Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/233/Kk7lkFGOd63QwS1t6Wm8i_dkaIM.roa
File: Kk7lkFGOd63QwS1t6Wm8i_dkaIM.roa (raw, json)
Hash identifier: 4azzc8YreuK6NU6y8WTs2uAQ4eEJtFH2AV2cGlG1rC4=
Subject key identifier: 2A:4E:E5:90:51:8E:77:AD:D0:C1:2D:6D:E9:69:BC:8B:F7:64:68:83
Certificate issuer: /CN=AF3AF4D01F0CD056F0E3F698800B223AEE773D20
Certificate serial: 21EA
Authority key identifier: AF:3A:F4:D0:1F:0C:D0:56:F0:E3:F6:98:80:0B:22:3A:EE:77:3D:20
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/rzr00B8M0Fbw4_aYgAsiOu53PSA.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/233/Kk7lkFGOd63QwS1t6Wm8i_dkaIM.roa
Signing time: Tue 07 Jan 2025 06:55:38 +0000
ROA not before: Tue 07 Jan 2025 06:55:38 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 37965
IP address blocks: 222.126.138.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8682 (0x21ea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=AF3AF4D01F0CD056F0E3F698800B223AEE773D20
Validity
Not Before: Jan 7 06:55:38 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=2A4EE590518E77ADD0C12D6DE969BC8BF7646883
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:94:98:1e:5f:b0:ea:a1:41:b4:b4:14:04:5b:
49:a7:58:61:9d:e8:6e:42:62:c7:6f:fb:0b:2e:ff:
ea:d8:12:59:d2:8c:51:9f:dc:b2:96:a4:9c:19:10:
fd:41:a3:48:88:55:e8:de:c3:7b:03:ac:2b:95:93:
12:aa:bc:7f:22:76:70:39:b2:eb:e9:a1:6e:9a:0f:
b9:ad:c2:25:0b:df:75:13:f1:71:f3:82:fa:80:88:
e9:6b:eb:83:62:fa:3d:18:d2:f4:2d:c0:29:ba:9d:
8c:76:d7:b1:f5:96:a2:7c:4a:a6:5d:a8:f2:d6:59:
9c:0e:e1:65:e9:32:86:d4:b1:3e:64:ed:bb:bb:f4:
f1:03:f9:6f:7f:d3:ee:66:0a:d6:04:20:b4:b2:82:
b2:2a:cf:03:d3:37:bf:3a:eb:a6:8d:c5:41:d0:dc:
c2:8b:b8:e6:33:ed:58:fc:e9:4f:ff:b0:b0:3d:41:
2e:ae:9e:38:b1:d4:9e:f4:5b:9d:ea:3c:9c:47:9b:
ce:43:26:dd:a6:dc:10:86:0c:5a:da:ca:07:78:14:
e9:7e:a1:6c:95:fd:94:c3:20:44:13:2a:fd:b4:a8:
95:cc:03:12:81:ed:ce:dd:fb:c6:28:e0:c9:ee:d5:
50:36:dc:5c:be:bd:6d:39:9e:6a:df:6c:e6:d3:f1:
55:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:4E:E5:90:51:8E:77:AD:D0:C1:2D:6D:E9:69:BC:8B:F7:64:68:83
X509v3 Authority Key Identifier:
keyid:AF:3A:F4:D0:1F:0C:D0:56:F0:E3:F6:98:80:0B:22:3A:EE:77:3D:20
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/233/rzr00B8M0Fbw4_aYgAsiOu53PSA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/rzr00B8M0Fbw4_aYgAsiOu53PSA.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/233/Kk7lkFGOd63QwS1t6Wm8i_dkaIM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
222.126.138.0/24
Signature Algorithm: sha256WithRSAEncryption
04:3e:fa:bd:c5:ca:81:7d:9a:dc:ac:d5:94:f3:9f:fd:3c:c5:
16:9c:d1:8d:87:0f:d8:06:1f:a3:b1:51:96:61:10:b0:0f:69:
0e:8c:90:72:42:5e:40:4d:27:87:aa:ee:25:fa:1e:c7:33:03:
70:ef:5a:5d:64:af:fe:20:7a:c9:b7:9b:1b:60:75:11:bf:79:
5c:1e:1b:9c:d7:f7:d6:0c:f9:97:ef:f5:4a:8d:a0:7b:e0:9b:
52:a8:58:06:d0:03:28:d4:18:77:ac:53:da:b3:8d:84:57:35:
0e:8a:aa:82:41:aa:be:19:94:f4:1b:12:ab:57:2d:c9:00:80:
3e:b4:f2:e5:b6:54:b8:4b:03:98:65:e7:60:ac:5f:4b:98:c2:
61:ea:7e:6d:a3:0d:6a:7b:95:ec:5f:82:48:f4:92:a0:02:38:
47:0d:94:04:54:0e:6c:ca:58:de:74:b1:64:f9:84:f7:4d:82:
3b:ef:91:cd:4e:fc:42:2b:04:88:05:f6:9c:d6:34:7e:38:89:
80:6f:c7:42:2a:02:21:d2:34:4b:54:ce:04:3e:3a:ed:ce:85:
93:eb:89:6c:89:9f:68:3c:29:04:e0:e3:9a:52:4a:07:5f:d2:
f9:6f:f2:ba:a9:9a:bf:a7:d7:68:5e:2e:e0:9c:3d:21:d7:ca:
b6:f7:ce:17
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICIeowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQUYz
QUY0RDAxRjBDRDA1NkYwRTNGNjk4ODAwQjIyM0FFRTc3M0QyMDAeFw0yNTAxMDcw
NjU1MzhaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDJBNEVFNTkwNTE4RTc3
QUREMEMxMkQ2REU5NjlCQzhCRjc2NDY4ODMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCZlJgeX7DqoUG0tBQEW0mnWGGd6G5CYsdv+wsu/+rYElnSjFGf
3LKWpJwZEP1Bo0iIVejew3sDrCuVkxKqvH8idnA5suvpoW6aD7mtwiUL33UT8XHz
gvqAiOlr64Ni+j0Y0vQtwCm6nYx217H1lqJ8SqZdqPLWWZwO4WXpMobUsT5k7bu7
9PED+W9/0+5mCtYEILSygrIqzwPTN78666aNxUHQ3MKLuOYz7Vj86U//sLA9QS6u
njix1J70W53qPJxHm85DJt2m3BCGDFraygd4FOl+oWyV/ZTDIEQTKv20qJXMAxKB
7c7d+8Yo4Mnu1VA23Fy+vW05nmrfbObT8VV1AgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUKk7lkFGOd63QwS1t6Wm8i/dkaIMwHwYDVR0jBBgwFoAUrzr00B8M0Fbw4/aY
gAsiOu53PSAwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjMz
L3J6cjAwQjhNMEZidzRfYVlnQXNpT3U1M1BTQS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvcnpyMDBCOE0wRmJ3NF9hWWdBc2lPdTUzUFNBLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjMzL0trN2xrRkdPZDYzUXdT
MXQ2V204aV9ka2FJTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADefoowDQYJKoZIhvcNAQELBQADggEBAAQ++r3FyoF9mtys1ZTzn/08xRac0Y2H
D9gGH6OxUZZhELAPaQ6MkHJCXkBNJ4eq7iX6HsczA3DvWl1kr/4gesm3mxtgdRG/
eVweG5zX99YM+Zfv9UqNoHvgm1KoWAbQAyjUGHesU9qzjYRXNQ6KqoJBqr4ZlPQb
EqtXLckAgD608uW2VLhLA5hl52CsX0uYwmHqfm2jDWp7lexfgkj0kqACOEcNlARU
DmzKWN50sWT5hPdNgjvvkc1O/EIrBIgF9pzWNH44iYBvx0IqAiHSNEtUzgQ+Ou3O
hZPriWyJn2g8KQTg45pSSgdf0vlv8rqpmr+n12heLuCcPSHXyrb3zhc=
-----END CERTIFICATE-----
Generated at Fri Apr 4 18:37:46 2025 by rpki-client