Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2620/kL7BXOVSEqv4pv7k7S2vuCeaKN4.roa
File: kL7BXOVSEqv4pv7k7S2vuCeaKN4.roa (raw, json)
Hash identifier: MsNx+/cWYgFL+xQO0TGNK0mvMOQr9/WEcDEv4Opq+wc=
Subject key identifier: 90:BE:C1:5C:E5:52:12:AB:F8:A6:FE:E4:ED:2D:AF:B8:27:9A:28:DE
Certificate issuer: /CN=CDEF7111DE98BD756D92B34D394DA2D39EFF9B8E
Certificate serial: 19F8
Authority key identifier: CD:EF:71:11:DE:98:BD:75:6D:92:B3:4D:39:4D:A2:D3:9E:FF:9B:8E
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/ze9xEd6YvXVtkrNNOU2i057_m44.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/kL7BXOVSEqv4pv7k7S2vuCeaKN4.roa
Signing time: Mon 26 Jan 2026 06:53:00 +0000
ROA not before: Mon 26 Jan 2026 06:53:00 +0000
ROA not after: Sat 09 Jan 2027 08:23:18 +0000
asID: 58593
IP address blocks: 103.9.10.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6648 (0x19f8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=CDEF7111DE98BD756D92B34D394DA2D39EFF9B8E
Validity
Not Before: Jan 26 06:53:00 2026 GMT
Not After : Jan 9 08:23:18 2027 GMT
Subject: CN=90BEC15CE55212ABF8A6FEE4ED2DAFB8279A28DE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:4b:88:a2:5e:74:f2:47:be:ca:84:67:85:82:
eb:6d:8d:d8:84:6e:3e:84:2e:00:6a:c7:0f:af:ff:
17:b6:e4:ac:24:c1:b9:11:08:f4:e0:4f:79:d0:46:
54:74:1b:a1:6c:19:00:2f:35:bd:f5:cd:3c:d3:bf:
ed:22:48:bd:b3:65:b7:9d:28:e7:1c:0d:cf:ba:69:
67:cc:3b:6a:28:4e:e5:a8:a8:30:5d:bb:af:67:a1:
8e:48:ca:16:1a:ba:e8:10:e9:df:dc:12:15:d6:0b:
17:90:b7:82:2b:2b:6e:ad:94:21:6f:13:7f:b9:26:
f1:e1:92:ac:21:2c:61:a3:bc:37:83:9d:33:c5:5e:
38:67:e1:54:cb:8f:ff:eb:1a:a4:31:ae:fa:56:7d:
05:e3:e0:b3:c1:87:39:14:64:a4:4b:72:16:56:dc:
a3:f8:22:7e:9d:41:19:a7:3e:9c:0e:49:aa:f6:bf:
58:a3:47:3f:53:c3:eb:89:4d:34:ad:23:78:5c:6a:
c1:d3:a3:ec:ab:2e:c7:93:82:dd:b6:c6:94:48:d0:
72:9f:8e:53:54:db:5b:cb:6c:41:20:9a:d0:51:80:
1e:3a:7d:b0:4c:99:08:c4:1c:eb:e7:31:fb:55:85:
1e:56:7b:09:95:d2:ad:f7:2d:55:9d:3d:c4:6b:d4:
57:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:BE:C1:5C:E5:52:12:AB:F8:A6:FE:E4:ED:2D:AF:B8:27:9A:28:DE
X509v3 Authority Key Identifier:
keyid:CD:EF:71:11:DE:98:BD:75:6D:92:B3:4D:39:4D:A2:D3:9E:FF:9B:8E
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/ze9xEd6YvXVtkrNNOU2i057_m44.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/ze9xEd6YvXVtkrNNOU2i057_m44.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/kL7BXOVSEqv4pv7k7S2vuCeaKN4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
103.9.10.0/24
Signature Algorithm: sha256WithRSAEncryption
4d:c3:7a:7c:e2:4e:cd:0d:77:00:74:49:44:11:d7:e8:59:50:
5a:27:0b:47:58:da:22:5f:e4:74:f4:e5:99:c6:98:a2:ff:dd:
4c:02:bc:55:13:0a:c9:a3:f2:d3:b9:a5:e8:88:d8:4a:68:9a:
e1:33:13:9b:ac:54:a0:e6:41:e8:ac:99:5a:87:61:46:12:0c:
55:aa:38:81:35:de:aa:b4:b2:19:fd:42:c7:22:e0:1d:3e:bd:
4e:9f:8c:9f:aa:74:d3:38:a6:94:70:c2:08:b3:0e:57:f8:2b:
31:ed:64:0e:1f:5c:62:9d:e2:00:40:28:97:f4:e4:77:3b:2f:
87:93:a2:94:c6:c1:99:1d:a5:d2:b4:2e:b1:3d:8a:20:e1:b2:
03:24:29:99:fa:23:1f:24:93:01:21:8e:60:2e:ef:ee:f0:39:
b1:ca:ea:2d:61:bb:7e:bd:8c:07:c0:79:cb:a9:37:f0:7f:9f:
ef:39:da:6e:1d:8b:bd:d1:67:20:79:c7:9a:7a:a4:1d:ec:0b:
5c:0a:10:bb:d0:36:23:4f:9b:41:e5:5f:2e:2b:33:03:f4:1a:
3b:a2:a6:66:d1:b4:99:bb:d1:1c:e8:aa:13:12:fe:35:5e:b2:
87:10:dc:a1:5d:10:d1:8b:2b:55:ca:fd:0a:bf:09:60:c7:21:
0d:40:0a:c2
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICGfgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQ0RF
RjcxMTFERTk4QkQ3NTZEOTJCMzREMzk0REEyRDM5RUZGOUI4RTAeFw0yNjAxMjYw
NjUzMDBaFw0yNzAxMDkwODIzMThaMDMxMTAvBgNVBAMTKDkwQkVDMTVDRTU1MjEy
QUJGOEE2RkVFNEVEMkRBRkI4Mjc5QTI4REUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzS4iiXnTyR77KhGeFguttjdiEbj6ELgBqxw+v/xe25KwkwbkR
CPTgT3nQRlR0G6FsGQAvNb31zTzTv+0iSL2zZbedKOccDc+6aWfMO2ooTuWoqDBd
u69noY5IyhYauugQ6d/cEhXWCxeQt4IrK26tlCFvE3+5JvHhkqwhLGGjvDeDnTPF
Xjhn4VTLj//rGqQxrvpWfQXj4LPBhzkUZKRLchZW3KP4In6dQRmnPpwOSar2v1ij
Rz9Tw+uJTTStI3hcasHTo+yrLseTgt22xpRI0HKfjlNU21vLbEEgmtBRgB46fbBM
mQjEHOvnMftVhR5WewmV0q33LVWdPcRr1FdFAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUkL7BXOVSEqv4pv7k7S2vuCeaKN4wHwYDVR0jBBgwFoAUze9xEd6YvXVtkrNN
OU2i057/m44wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjYy
MC96ZTl4RWQ2WXZYVnRrck5OT1UyaTA1N19tNDQuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL3plOXhFZDZZdlhWdGtyTk5PVTJpMDU3X200NC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2MjAva0w3QlhPVlNFcXY0
cHY3azdTMnZ1Q2VhS040LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAGcJCjANBgkqhkiG9w0BAQsFAAOCAQEATcN6fOJOzQ13AHRJRBHX6FlQWicL
R1jaIl/kdPTlmcaYov/dTAK8VRMKyaPy07ml6IjYSmia4TMTm6xUoOZB6KyZWodh
RhIMVao4gTXeqrSyGf1CxyLgHT69Tp+Mn6p00zimlHDCCLMOV/grMe1kDh9cYp3i
AEAol/Tkdzsvh5OilMbBmR2l0rQusT2KIOGyAyQpmfojHySTASGOYC7v7vA5scrq
LWG7fr2MB8B5y6k38H+f7znabh2LvdFnIHnHmnqkHewLXAoQu9A2I0+bQeVfLisz
A/QaO6KmZtG0mbvRHOiqExL+NV6yhxDcoV0Q0YsrVcr9Cr8JYMchDUAKwg==
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:47:17 2026 by rpki-client