Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3379/w7SIswm54yr5I1yAEfk9WiNQoO4.roa
File:                     w7SIswm54yr5I1yAEfk9WiNQoO4.roa (raw, json)
Hash identifier:          xGKjdzo5tRsYGzfgTCksTTn0dgC6BOOFZ8hSCAswRjg=
Subject key identifier:   C3:B4:88:B3:09:B9:E3:2A:F9:23:5C:80:11:F9:3D:5A:23:50:A0:EE
Certificate issuer:       /CN=2CB237ABE1A66A755DA9545795F1DD229F0E0311
Certificate serial:       CB
Authority key identifier: 2C:B2:37:AB:E1:A6:6A:75:5D:A9:54:57:95:F1:DD:22:9F:0E:03:11
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LLI3q-GmanVdqVRXlfHdIp8OAxE.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3379/w7SIswm54yr5I1yAEfk9WiNQoO4.roa
Signing time:             Mon 04 Aug 2025 03:40:30 +0000
ROA not before:           Mon 04 Aug 2025 03:40:30 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     4837
IP address blocks:        165.101.70.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3379/LLI3q-GmanVdqVRXlfHdIp8OAxE.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3379/LLI3q-GmanVdqVRXlfHdIp8OAxE.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LLI3q-GmanVdqVRXlfHdIp8OAxE.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1xHsDTeBWKRHb-bqfXClSpUZWhE.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1xHsDTeBWKRHb-bqfXClSpUZWhE.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/1xHsDTeBWKRHb-bqfXClSpUZWhE.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 11 Aug 2025 11:02:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 203 (0xcb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2CB237ABE1A66A755DA9545795F1DD229F0E0311
        Validity
            Not Before: Aug  4 03:40:30 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=C3B488B309B9E32AF9235C8011F93D5A2350A0EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:67:b3:ed:20:ee:7b:75:6b:4a:4f:84:da:ba:
                    62:c0:35:28:cd:40:77:fd:4e:df:d3:77:f7:2a:5f:
                    d3:ff:54:b4:8f:92:d3:6d:c8:88:71:9e:f3:fe:e2:
                    69:01:25:d4:51:b5:fd:8e:eb:1e:e3:ed:95:b1:45:
                    3f:d6:1c:72:e7:11:e0:c4:4a:15:a1:08:c7:29:24:
                    08:22:6d:ea:4c:77:79:8c:b6:26:98:96:04:59:d3:
                    db:22:f6:6a:86:ad:9c:d0:ec:6f:f5:3b:e1:7e:19:
                    6c:b3:4b:93:ce:9b:e2:bb:a5:f2:ba:90:49:87:3c:
                    e5:0b:9c:ec:d9:76:3e:82:fe:b2:fa:44:77:67:51:
                    d7:0e:06:4e:eb:55:a0:82:8b:ac:b8:76:33:c0:0f:
                    23:18:cb:3b:3a:8d:7f:e3:6f:e6:ef:d6:e2:68:a6:
                    6e:37:6d:f6:a8:ae:69:09:38:7c:1c:7a:47:56:04:
                    77:b3:6a:be:88:bc:31:f1:d3:fd:e3:a7:f6:ee:57:
                    e4:68:2c:cc:78:b7:69:71:50:23:9e:e3:02:91:63:
                    65:13:c7:80:6a:ce:16:18:82:0b:59:70:6b:f7:a5:
                    e7:74:32:97:21:2a:b4:58:91:84:dd:cc:63:88:a0:
                    32:2a:39:8c:d8:2e:25:a7:45:d5:8f:c5:62:8f:c9:
                    f8:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:B4:88:B3:09:B9:E3:2A:F9:23:5C:80:11:F9:3D:5A:23:50:A0:EE
            X509v3 Authority Key Identifier:
                keyid:2C:B2:37:AB:E1:A6:6A:75:5D:A9:54:57:95:F1:DD:22:9F:0E:03:11

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3379/LLI3q-GmanVdqVRXlfHdIp8OAxE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LLI3q-GmanVdqVRXlfHdIp8OAxE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3379/w7SIswm54yr5I1yAEfk9WiNQoO4.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.101.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:40:fe:ee:65:20:9a:69:8c:4a:3b:03:e2:eb:ee:d6:cd:a5:
         4e:a3:73:65:d5:85:24:a5:7b:07:08:1b:0d:86:b3:cb:b2:7a:
         63:a3:e4:65:c3:15:0e:0d:4c:5b:1e:bf:23:e8:5b:b5:b2:f2:
         d1:d7:fa:2d:51:a2:e2:a5:3d:b5:32:a5:63:18:88:c1:a7:ea:
         64:50:b9:06:1c:76:99:8b:b7:5b:10:7d:4b:b3:07:aa:9a:71:
         04:fb:f8:69:1c:11:2a:a2:34:b7:53:b7:04:d8:19:c2:ad:db:
         e5:cf:ca:15:07:51:19:55:b1:7f:bf:0f:a7:7a:71:3f:b4:e4:
         a2:6a:3e:3a:7a:f0:91:28:f9:c8:a1:8c:c1:b8:29:03:ac:05:
         4e:15:20:a1:4c:a0:56:b3:c7:c4:30:51:3e:7e:4d:f0:74:d1:
         6e:f3:ca:ae:79:97:72:78:83:11:94:83:0a:91:dd:52:68:7a:
         b2:6f:ed:66:01:88:37:68:bc:36:4f:e8:af:58:38:5a:da:4d:
         64:63:54:1c:ac:2e:e3:35:9a:69:8e:ad:42:2f:19:72:38:ea:
         f6:e9:e7:3f:09:ef:b2:0a:04:bb:a4:2a:48:6b:32:49:55:73:
         5b:b3:2a:be:64:5a:ed:8b:98:6b:9f:4f:f7:a0:6a:6a:c6:ea:
         73:1c:bf:36
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICAMswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkNC
MjM3QUJFMUE2NkE3NTVEQTk1NDU3OTVGMUREMjI5RjBFMDMxMTAeFw0yNTA4MDQw
MzQwMzBaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEMzQjQ4OEIzMDlCOUUz
MkFGOTIzNUM4MDExRjkzRDVBMjM1MEEwRUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUZ7PtIO57dWtKT4TaumLANSjNQHf9Tt/Td/cqX9P/VLSPktNt
yIhxnvP+4mkBJdRRtf2O6x7j7ZWxRT/WHHLnEeDEShWhCMcpJAgibepMd3mMtiaY
lgRZ09si9mqGrZzQ7G/1O+F+GWyzS5POm+K7pfK6kEmHPOULnOzZdj6C/rL6RHdn
UdcOBk7rVaCCi6y4djPADyMYyzs6jX/jb+bv1uJopm43bfaormkJOHwcekdWBHez
ar6IvDHx0/3jp/buV+RoLMx4t2lxUCOe4wKRY2UTx4BqzhYYggtZcGv3ped0Mpch
KrRYkYTdzGOIoDIqOYzYLiWnRdWPxWKPyfhnAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUw7SIswm54yr5I1yAEfk9WiNQoO4wHwYDVR0jBBgwFoAULLI3q+GmanVdqVRX
lfHdIp8OAxEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzM3
OS9MTEkzcS1HbWFuVmRxVlJYbGZIZElwOE9BeEUuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL0xMSTNxLUdtYW5WZHFWUlhsZkhkSXA4T0F4RS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMzNzkvdzdTSXN3bTU0eXI1
STF5QUVmazlXaU5Rb080LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAKVlRjANBgkqhkiG9w0BAQsFAAOCAQEAmED+7mUgmmmMSjsD4uvu1s2lTqNz
ZdWFJKV7BwgbDYazy7J6Y6PkZcMVDg1MWx6/I+hbtbLy0df6LVGi4qU9tTKlYxiI
wafqZFC5Bhx2mYu3WxB9S7MHqppxBPv4aRwRKqI0t1O3BNgZwq3b5c/KFQdRGVWx
f78Pp3pxP7Tkomo+OnrwkSj5yKGMwbgpA6wFThUgoUygVrPHxDBRPn5N8HTRbvPK
rnmXcniDEZSDCpHdUmh6sm/tZgGIN2i8Nk/or1g4WtpNZGNUHKwu4zWaaY6tQi8Z
cjjq9unnPwnvsgoEu6QqSGsySVVzW7MqvmRa7YuYa59P96Bqasbqcxy/Ng==
-----END CERTIFICATE-----
Generated at Mon Aug 11 10:58:30 2025 by rpki-client