Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/PkmWps2BBAe3AHCPJapeN2juBhs.roa
File: PkmWps2BBAe3AHCPJapeN2juBhs.roa (raw, json)
Hash identifier: uqJPWI1mMkfRLTeHMPplJPAukp9B+ujRbogrRG/HFV4=
Subject key identifier: 3E:49:96:A6:CD:81:04:07:B7:00:70:8F:25:AA:5E:37:68:EE:06:1B
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 701C
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/PkmWps2BBAe3AHCPJapeN2juBhs.roa
Signing time: Thu 23 Oct 2025 10:35:45 +0000
ROA not before: Thu 23 Oct 2025 10:35:45 +0000
ROA not after: Fri 23 Oct 2026 03:01:03 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28700 (0x701c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Oct 23 10:35:45 2025 GMT
Not After : Oct 23 03:01:03 2026 GMT
Subject: CN=3E4996A6CD810407B700708F25AA5E3768EE061B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:08:bf:90:e4:fc:e4:a2:19:2e:99:d9:ae:3d:
b6:1f:1c:68:b6:45:8d:69:59:a7:3b:a6:42:d4:3d:
c4:c8:f5:59:fc:c4:45:9a:23:48:aa:6f:20:9c:89:
b7:4c:62:06:81:93:b9:32:8d:5f:ac:9f:6f:07:fc:
1d:39:a5:7e:48:76:5a:a8:d8:27:09:c4:9b:82:d0:
02:63:d3:c9:fa:23:c8:fb:2c:3a:4d:37:eb:3a:bd:
b3:fd:5c:df:95:c9:0c:f2:9b:5f:e9:c0:59:d6:cb:
86:a2:68:8a:ca:4e:40:7d:30:2f:33:73:18:e3:bd:
43:16:22:e2:b9:18:ad:07:98:ed:9e:eb:f6:d6:83:
9a:ed:55:d2:dd:bf:17:3a:9d:f9:ab:c9:25:2c:a3:
33:ea:0f:80:93:57:fa:b5:88:f8:9b:a5:a3:f2:a5:
d4:10:9d:91:40:fe:7f:67:43:f3:6d:62:65:b5:55:
e5:42:bc:e4:3d:be:9a:dc:4a:48:b9:66:ff:c2:05:
c7:be:a2:be:7c:47:fa:55:9a:6e:a2:89:ef:51:c1:
d8:b6:c8:38:ca:f1:c3:df:79:96:b2:80:4f:38:75:
e9:3b:86:ed:e6:bc:a6:f1:93:36:28:e4:ba:6c:6c:
f7:4d:fe:6a:f7:c2:49:f9:c2:51:b1:e2:ee:e8:19:
81:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:49:96:A6:CD:81:04:07:B7:00:70:8F:25:AA:5E:37:68:EE:06:1B
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/PkmWps2BBAe3AHCPJapeN2juBhs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
76:ae:d2:2a:e4:23:9f:58:41:6f:1e:ab:f9:87:91:4f:87:5a:
a5:93:9a:73:54:93:46:91:cc:3e:75:7b:b8:47:89:04:49:c2:
37:4c:0a:5f:5f:34:d6:14:88:1c:8b:1b:5f:03:5d:8c:67:bc:
0f:9f:eb:ba:58:fe:95:cf:31:31:3e:ef:a1:d2:60:db:34:89:
2a:14:60:b1:49:16:8a:21:18:ed:42:23:43:de:c0:f4:12:36:
1c:92:18:ec:a2:50:e5:5a:b2:8e:70:2e:98:60:87:b0:1f:48:
66:94:ab:fd:51:f8:40:03:aa:1d:f9:d1:24:fb:95:25:77:d2:
ee:a8:4c:1d:1b:ed:2f:b7:ed:7a:3d:c0:e7:e2:e3:aa:86:b9:
cc:bf:97:d4:82:b1:ec:7f:f0:a9:83:12:6b:9c:02:38:ac:0c:
4d:dc:4d:13:cd:ab:bb:f2:7e:a3:c8:12:f3:3a:ce:52:0d:11:
8d:5f:a2:53:c5:41:4c:81:a6:6f:e0:6a:d8:c3:f7:06:e9:30:
43:cd:72:e4:76:1c:db:19:89:56:33:14:72:22:81:19:ff:64:
83:e1:ba:1b:5f:1e:cf:e0:d2:d7:bb:9f:f6:2b:cc:33:4d:86:
70:5a:80:95:7c:ea:b5:fb:64:3f:3c:89:b7:75:2b:00:fa:8a:
0b:6d:ba:de
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICcBwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTEwMjMx
MDM1NDVaFw0yNjEwMjMwMzAxMDNaMDMxMTAvBgNVBAMTKDNFNDk5NkE2Q0Q4MTA0
MDdCNzAwNzA4RjI1QUE1RTM3NjhFRTA2MUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKCL+Q5PzkohkumdmuPbYfHGi2RY1pWac7pkLUPcTI9Vn8xEWa
I0iqbyCcibdMYgaBk7kyjV+sn28H/B05pX5Idlqo2CcJxJuC0AJj08n6I8j7LDpN
N+s6vbP9XN+VyQzym1/pwFnWy4aiaIrKTkB9MC8zcxjjvUMWIuK5GK0HmO2e6/bW
g5rtVdLdvxc6nfmrySUsozPqD4CTV/q1iPibpaPypdQQnZFA/n9nQ/NtYmW1VeVC
vOQ9vprcSki5Zv/CBce+or58R/pVmm6iie9Rwdi2yDjK8cPfeZaygE84dek7hu3m
vKbxkzYo5LpsbPdN/mr3wkn5wlGx4u7oGYGjAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUPkmWps2BBAe3AHCPJapeN2juBhswHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvUGttV3BzMkJCQWUz
QUhDUEphcGVOMmp1QmhzLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAHau0irkI59YQW8eq/mHkU+HWqWT
mnNUk0aRzD51e7hHiQRJwjdMCl9fNNYUiByLG18DXYxnvA+f67pY/pXPMTE+76HS
YNs0iSoUYLFJFoohGO1CI0PewPQSNhySGOyiUOVaso5wLphgh7AfSGaUq/1R+EAD
qh350ST7lSV30u6oTB0b7S+37Xo9wOfi46qGucy/l9SCsex/8KmDEmucAjisDE3c
TRPNq7vyfqPIEvM6zlINEY1folPFQUyBpm/gatjD9wbpMEPNcuR2HNsZiVYzFHIi
gRn/ZIPhuhtfHs/g0te7n/YrzDNNhnBagJV86rX7ZD88ibd1KwD6igttut4=
-----END CERTIFICATE-----
Generated at Thu Oct 23 16:33:23 2025 by rpki-client