Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/VFjwhr3fby1drTZ9wqQh4LRk32E.roa
File:                     VFjwhr3fby1drTZ9wqQh4LRk32E.roa (raw, json)
Hash identifier:          5nNdZZWyDD2RFfSt4B1FQIHJDsA4R6X1XXBRQojkOjI=
Subject key identifier:   54:58:F0:86:BD:DF:6F:2D:5D:AD:36:7D:C2:A4:21:E0:B4:64:DF:61
Certificate issuer:       /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial:       24DF
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/VFjwhr3fby1drTZ9wqQh4LRk32E.roa
Signing time:             Sat 13 Sep 2025 03:08:47 +0000
ROA not before:           Sat 13 Sep 2025 03:08:47 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     139648
IP address blocks:        103.244.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:37:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9439 (0x24df)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
        Validity
            Not Before: Sep 13 03:08:47 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=5458F086BDDF6F2D5DAD367DC2A421E0B464DF61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:68:77:07:41:1e:3e:9b:1e:3b:63:1e:77:fd:
                    4e:39:94:9f:1c:23:a5:f2:5f:14:0b:9b:00:de:9c:
                    f2:98:2e:34:1c:81:ff:19:93:7d:c7:e8:d0:a7:10:
                    6a:14:94:c9:1d:9d:5a:92:98:63:27:08:47:7d:ad:
                    1e:7a:09:3a:5c:86:6e:13:b5:8d:5f:90:1f:c3:1e:
                    99:0d:63:e9:c2:05:53:22:7a:72:5b:a5:3c:20:7b:
                    ca:7b:31:17:bb:1c:8f:4b:2a:6d:0f:0f:d2:7d:3b:
                    6c:bd:59:d5:5a:35:c9:db:a6:e1:eb:f9:41:9c:d1:
                    95:15:d6:22:f3:49:a3:8d:1f:47:5b:0d:b0:b8:6a:
                    c2:3c:2f:f3:c5:c2:c8:c3:72:0d:2f:59:a9:a7:50:
                    2e:5c:11:1d:81:2a:74:c1:33:1a:a8:4b:76:6f:a3:
                    7f:79:1c:57:49:61:25:a3:49:e9:fd:34:d2:85:29:
                    7f:43:04:17:84:c7:af:69:73:9b:da:ed:ac:d0:30:
                    14:87:e1:cc:d4:fc:f5:02:44:02:ee:be:1e:2b:41:
                    df:fe:c4:99:98:1c:d3:df:c7:e2:3c:cc:c4:df:7c:
                    22:25:d9:c7:cd:f6:e9:a7:09:6b:69:e2:95:ca:7f:
                    7e:55:e5:63:e5:2e:fc:2e:27:f6:8c:a6:e3:e5:f5:
                    b4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:58:F0:86:BD:DF:6F:2D:5D:AD:36:7D:C2:A4:21:E0:B4:64:DF:61
            X509v3 Authority Key Identifier:
                keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/VFjwhr3fby1drTZ9wqQh4LRk32E.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.244.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:e0:c9:18:3b:1b:75:bd:09:75:28:f8:ec:a2:21:3c:92:d7:
         af:c6:a8:69:4a:70:97:9d:9f:03:f4:66:cc:a1:88:46:6e:09:
         1e:c8:0a:b1:d0:65:4f:d8:5a:58:9a:50:21:37:a0:58:08:37:
         b9:d7:7d:a9:9f:c7:98:2b:8e:4e:c4:70:82:22:d0:96:47:d2:
         0f:54:2b:a7:06:89:30:88:0a:da:83:74:49:d3:cc:84:b6:3b:
         03:84:e7:d7:ad:bd:67:3c:b6:37:84:49:14:ba:b8:9c:f6:81:
         ce:a2:a7:bf:09:2b:f7:95:ed:af:9e:39:f9:9a:10:6b:ad:66:
         26:db:9a:ae:49:44:15:20:ce:15:42:ce:5c:74:4c:dd:72:be:
         9e:e7:70:6a:bb:6f:2f:4d:db:14:39:2d:e6:78:df:92:66:ff:
         c7:e9:ac:f6:29:b9:34:99:ca:6e:58:e0:79:4d:77:ab:16:8c:
         9b:d8:c1:f9:ca:97:b0:0d:c3:06:1f:ce:0a:5a:06:a2:2e:25:
         07:04:e9:44:19:41:34:87:35:5d:aa:43:f7:15:ae:25:38:ff:
         ad:e1:b6:ea:43:b9:a3:2c:c4:59:fe:6a:eb:86:96:7f:09:de:
         04:83:f3:03:ff:c8:0d:22:de:87:ed:49:5e:4e:ef:6e:03:77:
         e3:d9:da:9c
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICJN8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTA5MTMw
MzA4NDdaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDU0NThGMDg2QkRERjZG
MkQ1REFEMzY3REMyQTQyMUUwQjQ2NERGNjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDiaHcHQR4+mx47Yx53/U45lJ8cI6XyXxQLmwDenPKYLjQcgf8Z
k33H6NCnEGoUlMkdnVqSmGMnCEd9rR56CTpchm4TtY1fkB/DHpkNY+nCBVMienJb
pTwge8p7MRe7HI9LKm0PD9J9O2y9WdVaNcnbpuHr+UGc0ZUV1iLzSaONH0dbDbC4
asI8L/PFwsjDcg0vWamnUC5cER2BKnTBMxqoS3Zvo395HFdJYSWjSen9NNKFKX9D
BBeEx69pc5va7azQMBSH4czU/PUCRALuvh4rQd/+xJmYHNPfx+I8zMTffCIl2cfN
9umnCWtp4pXKf35V5WPlLvwuJ/aMpuPl9bS9AgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUVFjwhr3fby1drTZ9wqQh4LRk32EwHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvVkZqd2hyM2ZieTFk
clRaOXdxUWg0TFJrMzJFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAGf0djANBgkqhkiG9w0BAQsFAAOCAQEALuDJGDsbdb0JdSj47KIhPJLXr8ao
aUpwl52fA/RmzKGIRm4JHsgKsdBlT9haWJpQITegWAg3udd9qZ/HmCuOTsRwgiLQ
lkfSD1QrpwaJMIgK2oN0SdPMhLY7A4Tn1629Zzy2N4RJFLq4nPaBzqKnvwkr95Xt
r545+ZoQa61mJtuarklEFSDOFULOXHRM3XK+nudwartvL03bFDkt5njfkmb/x+ms
9im5NJnKbljgeU13qxaMm9jB+cqXsA3DBh/OCloGoi4lBwTpRBlBNIc1XapD9xWu
JTj/reG26kO5oyzEWf5q64aWfwneBIPzA//IDSLeh+1JXk7vbgN349nanA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:09 2025 by rpki-client