Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/nIkgv8iTRjiXwVL9S2gtOD72tV0.roa
File:                     nIkgv8iTRjiXwVL9S2gtOD72tV0.roa (raw, json)
Hash identifier:          oPNs2j4mmoIZwZos7nrN9JmyKp8fH3/kih8TnlfPeeM=
Subject key identifier:   9C:89:20:BF:C8:93:46:38:97:C1:52:FD:4B:68:2D:38:3E:F6:B5:5D
Certificate issuer:       /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial:       24E2
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/nIkgv8iTRjiXwVL9S2gtOD72tV0.roa
Signing time:             Sat 13 Sep 2025 03:08:48 +0000
ROA not before:           Sat 13 Sep 2025 03:08:48 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     212237
IP address blocks:        2403:6380:20::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:37:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9442 (0x24e2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
        Validity
            Not Before: Sep 13 03:08:48 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=9C8920BFC893463897C152FD4B682D383EF6B55D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:89:9b:6d:4b:61:83:33:a6:7a:08:6a:05:8c:
                    fb:df:78:de:a8:80:07:2e:12:e6:ff:a6:5b:5c:59:
                    97:fb:02:77:d8:24:ea:e2:b7:e7:f9:e9:a0:40:a7:
                    6f:6f:6a:f6:2d:cf:51:94:74:1b:0b:aa:7d:9c:3e:
                    de:19:05:fa:7c:e6:fc:6c:4f:d8:31:47:cd:f4:ab:
                    58:bb:9e:94:6e:96:c5:56:e0:77:1c:e2:ef:d7:a9:
                    b0:c4:98:0b:d8:24:45:97:39:6d:32:68:58:9d:6c:
                    bb:36:84:85:71:09:84:ea:63:f7:7e:3a:9e:50:46:
                    47:7b:f6:40:0a:ba:65:e7:ec:08:96:87:29:88:36:
                    0c:71:5e:43:70:4d:e8:bb:7b:16:72:f0:ed:c2:f2:
                    20:1d:2e:04:91:21:a8:81:83:d1:92:27:dc:64:3e:
                    81:53:9d:be:37:be:4f:31:08:ed:3a:e5:e6:82:d6:
                    54:39:c3:4f:0f:39:a4:41:14:9f:f1:4e:d5:7f:64:
                    59:28:a8:0f:6c:70:a5:4d:5d:84:47:d7:7e:d9:36:
                    bd:6c:78:94:a1:d7:55:da:aa:3b:56:19:e4:c1:41:
                    70:36:1c:3c:63:41:94:22:55:fa:86:a0:a1:5f:2b:
                    b3:db:8f:94:28:6d:ac:08:c7:6f:de:3a:b5:6a:02:
                    f7:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:89:20:BF:C8:93:46:38:97:C1:52:FD:4B:68:2D:38:3E:F6:B5:5D
            X509v3 Authority Key Identifier:
                keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/nIkgv8iTRjiXwVL9S2gtOD72tV0.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:6380:20::/44

    Signature Algorithm: sha256WithRSAEncryption
         b3:7a:be:2f:66:06:32:d3:c4:81:d3:57:d3:7f:98:bc:43:59:
         f9:53:dc:bf:1c:6a:04:f1:73:b5:a5:21:d1:4e:cf:0f:a6:08:
         f2:f9:0a:68:06:57:ce:63:75:bd:f5:7c:c7:4f:9f:41:13:2e:
         c6:79:e7:38:4f:c4:07:8e:02:de:93:66:89:45:10:e0:35:64:
         08:55:b4:0b:d1:89:04:0a:e8:5f:d4:77:af:f9:79:43:d9:fa:
         8b:9c:0f:18:56:11:bd:1b:fc:8f:39:16:09:71:46:4e:9f:51:
         d7:ff:05:24:65:20:bd:d2:ed:a1:10:fa:cd:bd:46:24:ff:70:
         07:b3:59:02:42:34:34:e2:3b:54:c2:42:82:d2:fa:b9:fd:7e:
         97:b2:15:5b:82:88:8e:c3:e1:0e:28:e7:92:b6:63:28:bd:79:
         0b:4c:38:ca:70:cf:75:80:f6:da:4c:fb:da:01:16:04:29:21:
         fe:8e:76:34:e3:40:be:6b:97:aa:d1:c1:d1:12:4c:3c:f7:8f:
         af:88:78:37:e0:66:32:47:42:35:33:11:b5:87:55:8e:45:50:
         60:4e:67:b3:1d:64:5c:5e:53:d1:7c:9a:73:36:9b:a5:09:55:
         50:e7:6b:27:0c:57:b4:db:e5:c9:c0:fb:9d:5c:11:a3:63:c5:
         0e:46:e3:72
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICJOIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTA5MTMw
MzA4NDhaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDlDODkyMEJGQzg5MzQ2
Mzg5N0MxNTJGRDRCNjgyRDM4M0VGNkI1NUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCaiZttS2GDM6Z6CGoFjPvfeN6ogAcuEub/pltcWZf7AnfYJOri
t+f56aBAp29vavYtz1GUdBsLqn2cPt4ZBfp85vxsT9gxR830q1i7npRulsVW4Hcc
4u/XqbDEmAvYJEWXOW0yaFidbLs2hIVxCYTqY/d+Op5QRkd79kAKumXn7AiWhymI
NgxxXkNwTei7exZy8O3C8iAdLgSRIaiBg9GSJ9xkPoFTnb43vk8xCO065eaC1lQ5
w08POaRBFJ/xTtV/ZFkoqA9scKVNXYRH137ZNr1seJSh11XaqjtWGeTBQXA2HDxj
QZQiVfqGoKFfK7Pbj5QobawIx2/eOrVqAvfVAgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQUnIkgv8iTRjiXwVL9S2gtOD72tV0wHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvbklrZ3Y4aVRSamlY
d1ZMOVMyZ3RPRDcydFYwLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHBCQDY4AAIDANBgkqhkiG9w0BAQsFAAOCAQEAs3q+L2YGMtPEgdNX03+YvENZ
+VPcvxxqBPFztaUh0U7PD6YI8vkKaAZXzmN1vfV8x0+fQRMuxnnnOE/EB44C3pNm
iUUQ4DVkCFW0C9GJBAroX9R3r/l5Q9n6i5wPGFYRvRv8jzkWCXFGTp9R1/8FJGUg
vdLtoRD6zb1GJP9wB7NZAkI0NOI7VMJCgtL6uf1+l7IVW4KIjsPhDijnkrZjKL15
C0w4ynDPdYD22kz72gEWBCkh/o52NONAvmuXqtHB0RJMPPePr4h4N+BmMkdCNTMR
tYdVjkVQYE5nsx1kXF5T0XyaczabpQlVUOdrJwxXtNvlycD7nVwRo2PFDkbjcg==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:08 2025 by rpki-client