Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/620/fMMujWZXQ8MVAKOXpfF-2wt74EM.roa
File:                     fMMujWZXQ8MVAKOXpfF-2wt74EM.roa (raw, json)
Hash identifier:          j3Fa218mLRgqQC0EXQHCf4AEtoOx4OM76tVZGK7FUcU=
Subject key identifier:   7C:C3:2E:8D:66:57:43:C3:15:00:A3:97:A5:F1:7E:DB:0B:7B:E0:43
Certificate issuer:       /CN=309C2A943B28DC0858C39B9208A1609C0973E49A
Certificate serial:       0439
Authority key identifier: 30:9C:2A:94:3B:28:DC:08:58:C3:9B:92:08:A1:60:9C:09:73:E4:9A
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/MJwqlDso3AhYw5uSCKFgnAlz5Jo.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/fMMujWZXQ8MVAKOXpfF-2wt74EM.roa
Signing time:             Mon 04 Aug 2025 02:32:44 +0000
ROA not before:           Mon 04 Aug 2025 02:32:44 +0000
ROA not after:            Mon 03 Aug 2026 08:44:40 +0000
asID:                     142132
IP address blocks:        114.28.254.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/MJwqlDso3AhYw5uSCKFgnAlz5Jo.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/MJwqlDso3AhYw5uSCKFgnAlz5Jo.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/MJwqlDso3AhYw5uSCKFgnAlz5Jo.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 10 Aug 2025 15:02:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1081 (0x439)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=309C2A943B28DC0858C39B9208A1609C0973E49A
        Validity
            Not Before: Aug  4 02:32:44 2025 GMT
            Not After : Aug  3 08:44:40 2026 GMT
        Subject: CN=7CC32E8D665743C31500A397A5F17EDB0B7BE043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6e:5f:b0:93:25:67:f6:8a:f1:d7:d2:91:b7:
                    6a:ce:47:c5:7a:e1:7d:30:fc:23:35:7b:81:29:cd:
                    dd:8a:77:e1:dc:7e:53:1b:07:fc:1d:47:a1:26:37:
                    9f:26:4a:15:f5:9c:ae:2c:83:d4:6b:ef:7b:d1:fb:
                    34:80:ac:31:f7:61:04:42:48:ed:a2:ad:86:d4:41:
                    4a:d7:76:a0:45:e5:2d:a9:d9:ff:1f:17:76:3d:ab:
                    09:19:22:71:55:4d:c9:86:11:4a:e6:1a:2a:c2:c0:
                    25:8f:f8:01:6c:1d:08:6d:04:7e:8d:9f:5a:6a:57:
                    7d:a7:49:7f:27:cc:8b:4c:ca:7b:c4:f4:04:77:35:
                    d2:ce:35:5f:3a:a0:7c:37:95:fc:72:b3:b9:69:52:
                    a9:3c:6b:3d:1d:a3:3e:ce:64:4e:bf:6e:08:c2:8c:
                    0b:fd:d4:06:94:d5:38:93:ca:4f:37:3a:7a:f1:62:
                    92:3d:86:fc:43:ec:ff:91:bc:22:9d:bb:97:5c:2a:
                    c0:9b:84:19:f1:34:bc:68:56:87:15:a4:63:94:0e:
                    9e:16:b1:98:41:4c:92:b5:98:3f:04:f8:b6:18:36:
                    a5:db:59:ac:ac:4d:fd:31:af:8b:66:51:fa:cd:32:
                    87:2b:5a:67:59:96:d0:1c:00:53:f4:a7:e3:ca:ac:
                    97:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:C3:2E:8D:66:57:43:C3:15:00:A3:97:A5:F1:7E:DB:0B:7B:E0:43
            X509v3 Authority Key Identifier:
                keyid:30:9C:2A:94:3B:28:DC:08:58:C3:9B:92:08:A1:60:9C:09:73:E4:9A

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/MJwqlDso3AhYw5uSCKFgnAlz5Jo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/MJwqlDso3AhYw5uSCKFgnAlz5Jo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/fMMujWZXQ8MVAKOXpfF-2wt74EM.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.28.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:1d:27:05:09:40:81:65:fb:bb:f8:6b:d2:c9:e2:fd:29:cd:
         dc:79:9f:fd:17:cb:1e:24:61:d8:f4:3b:f9:7c:9b:05:fb:d3:
         3b:b8:3d:09:74:94:e8:37:bd:74:1a:be:25:34:f4:13:eb:b3:
         5c:6b:04:72:5a:02:9d:3a:59:c8:bb:9d:48:c0:c5:a1:a2:14:
         20:1f:16:42:0e:8c:66:ce:be:92:ff:d9:8f:93:85:2b:ae:49:
         7e:18:b5:ca:b0:2c:d9:05:e6:1c:16:3d:ce:dc:96:1c:38:f9:
         26:cf:f8:e3:bf:8f:a8:8c:02:14:dc:4f:51:f8:3c:3b:d0:d4:
         85:b6:b0:69:5f:80:f0:43:af:25:61:6c:8b:c3:24:89:b1:e7:
         fe:44:a3:bf:aa:a0:92:cd:b3:29:0b:1b:5a:74:fb:8c:70:bc:
         d0:65:04:82:7a:88:2d:db:bc:96:0d:d1:15:4a:2e:49:48:49:
         d4:0f:af:00:0e:fd:7f:41:70:51:0f:1a:de:80:68:94:6a:40:
         fe:4c:15:ae:38:d0:4e:b9:7b:d2:df:45:53:1e:6f:19:ba:45:
         99:49:e6:ce:ab:9a:65:a8:1a:be:d1:7c:e9:fd:ea:42:04:d8:
         93:6a:6b:d7:91:cc:95:aa:2e:70:b7:b9:a9:12:bf:7e:7a:15:
         3c:c3:26:35
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICBDkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzA5
QzJBOTQzQjI4REMwODU4QzM5QjkyMDhBMTYwOUMwOTczRTQ5QTAeFw0yNTA4MDQw
MjMyNDRaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDdDQzMyRThENjY1NzQz
QzMxNTAwQTM5N0E1RjE3RURCMEI3QkUwNDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCfbl+wkyVn9orx19KRt2rOR8V64X0w/CM1e4Epzd2Kd+HcflMb
B/wdR6EmN58mShX1nK4sg9Rr73vR+zSArDH3YQRCSO2irYbUQUrXdqBF5S2p2f8f
F3Y9qwkZInFVTcmGEUrmGirCwCWP+AFsHQhtBH6Nn1pqV32nSX8nzItMynvE9AR3
NdLONV86oHw3lfxys7lpUqk8az0doz7OZE6/bgjCjAv91AaU1TiTyk83OnrxYpI9
hvxD7P+RvCKdu5dcKsCbhBnxNLxoVocVpGOUDp4WsZhBTJK1mD8E+LYYNqXbWays
Tf0xr4tmUfrNMocrWmdZltAcAFP0p+PKrJeRAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUfMMujWZXQ8MVAKOXpfF+2wt74EMwHwYDVR0jBBgwFoAUMJwqlDso3AhYw5uS
CKFgnAlz5JowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjIw
L01Kd3FsRHNvM0FoWXc1dVNDS0ZnbkFsejVKby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvTUp3cWxEc28zQWhZdzV1U0NLRmduQWx6NUpvLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjIwL2ZNTXVqV1pYUThNVkFL
T1hwZkYtMnd0NzRFTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAByHP4wDQYJKoZIhvcNAQELBQADggEBAM8dJwUJQIFl+7v4a9LJ4v0pzdx5n/0X
yx4kYdj0O/l8mwX70zu4PQl0lOg3vXQaviU09BPrs1xrBHJaAp06Wci7nUjAxaGi
FCAfFkIOjGbOvpL/2Y+ThSuuSX4YtcqwLNkF5hwWPc7clhw4+SbP+OO/j6iMAhTc
T1H4PDvQ1IW2sGlfgPBDryVhbIvDJImx5/5Eo7+qoJLNsykLG1p0+4xwvNBlBIJ6
iC3bvJYN0RVKLklISdQPrwAO/X9BcFEPGt6AaJRqQP5MFa440E65e9LfRVMebxm6
RZlJ5s6rmmWoGr7RfOn96kIE2JNqa9eRzJWqLnC3uakSv356FTzDJjU=
-----END CERTIFICATE-----
Generated at Sun Aug 10 13:56:54 2025 by rpki-client