Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/620/v4d1-p-3ZxksqaCK5sQnSOumPX4.roa
File: v4d1-p-3ZxksqaCK5sQnSOumPX4.roa (raw, json)
Hash identifier: v9JLyW4CyKz9olTqbMME5NpXQah5W39H0O1CPcZ3/Ik=
Subject key identifier: BF:87:75:FA:9F:B7:67:19:2C:A9:A0:8A:E6:C4:27:48:EB:A6:3D:7E
Certificate issuer: /CN=309C2A943B28DC0858C39B9208A1609C0973E49A
Certificate serial: 01BE
Authority key identifier: 30:9C:2A:94:3B:28:DC:08:58:C3:9B:92:08:A1:60:9C:09:73:E4:9A
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/MJwqlDso3AhYw5uSCKFgnAlz5Jo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/v4d1-p-3ZxksqaCK5sQnSOumPX4.roa
Signing time: Wed 02 Apr 2025 01:30:19 +0000
ROA not before: Wed 02 Apr 2025 01:30:19 +0000
ROA not after: Tue 13 Jan 2026 01:35:26 +0000
asID: 24413
IP address blocks: 114.28.238.0/24 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 446 (0x1be)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=309C2A943B28DC0858C39B9208A1609C0973E49A
Validity
Not Before: Apr 2 01:30:19 2025 GMT
Not After : Jan 13 01:35:26 2026 GMT
Subject: CN=BF8775FA9FB767192CA9A08AE6C42748EBA63D7E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:ae:19:32:13:81:40:5c:ab:be:41:17:d2:6a:
a1:e9:7f:0c:cc:db:e8:ef:fc:0e:de:76:21:70:df:
12:21:2f:4f:35:81:d9:b0:e4:c1:b6:dd:93:0d:4f:
d7:64:b6:62:c8:aa:29:63:91:71:fa:5f:04:7b:fb:
2a:b1:5b:3c:a0:be:73:ad:7b:8d:4f:df:7d:97:57:
2e:44:1a:bb:f6:d6:e5:59:96:23:67:67:8f:37:a8:
15:5c:a7:98:3b:7b:db:3a:de:20:db:f7:8d:fa:a5:
ca:db:39:77:b1:1f:64:a0:f8:7a:d1:63:09:2f:f2:
0f:3b:3a:e9:1e:e3:e7:6d:71:7f:37:b2:9d:00:e3:
f1:46:d6:0e:68:1c:02:4a:6d:bf:0f:79:fb:fd:3e:
93:d9:f2:4f:db:0f:98:03:f9:14:31:1b:23:11:cb:
f6:8f:fb:48:c4:00:39:18:5d:e1:17:eb:a1:b3:ee:
21:1c:e0:02:b3:e2:73:eb:c9:35:c4:af:70:2b:21:
54:d6:e9:71:7a:64:34:34:f0:24:5f:7b:61:ca:f2:
9c:69:da:80:7d:51:13:03:85:06:a4:a3:84:08:ed:
0c:73:c9:ea:4c:e9:7d:0e:01:ab:fd:58:1d:2c:27:
82:be:f4:86:11:be:3a:11:92:13:28:3a:f6:6c:d4:
53:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:87:75:FA:9F:B7:67:19:2C:A9:A0:8A:E6:C4:27:48:EB:A6:3D:7E
X509v3 Authority Key Identifier:
keyid:30:9C:2A:94:3B:28:DC:08:58:C3:9B:92:08:A1:60:9C:09:73:E4:9A
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/MJwqlDso3AhYw5uSCKFgnAlz5Jo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/MJwqlDso3AhYw5uSCKFgnAlz5Jo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/v4d1-p-3ZxksqaCK5sQnSOumPX4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
114.28.238.0/24
Signature Algorithm: sha256WithRSAEncryption
86:b0:79:d2:19:a0:03:a3:69:91:47:88:0e:f5:fa:a4:db:d0:
cf:10:de:bd:f5:8e:e1:46:61:72:13:62:1a:e0:cb:bc:16:e1:
12:79:31:5b:d8:55:53:59:fd:ff:30:8b:d3:21:15:ae:dd:6d:
32:c6:bc:1b:a2:b4:97:de:c1:bc:d3:cf:40:b3:3f:42:e4:c0:
ba:d3:70:12:8c:e1:71:1e:b3:60:7a:8a:3e:d6:f5:5c:44:d1:
81:15:81:d5:b4:11:56:85:d8:97:f8:0b:2c:96:8e:d1:0d:b0:
eb:63:ae:20:23:c8:6b:3c:82:8b:ba:93:79:cb:22:af:44:0b:
c9:83:6e:ae:c7:5b:03:bd:dc:e4:2b:88:fb:d9:53:70:93:f2:
86:39:4e:44:ac:bf:23:d7:5b:bc:79:77:37:7f:a4:58:ca:90:
ac:29:f0:89:10:ae:88:4e:cd:30:1f:39:60:6d:51:31:13:9a:
9c:c1:7e:e9:6b:54:47:f3:aa:33:38:a2:38:0e:79:36:2b:85:
42:07:78:22:9d:37:a3:5d:b7:74:72:e1:d5:85:93:43:55:0d:
45:d9:e0:4f:56:64:bd:0d:36:25:15:8e:10:c4:22:7b:1d:68:
a0:ae:df:9b:cb:e2:d5:7a:13:b3:75:43:c8:59:c9:85:90:cb:
32:0a:0b:15
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICAb4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzA5
QzJBOTQzQjI4REMwODU4QzM5QjkyMDhBMTYwOUMwOTczRTQ5QTAeFw0yNTA0MDIw
MTMwMTlaFw0yNjAxMTMwMTM1MjZaMDMxMTAvBgNVBAMTKEJGODc3NUZBOUZCNzY3
MTkyQ0E5QTA4QUU2QzQyNzQ4RUJBNjNEN0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHrhkyE4FAXKu+QRfSaqHpfwzM2+jv/A7ediFw3xIhL081gdmw
5MG23ZMNT9dktmLIqiljkXH6XwR7+yqxWzygvnOte41P332XVy5EGrv21uVZliNn
Z483qBVcp5g7e9s63iDb9436pcrbOXexH2Sg+HrRYwkv8g87Ouke4+dtcX83sp0A
4/FG1g5oHAJKbb8Pefv9PpPZ8k/bD5gD+RQxGyMRy/aP+0jEADkYXeEX66Gz7iEc
4AKz4nPryTXEr3ArIVTW6XF6ZDQ08CRfe2HK8pxp2oB9URMDhQako4QI7QxzyepM
6X0OAav9WB0sJ4K+9IYRvjoRkhMoOvZs1FMLAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUv4d1+p+3ZxksqaCK5sQnSOumPX4wHwYDVR0jBBgwFoAUMJwqlDso3AhYw5uS
CKFgnAlz5JowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjIw
L01Kd3FsRHNvM0FoWXc1dVNDS0ZnbkFsejVKby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvTUp3cWxEc28zQWhZdzV1U0NLRmduQWx6NUpvLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjIwL3Y0ZDEtcC0zWnhrc3Fh
Q0s1c1FuU091bVBYNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAByHO4wDQYJKoZIhvcNAQELBQADggEBAIawedIZoAOjaZFHiA71+qTb0M8Q3r31
juFGYXITYhrgy7wW4RJ5MVvYVVNZ/f8wi9MhFa7dbTLGvBuitJfewbzTz0CzP0Lk
wLrTcBKM4XEes2B6ij7W9VxE0YEVgdW0EVaF2Jf4CyyWjtENsOtjriAjyGs8gou6
k3nLIq9EC8mDbq7HWwO93OQriPvZU3CT8oY5TkSsvyPXW7x5dzd/pFjKkKwp8IkQ
rohOzTAfOWBtUTETmpzBfulrVEfzqjM4ojgOeTYrhUIHeCKdN6Ndt3Ry4dWFk0NV
DUXZ4E9WZL0NNiUVjhDEInsdaKCu35vL4tV6E7N1Q8hZyYWQyzIKCxU=
-----END CERTIFICATE-----
Generated at Tue Apr 22 17:39:14 2025 by rpki-client