Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2620/3h4UlH8rturnB4QapfzB-Bsm90k.roa
File: 3h4UlH8rturnB4QapfzB-Bsm90k.roa (raw, json)
Hash identifier: qQsALApbC/rcAJSFGaRv1cVh/mwWW7x3ZIWoHtT5m3c=
Subject key identifier: DE:1E:14:94:7F:2B:B6:EA:E7:07:84:1A:A5:FC:C1:F8:1B:26:F7:49
Certificate issuer: /CN=CDEF7111DE98BD756D92B34D394DA2D39EFF9B8E
Certificate serial: 19F3
Authority key identifier: CD:EF:71:11:DE:98:BD:75:6D:92:B3:4D:39:4D:A2:D3:9E:FF:9B:8E
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/ze9xEd6YvXVtkrNNOU2i057_m44.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/3h4UlH8rturnB4QapfzB-Bsm90k.roa
Signing time: Mon 26 Jan 2026 06:52:58 +0000
ROA not before: Mon 26 Jan 2026 06:52:58 +0000
ROA not after: Sat 09 Jan 2027 08:23:18 +0000
asID: 58593
IP address blocks: 42.159.128.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6643 (0x19f3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=CDEF7111DE98BD756D92B34D394DA2D39EFF9B8E
Validity
Not Before: Jan 26 06:52:58 2026 GMT
Not After : Jan 9 08:23:18 2027 GMT
Subject: CN=DE1E14947F2BB6EAE707841AA5FCC1F81B26F749
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:04:2f:07:3d:a1:86:e1:80:67:4c:8e:e3:94:
6f:37:10:1e:cd:38:4a:ea:60:92:e9:9b:f3:e6:a5:
eb:b2:e5:14:9b:80:6d:5c:6c:25:ac:38:24:5c:07:
a1:3e:c8:ca:53:28:ad:4b:d5:dc:23:c6:5e:9d:9d:
16:46:e1:60:10:9f:ee:91:7c:7f:2b:09:56:8b:c3:
44:a9:fa:c1:f5:bf:90:6d:d0:87:75:68:87:ae:23:
52:69:9d:10:b6:8e:e7:b6:99:c4:a3:e3:38:7b:5a:
4c:b6:59:11:f9:c0:9d:9c:09:65:4e:ac:24:8d:02:
87:27:1e:e8:ee:a9:86:b9:db:bb:ce:0e:ba:46:1d:
fd:bf:6e:63:58:8c:a1:21:c9:04:f8:79:7f:e6:3a:
7b:08:22:08:da:e4:e1:92:b4:bc:ed:84:e6:e4:2a:
c4:99:17:31:37:56:e0:49:c4:89:95:82:cc:9f:32:
89:de:e6:a3:e5:6d:52:5b:b1:fa:5f:51:7b:ba:86:
d0:13:0e:d3:13:f9:8e:15:f9:c0:dc:94:54:1c:f4:
77:c9:6d:38:d7:49:6e:a7:cf:ed:51:dc:e1:a1:ac:
be:fa:b9:1d:cd:af:ab:5a:6e:a0:de:85:07:db:f9:
ea:de:f7:21:d2:d3:d1:54:d2:1a:4e:58:19:8f:6c:
47:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:1E:14:94:7F:2B:B6:EA:E7:07:84:1A:A5:FC:C1:F8:1B:26:F7:49
X509v3 Authority Key Identifier:
keyid:CD:EF:71:11:DE:98:BD:75:6D:92:B3:4D:39:4D:A2:D3:9E:FF:9B:8E
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/ze9xEd6YvXVtkrNNOU2i057_m44.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/ze9xEd6YvXVtkrNNOU2i057_m44.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/3h4UlH8rturnB4QapfzB-Bsm90k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
42.159.128.0/24
Signature Algorithm: sha256WithRSAEncryption
d5:bb:9c:41:f1:7b:10:39:4d:40:66:a3:db:62:ff:13:d1:89:
2f:56:b1:38:39:1e:ef:77:67:3b:f0:7b:a6:29:45:00:95:30:
de:2c:2e:0f:20:a6:d8:fb:9b:98:e2:96:e0:19:b3:74:df:1e:
ec:13:38:86:a6:24:f8:40:03:4f:97:4e:1a:17:cd:80:12:e8:
91:8b:1b:d3:2c:26:dd:fd:fb:2f:57:d7:d4:e2:69:f7:ec:b0:
4e:cd:78:b5:de:23:8b:50:e8:45:93:18:71:fd:c3:81:33:e3:
b5:4f:0f:3c:07:4c:94:d8:e9:b4:7b:f2:b0:02:12:3c:e8:c6:
c3:94:96:6f:22:3b:89:bc:d6:7d:94:94:49:51:c1:ee:5a:69:
a7:a9:6b:9d:eb:b2:6e:ab:c8:80:03:ca:b3:4f:31:b5:e0:6d:
00:ba:47:61:a2:b8:45:86:a1:41:54:2a:fa:7a:87:a9:d7:a0:
af:a8:12:42:43:6b:64:ab:80:22:b8:b8:09:9c:38:2e:bd:96:
ce:fe:26:73:14:3a:54:63:5c:d5:52:2c:44:3b:3f:1f:f8:1a:
13:c4:04:83:57:ae:f8:51:61:41:50:32:ac:ad:b1:05:90:bc:
e0:f1:63:a2:e4:ae:63:8f:2e:1a:33:4f:20:bc:b6:68:17:76:
20:80:78:4a
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICGfMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQ0RF
RjcxMTFERTk4QkQ3NTZEOTJCMzREMzk0REEyRDM5RUZGOUI4RTAeFw0yNjAxMjYw
NjUyNThaFw0yNzAxMDkwODIzMThaMDMxMTAvBgNVBAMTKERFMUUxNDk0N0YyQkI2
RUFFNzA3ODQxQUE1RkNDMUY4MUIyNkY3NDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCuBC8HPaGG4YBnTI7jlG83EB7NOErqYJLpm/Pmpeuy5RSbgG1c
bCWsOCRcB6E+yMpTKK1L1dwjxl6dnRZG4WAQn+6RfH8rCVaLw0Sp+sH1v5Bt0Id1
aIeuI1JpnRC2jue2mcSj4zh7Wky2WRH5wJ2cCWVOrCSNAocnHujuqYa527vODrpG
Hf2/bmNYjKEhyQT4eX/mOnsIIgja5OGStLzthObkKsSZFzE3VuBJxImVgsyfMone
5qPlbVJbsfpfUXu6htATDtMT+Y4V+cDclFQc9HfJbTjXSW6nz+1R3OGhrL76uR3N
r6tabqDehQfb+ere9yHS09FU0hpOWBmPbEepAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQU3h4UlH8rturnB4QapfzB+Bsm90kwHwYDVR0jBBgwFoAUze9xEd6YvXVtkrNN
OU2i057/m44wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjYy
MC96ZTl4RWQ2WXZYVnRrck5OT1UyaTA1N19tNDQuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL3plOXhFZDZZdlhWdGtyTk5PVTJpMDU3X200NC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2MjAvM2g0VWxIOHJ0dXJu
QjRRYXBmekItQnNtOTBrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEACqfgDANBgkqhkiG9w0BAQsFAAOCAQEA1bucQfF7EDlNQGaj22L/E9GJL1ax
ODke73dnO/B7pilFAJUw3iwuDyCm2PubmOKW4BmzdN8e7BM4hqYk+EADT5dOGhfN
gBLokYsb0ywm3f37L1fX1OJp9+ywTs14td4ji1DoRZMYcf3DgTPjtU8PPAdMlNjp
tHvysAISPOjGw5SWbyI7ibzWfZSUSVHB7lppp6lrneuybqvIgAPKs08xteBtALpH
YaK4RYahQVQq+nqHqdegr6gSQkNrZKuAIri4CZw4Lr2Wzv4mcxQ6VGNc1VIsRDs/
H/gaE8QEg1eu+FFhQVAyrK2xBZC84PFjouSuY48uGjNPILy2aBd2IIB4Sg==
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:45:53 2026 by rpki-client