Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/mLYgklDdgJq4BZWUclcopoxjUEM.roa
File:                     mLYgklDdgJq4BZWUclcopoxjUEM.roa (raw, json)
Hash identifier:          zycLMpt4G9DMYaEB1Jf9zPbSYbuxlZozJDeEVu/jDVk=
Subject key identifier:   98:B6:20:92:50:DD:80:9A:B8:05:95:94:72:57:28:A6:8C:63:50:43
Certificate issuer:       /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial:       24DE
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/mLYgklDdgJq4BZWUclcopoxjUEM.roa
Signing time:             Sat 13 Sep 2025 03:08:47 +0000
ROA not before:           Sat 13 Sep 2025 03:08:47 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     212237
IP address blocks:        2403:6380:30::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:37:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9438 (0x24de)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
        Validity
            Not Before: Sep 13 03:08:47 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=98B6209250DD809AB8059594725728A68C635043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:05:be:43:94:ae:7b:71:99:5b:a8:31:95:f8:
                    8a:7a:e9:8e:af:95:1b:39:5d:ca:e6:7e:a2:3c:1b:
                    53:fb:da:1e:66:18:1c:81:ad:10:e3:46:be:aa:54:
                    e3:f5:d3:02:59:8c:25:bf:60:f9:49:0d:bc:c3:b6:
                    e8:a8:66:e1:46:27:64:06:e6:50:d8:d2:cc:31:a2:
                    82:26:16:d6:7e:88:ac:de:1a:0f:e4:80:87:aa:db:
                    ae:25:bb:f2:bf:8b:c7:ae:89:5e:f9:42:ec:50:79:
                    93:a1:e4:d4:89:c1:1e:4b:b9:5c:6e:cc:51:96:e8:
                    07:e5:44:2a:ce:20:55:c0:d9:57:6e:5a:e7:b8:71:
                    78:99:4e:19:61:d6:55:b2:ef:ef:0e:61:92:96:02:
                    2b:6e:07:68:f8:37:97:64:34:c1:ce:a9:17:95:47:
                    d8:c8:35:29:7c:08:af:3d:e0:09:d0:7e:38:cf:6e:
                    dc:d5:30:6a:e0:a5:19:76:a2:4c:02:3d:34:de:a8:
                    79:04:04:7c:29:bf:61:7f:a3:0e:3d:76:2d:f6:04:
                    31:0e:89:49:5d:d1:57:d2:33:e5:fa:9e:6d:b6:3f:
                    57:74:ad:9d:83:f8:8e:8b:54:20:e9:27:1d:e0:d4:
                    71:ac:a6:12:c1:eb:2d:e1:b5:e6:12:b3:e9:8f:19:
                    4e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:B6:20:92:50:DD:80:9A:B8:05:95:94:72:57:28:A6:8C:63:50:43
            X509v3 Authority Key Identifier:
                keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/mLYgklDdgJq4BZWUclcopoxjUEM.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:6380:30::/44

    Signature Algorithm: sha256WithRSAEncryption
         25:b0:35:14:ce:dd:43:26:2c:b1:e5:b3:c0:59:c1:8e:38:5d:
         bf:51:ff:d4:7f:0b:22:17:5e:21:a9:cc:ef:2c:d4:b7:3a:a3:
         ee:fe:f0:a1:0f:8d:72:69:02:2b:91:a3:aa:67:d9:ed:aa:f6:
         b4:f5:e6:cb:95:13:88:32:f8:58:f6:ea:6e:9b:f4:96:1e:d8:
         a8:17:ee:d6:7b:0c:66:46:5d:b3:15:93:b9:bc:f9:3e:3a:c0:
         d1:4f:f9:15:20:85:e3:29:2a:6b:4a:95:19:51:d3:04:9d:4b:
         bb:4f:b9:16:93:1f:8b:14:a4:86:50:f3:bd:11:3f:42:86:2f:
         ae:19:23:bb:94:cb:4c:0e:40:af:cd:53:44:c9:0c:fc:75:d0:
         bf:b9:71:1c:cd:2c:f2:89:e9:2e:14:8f:58:33:db:cb:f6:eb:
         69:1a:32:d4:9a:8f:25:c2:ae:c6:f7:44:bb:47:2d:e2:0b:48:
         95:54:87:9b:85:7e:6d:7d:86:6c:3c:62:e2:80:c2:2a:5c:07:
         af:70:ab:ac:28:84:46:ab:78:52:c4:15:cb:6f:c0:e7:d6:6a:
         34:b8:35:4f:00:45:0e:8a:1f:e1:3a:21:0c:80:c2:f4:45:d2:
         a6:76:b4:c3:e9:05:7e:ff:19:27:73:86:a3:94:75:17:84:35:
         e1:fe:1a:08
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICJN4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTA5MTMw
MzA4NDdaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDk4QjYyMDkyNTBERDgw
OUFCODA1OTU5NDcyNTcyOEE2OEM2MzUwNDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEBb5DlK57cZlbqDGV+Ip66Y6vlRs5XcrmfqI8G1P72h5mGByB
rRDjRr6qVOP10wJZjCW/YPlJDbzDtuioZuFGJ2QG5lDY0swxooImFtZ+iKzeGg/k
gIeq264lu/K/i8euiV75QuxQeZOh5NSJwR5LuVxuzFGW6AflRCrOIFXA2VduWue4
cXiZThlh1lWy7+8OYZKWAituB2j4N5dkNMHOqReVR9jINSl8CK894AnQfjjPbtzV
MGrgpRl2okwCPTTeqHkEBHwpv2F/ow49di32BDEOiUld0VfSM+X6nm22P1d0rZ2D
+I6LVCDpJx3g1HGsphLB6y3hteYSs+mPGU5jAgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQUmLYgklDdgJq4BZWUclcopoxjUEMwHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvbUxZZ2tsRGRnSnE0
QlpXVWNsY29wb3hqVUVNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHBCQDY4AAMDANBgkqhkiG9w0BAQsFAAOCAQEAJbA1FM7dQyYsseWzwFnBjjhd
v1H/1H8LIhdeIanM7yzUtzqj7v7woQ+NcmkCK5GjqmfZ7ar2tPXmy5UTiDL4WPbq
bpv0lh7YqBfu1nsMZkZdsxWTubz5PjrA0U/5FSCF4ykqa0qVGVHTBJ1Lu0+5FpMf
ixSkhlDzvRE/QoYvrhkju5TLTA5Ar81TRMkM/HXQv7lxHM0s8onpLhSPWDPby/br
aRoy1JqPJcKuxvdEu0ct4gtIlVSHm4V+bX2GbDxi4oDCKlwHr3CrrCiERqt4UsQV
y2/A59ZqNLg1TwBFDoof4TohDIDC9EXSpna0w+kFfv8ZJ3OGo5R1F4Q14f4aCA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:06 2025 by rpki-client