Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/613/1osHapkK1XA1EBtHjlXEly7eItI.roa
File: 1osHapkK1XA1EBtHjlXEly7eItI.roa (raw, json)
Hash identifier: SgNpQnnPMg+9GO8eSFxQtLVLaDSj5q44gxQ00IUNsjs=
Subject key identifier: D6:8B:07:6A:99:0A:D5:70:35:10:1B:47:8E:55:C4:97:2E:DE:22:D2
Certificate issuer: /CN=2E83EB0E1CB7B4A7617A04AD7A82629D98B95B94
Certificate serial: 0B53
Authority key identifier: 2E:83:EB:0E:1C:B7:B4:A7:61:7A:04:AD:7A:82:62:9D:98:B9:5B:94
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LoPrDhy3tKdhegSteoJinZi5W5Q.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/613/1osHapkK1XA1EBtHjlXEly7eItI.roa
Signing time: Thu 01 Sep 2022 13:39:48 +0000
ROA not before: Thu 01 Sep 2022 13:39:48 +0000
ROA not after: Mon 28 Aug 2023 04:15:34 +0000
asID: 996
IP address blocks: 43.254.128.0/22 maxlen: 24
45.126.100.0/22 maxlen: 24
101.49.20.0/22 maxlen: 24
101.49.28.0/22 maxlen: 24
101.49.44.0/22 maxlen: 24
101.49.128.0/19 maxlen: 24
101.49.160.0/19 maxlen: 24
101.49.240.0/20 maxlen: 24
103.73.244.0/22 maxlen: 24
103.73.248.0/22 maxlen: 24
103.236.232.0/22 maxlen: 24
103.249.12.0/22 maxlen: 24
103.249.192.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2899 (0xb53)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E83EB0E1CB7B4A7617A04AD7A82629D98B95B94
Validity
Not Before: Sep 1 13:39:48 2022 GMT
Not After : Aug 28 04:15:34 2023 GMT
Subject: CN=D68B076A990AD57035101B478E55C4972EDE22D2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:47:5c:ee:c2:7f:59:76:94:b9:b8:16:31:37:
3c:d1:0a:72:6a:22:23:c8:ea:fd:5c:cf:79:80:14:
e5:0d:2e:ff:f3:bb:53:c3:d1:aa:5d:31:55:cd:38:
76:99:cc:cc:c0:2c:14:21:58:6b:57:b7:a1:35:46:
62:43:cc:8b:4e:3d:fc:ef:b0:00:00:f9:9b:62:f7:
88:e6:d5:9d:10:f2:07:99:1b:19:c4:be:6e:78:9b:
2c:6d:4f:16:16:93:35:e8:ef:68:b6:02:de:51:e1:
a7:32:bf:cc:17:53:6a:c2:88:6c:6e:e2:0a:50:dc:
5f:e7:68:9c:ed:3f:22:89:8c:a5:f8:0a:e1:53:c5:
78:39:39:b1:8d:56:24:91:76:e2:52:e4:38:e7:e3:
a1:0c:42:aa:73:a7:0e:44:83:76:a8:ed:23:fd:4b:
5a:46:4c:0a:38:f5:1f:14:62:77:b0:31:82:a9:ba:
fd:bf:24:83:77:04:f2:05:86:5d:3e:95:9c:e3:6f:
13:b0:f3:b6:58:5f:81:f1:d9:40:af:86:fe:a1:aa:
30:a3:dd:d6:79:5e:49:ca:cd:e4:8f:e4:f4:50:f2:
a3:d8:c8:dc:0c:a2:d2:bb:5f:67:25:e0:e9:cc:d3:
29:45:82:ec:02:89:42:b9:c3:39:81:24:b3:90:2b:
03:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:8B:07:6A:99:0A:D5:70:35:10:1B:47:8E:55:C4:97:2E:DE:22:D2
X509v3 Authority Key Identifier:
keyid:2E:83:EB:0E:1C:B7:B4:A7:61:7A:04:AD:7A:82:62:9D:98:B9:5B:94
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/613/LoPrDhy3tKdhegSteoJinZi5W5Q.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LoPrDhy3tKdhegSteoJinZi5W5Q.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/613/1osHapkK1XA1EBtHjlXEly7eItI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.254.128.0/22
45.126.100.0/22
101.49.20.0/22
101.49.28.0/22
101.49.44.0/22
101.49.128.0/18
101.49.240.0/20
103.73.244.0-103.73.251.255
103.236.232.0/22
103.249.12.0/22
103.249.192.0/22
Signature Algorithm: sha256WithRSAEncryption
32:3e:ee:a1:c0:23:9d:a3:f3:e9:16:a2:9a:a0:f1:3e:63:c8:
be:8e:43:ef:36:98:ce:de:06:30:27:03:29:dc:61:e8:b9:a0:
4b:01:8d:88:da:aa:76:b2:34:f3:ab:fa:ce:25:eb:45:e7:77:
02:4a:ad:3a:8e:e2:73:ee:ed:6d:8f:9f:7f:f4:8f:7e:b9:97:
76:bb:c6:9a:8f:79:c4:aa:ac:6d:c5:51:92:a7:7f:f3:ae:ed:
80:87:f0:c8:62:45:12:d0:a1:fc:97:79:67:4e:31:95:08:53:
5a:98:d1:77:de:65:23:3d:17:d2:7e:14:c8:9e:b7:04:bb:d7:
63:ae:89:a7:fd:84:24:8c:62:f7:c4:c8:f8:3c:41:76:a6:3b:
29:dc:de:d6:dc:b2:a9:cf:22:54:f6:39:52:89:35:ff:d1:de:
a0:22:b7:db:a1:ef:ef:f9:d6:10:cb:39:b5:90:50:e7:fa:a6:
3e:6d:c0:89:a7:56:7e:4d:af:88:f0:ca:5b:c2:2d:14:89:3f:
33:3b:5f:61:2e:33:7e:45:54:54:6e:dd:09:f8:ef:5f:2a:8b:
6d:b5:1b:66:56:ce:53:7c:87:4c:ce:84:c1:1d:86:28:58:2b:
f8:85:2d:31:1a:b7:b8:51:93:20:50:c5:3c:f5:4b:6b:31:96:
c1:f5:6c:92
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgICC1MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkU4
M0VCMEUxQ0I3QjRBNzYxN0EwNEFEN0E4MjYyOUQ5OEI5NUI5NDAeFw0yMjA5MDEx
MzM5NDhaFw0yMzA4MjgwNDE1MzRaMDMxMTAvBgNVBAMTKEQ2OEIwNzZBOTkwQUQ1
NzAzNTEwMUI0NzhFNTVDNDk3MkVERTIyRDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9R1zuwn9ZdpS5uBYxNzzRCnJqIiPI6v1cz3mAFOUNLv/zu1PD
0apdMVXNOHaZzMzALBQhWGtXt6E1RmJDzItOPfzvsAAA+Zti94jm1Z0Q8geZGxnE
vm54myxtTxYWkzXo72i2At5R4acyv8wXU2rCiGxu4gpQ3F/naJztPyKJjKX4CuFT
xXg5ObGNViSRduJS5Djn46EMQqpzpw5Eg3ao7SP9S1pGTAo49R8UYnewMYKpuv2/
JIN3BPIFhl0+lZzjbxOw87ZYX4Hx2UCvhv6hqjCj3dZ5XknKzeSP5PRQ8qPYyNwM
otK7X2cl4OnM0ylFguwCiUK5wzmBJLOQKwNVAgMBAAGjggI1MIICMTAdBgNVHQ4E
FgQU1osHapkK1XA1EBtHjlXEly7eItIwHwYDVR0jBBgwFoAULoPrDhy3tKdhegSt
eoJinZi5W5QwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjEz
L0xvUHJEaHkzdEtkaGVnU3Rlb0ppblppNVc1US5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvTG9QckRoeTN0S2RoZWdTdGVvSmluWmk1VzVRLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjEzLzFvc0hhcGtLMVhBMUVC
dEhqbFhFbHk3ZUl0SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYwYIKwYBBQUHAQcBAf8EVDBSMFAEAgABMEoD
BAIr/oADBAItfmQDBAJlMRQDBAJlMRwDBAJlMSwDBAZlMYADBARlMfAwDAMEAmdJ
9AMEAmdJ+AMEAmfs6AMEAmf5DAMEAmf5wDANBgkqhkiG9w0BAQsFAAOCAQEAMj7u
ocAjnaPz6RaimqDxPmPIvo5D7zaYzt4GMCcDKdxh6LmgSwGNiNqqdrI086v6ziXr
Red3AkqtOo7ic+7tbY+ff/SPfrmXdrvGmo95xKqsbcVRkqd/867tgIfwyGJFEtCh
/Jd5Z04xlQhTWpjRd95lIz0X0n4UyJ63BLvXY66Jp/2EJIxi98TI+DxBdqY7Kdze
1tyyqc8iVPY5Uok1/9HeoCK326Hv7/nWEMs5tZBQ5/qmPm3AiadWfk2viPDKW8It
FIk/MztfYS4zfkVUVG7dCfjvXyqLbbUbZlbOU3yHTM6EwR2GKFgr+IUtMRq3uFGT
IFDFPPVLazGWwfVskg==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:19 2023 by rpki-client on console-ams.rpki-client.org