Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/_VlzV8dzh7rhBTPq-wfYFGXsxgk.roa
File:                     _VlzV8dzh7rhBTPq-wfYFGXsxgk.roa (raw, json)
Hash identifier:          5pB4UEi10H0xoMQhL/t4AEdWEu6yKqixoghd1pCBEts=
Subject key identifier:   FD:59:73:57:C7:73:87:BA:E1:05:33:EA:FB:07:D8:14:65:EC:C6:09
Certificate issuer:       /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial:       24E8
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/_VlzV8dzh7rhBTPq-wfYFGXsxgk.roa
Signing time:             Sat 13 Sep 2025 03:08:49 +0000
ROA not before:           Sat 13 Sep 2025 03:08:49 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     212237
IP address blocks:        2403:6380:32::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:37:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9448 (0x24e8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
        Validity
            Not Before: Sep 13 03:08:49 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=FD597357C77387BAE10533EAFB07D81465ECC609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7f:9f:68:8e:c1:87:4d:db:5a:e9:ed:c7:60:
                    a3:8d:75:d3:5c:ca:ed:45:ab:c4:19:74:a4:bb:a9:
                    e7:72:9a:dc:57:c0:39:58:20:ab:09:3f:da:4f:12:
                    16:a7:dc:4a:71:f2:84:c4:1d:c6:f6:b5:3b:58:cf:
                    8b:2d:8f:15:44:e5:aa:ad:d3:fe:9c:ba:e3:92:5f:
                    8f:b2:41:a3:ea:6d:41:dd:28:c4:88:56:08:1c:a6:
                    51:4a:36:5e:9c:2c:18:a5:d3:cb:51:38:27:6e:ee:
                    0e:41:d9:53:ba:fb:3b:31:1d:8b:66:ea:1f:0b:68:
                    26:de:77:2c:1e:30:b7:20:65:5a:14:d4:cf:fc:19:
                    3d:1f:94:4b:c5:f7:e8:aa:e0:4f:0b:ee:54:ac:5b:
                    1f:d9:b2:6d:9b:5b:36:f9:61:4b:f1:6e:1c:04:2c:
                    c4:80:4f:ac:92:f8:09:b8:38:67:89:43:d3:10:95:
                    ed:e6:10:cf:07:d7:dd:1b:41:25:00:95:a5:ce:fe:
                    14:8d:f6:be:5e:3b:50:f7:55:62:27:f6:3c:cc:f5:
                    e8:56:74:9d:7b:7c:a4:04:b1:f1:18:63:47:aa:54:
                    7a:84:e9:b7:4d:54:53:49:42:08:64:ca:64:21:9b:
                    4f:e6:c5:9e:0a:81:d1:dc:9c:91:a1:0c:11:77:b9:
                    17:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:59:73:57:C7:73:87:BA:E1:05:33:EA:FB:07:D8:14:65:EC:C6:09
            X509v3 Authority Key Identifier:
                keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/_VlzV8dzh7rhBTPq-wfYFGXsxgk.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:6380:32::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:c7:a7:42:6f:7e:38:bc:40:da:28:0c:7d:92:a9:6d:7c:9d:
         c1:8f:64:57:b9:0b:34:f6:68:43:0e:6d:5c:f1:00:20:f8:df:
         fa:92:2b:24:13:88:76:0e:58:6c:1c:99:6b:f7:39:91:19:bf:
         9d:5c:e9:62:8d:68:c4:8f:53:7f:87:fd:1c:e9:31:ae:b0:c0:
         b9:51:4f:9b:79:60:ed:b4:d1:e9:5b:72:03:e3:aa:20:66:8f:
         09:c4:a5:91:16:6e:2d:27:bf:53:8a:03:52:9a:93:ed:9e:7b:
         70:a4:5a:31:d5:55:ec:4b:e1:fe:54:9c:c1:5b:06:80:0c:09:
         92:44:91:88:fc:5b:8b:4b:9b:72:8a:5a:c4:83:ed:de:8e:c6:
         61:1b:79:25:7a:75:40:f4:93:bd:4a:bd:ce:86:03:b2:a5:cd:
         98:32:26:bd:d4:0b:71:86:68:b9:8b:5f:80:ce:3f:eb:71:4d:
         aa:c6:e9:0d:dc:f5:04:4d:f5:ee:60:49:f4:f6:87:a7:c0:b6:
         77:ce:b6:a4:01:c0:a3:e0:35:03:d7:e0:29:03:60:76:96:85:
         c9:7d:89:ff:e3:fb:30:1e:54:71:18:d6:56:24:96:ce:39:69:
         68:3c:38:89:7c:3a:e6:d7:10:89:6b:4d:8e:42:61:70:5f:e4:
         8a:0f:17:a2
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICJOgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTA5MTMw
MzA4NDlaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEZENTk3MzU3Qzc3Mzg3
QkFFMTA1MzNFQUZCMDdEODE0NjVFQ0M2MDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2f59ojsGHTdta6e3HYKONddNcyu1Fq8QZdKS7qedymtxXwDlY
IKsJP9pPEhan3Epx8oTEHcb2tTtYz4stjxVE5aqt0/6cuuOSX4+yQaPqbUHdKMSI
VggcplFKNl6cLBil08tROCdu7g5B2VO6+zsxHYtm6h8LaCbedyweMLcgZVoU1M/8
GT0flEvF9+iq4E8L7lSsWx/Zsm2bWzb5YUvxbhwELMSAT6yS+Am4OGeJQ9MQle3m
EM8H190bQSUAlaXO/hSN9r5eO1D3VWIn9jzM9ehWdJ17fKQEsfEYY0eqVHqE6bdN
VFNJQghkymQhm0/mxZ4KgdHcnJGhDBF3uRd/AgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQU/VlzV8dzh7rhBTPq+wfYFGXsxgkwHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvX1ZselY4ZHpoN3Jo
QlRQcS13ZllGR1hzeGdrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACQDY4AAMjANBgkqhkiG9w0BAQsFAAOCAQEAk8enQm9+OLxA2igMfZKpbXyd
wY9kV7kLNPZoQw5tXPEAIPjf+pIrJBOIdg5YbByZa/c5kRm/nVzpYo1oxI9Tf4f9
HOkxrrDAuVFPm3lg7bTR6VtyA+OqIGaPCcSlkRZuLSe/U4oDUpqT7Z57cKRaMdVV
7Evh/lScwVsGgAwJkkSRiPxbi0ubcopaxIPt3o7GYRt5JXp1QPSTvUq9zoYDsqXN
mDImvdQLcYZouYtfgM4/63FNqsbpDdz1BE317mBJ9PaHp8C2d862pAHAo+A1A9fg
KQNgdpaFyX2J/+P7MB5UcRjWViSWzjlpaDw4iXw65tcQiWtNjkJhcF/kig8Xog==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:04 2025 by rpki-client