Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Wa8UKj-4wzjsNU5ZvyXC6bL3Kp8.roa
File: Wa8UKj-4wzjsNU5ZvyXC6bL3Kp8.roa (raw, json)
Hash identifier: Jc4oY0lSsBYwKkOTV5Yy1Yxt7sX9UD3gSkVMIGFj9Tc=
Subject key identifier: 59:AF:14:2A:3F:B8:C3:38:EC:35:4E:59:BF:25:C2:E9:B2:F7:2A:9F
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 24AD
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Wa8UKj-4wzjsNU5ZvyXC6bL3Kp8.roa
Signing time: Tue 10 Jun 2025 22:09:07 +0000
ROA not before: Tue 10 Jun 2025 22:09:07 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9389 (0x24ad)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 10 22:09:07 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=59AF142A3FB8C338EC354E59BF25C2E9B2F72A9F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:b6:49:6e:30:6b:82:43:fd:fd:80:86:33:20:
e7:f5:dd:3d:aa:ca:c2:b8:f5:17:d9:1d:00:c5:05:
81:b8:a5:74:c1:f5:99:0f:eb:d1:cf:c4:bd:f8:49:
81:73:7d:59:cf:a6:79:92:1a:cb:9a:64:28:33:b8:
0e:bd:1a:1c:5e:1b:62:28:1d:22:0c:7c:c7:e1:99:
6b:6a:32:d3:a0:bb:fa:cc:2e:42:24:4b:f5:2f:25:
02:3a:bf:dc:17:d6:bc:d5:78:cb:c6:16:60:ad:62:
0d:5e:80:7c:74:0a:81:5f:e0:cf:74:c2:99:e7:f7:
f5:54:1a:29:00:fc:e9:ae:65:86:b5:7b:33:8c:df:
f4:45:87:d4:7e:f1:33:36:c4:be:5f:9c:d8:c2:2f:
6d:c6:f0:a2:10:1d:2b:a6:d9:44:14:5c:49:ac:57:
f4:68:03:ec:56:22:43:dd:a4:91:f6:dd:8a:f6:41:
2d:40:9f:e0:92:9e:95:e2:5e:0f:c7:ce:ee:bd:da:
84:bd:ad:01:ad:21:24:e0:ea:db:c6:5d:56:fc:eb:
0a:de:94:69:51:11:88:0e:45:c1:6b:ae:2a:8e:ee:
f3:f0:ab:54:e4:67:ca:1b:62:04:44:3e:41:d4:ba:
68:18:ad:34:f9:f1:e0:bc:d4:64:c3:de:19:69:5d:
45:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:AF:14:2A:3F:B8:C3:38:EC:35:4E:59:BF:25:C2:E9:B2:F7:2A:9F
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Wa8UKj-4wzjsNU5ZvyXC6bL3Kp8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
88:97:ba:4b:e3:c4:9b:6d:21:ac:4b:58:71:f4:fb:e0:c3:98:
8a:f4:d2:f2:df:d3:97:0a:12:e9:0a:cb:5a:8c:7b:42:6d:54:
31:c2:30:45:ef:4e:44:9b:48:04:95:40:0f:cb:20:92:ee:4f:
00:0a:c4:41:f9:d8:1f:47:32:66:e8:88:1a:ad:e1:e9:11:ee:
76:4c:2d:ce:1a:c9:00:59:5b:71:8b:78:81:73:a9:52:b9:5b:
8b:dc:ca:45:b9:da:cf:5d:2d:fd:44:5b:93:3a:10:4c:53:17:
8e:18:21:d6:d7:a7:c1:89:01:ff:a9:6b:47:27:71:5a:8e:85:
ee:57:be:57:82:bc:5a:b1:24:c4:8d:9d:af:10:0c:f9:28:c3:
21:08:ee:41:d2:c0:20:d5:a5:3f:5f:b3:bb:84:74:2a:13:85:
66:a0:02:4b:8b:01:4b:a9:2e:8a:ea:f9:87:70:7d:7b:98:38:
ca:b3:53:ab:88:b7:88:82:4d:54:69:38:af:2c:b7:ed:f1:be:
99:02:f4:ef:c3:20:37:0d:d9:72:cd:8d:55:63:19:46:1a:50:
52:4c:d3:87:7b:c9:1b:d1:ae:31:ba:5e:33:47:3d:4c:77:3b:
fb:12:d0:8e:88:27:9a:79:ef:95:27:f4:24:c0:74:d2:32:58:
33:3f:ba:a8
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJK0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTAy
MjA5MDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU5QUYxNDJBM0ZCOEMz
MzhFQzM1NEU1OUJGMjVDMkU5QjJGNzJBOUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVtkluMGuCQ/39gIYzIOf13T2qysK49RfZHQDFBYG4pXTB9ZkP
69HPxL34SYFzfVnPpnmSGsuaZCgzuA69GhxeG2IoHSIMfMfhmWtqMtOgu/rMLkIk
S/UvJQI6v9wX1rzVeMvGFmCtYg1egHx0CoFf4M90wpnn9/VUGikA/OmuZYa1ezOM
3/RFh9R+8TM2xL5fnNjCL23G8KIQHSum2UQUXEmsV/RoA+xWIkPdpJH23Yr2QS1A
n+CSnpXiXg/Hzu692oS9rQGtISTg6tvGXVb86wrelGlREYgORcFrriqO7vPwq1Tk
Z8obYgREPkHUumgYrTT58eC81GTD3hlpXUU7AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUWa8UKj+4wzjsNU5ZvyXC6bL3Kp8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvV2E4VUtqLTR3empz
TlU1WnZ5WEM2YkwzS3A4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIiXukvjxJttIaxLWHH0++DDmIr0
0vLf05cKEukKy1qMe0JtVDHCMEXvTkSbSASVQA/LIJLuTwAKxEH52B9HMmboiBqt
4ekR7nZMLc4ayQBZW3GLeIFzqVK5W4vcykW52s9dLf1EW5M6EExTF44YIdbXp8GJ
Af+pa0cncVqOhe5XvleCvFqxJMSNna8QDPkowyEI7kHSwCDVpT9fs7uEdCoThWag
AkuLAUupLorq+YdwfXuYOMqzU6uIt4iCTVRpOK8st+3xvpkC9O/DIDcN2XLNjVVj
GUYaUFJM04d7yRvRrjG6XjNHPUx3O/sS0I6IJ5p575Un9CTAdNIyWDM/uqg=
-----END CERTIFICATE-----
Generated at Sat Jun 21 05:11:23 2025 by rpki-client