Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3027/EMIPj4O3mcBzvCFcm5wmIKTACRc.roa
File:                     EMIPj4O3mcBzvCFcm5wmIKTACRc.roa (raw, json)
Hash identifier:          ALmEIxHla9i7LfYdUVB1V5X39RRvoay1gMJd+t6X4Bg=
Subject key identifier:   10:C2:0F:8F:83:B7:99:C0:73:BC:21:5C:9B:9C:26:20:A4:C0:09:17
Certificate issuer:       /CN=EED0E76665272FAF95C3104EAE182BD2D5A0800B
Certificate serial:       1754
Authority key identifier: EE:D0:E7:66:65:27:2F:AF:95:C3:10:4E:AE:18:2B:D2:D5:A0:80:0B
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/7tDnZmUnL6-VwxBOrhgr0tWggAs.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3027/EMIPj4O3mcBzvCFcm5wmIKTACRc.roa
Signing time:             Sat 13 Sep 2025 03:07:43 +0000
ROA not before:           Sat 13 Sep 2025 03:07:43 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     139119
IP address blocks:        103.157.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3027/7tDnZmUnL6-VwxBOrhgr0tWggAs.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3027/7tDnZmUnL6-VwxBOrhgr0tWggAs.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/7tDnZmUnL6-VwxBOrhgr0tWggAs.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 21 Oct 2025 04:07:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5972 (0x1754)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=EED0E76665272FAF95C3104EAE182BD2D5A0800B
        Validity
            Not Before: Sep 13 03:07:43 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=10C20F8F83B799C073BC215C9B9C2620A4C00917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:04:e8:fa:76:7e:3d:bb:59:aa:c7:ca:ad:fa:
                    0f:ff:a7:f6:c3:7c:5c:1a:f9:f0:03:3e:c0:15:68:
                    1f:87:f1:65:7d:18:6f:62:f8:ff:e2:bc:56:48:54:
                    ba:a1:23:db:6f:3f:08:47:aa:fb:2e:ef:a5:83:8c:
                    1b:bc:d5:46:ba:d3:fa:b7:88:a4:9f:0b:d0:a7:47:
                    fb:8c:15:8c:e3:e1:a2:f9:5c:8c:63:ab:d5:d7:2a:
                    7f:c7:b4:13:06:89:93:46:7f:e5:63:be:42:77:5d:
                    f0:a6:65:92:ee:79:ac:a8:c4:0b:c8:fb:7e:05:a6:
                    0b:5e:d8:55:e5:0d:9b:da:5c:3d:b7:3c:e3:e6:fa:
                    29:ad:9e:7e:4c:1a:47:90:1c:32:1c:da:9c:3b:d6:
                    9e:10:7e:ee:ee:d8:22:8d:ca:11:56:76:cc:38:81:
                    0d:9e:3c:77:4b:d8:7b:91:05:ee:6c:bd:66:6d:64:
                    37:78:d3:bc:f0:ef:65:f7:1c:01:24:76:d2:39:85:
                    c2:13:44:40:82:07:54:df:d6:16:64:94:90:db:f5:
                    07:f3:af:2f:28:05:cd:73:0c:d7:91:79:9f:12:72:
                    0d:43:f4:5c:d6:99:ee:78:3c:3d:52:87:3f:ad:d4:
                    7d:53:71:1a:46:e8:d8:de:99:1e:c5:d9:1f:34:4c:
                    d7:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:C2:0F:8F:83:B7:99:C0:73:BC:21:5C:9B:9C:26:20:A4:C0:09:17
            X509v3 Authority Key Identifier:
                keyid:EE:D0:E7:66:65:27:2F:AF:95:C3:10:4E:AE:18:2B:D2:D5:A0:80:0B

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3027/7tDnZmUnL6-VwxBOrhgr0tWggAs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/7tDnZmUnL6-VwxBOrhgr0tWggAs.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3027/EMIPj4O3mcBzvCFcm5wmIKTACRc.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.157.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:09:55:e7:f8:ab:58:d2:5f:0a:bb:32:e9:80:e5:e4:0b:61:
         9d:d7:e9:07:73:d8:ab:fa:0e:49:3d:53:01:b7:cc:fb:ea:61:
         11:37:a8:39:c1:9e:4f:af:c2:78:e6:a8:17:37:2b:08:cb:0f:
         f3:63:9b:c8:31:e5:3b:60:bd:4e:1a:ce:e2:dd:dd:60:77:a6:
         b5:61:da:b5:16:af:f0:f4:22:5b:af:bc:87:8f:42:d6:fe:6b:
         a5:e9:67:6f:57:96:50:cf:b2:4e:cc:07:99:02:a6:e4:7f:4d:
         df:c2:7a:33:7c:6f:95:91:24:61:02:96:14:f2:fb:42:c2:9e:
         e0:ac:32:40:3d:31:45:83:da:99:d0:28:3a:1a:1b:4b:53:d7:
         dc:ed:55:bd:53:d8:76:02:40:07:06:1d:70:76:2c:ce:db:87:
         fe:23:c5:12:f7:6c:a8:3f:03:14:f4:4e:4d:de:50:81:78:cf:
         d0:07:e7:cf:d3:01:b0:6e:4e:e3:3b:31:41:3d:a0:71:cc:95:
         30:c5:fd:de:75:b3:13:59:cd:0c:33:d7:6a:bc:69:a9:4a:51:
         74:e4:19:0c:7d:92:87:4d:ab:fc:d8:b1:77:31:a2:60:a9:59:
         7f:5b:b0:21:59:81:88:7e:20:e6:2e:02:d1:ed:58:1f:76:98:
         9b:39:1e:a2
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICF1QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUVE
MEU3NjY2NTI3MkZBRjk1QzMxMDRFQUUxODJCRDJENUEwODAwQjAeFw0yNTA5MTMw
MzA3NDNaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDEwQzIwRjhGODNCNzk5
QzA3M0JDMjE1QzlCOUMyNjIwQTRDMDA5MTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKBOj6dn49u1mqx8qt+g//p/bDfFwa+fADPsAVaB+H8WV9GG9i
+P/ivFZIVLqhI9tvPwhHqvsu76WDjBu81Ua60/q3iKSfC9CnR/uMFYzj4aL5XIxj
q9XXKn/HtBMGiZNGf+VjvkJ3XfCmZZLueayoxAvI+34Fpgte2FXlDZvaXD23POPm
+imtnn5MGkeQHDIc2pw71p4Qfu7u2CKNyhFWdsw4gQ2ePHdL2HuRBe5svWZtZDd4
07zw72X3HAEkdtI5hcITRECCB1Tf1hZklJDb9Qfzry8oBc1zDNeReZ8Scg1D9FzW
me54PD1Shz+t1H1TcRpG6NjemR7F2R80TNdxAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUEMIPj4O3mcBzvCFcm5wmIKTACRcwHwYDVR0jBBgwFoAU7tDnZmUnL6+VwxBO
rhgr0tWggAswGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzAy
Ny83dERuWm1Vbkw2LVZ3eEJPcmhncjB0V2dnQXMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzd0RG5abVVuTDYtVnd4Qk9yaGdyMHRXZ2dBcy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwMjcvRU1JUGo0TzNtY0J6
dkNGY201d21JS1RBQ1JjLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAGed6jANBgkqhkiG9w0BAQsFAAOCAQEAdQlV5/irWNJfCrsy6YDl5Athndfp
B3PYq/oOST1TAbfM++phETeoOcGeT6/CeOaoFzcrCMsP82ObyDHlO2C9ThrO4t3d
YHemtWHatRav8PQiW6+8h49C1v5rpelnb1eWUM+yTswHmQKm5H9N38J6M3xvlZEk
YQKWFPL7QsKe4KwyQD0xRYPamdAoOhobS1PX3O1VvVPYdgJABwYdcHYsztuH/iPF
EvdsqD8DFPROTd5QgXjP0Afnz9MBsG5O4zsxQT2gccyVMMX93nWzE1nNDDPXarxp
qUpRdOQZDH2Sh02r/NixdzGiYKlZf1uwIVmBiH4g5i4C0e1YH3aYmzkeog==
-----END CERTIFICATE-----
Generated at Tue Oct 21 03:00:42 2025 by rpki-client