Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NnDI7AOlr23XR7IK2nqG32SRPSU.roa
File: NnDI7AOlr23XR7IK2nqG32SRPSU.roa (raw, json)
Hash identifier: Lm27qwuvbN+ojbp+m40C3yl3/q36VaK4aBTNhdGlEhI=
Subject key identifier: 36:70:C8:EC:03:A5:AF:6D:D7:47:B2:0A:DA:7A:86:DF:64:91:3D:25
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35B5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NnDI7AOlr23XR7IK2nqG32SRPSU.roa
Signing time: Sun 31 Mar 2024 04:52:09 +0000
ROA not before: Sun 31 Mar 2024 04:52:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13749 (0x35b5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 04:52:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3670C8EC03A5AF6DD747B20ADA7A86DF64913D25
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:2a:2d:79:37:46:36:ec:a3:1c:6a:1b:91:2e:
37:a9:2b:40:f1:c0:84:4c:02:7e:9c:2b:cf:7f:35:
04:fb:38:27:ad:1c:31:27:85:15:46:cf:6c:21:20:
27:f6:76:e4:0c:3b:bb:45:bf:de:a3:9f:42:d5:80:
77:66:d9:42:cd:43:14:4e:6e:e0:12:d6:e5:3b:76:
48:f8:bd:54:30:1b:2f:39:96:00:37:01:22:df:e3:
b2:d6:45:02:72:d1:c2:03:f0:0b:b7:44:33:10:aa:
a8:14:5f:85:95:62:9f:f5:ec:a2:44:4a:87:86:05:
b4:38:6e:0c:38:7a:17:f5:20:c1:95:12:89:2c:f0:
96:5d:f5:4b:e9:3a:6f:7c:03:63:15:b0:0c:df:9c:
c8:43:be:31:53:cb:20:55:c6:7c:c6:e3:6e:74:46:
e7:e0:11:5f:c3:02:a4:b3:65:ac:6a:0a:2b:4f:37:
a3:3a:22:37:50:c9:7c:55:eb:93:68:d8:a9:e1:71:
0a:2f:7a:0b:0b:ba:ee:ce:e6:b9:0c:a4:94:96:cd:
2f:b7:cf:f1:cb:fc:3d:9b:e0:06:b1:11:2a:ec:73:
99:93:24:02:8d:bf:6e:bd:dd:bc:ea:82:e2:ca:87:
97:67:68:24:5d:d1:ca:79:3f:41:82:01:96:8b:55:
76:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:70:C8:EC:03:A5:AF:6D:D7:47:B2:0A:DA:7A:86:DF:64:91:3D:25
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NnDI7AOlr23XR7IK2nqG32SRPSU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
a4:e0:fb:c6:50:e0:01:c1:19:a7:a4:af:b8:8c:46:cc:5a:da:
69:81:c3:08:db:03:ba:92:65:cb:18:8c:b3:cf:49:02:7d:01:
38:ef:fc:45:61:dc:29:b1:24:ce:8d:73:b3:7f:72:30:35:a9:
45:ff:44:cd:af:7d:90:f9:55:73:46:64:ba:c1:78:40:a9:80:
e4:e5:ea:f2:30:9f:b3:86:05:ac:75:5e:bb:67:1a:bf:a4:7d:
13:e6:0b:7b:b2:da:c4:3f:91:8e:ac:58:37:b3:22:71:7f:68:
40:e5:ee:57:ec:44:71:99:0b:6e:bd:58:3b:5e:99:30:16:6b:
09:55:2a:15:2f:f6:90:05:78:14:67:9d:cb:81:7f:c9:3d:c4:
40:17:65:90:65:93:be:62:78:ee:44:2a:6c:91:23:40:63:b5:
c5:3f:ba:1c:9e:47:f7:04:ee:cf:26:05:af:2f:db:55:bb:f4:
61:8e:1f:c7:0b:9e:39:1a:03:8d:36:b1:b3:db:73:6b:08:23:
b8:c6:9e:79:66:b5:23:ff:35:48:ef:f2:70:6d:ea:3a:58:62:
55:53:e7:85:db:b6:3d:3f:01:c5:34:6b:93:3d:05:db:06:7d:
fb:28:e2:c5:0b:d6:98:92:ca:33:f1:35:a0:54:03:5c:9c:f1:
42:9b:56:29
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNbUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEw
NDUyMDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM2NzBDOEVDMDNBNUFG
NkRENzQ3QjIwQURBN0E4NkRGNjQ5MTNEMjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCrKi15N0Y27KMcahuRLjepK0DxwIRMAn6cK89/NQT7OCetHDEn
hRVGz2whICf2duQMO7tFv96jn0LVgHdm2ULNQxRObuAS1uU7dkj4vVQwGy85lgA3
ASLf47LWRQJy0cID8Au3RDMQqqgUX4WVYp/17KJESoeGBbQ4bgw4ehf1IMGVEoks
8JZd9UvpOm98A2MVsAzfnMhDvjFTyyBVxnzG4250RufgEV/DAqSzZaxqCitPN6M6
IjdQyXxV65No2KnhcQovegsLuu7O5rkMpJSWzS+3z/HL/D2b4AaxESrsc5mTJAKN
v2693bzqguLKh5dnaCRd0cp5P0GCAZaLVXZRAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUNnDI7AOlr23XR7IK2nqG32SRPSUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L05uREk3QU9scjIzWFI3
SUsybnFHMzJTUlBTVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKTg+8ZQ4AHBGaek
r7iMRsxa2mmBwwjbA7qSZcsYjLPPSQJ9ATjv/EVh3CmxJM6Nc7N/cjA1qUX/RM2v
fZD5VXNGZLrBeECpgOTl6vIwn7OGBax1XrtnGr+kfRPmC3uy2sQ/kY6sWDezInF/
aEDl7lfsRHGZC269WDtemTAWawlVKhUv9pAFeBRnncuBf8k9xEAXZZBlk75ieO5E
KmyRI0BjtcU/uhyeR/cE7s8mBa8v21W79GGOH8cLnjkaA402sbPbc2sII7jGnnlm
tSP/NUjv8nBt6jpYYlVT54Xbtj0/AcU0a5M9BdsGffso4sUL1piSyjPxNaBUA1yc
8UKbVik=
-----END CERTIFICATE-----
Generated at Sat Jun 21 09:54:57 2025 by rpki-client