Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2802/WU8x-QLzVNU5aReJr1mk1RtF7F4.roa
File:                     WU8x-QLzVNU5aReJr1mk1RtF7F4.roa (raw, json)
Hash identifier:          7em4P1BDF8/UXjd4oel71YAdnoClwGBj7nhahixRavk=
Subject key identifier:   59:4F:31:F9:02:F3:54:D5:39:69:17:89:AF:59:A4:D5:1B:45:EC:5E
Certificate issuer:       /CN=4FCA8BCB6EB3EC61032F88D26FC02B05224D4718
Certificate serial:       5060
Authority key identifier: 4F:CA:8B:CB:6E:B3:EC:61:03:2F:88:D2:6F:C0:2B:05:22:4D:47:18
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/T8qLy26z7GEDL4jSb8ArBSJNRxg.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2802/WU8x-QLzVNU5aReJr1mk1RtF7F4.roa
Signing time:             Sat 13 Sep 2025 03:09:58 +0000
ROA not before:           Sat 13 Sep 2025 03:09:58 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     9392
IP address blocks:        103.122.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2802/T8qLy26z7GEDL4jSb8ArBSJNRxg.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2802/T8qLy26z7GEDL4jSb8ArBSJNRxg.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/T8qLy26z7GEDL4jSb8ArBSJNRxg.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 21 Oct 2025 04:08:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 20576 (0x5060)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4FCA8BCB6EB3EC61032F88D26FC02B05224D4718
        Validity
            Not Before: Sep 13 03:09:58 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=594F31F902F354D539691789AF59A4D51B45EC5E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:97:53:c5:8e:8b:4c:61:32:d6:d1:ef:7f:70:
                    18:ab:c9:22:84:e7:67:d1:56:ce:85:14:b6:02:4a:
                    87:ab:53:df:15:9c:46:93:b8:2a:d5:7b:39:ae:13:
                    14:2b:0e:d0:c6:d1:20:7b:c5:8a:f4:88:f0:4f:9c:
                    7d:c3:12:a4:ad:35:51:7d:91:46:90:5c:87:c5:c0:
                    3c:fa:49:ed:5f:36:68:ff:54:9e:84:59:2b:c4:8f:
                    28:a2:8f:00:67:49:d0:af:5a:52:52:9e:fe:0e:4c:
                    15:e1:42:54:3b:1e:b8:55:fa:dc:3d:c9:2a:8a:a5:
                    69:2d:68:81:7f:f0:dc:45:89:ee:ec:45:46:00:e6:
                    30:a0:73:b2:e2:34:83:7f:3d:17:31:e2:03:dc:3b:
                    66:b2:2c:11:a3:cf:cd:4c:58:56:ea:a9:85:76:0b:
                    b3:fd:cd:cd:50:33:f0:3f:e5:82:ab:88:aa:19:d5:
                    5b:f8:7a:83:73:f4:d3:8e:5e:97:ea:af:32:39:55:
                    5a:44:3b:f3:7b:64:49:9c:49:f4:d8:a3:63:5b:9f:
                    d2:8a:cd:b3:d1:27:43:67:a4:ae:5e:65:93:2d:99:
                    d5:08:7b:dc:b1:8d:5a:a3:6c:0b:3f:96:ab:d2:33:
                    53:8c:32:a1:c1:d9:c8:b8:19:0d:fe:d3:5c:f7:c7:
                    ac:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:4F:31:F9:02:F3:54:D5:39:69:17:89:AF:59:A4:D5:1B:45:EC:5E
            X509v3 Authority Key Identifier:
                keyid:4F:CA:8B:CB:6E:B3:EC:61:03:2F:88:D2:6F:C0:2B:05:22:4D:47:18

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2802/T8qLy26z7GEDL4jSb8ArBSJNRxg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/T8qLy26z7GEDL4jSb8ArBSJNRxg.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2802/WU8x-QLzVNU5aReJr1mk1RtF7F4.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.122.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:d2:7e:ae:81:3b:be:ba:e9:e0:7b:90:ae:ff:3c:14:cd:b0:
         c0:5a:b5:4b:99:5c:04:29:fa:63:a3:72:8a:8a:62:a1:ae:c4:
         27:d8:99:c7:f8:ee:ef:69:ed:b5:0c:1a:ea:8a:74:2c:9c:80:
         75:26:7f:29:44:cc:84:66:8e:82:c3:3a:39:a4:97:91:aa:33:
         c6:b8:25:3a:17:d2:52:1f:31:28:e3:43:40:82:83:34:b2:e3:
         af:3b:36:63:6e:a0:f7:24:6a:8d:d6:f7:37:5b:9f:b4:72:18:
         01:5d:54:d2:10:fe:d0:27:34:ad:6d:36:41:94:3e:46:cf:c5:
         b2:4f:85:eb:63:db:e6:62:1a:a4:01:ce:6f:48:c4:c4:25:d3:
         1f:1d:64:71:65:91:c6:d3:29:9c:cf:11:2c:1c:0c:1f:80:5d:
         a2:97:1c:00:4f:c1:85:39:f0:77:9d:1f:04:f1:a1:a8:ff:4c:
         e6:9c:4c:87:de:b8:c7:00:d2:c4:da:2b:57:24:70:7e:c4:5c:
         69:de:0e:34:85:9e:ab:c8:86:af:e4:64:73:62:a8:d2:17:88:
         ac:1f:4e:dd:da:7f:04:cd:69:8c:d3:2e:be:fa:1d:20:a9:2d:
         b1:34:a5:a3:e3:e7:7f:1b:92:42:32:fb:50:1c:7f:74:24:75:
         12:20:a6:13
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICUGAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNEZD
QThCQ0I2RUIzRUM2MTAzMkY4OEQyNkZDMDJCMDUyMjRENDcxODAeFw0yNTA5MTMw
MzA5NThaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDU5NEYzMUY5MDJGMzU0
RDUzOTY5MTc4OUFGNTlBNEQ1MUI0NUVDNUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOl1PFjotMYTLW0e9/cBirySKE52fRVs6FFLYCSoerU98VnEaT
uCrVezmuExQrDtDG0SB7xYr0iPBPnH3DEqStNVF9kUaQXIfFwDz6Se1fNmj/VJ6E
WSvEjyiijwBnSdCvWlJSnv4OTBXhQlQ7HrhV+tw9ySqKpWktaIF/8NxFie7sRUYA
5jCgc7LiNIN/PRcx4gPcO2ayLBGjz81MWFbqqYV2C7P9zc1QM/A/5YKriKoZ1Vv4
eoNz9NOOXpfqrzI5VVpEO/N7ZEmcSfTYo2Nbn9KKzbPRJ0NnpK5eZZMtmdUIe9yx
jVqjbAs/lqvSM1OMMqHB2ci4GQ3+01z3x6xlAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUWU8x+QLzVNU5aReJr1mk1RtF7F4wHwYDVR0jBBgwFoAUT8qLy26z7GEDL4jS
b8ArBSJNRxgwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjgw
Mi9UOHFMeTI2ejdHRURMNGpTYjhBckJTSk5SeGcuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1Q4cUx5MjZ6N0dFREw0alNiOEFyQlNKTlJ4Zy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI4MDIvV1U4eC1RTHpWTlU1
YVJlSnIxbWsxUnRGN0Y0LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAGd68zANBgkqhkiG9w0BAQsFAAOCAQEAUNJ+roE7vrrp4HuQrv88FM2wwFq1
S5lcBCn6Y6Nyiopioa7EJ9iZx/ju72nttQwa6op0LJyAdSZ/KUTMhGaOgsM6OaSX
kaozxrglOhfSUh8xKONDQIKDNLLjrzs2Y26g9yRqjdb3N1uftHIYAV1U0hD+0Cc0
rW02QZQ+Rs/Fsk+F62Pb5mIapAHOb0jExCXTHx1kcWWRxtMpnM8RLBwMH4Bdopcc
AE/BhTnwd50fBPGhqP9M5pxMh964xwDSxNorVyRwfsRcad4ONIWeq8iGr+Rkc2Ko
0heIrB9O3dp/BM1pjNMuvvodIKktsTSlo+PnfxuSQjL7UBx/dCR1EiCmEw==
-----END CERTIFICATE-----
Generated at Tue Oct 21 03:00:43 2025 by rpki-client