Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/577/NFVoQdREXTB0bCsZufcYwG2cFco.roa
File: NFVoQdREXTB0bCsZufcYwG2cFco.roa (raw, json)
Hash identifier: hi+NKH9f8AHlWuPGB5QXrWENIFdL1u25qXwOrekFMeg=
Subject key identifier: 34:55:68:41:D4:44:5D:30:74:6C:2B:19:B9:F7:18:C0:6D:9C:15:CA
Certificate issuer: /CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Certificate serial: 185D
Authority key identifier: 75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/NFVoQdREXTB0bCsZufcYwG2cFco.roa
Signing time: Fri 17 Jan 2025 01:24:58 +0000
ROA not before: Fri 17 Jan 2025 01:24:58 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 138527
IP address blocks: 103.220.252.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6237 (0x185d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Validity
Not Before: Jan 17 01:24:58 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=34556841D4445D30746C2B19B9F718C06D9C15CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:2c:d4:98:da:9d:7a:af:08:b7:ef:ee:ab:3d:
48:b9:ed:94:35:c6:05:dc:28:07:fa:00:dd:cf:5d:
28:b7:0a:5b:e3:7c:48:38:ef:dd:a7:ef:a9:a3:36:
c4:29:3b:31:d6:dc:67:a3:c3:5d:75:86:83:03:b6:
aa:56:ec:92:48:9d:4b:aa:34:13:01:2f:07:b9:09:
ba:4c:c6:d7:a6:11:98:4d:a3:14:95:0f:68:8f:63:
b3:54:02:cb:a1:3f:17:43:f3:c0:73:6b:31:ba:e6:
54:30:12:e7:82:9d:58:13:66:45:92:43:04:e8:c5:
1e:b8:7d:9e:75:9c:92:7d:86:0a:4a:8d:a3:c1:37:
5b:4a:18:83:9e:9a:30:99:d4:20:6d:2c:b7:3d:7d:
70:d4:50:d9:1f:ac:23:30:9c:9c:95:7b:cf:15:82:
a0:a8:3a:45:83:85:73:ef:78:de:f9:4b:15:bc:f5:
a0:e4:32:42:d2:11:0d:f3:af:cf:1d:45:fc:e3:bc:
d2:b6:dd:3c:d8:b8:7d:36:11:69:73:4f:1b:4a:66:
53:88:b3:69:0e:ca:68:25:8a:f3:96:ee:a0:94:99:
9f:a6:b3:9c:68:3a:b5:6c:71:8e:f7:99:53:1b:25:
91:87:32:85:a5:9d:86:8b:07:8c:fa:4f:f3:e3:44:
3b:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:55:68:41:D4:44:5D:30:74:6C:2B:19:B9:F7:18:C0:6D:9C:15:CA
X509v3 Authority Key Identifier:
keyid:75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/NFVoQdREXTB0bCsZufcYwG2cFco.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
103.220.252.0/22
Signature Algorithm: sha256WithRSAEncryption
25:96:4c:08:51:a8:d7:a8:05:dc:e0:86:95:5f:5c:28:89:3a:
11:8f:6c:9b:2f:17:af:5a:76:15:9b:1d:82:58:a2:44:a8:40:
40:64:20:f6:e9:69:71:28:07:85:0b:1e:6c:bb:4f:64:a1:f7:
c6:b6:f3:2f:ad:bf:11:74:92:39:2a:44:5b:32:ad:49:2c:03:
e3:15:e3:43:c1:45:69:8d:a4:1b:4d:8f:49:44:56:99:77:1a:
37:61:90:0a:1c:b8:de:c1:56:f5:af:25:81:be:e8:32:d7:b3:
7d:3f:83:36:4e:ba:c5:42:bb:1c:99:f0:33:81:e0:68:96:eb:
4d:15:96:a6:3a:ef:a7:dc:88:13:1c:fa:02:a0:be:3c:12:0a:
2d:b7:b9:d9:a9:42:f2:fa:50:a5:14:8f:d7:bf:b8:2d:72:17:
74:1c:3e:cc:ce:7a:b4:79:b1:8b:40:e8:c2:e2:3e:16:c4:8c:
ac:28:a4:24:53:1c:6d:8e:c5:70:1d:8d:83:e7:b8:e2:35:da:
4d:ba:f7:5b:5c:c0:ef:39:be:45:05:5c:93:58:45:30:56:04:
ec:21:aa:f7:78:81:69:a1:22:eb:43:39:59:1c:6a:c1:16:1a:
77:ba:da:e6:f4:b4:e0:72:61:55:c9:70:12:8b:c0:14:b3:aa:
c1:3d:14:ca
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICGF0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzVC
NDcxNEM0RjYxQkVBMDRBMDJDRjlDRjU2M0FFMTM0RjQ3OUM4NTAeFw0yNTAxMTcw
MTI0NThaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDM0NTU2ODQxRDQ0NDVE
MzA3NDZDMkIxOUI5RjcxOEMwNkQ5QzE1Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMLNSY2p16rwi37+6rPUi57ZQ1xgXcKAf6AN3PXSi3ClvjfEg4
792n76mjNsQpOzHW3Gejw111hoMDtqpW7JJInUuqNBMBLwe5CbpMxtemEZhNoxSV
D2iPY7NUAsuhPxdD88BzazG65lQwEueCnVgTZkWSQwToxR64fZ51nJJ9hgpKjaPB
N1tKGIOemjCZ1CBtLLc9fXDUUNkfrCMwnJyVe88VgqCoOkWDhXPveN75SxW89aDk
MkLSEQ3zr88dRfzjvNK23TzYuH02EWlzTxtKZlOIs2kOymglivOW7qCUmZ+ms5xo
OrVscY73mVMbJZGHMoWlnYaLB4z6T/PjRDvlAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUNFVoQdREXTB0bCsZufcYwG2cFcowHwYDVR0jBBgwFoAUdbRxTE9hvqBKAs+c
9WOuE09HnIUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3
L2RiUnhURTlodnFCS0FzLWM5V091RTA5SG5JVS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZGJSeFRFOWh2cUJLQXMtYzlXT3VFMDlIbklVLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3L05GVm9RZFJFWFRCMGJD
c1p1ZmNZd0cyY0Zjby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAJn3PwwDQYJKoZIhvcNAQELBQADggEBACWWTAhRqNeoBdzghpVfXCiJOhGPbJsv
F69adhWbHYJYokSoQEBkIPbpaXEoB4ULHmy7T2Sh98a28y+tvxF0kjkqRFsyrUks
A+MV40PBRWmNpBtNj0lEVpl3GjdhkAocuN7BVvWvJYG+6DLXs30/gzZOusVCuxyZ
8DOB4GiW600VlqY676fciBMc+gKgvjwSCi23udmpQvL6UKUUj9e/uC1yF3QcPszO
erR5sYtA6MLiPhbEjKwopCRTHG2OxXAdjYPnuOI12k2691tcwO85vkUFXJNYRTBW
BOwhqvd4gWmhIutDOVkcasEWGne62ub0tOByYVXJcBKLwBSzqsE9FMo=
-----END CERTIFICATE-----
Generated at Fri Apr 4 18:34:31 2025 by rpki-client