Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/wMbDprErtId5YJQC1FBbXCRBP4o.roa
File:                     wMbDprErtId5YJQC1FBbXCRBP4o.roa (raw, json)
Hash identifier:          /5Lsu0V1Oj5/DlXeIx1Ms3RS6JCugShTfL+8GZplPPE=
Subject key identifier:   C0:C6:C3:A6:B1:2B:B4:87:79:60:94:02:D4:50:5B:5C:24:41:3F:8A
Certificate issuer:       /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial:       24F1
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/wMbDprErtId5YJQC1FBbXCRBP4o.roa
Signing time:             Sat 13 Sep 2025 03:08:51 +0000
ROA not before:           Sat 13 Sep 2025 03:08:51 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     212237
IP address blocks:        2403:6380:31::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 19 Oct 2025 23:37:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9457 (0x24f1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
        Validity
            Not Before: Sep 13 03:08:51 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=C0C6C3A6B12BB48779609402D4505B5C24413F8A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:bd:c6:2d:88:41:12:e9:4c:6b:f4:6e:70:7d:
                    5a:2e:64:58:51:b8:7e:06:08:14:cf:d0:eb:c7:98:
                    8a:f0:7d:18:46:18:31:10:48:d1:bf:b9:cb:b1:14:
                    ee:ff:12:62:c1:ad:10:71:95:0d:88:8c:cb:ca:16:
                    76:1e:b9:59:66:2c:04:2c:52:0f:7f:e1:1a:5c:bc:
                    55:e5:cb:db:86:7e:a6:2d:df:50:da:4d:3c:7a:2f:
                    b7:b0:53:50:e8:9f:4c:6d:94:da:40:01:bb:2b:d2:
                    15:31:60:66:87:f5:2b:cb:cc:0c:ba:7f:85:5b:05:
                    32:38:be:50:67:fe:1b:6a:7a:f9:02:07:fa:9a:e0:
                    73:12:44:9a:e9:2f:f3:59:19:13:7d:68:8c:e4:91:
                    d5:e2:79:64:ac:08:ba:44:34:f3:a0:af:cf:1a:a7:
                    d5:02:e3:f0:ab:cf:09:a7:6b:bf:76:f7:4b:33:c0:
                    c1:c8:e9:d8:d2:7c:84:dc:84:dc:b2:93:d4:77:25:
                    c6:b5:0b:95:e6:7e:78:0b:92:36:55:25:ba:b8:57:
                    06:3f:f7:85:6c:e2:da:8b:0d:4f:14:ac:94:cf:a4:
                    d9:7f:e0:df:0d:52:18:4e:55:de:14:2b:a0:a6:9a:
                    bf:f2:ac:f0:3f:0c:14:f1:31:19:a2:1f:31:f9:b9:
                    65:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:C6:C3:A6:B1:2B:B4:87:79:60:94:02:D4:50:5B:5C:24:41:3F:8A
            X509v3 Authority Key Identifier:
                keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/wMbDprErtId5YJQC1FBbXCRBP4o.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:6380:31::/48

    Signature Algorithm: sha256WithRSAEncryption
         cb:58:8c:6f:f6:a0:2b:05:40:e2:4e:b7:45:ec:3f:7b:1c:b8:
         09:0c:66:36:67:0f:c4:bc:01:89:33:66:02:a0:4d:16:58:e2:
         dc:fe:ce:a9:28:72:22:70:b9:ba:d1:b7:89:79:d2:55:cd:50:
         ea:8a:ba:a6:76:0f:0b:ba:90:84:65:01:00:cd:8b:24:cb:6e:
         d7:16:0d:c6:42:5d:a9:84:f7:b2:0b:a6:19:8c:9a:8c:7a:6a:
         43:01:a4:de:76:06:fa:1c:a0:91:59:21:a4:c1:02:48:02:45:
         44:c0:17:16:36:e0:37:02:c9:0a:34:3d:31:ca:c2:f9:22:cc:
         bb:5b:e2:70:22:e1:e8:a6:32:9a:37:d9:b1:a3:c4:ac:f9:7b:
         d5:cd:f2:cf:3d:88:77:81:36:2c:e2:9a:b2:66:87:f9:e8:59:
         07:58:35:97:bc:67:60:d3:53:aa:01:3a:17:94:f6:82:63:2b:
         9b:de:22:1d:a7:f3:98:69:86:43:3e:53:2d:23:25:2f:eb:b8:
         ad:14:f9:c9:61:0e:7d:08:4d:8d:91:d1:e0:d3:de:96:36:63:
         4e:81:89:57:5a:c4:ef:2b:ac:f1:5b:06:e1:f4:1a:62:f3:66:
         d1:84:9c:74:db:7b:33:ee:11:8a:b5:d8:bf:32:57:39:6b:0c:
         97:0a:e9:2c
-----BEGIN CERTIFICATE-----
MIIE2jCCA8KgAwIBAgICJPEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTA5MTMw
MzA4NTFaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEMwQzZDM0E2QjEyQkI0
ODc3OTYwOTQwMkQ0NTA1QjVDMjQ0MTNGOEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOvcYtiEES6Uxr9G5wfVouZFhRuH4GCBTP0OvHmIrwfRhGGDEQ
SNG/ucuxFO7/EmLBrRBxlQ2IjMvKFnYeuVlmLAQsUg9/4RpcvFXly9uGfqYt31Da
TTx6L7ewU1Don0xtlNpAAbsr0hUxYGaH9SvLzAy6f4VbBTI4vlBn/htqevkCB/qa
4HMSRJrpL/NZGRN9aIzkkdXieWSsCLpENPOgr88ap9UC4/Crzwmna79290szwMHI
6djSfITchNyyk9R3Jca1C5XmfngLkjZVJbq4VwY/94Vs4tqLDU8UrJTPpNl/4N8N
UhhOVd4UK6Cmmr/yrPA/DBTxMRmiHzH5uWUBAgMBAAGjggH2MIIB8jAdBgNVHQ4E
FgQUwMbDprErtId5YJQC1FBbXCRBP4owHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvd01iRHByRXJ0SWQ1
WUpRQzFGQmJYQ1JCUDRvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACQDY4AAMTANBgkqhkiG9w0BAQsFAAOCAQEAy1iMb/agKwVA4k63Rew/exy4
CQxmNmcPxLwBiTNmAqBNFlji3P7OqShyInC5utG3iXnSVc1Q6oq6pnYPC7qQhGUB
AM2LJMtu1xYNxkJdqYT3sgumGYyajHpqQwGk3nYG+hygkVkhpMECSAJFRMAXFjbg
NwLJCjQ9McrC+SLMu1vicCLh6KYymjfZsaPErPl71c3yzz2Id4E2LOKasmaH+ehZ
B1g1l7xnYNNTqgE6F5T2gmMrm94iHafzmGmGQz5TLSMlL+u4rRT5yWEOfQhNjZHR
4NPeljZjToGJV1rE7yus8VsG4fQaYvNm0YScdNt7M+4RirXYvzJXOWsMlwrpLA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:07 2025 by rpki-client