:92:
         65:ee:a3:79:30:fa:7b:da:71:e3:86:6b:b8:ba:53:2f:0d:e2:
         af:2f:38:67:9d:3a:75:a2:d3:8c:70:00:c6:72:8a:bb:7b:c2:
         bc:73:e1:26:1e:2c:a3:f0:51:a0:19:b4:d1:1c:73:13:5a:c5:
         bf:94:f1:24:52:58:ac:ab:61:f2:91:06:0d:4d:18:f2:20:bc:
         d8:4b:41:35
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICJPIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTA5MTMw
MzA4NTFaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDE5RjFEMUM0OTg1Q0JG
RTBBN0MyRTM0QjQ4NDAzRUM2MTNDOTlEOEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDgJPoiQLP7SvDtGoRVLvDemdrXbrtjHuMojFqKVGiLu3RUBlyR
ODWXJWVkmIxBEV1FtW0bqkDw7Eng1Ldb+XBvJKgrQnJ1NshlUeUqqxL+lRv9zM+z
WxIWnjtRr7qEswBH2u/6dYb+tLrjOUDnLT/DIlm7WwhqLuXO+RTaX+SErPYFks34
heZR0Kh7ZyL4wW829KOxVe4Y2L47seBIS+OFyyXEJO9/gi5cKM6OGSpYJnFwHLg4
7nLs2+sruMlMCvnF2lUjtAyZt0FIUYZpX2XnEwA/TZBVxKnseQrDkjsc/EfV3RCl
UHiXoHBD0NkvfHOn6w/UA+3+xHe6rUQUk7txAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUGfHRxJhcv+CnwuNLSEA+xhPJnYowHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvR2ZIUnhKaGN2LUNu
d3VOTFNFQS14aFBKbllvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAmf0dDANBgkqhkiG9w0BAQsFAAOCAQEAWlYr1U7TT8nntDztc3mgbheS7QZ0
PQ29kMDgK6dhR+sOa7fYGfmxsil8La86wK8PfH9mbUuWPN9xJaMXBAeV27UJiIE4
zsqQGWYV9pTgo6xKjT3L0pog1dxwes0OxtqIZxwb1n4GgytiuKXZ3rZhJ33qgRWe
nNYaqLRkRi5KEfcMhGrD8ln5ZlglDMU+E6SXSE7F0OvPTec450v6hug+iNvYMV5G
10jqHB94RtkK5Xk+lgSSZe6jeTD6e9px44ZruLpTLw3iry84Z506daLTjHAAxnKK
u3vCvHPhJh4so/BRoBm00RxzE1rFv5TxJFJYrKth8pEGDU0Y8iC82EtBNQ==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:03 2025 by rpki-client