Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3326/rrA4HX9wI06YzDfUNoBMWBEAntE.roa
File:                     rrA4HX9wI06YzDfUNoBMWBEAntE.roa (raw, json)
Hash identifier:          b2oYNQI4mVmF18W9pDJVinzcqA636gK/cMbgTVoSXmc=
Subject key identifier:   AE:B0:38:1D:7F:70:23:4E:98:CC:37:D4:36:80:4C:58:11:00:9E:D1
Certificate issuer:       /CN=6A11EE47425D14EBAF2FCD24D2062B0A52BA042C
Certificate serial:       0587
Authority key identifier: 6A:11:EE:47:42:5D:14:EB:AF:2F:CD:24:D2:06:2B:0A:52:BA:04:2C
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/ahHuR0JdFOuvL80k0gYrClK6BCw.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3326/rrA4HX9wI06YzDfUNoBMWBEAntE.roa
Signing time:             Fri 01 Aug 2025 06:36:01 +0000
ROA not before:           Fri 01 Aug 2025 06:36:01 +0000
ROA not after:            Fri 03 Apr 2026 08:00:09 +0000
asID:                     134768
IP address blocks:        103.236.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3326/ahHuR0JdFOuvL80k0gYrClK6BCw.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3326/ahHuR0JdFOuvL80k0gYrClK6BCw.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/ahHuR0JdFOuvL80k0gYrClK6BCw.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 11 Aug 2025 15:03:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1415 (0x587)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6A11EE47425D14EBAF2FCD24D2062B0A52BA042C
        Validity
            Not Before: Aug  1 06:36:01 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=AEB0381D7F70234E98CC37D436804C5811009ED1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:bd:38:7a:77:02:6f:53:4a:9f:f1:81:14:08:
                    21:1c:7f:b0:bb:ce:d0:27:70:d9:ab:18:96:09:90:
                    96:85:ff:7e:44:fb:3d:2a:ee:00:3b:6d:85:5d:4e:
                    80:6b:b2:0e:a1:01:72:d1:f3:52:07:cd:3f:5b:61:
                    9e:e9:1c:2e:a7:7d:0c:d9:82:e5:98:c4:37:5a:f0:
                    f2:66:fd:65:b4:5a:6d:98:03:a2:32:4e:26:89:f0:
                    40:6e:42:29:e7:b4:54:22:29:01:a4:07:d5:69:30:
                    34:4c:c9:7f:fb:9d:84:67:d4:8c:62:da:2d:61:98:
                    20:60:4c:bc:4e:6b:c4:18:22:7e:61:2d:20:60:b6:
                    0c:76:ba:e3:05:dc:ec:f9:7a:a4:4e:aa:70:8b:e5:
                    47:f5:59:7d:ac:33:fa:9a:a5:56:73:35:83:bc:4f:
                    a9:22:e8:7a:88:57:1b:ad:34:d0:c2:2c:af:07:96:
                    66:df:d4:d5:1b:ee:b8:68:9c:e7:5f:a6:db:66:9f:
                    e5:9e:e7:30:39:5f:80:d1:0c:93:e6:c4:d2:eb:1b:
                    51:72:3b:0c:1c:20:b5:47:60:b7:0b:cf:9b:0d:6e:
                    e0:14:83:7d:ad:6f:57:ef:64:00:bd:97:8d:30:ec:
                    1c:c1:f9:86:4e:bd:8b:d2:5f:01:e6:aa:26:c2:76:
                    1a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:B0:38:1D:7F:70:23:4E:98:CC:37:D4:36:80:4C:58:11:00:9E:D1
            X509v3 Authority Key Identifier:
                keyid:6A:11:EE:47:42:5D:14:EB:AF:2F:CD:24:D2:06:2B:0A:52:BA:04:2C

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3326/ahHuR0JdFOuvL80k0gYrClK6BCw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/ahHuR0JdFOuvL80k0gYrClK6BCw.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3326/rrA4HX9wI06YzDfUNoBMWBEAntE.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.236.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:45:ba:ef:e3:69:ae:50:00:b8:9e:b4:aa:48:09:47:cc:7d:
         0a:04:6b:38:63:7c:9b:f6:66:98:b7:f0:b3:13:61:ce:83:02:
         be:65:08:84:f4:fc:54:30:e8:8c:b8:a8:ef:15:b1:08:e4:a4:
         5b:4e:0b:b1:62:57:04:ee:94:49:11:83:53:1c:5e:40:fe:2a:
         38:3d:2b:5f:26:2c:a7:a3:ac:e0:95:e5:de:a0:49:a0:a2:2e:
         09:1c:e5:87:94:ff:1c:4b:51:f3:7f:4f:1c:1f:5a:de:c0:63:
         59:60:9f:50:09:89:6b:69:27:57:9c:dd:28:f8:10:a3:25:03:
         e1:85:92:9a:80:94:1b:09:3b:13:67:82:8e:1f:d0:a2:7c:e0:
         00:60:dc:d4:96:d7:83:31:4d:11:44:75:d5:c7:0b:d3:97:5f:
         a5:86:27:c7:20:aa:b7:50:e7:fe:9a:1f:6a:d3:ee:34:15:fa:
         db:e7:c7:16:63:04:8e:eb:b0:36:95:11:34:b6:c5:1c:b2:7e:
         27:16:d8:82:79:74:28:ae:de:15:3b:61:26:e0:e2:19:bc:9d:
         f5:dc:65:36:fe:0f:df:67:7c:43:2b:61:df:7f:c9:e8:f6:bd:
         2e:8a:c5:3a:d8:81:f4:4c:56:1c:cc:3b:d2:cc:13:bb:e2:d8:
         c2:be:af:b2
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICBYcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNkEx
MUVFNDc0MjVEMTRFQkFGMkZDRDI0RDIwNjJCMEE1MkJBMDQyQzAeFw0yNTA4MDEw
NjM2MDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFFQjAzODFEN0Y3MDIz
NEU5OENDMzdENDM2ODA0QzU4MTEwMDlFRDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBvTh6dwJvU0qf8YEUCCEcf7C7ztAncNmrGJYJkJaF/35E+z0q
7gA7bYVdToBrsg6hAXLR81IHzT9bYZ7pHC6nfQzZguWYxDda8PJm/WW0Wm2YA6Iy
TiaJ8EBuQinntFQiKQGkB9VpMDRMyX/7nYRn1Ixi2i1hmCBgTLxOa8QYIn5hLSBg
tgx2uuMF3Oz5eqROqnCL5Uf1WX2sM/qapVZzNYO8T6ki6HqIVxutNNDCLK8Hlmbf
1NUb7rhonOdfpttmn+We5zA5X4DRDJPmxNLrG1FyOwwcILVHYLcLz5sNbuAUg32t
b1fvZAC9l40w7BzB+YZOvYvSXwHmqibCdhp5AgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUrrA4HX9wI06YzDfUNoBMWBEAntEwHwYDVR0jBBgwFoAUahHuR0JdFOuvL80k
0gYrClK6BCwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzMy
Ni9haEh1UjBKZEZPdXZMODBrMGdZckNsSzZCQ3cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2FoSHVSMEpkRk91dkw4MGswZ1lyQ2xLNkJDdy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMzMjYvcnJBNEhYOXdJMDZZ
ekRmVU5vQk1XQkVBbnRFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAGfsXDANBgkqhkiG9w0BAQsFAAOCAQEAgUW67+NprlAAuJ60qkgJR8x9CgRr
OGN8m/ZmmLfwsxNhzoMCvmUIhPT8VDDojLio7xWxCOSkW04LsWJXBO6USRGDUxxe
QP4qOD0rXyYsp6Os4JXl3qBJoKIuCRzlh5T/HEtR839PHB9a3sBjWWCfUAmJa2kn
V5zdKPgQoyUD4YWSmoCUGwk7E2eCjh/QonzgAGDc1JbXgzFNEUR11ccL05dfpYYn
xyCqt1Dn/pofatPuNBX62+fHFmMEjuuwNpURNLbFHLJ+JxbYgnl0KK7eFTthJuDi
Gbyd9dxlNv4P32d8Qyth33/J6Pa9LorFOtiB9ExWHMw70swTu+LYwr6vsg==
-----END CERTIFICATE-----
Generated at Mon Aug 11 10:58:26 2025 by rpki-client