Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1534/8kbYJ0MYplHjvcxpLNbtD5QAxYY.roa
File:                     8kbYJ0MYplHjvcxpLNbtD5QAxYY.roa (raw, json)
Hash identifier:          YagFCG/p1fJkzXoVYddbn8W0TXdiNTtZupHoYBa2osc=
Subject key identifier:   F2:46:D8:27:43:18:A6:51:E3:BD:CC:69:2C:D6:ED:0F:94:00:C5:86
Certificate issuer:       /CN=0CA4F183C659ED57FB46D59AD5483D6FE9B34F4E
Certificate serial:       265A
Authority key identifier: 0C:A4:F1:83:C6:59:ED:57:FB:46:D5:9A:D5:48:3D:6F:E9:B3:4F:4E
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/DKTxg8ZZ7Vf7RtWa1Ug9b-mzT04.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1534/8kbYJ0MYplHjvcxpLNbtD5QAxYY.roa
Signing time:             Sat 13 Sep 2025 03:06:11 +0000
ROA not before:           Sat 13 Sep 2025 03:06:11 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     59067
IP address blocks:        202.89.232.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1534/DKTxg8ZZ7Vf7RtWa1Ug9b-mzT04.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1534/DKTxg8ZZ7Vf7RtWa1Ug9b-mzT04.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/DKTxg8ZZ7Vf7RtWa1Ug9b-mzT04.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 21 Oct 2025 08:36:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9818 (0x265a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0CA4F183C659ED57FB46D59AD5483D6FE9B34F4E
        Validity
            Not Before: Sep 13 03:06:11 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=F246D8274318A651E3BDCC692CD6ED0F9400C586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:d8:67:b3:e6:a7:36:89:6b:9e:17:2d:f3:e8:
                    12:96:ed:29:c3:a5:43:ca:2f:f1:89:03:43:8a:75:
                    ea:9b:ae:3e:88:96:cf:69:50:9c:c6:34:a6:e2:54:
                    dd:38:d8:85:87:90:0d:2f:46:b7:59:85:56:02:4e:
                    36:76:79:cb:da:02:84:51:81:a1:34:2e:0c:98:de:
                    c9:04:7f:38:21:f2:a2:91:92:37:6b:76:13:51:e6:
                    42:a8:57:4e:0d:3d:4a:74:a2:9f:09:cd:d8:78:24:
                    66:26:a0:25:23:b5:e8:39:5d:94:6f:e3:61:87:0a:
                    9d:5d:18:57:08:5d:00:aa:c2:3a:e6:67:19:98:7b:
                    cd:7d:f5:5e:57:5b:27:0e:26:9d:68:7c:f5:e8:9e:
                    66:f6:d1:78:b4:ed:d6:69:2b:ec:26:83:48:e5:23:
                    77:8c:3c:08:da:6d:81:e3:d2:b8:f4:f5:59:e8:e0:
                    99:67:43:cb:92:eb:fe:6a:3e:6d:fe:3e:b8:5e:be:
                    dd:44:5c:04:9c:6b:29:66:94:11:ce:6e:d6:b1:07:
                    0b:bd:5d:a1:fe:3f:e4:3c:66:33:0a:89:5d:71:0b:
                    37:a6:2c:68:5c:42:b4:20:c7:cc:b3:53:f0:98:0d:
                    ec:4c:d6:d4:3e:44:70:36:a3:e6:8a:54:f8:6b:00:
                    d5:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:46:D8:27:43:18:A6:51:E3:BD:CC:69:2C:D6:ED:0F:94:00:C5:86
            X509v3 Authority Key Identifier:
                keyid:0C:A4:F1:83:C6:59:ED:57:FB:46:D5:9A:D5:48:3D:6F:E9:B3:4F:4E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1534/DKTxg8ZZ7Vf7RtWa1Ug9b-mzT04.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/DKTxg8ZZ7Vf7RtWa1Ug9b-mzT04.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1534/8kbYJ0MYplHjvcxpLNbtD5QAxYY.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.89.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0c:80:85:28:00:67:32:e7:ad:00:0b:2a:11:1b:4a:20:b7:6f:
         e7:d7:da:ee:ec:c7:73:a7:5d:d7:92:33:c3:f1:c6:a0:35:35:
         be:f6:07:39:93:5d:09:8e:ba:24:47:fd:2e:b3:02:51:66:ea:
         fe:37:77:13:02:8e:d5:48:b6:2e:67:a0:2b:38:7c:24:d5:8d:
         2d:41:8e:80:cc:22:b3:43:55:9b:61:f2:2b:ed:09:a6:41:3f:
         95:1f:71:ea:2b:fd:0e:36:0f:5f:6b:7b:36:f8:1a:3e:2e:d1:
         72:ac:f9:05:7a:b5:8d:73:0b:0d:97:5e:6d:e1:d3:50:b6:c8:
         34:59:39:90:d0:b7:24:49:a3:3c:c9:2d:b6:3d:a4:82:da:24:
         dc:74:f6:75:1e:2e:fd:a8:a9:fd:d8:73:c6:f1:a5:69:61:80:
         a4:94:31:9c:e2:40:b2:c0:21:3f:50:56:0f:6c:be:0d:a3:ff:
         c5:ea:bb:3f:9a:92:a3:de:7f:c1:36:d6:84:f6:a1:c8:d6:b8:
         e0:39:0d:88:1e:b9:7b:e3:d4:81:70:7c:fd:44:f7:82:0f:fd:
         3d:4b:d8:a3:0c:e0:34:84:da:f7:5a:6a:06:15:0a:cb:14:34:
         b9:7a:5d:9b:89:9b:ae:ff:bc:56:17:6f:2e:83:c5:35:ae:2d:
         e2:dc:45:00
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICJlowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMENB
NEYxODNDNjU5RUQ1N0ZCNDZENTlBRDU0ODNENkZFOUIzNEY0RTAeFw0yNTA5MTMw
MzA2MTFaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEYyNDZEODI3NDMxOEE2
NTFFM0JEQ0M2OTJDRDZFRDBGOTQwMEM1ODYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDW2Gez5qc2iWueFy3z6BKW7SnDpUPKL/GJA0OKdeqbrj6Ils9p
UJzGNKbiVN042IWHkA0vRrdZhVYCTjZ2ecvaAoRRgaE0LgyY3skEfzgh8qKRkjdr
dhNR5kKoV04NPUp0op8Jzdh4JGYmoCUjteg5XZRv42GHCp1dGFcIXQCqwjrmZxmY
e8199V5XWycOJp1ofPXonmb20Xi07dZpK+wmg0jlI3eMPAjabYHj0rj09Vno4Jln
Q8uS6/5qPm3+Prhevt1EXAScaylmlBHObtaxBwu9XaH+P+Q8ZjMKiV1xCzemLGhc
QrQgx8yzU/CYDexM1tQ+RHA2o+aKVPhrANWNAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQU8kbYJ0MYplHjvcxpLNbtD5QAxYYwHwYDVR0jBBgwFoAUDKTxg8ZZ7Vf7RtWa
1Ug9b+mzT04wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTUz
NC9ES1R4ZzhaWjdWZjdSdFdhMVVnOWItbXpUMDQuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL0RLVHhnOFpaN1ZmN1J0V2ExVWc5Yi1telQwNC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE1MzQvOGtiWUowTVlwbEhq
dmN4cExOYnRENVFBeFlZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEA8pZ6DANBgkqhkiG9w0BAQsFAAOCAQEADICFKABnMuetAAsqERtKILdv59fa
7uzHc6dd15Izw/HGoDU1vvYHOZNdCY66JEf9LrMCUWbq/jd3EwKO1Ui2LmegKzh8
JNWNLUGOgMwis0NVm2HyK+0JpkE/lR9x6iv9DjYPX2t7NvgaPi7Rcqz5BXq1jXML
DZdebeHTULbINFk5kNC3JEmjPMkttj2kgtok3HT2dR4u/aip/dhzxvGlaWGApJQx
nOJAssAhP1BWD2y+DaP/xeq7P5qSo95/wTbWhPahyNa44DkNiB65e+PUgXB8/UT3
gg/9PUvYowzgNITa91pqBhUKyxQ0uXpdm4mbrv+8VhdvLoPFNa4t4txFAA==
-----END CERTIFICATE-----
Generated at Tue Oct 21 05:27:41 2025 by rpki-client