Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/lgf6_ZFzKtEcLxQl1sel-TTazqg.roa
File:                     lgf6_ZFzKtEcLxQl1sel-TTazqg.roa (raw, json)
Hash identifier:          vO+LFEDEgh8ONXmg9CgdvthK383AcIyvte4hMyoJKwI=
Subject key identifier:   96:07:FA:FD:91:73:2A:D1:1C:2F:14:25:D6:C7:A5:F9:34:DA:CE:A8
Certificate issuer:       /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial:       24F4
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/lgf6_ZFzKtEcLxQl1sel-TTazqg.roa
Signing time:             Sat 13 Sep 2025 03:08:51 +0000
ROA not before:           Sat 13 Sep 2025 03:08:51 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     212237
IP address blocks:        103.31.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:37:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9460 (0x24f4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
        Validity
            Not Before: Sep 13 03:08:51 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=9607FAFD91732AD11C2F1425D6C7A5F934DACEA8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:06:6a:53:79:6a:82:ff:e1:cc:8f:a0:a5:88:
                    40:48:02:62:59:1e:ae:d2:7b:04:67:37:c3:53:85:
                    c0:68:67:f5:80:c1:58:e5:ff:59:18:a8:44:46:fe:
                    7b:7b:6b:48:0d:d8:c9:8c:20:99:eb:63:03:41:25:
                    a6:94:eb:69:48:ce:8b:52:ce:8f:fa:cb:9c:94:3b:
                    f6:f9:0f:1e:43:ac:67:32:79:79:9b:3a:ac:be:09:
                    e0:62:07:07:f4:44:8e:c1:9d:ea:a3:fb:cd:8a:fb:
                    92:4f:19:d5:72:dc:81:20:2c:c5:02:d7:f4:53:77:
                    d0:ce:70:bd:fb:0a:fa:8d:aa:ee:b3:76:e5:62:4c:
                    8e:70:42:19:8f:0c:9b:d7:81:f5:32:8d:2d:15:5a:
                    7c:bd:05:fa:db:d5:56:11:85:43:bd:33:73:51:29:
                    81:fc:f7:08:81:b2:9e:0e:d1:15:65:32:57:9b:5c:
                    55:f5:a3:1b:95:bb:94:0e:9f:f5:ae:c1:45:8b:66:
                    8c:5a:f3:2f:79:06:9a:2d:8f:f0:91:f3:5c:f9:2f:
                    9d:fb:f3:10:46:46:d9:96:04:bc:05:ec:91:75:c3:
                    f9:7e:56:e3:b6:04:ba:bb:5e:8a:a5:17:18:f1:89:
                    9a:d1:91:d0:78:12:61:4b:78:05:ec:6c:92:90:bc:
                    86:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:07:FA:FD:91:73:2A:D1:1C:2F:14:25:D6:C7:A5:F9:34:DA:CE:A8
            X509v3 Authority Key Identifier:
                keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/lgf6_ZFzKtEcLxQl1sel-TTazqg.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.31.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:58:5d:d3:61:ab:67:ea:4f:5c:a6:4e:d7:be:85:fa:02:07:
         23:74:91:9a:c8:0a:02:c0:38:f2:d2:4a:4f:45:3c:4a:1e:33:
         33:75:08:85:ec:73:e3:69:56:4f:bf:16:80:1f:9c:3f:5a:2f:
         ac:5b:c1:21:e4:d9:61:07:ce:9c:03:1f:4b:58:d5:68:26:ce:
         b5:87:4a:05:11:9a:be:a1:e4:3e:e6:5c:d1:c6:f0:27:25:e2:
         93:e5:65:31:a4:62:45:1b:dc:93:b6:42:dd:35:90:3e:b9:93:
         23:58:fa:59:ca:9c:8d:ed:30:7f:d5:15:24:fc:05:17:6d:a7:
         29:ae:34:2e:41:47:f9:86:d2:47:03:cb:54:fe:0b:dd:79:6c:
         9f:39:40:88:4f:20:a7:1f:1d:ef:9d:8b:e7:8d:f5:6b:8c:b1:
         f5:8a:d2:70:16:68:f1:7b:ac:3d:e3:db:44:61:63:e8:c3:43:
         8e:02:45:7d:72:97:49:33:04:6f:70:62:80:b0:2b:d8:27:05:
         1b:f2:25:30:b2:a0:a6:24:cd:6a:f1:c4:91:ac:b2:a7:4b:d3:
         92:25:7c:2d:92:26:12:7c:ac:93:15:b7:13:21:20:fb:ef:57:
         5c:1e:fc:b9:a4:1c:17:12:e3:3e:c2:f3:73:99:c4:75:b0:ae:
         6c:ad:60:5a
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICJPQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTA5MTMw
MzA4NTFaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDk2MDdGQUZEOTE3MzJB
RDExQzJGMTQyNUQ2QzdBNUY5MzREQUNFQTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6BmpTeWqC/+HMj6CliEBIAmJZHq7SewRnN8NThcBoZ/WAwVjl
/1kYqERG/nt7a0gN2MmMIJnrYwNBJaaU62lIzotSzo/6y5yUO/b5Dx5DrGcyeXmb
Oqy+CeBiBwf0RI7Bneqj+82K+5JPGdVy3IEgLMUC1/RTd9DOcL37CvqNqu6zduVi
TI5wQhmPDJvXgfUyjS0VWny9Bfrb1VYRhUO9M3NRKYH89wiBsp4O0RVlMlebXFX1
oxuVu5QOn/WuwUWLZoxa8y95Bpotj/CR81z5L5378xBGRtmWBLwF7JF1w/l+VuO2
BLq7XoqlFxjxiZrRkdB4EmFLeAXsbJKQvIaFAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUlgf6/ZFzKtEcLxQl1sel+TTazqgwHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvbGdmNl9aRnpLdEVj
THhRbDFzZWwtVFRhenFnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAGcf7TANBgkqhkiG9w0BAQsFAAOCAQEADFhd02GrZ+pPXKZO176F+gIHI3SR
msgKAsA48tJKT0U8Sh4zM3UIhexz42lWT78WgB+cP1ovrFvBIeTZYQfOnAMfS1jV
aCbOtYdKBRGavqHkPuZc0cbwJyXik+VlMaRiRRvck7ZC3TWQPrmTI1j6Wcqcje0w
f9UVJPwFF22nKa40LkFH+YbSRwPLVP4L3XlsnzlAiE8gpx8d752L5431a4yx9YrS
cBZo8XusPePbRGFj6MNDjgJFfXKXSTMEb3BigLAr2CcFG/IlMLKgpiTNavHEkayy
p0vTkiV8LZImEnyskxW3EyEg++9XXB78uaQcFxLjPsLzc5nEdbCubK1gWg==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:03 2025 by rpki-client