Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/r9MlavQXlpRrAh-K-GV5jjQ-vXQ.roa
File:                     r9MlavQXlpRrAh-K-GV5jjQ-vXQ.roa (raw, json)
Hash identifier:          snqV7We7WUoIqwFxv1ta3Y8yVBy17WGV7rZC2+MvC7o=
Subject key identifier:   AF:D3:25:6A:F4:17:96:94:6B:02:1F:8A:F8:65:79:8E:34:3E:BD:74
Certificate issuer:       /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial:       24E9
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/r9MlavQXlpRrAh-K-GV5jjQ-vXQ.roa
Signing time:             Sat 13 Sep 2025 03:08:49 +0000
ROA not before:           Sat 13 Sep 2025 03:08:49 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     212237
IP address blocks:        2403:6380:60::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:37:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9449 (0x24e9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
        Validity
            Not Before: Sep 13 03:08:49 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=AFD3256AF41796946B021F8AF865798E343EBD74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:47:b7:26:e0:ac:d8:6b:23:d0:77:b5:76:3b:
                    f5:98:17:2b:1a:28:c6:87:e9:eb:54:72:48:29:9e:
                    77:7d:a4:48:d7:6f:ff:ad:58:03:7d:86:12:04:7a:
                    d1:52:4d:00:4c:67:90:b9:8d:75:26:15:d6:9a:0f:
                    d0:49:f5:d2:9e:62:42:ff:89:a2:1d:e7:ba:fa:40:
                    cf:f0:3a:3c:02:39:0f:d1:d0:1a:9b:6f:46:bf:2a:
                    42:63:06:fe:6e:9d:a8:31:b7:73:4b:12:b6:02:b2:
                    b3:69:04:bc:3a:56:47:40:c5:50:26:fd:fa:c6:57:
                    72:d7:07:05:da:78:4e:09:cc:df:f6:6d:00:c8:bc:
                    f1:e2:68:e9:52:10:e2:43:85:ae:48:80:e5:a2:fb:
                    5a:61:11:89:9a:4f:13:28:2c:93:4c:ee:05:b4:e7:
                    b1:27:d2:e1:f3:21:f2:69:3e:96:bd:ab:01:a1:88:
                    58:c0:0e:78:e8:28:9d:25:60:8b:b5:ea:33:d7:28:
                    af:c9:29:82:fa:68:89:80:62:2b:3e:49:18:ea:2e:
                    d2:a6:e3:3e:2e:a1:96:01:70:d3:be:e5:75:c1:d3:
                    75:f2:83:32:d1:1a:b9:da:e3:0e:30:b3:ef:75:96:
                    c1:be:63:e2:3b:a8:77:5b:19:14:1f:98:ff:de:17:
                    80:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:D3:25:6A:F4:17:96:94:6B:02:1F:8A:F8:65:79:8E:34:3E:BD:74
            X509v3 Authority Key Identifier:
                keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/r9MlavQXlpRrAh-K-GV5jjQ-vXQ.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:6380:60::/44

    Signature Algorithm: sha256WithRSAEncryption
         5f:d3:89:5c:a8:6f:44:e5:3d:23:99:5c:a6:aa:c7:42:ee:ef:
         c6:80:16:64:36:5b:db:ff:6c:4c:a5:95:52:74:2c:14:b2:16:
         09:18:fe:3b:03:e5:45:c6:59:42:81:28:e8:cc:2c:c0:73:ad:
         1e:0e:7a:ec:57:78:96:1e:62:0f:d1:b4:0f:9b:71:e7:73:98:
         a2:8e:1f:dd:8d:5e:af:86:3d:0a:e7:00:e2:3c:b9:62:79:76:
         5e:7b:03:3c:9b:1d:d7:2b:41:1d:46:b9:a6:5d:07:56:66:e7:
         44:ea:c5:1f:aa:4b:ef:25:ed:28:2e:02:61:48:4d:c0:5a:42:
         f7:df:e9:95:a0:c6:09:65:81:0d:ff:90:23:a4:84:5d:16:39:
         92:9a:e4:02:86:f6:8f:d9:8a:18:11:3a:13:a2:20:6c:7a:5e:
         bf:53:e3:d1:31:c4:57:ae:e3:b0:3f:e6:d3:61:6f:2c:5f:53:
         65:d4:3b:fa:39:a1:71:dc:c4:7b:93:51:61:71:61:91:40:7b:
         f6:ae:2e:4a:3c:41:33:f7:a6:8a:fd:9c:79:44:db:a5:fc:ba:
         67:82:13:4a:73:b2:e8:0c:8e:56:61:2b:e2:c0:ff:ec:86:21:
         02:e7:28:02:3f:7b:90:8e:ba:e0:6b:ae:ae:13:c0:2e:9f:3d:
         ab:e7:ba:2c
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICJOkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTA5MTMw
MzA4NDlaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEFGRDMyNTZBRjQxNzk2
OTQ2QjAyMUY4QUY4NjU3OThFMzQzRUJENzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzR7cm4KzYayPQd7V2O/WYFysaKMaH6etUckgpnnd9pEjXb/+t
WAN9hhIEetFSTQBMZ5C5jXUmFdaaD9BJ9dKeYkL/iaId57r6QM/wOjwCOQ/R0Bqb
b0a/KkJjBv5unagxt3NLErYCsrNpBLw6VkdAxVAm/frGV3LXBwXaeE4JzN/2bQDI
vPHiaOlSEOJDha5IgOWi+1phEYmaTxMoLJNM7gW057En0uHzIfJpPpa9qwGhiFjA
DnjoKJ0lYIu16jPXKK/JKYL6aImAYis+SRjqLtKm4z4uoZYBcNO+5XXB03XygzLR
Grna4w4ws+91lsG+Y+I7qHdbGRQfmP/eF4BlAgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQUr9MlavQXlpRrAh+K+GV5jjQ+vXQwHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvcjlNbGF2UVhscFJy
QWgtSy1HVjVqalEtdlhRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHBCQDY4AAYDANBgkqhkiG9w0BAQsFAAOCAQEAX9OJXKhvROU9I5lcpqrHQu7v
xoAWZDZb2/9sTKWVUnQsFLIWCRj+OwPlRcZZQoEo6MwswHOtHg567Fd4lh5iD9G0
D5tx53OYoo4f3Y1er4Y9CucA4jy5Ynl2XnsDPJsd1ytBHUa5pl0HVmbnROrFH6pL
7yXtKC4CYUhNwFpC99/plaDGCWWBDf+QI6SEXRY5kprkAob2j9mKGBE6E6IgbHpe
v1Pj0THEV67jsD/m02FvLF9TZdQ7+jmhcdzEe5NRYXFhkUB79q4uSjxBM/emiv2c
eUTbpfy6Z4ITSnOy6AyOVmEr4sD/7IYhAucoAj97kI664GuurhPALp89q+e6LA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:04 2025 by rpki-client