Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/577/U-hJDQDP0VVmVHDH__qY5IklwMY.roa
File: U-hJDQDP0VVmVHDH__qY5IklwMY.roa (raw, json)
Hash identifier: VqsH8/Xxt5HrFD3JYMAc3iyMHt5SSeCa5IE9pt5f1yo=
Subject key identifier: 53:E8:49:0D:00:CF:D1:55:66:54:70:C7:FF:FA:98:E4:89:25:C0:C6
Certificate issuer: /CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Certificate serial: 189B
Authority key identifier: 75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/U-hJDQDP0VVmVHDH__qY5IklwMY.roa
Signing time: Fri 17 Jan 2025 01:25:18 +0000
ROA not before: Fri 17 Jan 2025 01:25:18 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 138527
IP address blocks: 103.221.20.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6299 (0x189b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Validity
Not Before: Jan 17 01:25:18 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=53E8490D00CFD155665470C7FFFA98E48925C0C6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:e6:2b:a5:17:74:f8:09:76:2d:93:a2:4c:22:
f8:76:a3:85:8c:01:d3:a8:f8:69:57:cc:37:b2:56:
19:41:e1:04:31:25:f8:b3:3d:35:2f:fc:42:72:ce:
63:49:9e:1e:2b:9a:7d:b5:6b:6c:17:f9:e1:f3:2a:
63:0b:0b:2c:5f:9e:44:6f:68:e2:d5:1e:5d:88:8a:
1e:0b:4b:76:b5:ae:b0:b2:a5:fc:e8:8e:db:d3:00:
76:d8:13:53:f3:05:b0:b9:8f:4a:e5:92:83:d5:3b:
d8:f1:05:32:99:b9:d0:3b:41:e6:9e:66:91:74:39:
e5:f8:92:05:6a:c7:42:76:ab:d8:2e:db:b3:4d:f6:
f4:9a:aa:49:17:96:71:a2:8c:ab:05:da:74:11:f4:
f7:0c:e9:bf:2f:9a:74:b1:21:64:3b:51:5a:e0:e8:
9b:dd:f3:5e:e1:53:fc:bf:2b:28:d1:10:35:27:64:
50:2d:b3:ef:d9:17:3c:80:b4:3d:55:78:0c:d0:79:
14:8b:e6:87:a6:61:ff:ba:6c:61:19:4e:70:f1:cb:
32:5b:f9:e4:54:57:8f:47:90:37:7d:e2:1a:3b:05:
2a:c1:ef:28:03:87:6f:ce:90:2a:26:65:a4:5c:fb:
ee:31:bd:f3:15:34:8b:33:fb:8d:29:bc:40:cc:42:
9e:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:E8:49:0D:00:CF:D1:55:66:54:70:C7:FF:FA:98:E4:89:25:C0:C6
X509v3 Authority Key Identifier:
keyid:75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/U-hJDQDP0VVmVHDH__qY5IklwMY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
103.221.20.0/22
Signature Algorithm: sha256WithRSAEncryption
c8:be:c5:7b:1f:b4:c7:f1:6c:00:1f:17:99:63:a7:37:19:cf:
81:e2:3e:78:fc:2b:81:99:f8:fa:68:35:ce:da:7f:a3:a1:c9:
1f:e3:3f:ca:58:af:9b:de:fe:74:67:ea:4e:e1:ae:53:1a:4a:
19:57:00:c5:4f:52:77:b8:4a:e0:dd:24:da:6e:ed:4d:94:92:
8f:b4:fc:88:1c:9f:22:7a:e3:e2:6f:bc:af:67:16:45:21:7f:
9f:6f:fa:b6:6f:03:b0:aa:52:63:84:f1:58:09:2d:0f:7a:ff:
62:ac:b5:26:ab:e8:03:78:1c:35:fb:0e:ca:eb:34:96:d5:2e:
bb:a5:04:4b:6f:2c:3a:f7:82:b8:00:8d:05:70:59:87:d4:48:
a9:c9:39:23:ff:c2:10:73:6b:50:56:ba:ff:e1:38:f1:19:be:
c2:dc:91:94:2c:6a:8f:a5:72:0f:fb:16:9e:dd:b3:7f:ba:a8:
5c:13:ee:78:58:65:ab:06:6e:82:ae:04:9e:51:80:3c:c0:34:
0d:3c:ea:52:6f:8a:53:5c:9f:f0:f4:29:2a:45:c7:80:ee:63:
ae:7a:19:fe:69:f3:7f:62:73:2e:69:c5:42:4e:f9:46:c9:40:
6e:ed:e5:18:62:ba:8e:a5:b6:55:68:9b:46:93:59:e7:26:9f:
c5:86:7e:b2
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICGJswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzVC
NDcxNEM0RjYxQkVBMDRBMDJDRjlDRjU2M0FFMTM0RjQ3OUM4NTAeFw0yNTAxMTcw
MTI1MThaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDUzRTg0OTBEMDBDRkQx
NTU2NjU0NzBDN0ZGRkE5OEU0ODkyNUMwQzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDh5iulF3T4CXYtk6JMIvh2o4WMAdOo+GlXzDeyVhlB4QQxJfiz
PTUv/EJyzmNJnh4rmn21a2wX+eHzKmMLCyxfnkRvaOLVHl2Iih4LS3a1rrCypfzo
jtvTAHbYE1PzBbC5j0rlkoPVO9jxBTKZudA7QeaeZpF0OeX4kgVqx0J2q9gu27NN
9vSaqkkXlnGijKsF2nQR9PcM6b8vmnSxIWQ7UVrg6Jvd817hU/y/KyjREDUnZFAt
s+/ZFzyAtD1VeAzQeRSL5oemYf+6bGEZTnDxyzJb+eRUV49HkDd94ho7BSrB7ygD
h2/OkComZaRc++4xvfMVNIsz+40pvEDMQp5nAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUU+hJDQDP0VVmVHDH//qY5IklwMYwHwYDVR0jBBgwFoAUdbRxTE9hvqBKAs+c
9WOuE09HnIUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3
L2RiUnhURTlodnFCS0FzLWM5V091RTA5SG5JVS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZGJSeFRFOWh2cUJLQXMtYzlXT3VFMDlIbklVLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3L1UtaEpEUURQMFZWbVZI
REhfX3FZNUlrbHdNWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAJn3RQwDQYJKoZIhvcNAQELBQADggEBAMi+xXsftMfxbAAfF5ljpzcZz4HiPnj8
K4GZ+PpoNc7af6OhyR/jP8pYr5ve/nRn6k7hrlMaShlXAMVPUne4SuDdJNpu7U2U
ko+0/IgcnyJ64+JvvK9nFkUhf59v+rZvA7CqUmOE8VgJLQ96/2KstSar6AN4HDX7
DsrrNJbVLrulBEtvLDr3grgAjQVwWYfUSKnJOSP/whBza1BWuv/hOPEZvsLckZQs
ao+lcg/7Fp7ds3+6qFwT7nhYZasGboKuBJ5RgDzANA086lJvilNcn/D0KSpFx4Du
Y656Gf5p839icy5pxUJO+UbJQG7t5Rhiuo6ltlVom0aTWecmn8WGfrI=
-----END CERTIFICATE-----
Generated at Fri Apr 11 11:24:28 2025 by rpki-client