Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/413/ehV9ZZPkKLnb-4SMajpKkTL98BQ.roa
File: ehV9ZZPkKLnb-4SMajpKkTL98BQ.roa (raw, json)
Hash identifier: N6kmuHBK9hXhiC5XSwev9GDZH/EE505vl8nEr74G1Wc=
Subject key identifier: 7A:15:7D:65:93:E4:28:B9:DB:FB:84:8C:6A:3A:4A:91:32:FD:F0:14
Certificate issuer: /CN=C65BF57BDC9B5BE7D97E0D65AA4222B1EFAABEAA
Certificate serial: 0160
Authority key identifier: C6:5B:F5:7B:DC:9B:5B:E7:D9:7E:0D:65:AA:42:22:B1:EF:AA:BE:AA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/xlv1e9ybW-fZfg1lqkIise-qvqo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/ehV9ZZPkKLnb-4SMajpKkTL98BQ.roa
Signing time: Fri 21 Apr 2023 06:23:57 +0000
ROA not before: Fri 21 Apr 2023 06:23:57 +0000
ROA not after: Wed 27 Mar 2024 01:13:10 +0000
asID: 35913
IP address blocks: 123.98.64.0/22 maxlen: 24
123.98.72.0/22 maxlen: 24
123.98.80.0/22 maxlen: 24
123.98.100.0/22 maxlen: 24
210.79.68.0/22 maxlen: 24
210.79.72.0/22 maxlen: 24
210.79.76.0/22 maxlen: 24
210.79.84.0/22 maxlen: 24
210.79.88.0/22 maxlen: 24
210.79.92.0/22 maxlen: 24
210.79.100.0/22 maxlen: 24
210.79.104.0/22 maxlen: 24
210.79.112.0/22 maxlen: 24
210.79.124.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 352 (0x160)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=C65BF57BDC9B5BE7D97E0D65AA4222B1EFAABEAA
Validity
Not Before: Apr 21 06:23:57 2023 GMT
Not After : Mar 27 01:13:10 2024 GMT
Subject: CN=7A157D6593E428B9DBFB848C6A3A4A9132FDF014
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:73:7f:f1:54:f6:d8:d3:a8:10:79:23:69:3a:
63:9b:50:36:5c:f5:04:00:8b:79:ff:12:5a:b1:b1:
03:94:8e:51:17:c4:26:e8:66:c1:22:fb:1e:c6:e5:
b7:0b:21:00:31:3d:d2:a6:70:0e:dc:74:c5:6e:24:
84:3b:28:51:30:69:43:7b:13:4b:d5:72:13:ad:d7:
ac:53:e5:e2:0f:a7:e9:d8:4d:8d:3b:af:91:1a:54:
dd:8b:1b:f4:88:3d:52:00:8a:47:c8:21:49:cf:fa:
d7:c0:bf:b1:45:0e:13:c1:30:b7:f0:17:dd:0c:89:
1b:b9:9e:ab:f3:d6:bb:8b:69:37:8e:ce:1c:3c:2e:
71:f1:ac:ac:d6:8e:2d:85:95:ed:ec:27:40:13:41:
da:8c:3d:22:f8:66:f2:65:6f:0d:65:ae:7a:8b:41:
a6:f8:35:61:39:1d:7a:b3:0a:fe:ea:b6:26:2a:6e:
69:b8:4f:18:4f:72:1d:e7:99:32:e7:7e:a6:e2:11:
eb:c7:ba:5e:e4:90:eb:82:e6:75:76:b6:e8:f4:9a:
f3:37:fc:64:de:27:36:ce:0f:31:94:df:5b:6b:09:
4f:b6:b2:31:1d:a1:5d:30:90:b4:a2:f3:d4:87:ba:
22:ff:a0:de:a8:da:a5:7c:86:3d:ec:d9:7c:68:ea:
c1:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:15:7D:65:93:E4:28:B9:DB:FB:84:8C:6A:3A:4A:91:32:FD:F0:14
X509v3 Authority Key Identifier:
keyid:C6:5B:F5:7B:DC:9B:5B:E7:D9:7E:0D:65:AA:42:22:B1:EF:AA:BE:AA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/xlv1e9ybW-fZfg1lqkIise-qvqo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/xlv1e9ybW-fZfg1lqkIise-qvqo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/ehV9ZZPkKLnb-4SMajpKkTL98BQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
123.98.64.0/22
123.98.72.0/22
123.98.80.0/22
123.98.100.0/22
210.79.68.0-210.79.79.255
210.79.84.0-210.79.95.255
210.79.100.0-210.79.107.255
210.79.112.0/22
210.79.124.0/22
Signature Algorithm: sha256WithRSAEncryption
d9:ce:ff:c6:a1:d8:0a:98:5d:3e:49:08:b6:a2:8a:58:8d:9e:
c9:b5:27:7b:c4:3a:77:49:80:b6:ca:36:5d:a8:f4:0a:d6:41:
60:2d:06:90:73:14:5e:6f:cc:68:f0:f9:cd:07:77:66:56:4a:
89:b6:6a:7c:94:67:16:df:95:03:7a:44:41:5d:d0:93:b5:b3:
b2:86:ec:69:8b:05:41:93:dc:ba:54:a8:a0:f6:2c:b6:aa:27:
e3:e7:d5:59:5d:ef:87:70:87:b5:fb:68:dd:6e:63:8d:ea:eb:
ab:bc:aa:ed:f4:9e:d2:83:1e:fe:78:fe:45:98:08:ff:16:2a:
1d:32:5b:b9:1d:5f:06:01:b3:bb:56:aa:6a:3d:42:0a:d1:96:
86:a3:13:67:61:5d:72:19:28:95:ae:64:f1:7c:81:af:d8:db:
86:d3:f4:90:4b:69:3c:c0:fa:40:e7:00:5f:4a:80:f2:10:27:
3c:d4:6b:2a:f3:3f:5b:6b:dd:42:3b:d9:95:0e:ae:c3:2c:5e:
26:be:eb:dc:39:32:e7:b9:ed:89:30:78:09:a4:41:6f:11:e5:
24:eb:7b:15:1e:1b:24:b3:b9:6f:b2:c4:21:29:8a:74:30:86:
30:c4:a2:42:34:3e:0f:b4:7d:5e:7f:c7:78:07:85:c1:f1:6a:
36:f6:93:c4
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgICAWAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQzY1
QkY1N0JEQzlCNUJFN0Q5N0UwRDY1QUE0MjIyQjFFRkFBQkVBQTAeFw0yMzA0MjEw
NjIzNTdaFw0yNDAzMjcwMTEzMTBaMDMxMTAvBgNVBAMTKDdBMTU3RDY1OTNFNDI4
QjlEQkZCODQ4QzZBM0E0QTkxMzJGREYwMTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXc3/xVPbY06gQeSNpOmObUDZc9QQAi3n/ElqxsQOUjlEXxCbo
ZsEi+x7G5bcLIQAxPdKmcA7cdMVuJIQ7KFEwaUN7E0vVchOt16xT5eIPp+nYTY07
r5EaVN2LG/SIPVIAikfIIUnP+tfAv7FFDhPBMLfwF90MiRu5nqvz1ruLaTeOzhw8
LnHxrKzWji2Fle3sJ0ATQdqMPSL4ZvJlbw1lrnqLQab4NWE5HXqzCv7qtiYqbmm4
TxhPch3nmTLnfqbiEevHul7kkOuC5nV2tuj0mvM3/GTeJzbODzGU31trCU+2sjEd
oV0wkLSi89SHuiL/oN6o2qV8hj3s2Xxo6sEBAgMBAAGjggI5MIICNTAdBgNVHQ4E
FgQUehV9ZZPkKLnb+4SMajpKkTL98BQwHwYDVR0jBBgwFoAUxlv1e9ybW+fZfg1l
qkIise+qvqowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEz
L3hsdjFlOXliVy1mWmZnMWxxa0lpc2UtcXZxby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAveGx2MWU5eWJXLWZaZmcxbHFrSWlzZS1xdnFvLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEzL2VoVjlaWlBrS0xuYi00
U01hanBLa1RMOThCUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwZwYIKwYBBQUHAQcBAf8EWDBWMFQEAgABME4D
BAJ7YkADBAJ7YkgDBAJ7YlADBAJ7YmQwDAMEAtJPRAMEBNJPQDAMAwQC0k9UAwQF
0k9AMAwDBALST2QDBALST2gDBALST3ADBALST3wwDQYJKoZIhvcNAQELBQADggEB
ANnO/8ah2AqYXT5JCLaiiliNnsm1J3vEOndJgLbKNl2o9ArWQWAtBpBzFF5vzGjw
+c0Hd2ZWSom2anyUZxbflQN6REFd0JO1s7KG7GmLBUGT3LpUqKD2LLaqJ+Pn1Vld
74dwh7X7aN1uY43q66u8qu30ntKDHv54/kWYCP8WKh0yW7kdXwYBs7tWqmo9QgrR
loajE2dhXXIZKJWuZPF8ga/Y24bT9JBLaTzA+kDnAF9KgPIQJzzUayrzP1tr3UI7
2ZUOrsMsXia+69w5Mue57YkweAmkQW8R5STrexUeGySzuW+yxCEpinQwhjDEokI0
Pg+0fV5/x3gHhcHxajb2k8Q=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:18 2023 by rpki-client on console-ams.rpki-client.org