Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/413/Jx-sn7uf3YKss1sEK59h2pwN25k.roa
File:                     Jx-sn7uf3YKss1sEK59h2pwN25k.roa (raw, json)
Hash identifier:          iyJpJoSQKatJCacDHwmjKzUAO4nb+qvFK+Ly6RyAPb4=
Subject key identifier:   27:1F:AC:9F:BB:9F:DD:82:AC:B3:5B:04:2B:9F:61:DA:9C:0D:DB:99
Certificate issuer:       /CN=C65BF57BDC9B5BE7D97E0D65AA4222B1EFAABEAA
Certificate serial:       125D
Authority key identifier: C6:5B:F5:7B:DC:9B:5B:E7:D9:7E:0D:65:AA:42:22:B1:EF:AA:BE:AA
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/xlv1e9ybW-fZfg1lqkIise-qvqo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/Jx-sn7uf3YKss1sEK59h2pwN25k.roa
Signing time:             Fri 16 May 2025 10:59:33 +0000
ROA not before:           Fri 16 May 2025 10:59:33 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     62387
IP address blocks:        101.232.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/xlv1e9ybW-fZfg1lqkIise-qvqo.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/xlv1e9ybW-fZfg1lqkIise-qvqo.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/xlv1e9ybW-fZfg1lqkIise-qvqo.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 18 May 2025 03:08:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4701 (0x125d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C65BF57BDC9B5BE7D97E0D65AA4222B1EFAABEAA
        Validity
            Not Before: May 16 10:59:33 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=271FAC9FBB9FDD82ACB35B042B9F61DA9C0DDB99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:77:ce:b2:c9:fe:17:b4:02:d9:1d:00:d7:ac:
                    36:a0:6c:7b:ce:09:31:d1:a3:c7:ac:53:4f:09:48:
                    73:26:22:ec:fe:87:c2:2a:b9:ae:f6:e8:96:ce:02:
                    36:7a:d8:a9:6f:3f:5c:fd:58:28:ad:f8:87:47:2d:
                    b0:bc:03:06:9b:3b:89:b5:16:33:44:b3:d5:69:f7:
                    b2:56:5f:b1:e7:2a:e5:10:d4:18:1f:29:2f:53:a2:
                    1d:0f:42:df:f9:13:1d:14:26:82:f9:a3:57:56:47:
                    cd:05:32:63:a5:fd:47:81:34:c6:a8:43:70:fa:25:
                    74:ce:e6:68:43:d9:c5:67:ca:4c:ca:71:95:41:8e:
                    f8:41:59:8a:e7:1b:0e:ae:c3:98:3d:97:c2:e6:18:
                    08:b3:4a:6c:1b:6f:89:72:03:cb:bd:9d:d1:4f:b3:
                    8a:f7:1a:71:4f:4e:84:ad:de:b4:e8:7e:e3:f8:f7:
                    60:0a:29:92:ec:30:b8:fc:e2:eb:20:08:8c:05:3a:
                    39:50:6a:ec:8f:34:59:1c:f5:3f:e0:87:9e:30:7d:
                    60:f5:d2:57:c1:90:15:ac:48:48:ee:99:5f:73:05:
                    58:cb:6d:0c:dc:22:64:70:11:fc:dd:e6:da:6e:52:
                    f4:af:da:e7:67:81:f4:67:a4:49:ce:81:2a:49:c3:
                    b4:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:1F:AC:9F:BB:9F:DD:82:AC:B3:5B:04:2B:9F:61:DA:9C:0D:DB:99
            X509v3 Authority Key Identifier:
                keyid:C6:5B:F5:7B:DC:9B:5B:E7:D9:7E:0D:65:AA:42:22:B1:EF:AA:BE:AA

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/xlv1e9ybW-fZfg1lqkIise-qvqo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/xlv1e9ybW-fZfg1lqkIise-qvqo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/Jx-sn7uf3YKss1sEK59h2pwN25k.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  101.232.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:b9:dd:f7:f9:8f:f9:e1:77:df:26:1a:c2:bc:bb:89:d4:42:
         dc:1f:9e:a4:89:c7:12:97:2f:df:f1:d3:49:84:3e:0b:c8:3e:
         80:aa:e0:c4:de:00:dd:ff:9a:1e:11:a5:c8:0f:9d:91:f4:fd:
         e8:af:2c:eb:e0:5a:56:1c:3d:93:9a:f1:82:5b:9a:92:cf:5d:
         8a:d7:72:2c:98:ed:58:14:24:d6:d0:32:b3:3a:71:cb:9f:20:
         1e:d1:be:28:a7:d5:cd:af:ff:fb:81:02:52:53:88:b5:20:96:
         a8:dd:3e:7b:67:0b:3c:a2:24:d1:98:86:ef:a4:de:41:83:29:
         6f:a1:29:a7:d2:0b:dd:f1:14:bd:cf:ee:e5:a3:6b:24:a9:c4:
         65:9a:b2:d8:86:fa:a4:f1:97:f9:93:da:d2:bb:a1:d7:4e:83:
         8d:6e:b3:a8:85:ed:89:c4:8e:f0:c7:55:c5:39:fd:c5:88:24:
         ff:fc:d5:cc:09:11:9d:b3:50:b6:c4:06:9f:11:12:fe:c9:a3:
         7c:71:bb:8b:cf:75:0e:12:c0:87:1b:ea:57:fa:02:1e:6c:9f:
         50:3b:8f:a8:53:84:a0:6b:f4:31:19:4f:a1:01:47:84:80:98:
         7f:38:f6:71:fb:a9:e8:68:98:8b:ea:7b:81:b7:bb:3f:50:a7:
         32:72:47:6c
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICEl0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQzY1
QkY1N0JEQzlCNUJFN0Q5N0UwRDY1QUE0MjIyQjFFRkFBQkVBQTAeFw0yNTA1MTYx
MDU5MzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI3MUZBQzlGQkI5RkRE
ODJBQ0IzNUIwNDJCOUY2MURBOUMwRERCOTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCd86yyf4XtALZHQDXrDagbHvOCTHRo8esU08JSHMmIuz+h8Iq
ua726JbOAjZ62KlvP1z9WCit+IdHLbC8AwabO4m1FjNEs9Vp97JWX7HnKuUQ1Bgf
KS9Toh0PQt/5Ex0UJoL5o1dWR80FMmOl/UeBNMaoQ3D6JXTO5mhD2cVnykzKcZVB
jvhBWYrnGw6uw5g9l8LmGAizSmwbb4lyA8u9ndFPs4r3GnFPToSt3rTofuP492AK
KZLsMLj84usgCIwFOjlQauyPNFkc9T/gh54wfWD10lfBkBWsSEjumV9zBVjLbQzc
ImRwEfzd5tpuUvSv2udngfRnpEnOgSpJw7RJAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUJx+sn7uf3YKss1sEK59h2pwN25kwHwYDVR0jBBgwFoAUxlv1e9ybW+fZfg1l
qkIise+qvqowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEz
L3hsdjFlOXliVy1mWmZnMWxxa0lpc2UtcXZxby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAveGx2MWU5eWJXLWZaZmcxbHFrSWlzZS1xdnFvLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEzL0p4LXNuN3VmM1lLc3Mx
c0VLNTloMnB3TjI1ay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAJl6EgwDQYJKoZIhvcNAQELBQADggEBACW53ff5j/nhd98mGsK8u4nUQtwfnqSJ
xxKXL9/x00mEPgvIPoCq4MTeAN3/mh4RpcgPnZH0/eivLOvgWlYcPZOa8YJbmpLP
XYrXciyY7VgUJNbQMrM6ccufIB7Rviin1c2v//uBAlJTiLUglqjdPntnCzyiJNGY
hu+k3kGDKW+hKafSC93xFL3P7uWjaySpxGWastiG+qTxl/mT2tK7oddOg41us6iF
7YnEjvDHVcU5/cWIJP/81cwJEZ2zULbEBp8REv7Jo3xxu4vPdQ4SwIcb6lf6Ah5s
n1A7j6hThKBr9DEZT6EBR4SAmH849nH7qehomIvqe4G3uz9QpzJyR2w=
-----END CERTIFICATE-----
Generated at Sun May 18 01:59:40 2025 by rpki-client