Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/QW4yGUFhditr5ilZQsfpsitbeOU.roa
File:                     QW4yGUFhditr5ilZQsfpsitbeOU.roa (raw, json)
Hash identifier:          tmdIKHdMCSWvblA7C0ncd4sBrDrKhB9g6/WhECJfyVo=
Subject key identifier:   41:6E:32:19:41:61:76:2B:6B:E6:29:59:42:C7:E9:B2:2B:5B:78:E5
Certificate issuer:       /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial:       24E1
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/QW4yGUFhditr5ilZQsfpsitbeOU.roa
Signing time:             Sat 13 Sep 2025 03:08:47 +0000
ROA not before:           Sat 13 Sep 2025 03:08:47 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     139648
IP address blocks:        103.244.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:37:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9441 (0x24e1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
        Validity
            Not Before: Sep 13 03:08:47 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=416E32194161762B6BE6295942C7E9B22B5B78E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ac:0f:19:e9:a5:cb:91:6d:58:48:99:26:c2:
                    36:15:f8:d4:0d:ea:a5:ec:2f:22:75:de:08:10:95:
                    0e:1e:48:fe:50:5b:dd:62:5d:b1:e0:e2:97:0a:b6:
                    03:fa:10:f4:2a:63:29:1f:92:fe:a3:7f:30:a1:b8:
                    5b:b8:0d:25:c2:90:2d:01:c7:f7:88:ea:81:87:e7:
                    8f:64:df:5f:31:54:6e:29:11:70:ae:dd:1c:37:e5:
                    e4:72:9e:01:74:49:7a:cc:2a:26:c4:e3:75:5e:4e:
                    fa:50:87:8a:b8:01:dc:84:1f:94:a6:bb:fd:50:2a:
                    f4:d6:e9:a9:be:f7:ac:ea:ae:c8:9b:ab:f1:b0:e1:
                    e4:6d:da:83:a7:db:46:81:8f:ab:d2:44:f7:45:6a:
                    84:74:53:1f:b0:7a:de:30:d6:59:86:04:3a:eb:a1:
                    78:4e:e1:04:fa:c0:cd:2e:72:a8:0c:9e:3b:90:a1:
                    1e:8e:23:cb:c9:5a:54:cb:9e:cf:3b:22:41:81:da:
                    d1:c9:25:50:5a:98:aa:c0:87:71:a6:81:29:72:35:
                    72:58:f5:d6:5b:a3:58:b5:f0:9b:28:1d:49:91:08:
                    47:c5:50:fc:3e:58:ee:c0:50:bf:0d:54:0d:fd:dc:
                    0e:46:c9:cf:f6:e1:26:2c:05:2f:ca:ac:14:6c:05:
                    52:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:6E:32:19:41:61:76:2B:6B:E6:29:59:42:C7:E9:B2:2B:5B:78:E5
            X509v3 Authority Key Identifier:
                keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/QW4yGUFhditr5ilZQsfpsitbeOU.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.244.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:e7:c5:7a:70:79:0e:b5:c6:38:b8:29:a8:eb:5c:79:35:ae:
         df:88:e5:0f:b7:77:b4:a2:39:fa:ea:62:d4:be:f3:59:8f:66:
         cd:30:d5:17:7a:79:64:01:15:20:e0:b3:f9:e4:69:31:9d:92:
         fb:82:55:68:87:7e:0d:1d:e2:c9:48:c2:d2:38:d0:11:e0:17:
         75:22:fe:86:e5:0f:5c:3c:7a:ef:b3:d0:ec:00:0a:36:10:b6:
         45:28:3b:9a:2a:ef:11:95:9d:59:42:fa:b3:9b:b1:97:ae:59:
         ab:cf:ab:c2:a7:33:48:d1:fe:71:b6:a7:cc:8b:d5:55:de:7a:
         f6:a4:27:69:31:18:59:57:af:26:a9:cd:11:3b:a6:79:2a:a0:
         4d:21:30:af:c7:00:8d:6d:a6:e9:f0:59:9f:7f:93:66:89:2c:
         7c:6f:4c:85:bf:4b:f2:8c:85:de:d1:47:74:dd:9f:17:69:e3:
         91:f2:d0:b2:31:7d:f4:d7:5b:c7:dc:41:7a:bc:36:62:98:25:
         e0:0a:ae:be:3d:98:ef:02:3a:ec:96:ae:1f:26:6a:39:4a:31:
         28:7b:fe:60:d0:cf:88:9b:5e:f1:07:d2:87:fd:08:0b:5b:7a:
         46:a8:0d:ea:0b:57:d4:dd:a2:e5:44:59:6b:31:20:39:5f:cc:
         e7:cb:cb:37
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICJOEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTA5MTMw
MzA4NDdaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDQxNkUzMjE5NDE2MTc2
MkI2QkU2Mjk1OTQyQzdFOUIyMkI1Qjc4RTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDmrA8Z6aXLkW1YSJkmwjYV+NQN6qXsLyJ13ggQlQ4eSP5QW91i
XbHg4pcKtgP6EPQqYykfkv6jfzChuFu4DSXCkC0Bx/eI6oGH549k318xVG4pEXCu
3Rw35eRyngF0SXrMKibE43VeTvpQh4q4AdyEH5Smu/1QKvTW6am+96zqrsibq/Gw
4eRt2oOn20aBj6vSRPdFaoR0Ux+wet4w1lmGBDrroXhO4QT6wM0ucqgMnjuQoR6O
I8vJWlTLns87IkGB2tHJJVBamKrAh3GmgSlyNXJY9dZbo1i18JsoHUmRCEfFUPw+
WO7AUL8NVA393A5Gyc/24SYsBS/KrBRsBVIzAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUQW4yGUFhditr5ilZQsfpsitbeOUwHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvUVc0eUdVRmhkaXRy
NWlsWlFzZnBzaXRiZU9VLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAGf0dzANBgkqhkiG9w0BAQsFAAOCAQEAU+fFenB5DrXGOLgpqOtceTWu34jl
D7d3tKI5+upi1L7zWY9mzTDVF3p5ZAEVIOCz+eRpMZ2S+4JVaId+DR3iyUjC0jjQ
EeAXdSL+huUPXDx677PQ7AAKNhC2RSg7mirvEZWdWUL6s5uxl65Zq8+rwqczSNH+
cbanzIvVVd569qQnaTEYWVevJqnNETumeSqgTSEwr8cAjW2m6fBZn3+TZoksfG9M
hb9L8oyF3tFHdN2fF2njkfLQsjF99Ndbx9xBerw2Ypgl4Aquvj2Y7wI67JauHyZq
OUoxKHv+YNDPiJte8QfSh/0IC1t6RqgN6gtX1N2i5URZazEgOV/M58vLNw==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:09 2025 by rpki-client