Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/r-lkf1RnNaAL-vwYsP1QvyJIyDA.roa
File:                     r-lkf1RnNaAL-vwYsP1QvyJIyDA.roa (raw, json)
Hash identifier:          73+P8YEnOnkREsJ9G9W/yLGjc3wGXBcX8195o/XNStU=
Subject key identifier:   AF:E9:64:7F:54:67:35:A0:0B:FA:FC:18:B0:FD:50:BF:22:48:C8:30
Certificate issuer:       /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial:       24E6
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/r-lkf1RnNaAL-vwYsP1QvyJIyDA.roa
Signing time:             Sat 13 Sep 2025 03:08:48 +0000
ROA not before:           Sat 13 Sep 2025 03:08:48 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     212237
IP address blocks:        2403:6380::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:37:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9446 (0x24e6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
        Validity
            Not Before: Sep 13 03:08:48 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=AFE9647F546735A00BFAFC18B0FD50BF2248C830
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:df:b1:f4:99:94:b8:48:f6:8c:0a:15:ef:60:
                    df:e6:cf:1e:bd:a7:8f:83:12:a6:ac:49:6c:3c:ce:
                    61:54:c7:5e:fa:c4:5c:5b:95:b9:16:d1:96:47:26:
                    e7:3e:96:5d:78:44:6e:99:fd:cf:63:2a:2e:53:29:
                    fa:5a:01:9e:e6:15:c3:55:da:4d:0a:58:65:c1:d5:
                    63:47:32:45:f5:cf:89:5c:00:7a:b3:e7:53:a9:6e:
                    bc:16:cf:27:7f:aa:81:73:66:86:62:38:19:86:02:
                    f3:28:eb:a4:c6:51:50:bc:24:9d:82:64:bb:f3:c0:
                    87:85:89:60:13:d5:b7:ed:77:fa:2f:ae:bf:e1:56:
                    df:3e:cd:1c:7e:00:38:d8:34:bf:d7:19:7e:9c:4a:
                    6d:73:e3:3d:77:8d:26:dc:74:54:46:a2:af:a0:64:
                    0a:45:1d:19:c1:d7:28:fa:d8:15:f7:98:96:fc:0f:
                    be:f1:0c:86:ba:86:52:21:ef:fc:a2:4b:df:7d:df:
                    93:f0:8a:07:92:9c:56:81:3c:1c:40:6a:45:65:7d:
                    8b:7c:92:1a:d4:d4:8d:9e:17:2c:88:99:cf:e5:88:
                    f5:b9:d9:45:f7:d2:06:cc:c9:94:3c:34:71:8a:a3:
                    fb:6a:83:d5:53:b7:b5:58:3f:bd:70:ee:12:b0:fa:
                    8b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:E9:64:7F:54:67:35:A0:0B:FA:FC:18:B0:FD:50:BF:22:48:C8:30
            X509v3 Authority Key Identifier:
                keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/r-lkf1RnNaAL-vwYsP1QvyJIyDA.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:6380::/40

    Signature Algorithm: sha256WithRSAEncryption
         0a:6f:93:82:1e:35:3e:17:99:d4:84:98:89:4a:d0:ad:66:66:
         6e:dd:e4:c1:98:c2:01:23:27:56:b2:f1:cf:85:90:bd:3b:a4:
         89:f2:4e:92:85:bd:e4:1a:b5:cc:cb:60:5b:59:6f:86:b6:bd:
         dd:2c:05:cd:de:c2:2c:80:a3:d3:ae:da:47:3c:19:9f:36:e7:
         b9:a9:f1:d5:7c:57:2d:a5:a3:87:de:4f:28:60:ae:cb:66:c8:
         1b:57:bd:6e:f2:f8:d3:3e:21:a3:d1:2e:20:0a:dd:03:39:aa:
         8d:38:a6:ca:7b:54:83:6a:66:74:42:84:38:00:74:dd:af:00:
         13:35:e4:2f:40:69:bb:17:19:db:48:e2:c6:b6:15:31:b5:df:
         6c:15:43:48:9d:68:a7:a0:43:ea:7e:f7:e3:10:b4:7a:d6:f2:
         7f:e4:eb:df:08:58:60:d8:0e:37:76:0d:a4:80:5e:3f:9c:f8:
         a3:03:a0:9b:35:86:03:31:6e:8a:1d:ac:8c:fb:67:00:d3:42:
         9a:9c:e3:18:33:49:8c:05:9f:e3:a6:00:3b:1e:b3:58:34:4a:
         2c:67:6d:6e:4e:33:d8:40:04:90:cd:48:f2:10:0a:d2:a3:89:
         6e:0b:f2:c1:81:15:5a:72:1d:7a:5e:ff:66:bd:da:bf:6f:82:
         94:6d:45:b6
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgICJOYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTA5MTMw
MzA4NDhaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEFGRTk2NDdGNTQ2NzM1
QTAwQkZBRkMxOEIwRkQ1MEJGMjI0OEM4MzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDU37H0mZS4SPaMChXvYN/mzx69p4+DEqasSWw8zmFUx176xFxb
lbkW0ZZHJuc+ll14RG6Z/c9jKi5TKfpaAZ7mFcNV2k0KWGXB1WNHMkX1z4lcAHqz
51OpbrwWzyd/qoFzZoZiOBmGAvMo66TGUVC8JJ2CZLvzwIeFiWAT1bftd/ovrr/h
Vt8+zRx+ADjYNL/XGX6cSm1z4z13jSbcdFRGoq+gZApFHRnB1yj62BX3mJb8D77x
DIa6hlIh7/yiS99935PwigeSnFaBPBxAakVlfYt8khrU1I2eFyyImc/liPW52UX3
0gbMyZQ8NHGKo/tqg9VTt7VYP71w7hKw+ovVAgMBAAGjggH1MIIB8TAdBgNVHQ4E
FgQUr+lkf1RnNaAL+vwYsP1QvyJIyDAwHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvci1sa2YxUm5OYUFM
LXZ3WXNQMVF2eUpJeURBLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIw
CAMGACQDY4AAMA0GCSqGSIb3DQEBCwUAA4IBAQAKb5OCHjU+F5nUhJiJStCtZmZu
3eTBmMIBIydWsvHPhZC9O6SJ8k6Shb3kGrXMy2BbWW+Gtr3dLAXN3sIsgKPTrtpH
PBmfNue5qfHVfFctpaOH3k8oYK7LZsgbV71u8vjTPiGj0S4gCt0DOaqNOKbKe1SD
amZ0QoQ4AHTdrwATNeQvQGm7FxnbSOLGthUxtd9sFUNInWinoEPqfvfjELR61vJ/
5OvfCFhg2A43dg2kgF4/nPijA6CbNYYDMW6KHayM+2cA00KanOMYM0mMBZ/jpgA7
HrNYNEosZ21uTjPYQASQzUjyEArSo4luC/LBgRVach16Xv9mvdq/b4KUbUW2
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:12 2025 by rpki-client