Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2154/hLY4RJ8LzPh0Lkk02qjHRzc5GfQ.roa
File: hLY4RJ8LzPh0Lkk02qjHRzc5GfQ.roa (raw, json)
Hash identifier: Q+KpZ+R+AE/KrTcEOszITKq1nc6PTLOmSwHuQcEJWb8=
Subject key identifier: 84:B6:38:44:9F:0B:CC:F8:74:2E:49:34:DA:A8:C7:47:37:39:19:F4
Certificate issuer: /CN=E502DE2C6086A66284B80CDB7B5AC0C12CC3F3C2
Certificate serial: 0822
Authority key identifier: E5:02:DE:2C:60:86:A6:62:84:B8:0C:DB:7B:5A:C0:C1:2C:C3:F3:C2
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/5QLeLGCGpmKEuAzbe1rAwSzD88I.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2154/hLY4RJ8LzPh0Lkk02qjHRzc5GfQ.roa
Signing time: Sat 13 Sep 2025 03:04:07 +0000
ROA not before: Sat 13 Sep 2025 03:04:07 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 63631
IP address blocks: 119.161.152.0/21 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2082 (0x822)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=E502DE2C6086A66284B80CDB7B5AC0C12CC3F3C2
Validity
Not Before: Sep 13 03:04:07 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=84B638449F0BCCF8742E4934DAA8C747373919F4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:dd:45:cd:bb:d2:8a:74:82:9c:bc:83:2f:d9:
6d:f3:6d:4c:dc:ec:34:a0:d8:37:80:22:01:5f:ac:
33:f1:c4:59:f9:ba:14:2d:e7:d6:9d:4a:dc:71:8a:
76:ae:b2:6b:d7:ba:70:be:3d:1f:ec:91:22:f9:6b:
0f:2a:e2:ae:ed:2f:6d:40:33:1d:77:a1:d7:a8:32:
d1:3e:ac:82:6f:e4:0f:bc:c2:4e:b5:c1:d1:43:75:
3b:4e:a6:af:89:b8:ba:cc:eb:67:bc:56:aa:b5:e3:
01:16:c6:05:e1:14:41:eb:fe:44:41:18:0c:8e:11:
f6:d7:bf:25:42:7a:e4:60:fb:9a:9b:9f:63:de:f2:
8f:09:8b:55:64:ea:26:82:0c:cf:8d:78:9a:aa:57:
11:12:90:cb:f3:d4:4f:a1:b5:ca:11:45:b9:b9:e8:
78:66:4e:e9:ec:ba:ef:8c:a6:4c:87:93:bd:44:a3:
88:0e:46:6f:16:a7:0c:f9:9d:1d:3a:3c:f8:a9:2c:
d8:a0:cc:19:22:e1:f1:94:85:77:34:c5:6a:f7:12:
ea:b6:d0:7e:a3:e5:5d:85:dc:cd:19:91:61:c4:dc:
58:f9:80:ed:7b:55:dc:5e:4b:35:03:5f:a4:ab:d3:
e2:d9:ce:ce:52:74:cc:b0:61:fb:76:b5:34:05:27:
2b:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:B6:38:44:9F:0B:CC:F8:74:2E:49:34:DA:A8:C7:47:37:39:19:F4
X509v3 Authority Key Identifier:
keyid:E5:02:DE:2C:60:86:A6:62:84:B8:0C:DB:7B:5A:C0:C1:2C:C3:F3:C2
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2154/5QLeLGCGpmKEuAzbe1rAwSzD88I.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/5QLeLGCGpmKEuAzbe1rAwSzD88I.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2154/hLY4RJ8LzPh0Lkk02qjHRzc5GfQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.161.152.0/21
Signature Algorithm: sha256WithRSAEncryption
57:3b:9d:a9:32:f0:1d:10:fa:f6:a4:b8:f2:d8:52:6a:1a:4a:
8c:53:9d:d9:af:70:10:87:2c:ac:6d:14:59:97:3d:d9:79:01:
4d:23:dd:a3:04:ec:33:ed:65:da:d9:df:71:4f:21:07:3c:1e:
1b:3c:d9:73:48:2d:e5:f8:a7:6d:cc:a6:5b:c2:44:39:89:f6:
83:31:51:ef:3c:c3:b1:5b:ff:ad:a9:bb:0a:c6:b8:e2:59:57:
1e:de:84:3c:5b:33:df:4b:1d:7b:1f:35:7c:58:a7:e3:70:ae:
f0:32:06:37:bd:85:7b:64:a4:70:a9:c5:02:dc:6c:d1:5b:66:
f5:6a:9f:08:22:8e:14:1a:af:4d:68:d1:a9:fe:25:8b:62:32:
7a:55:dc:87:b4:bc:30:e4:da:26:32:1e:96:af:a1:d7:e7:ee:
21:29:a5:19:ac:eb:7b:44:61:52:d7:cc:f4:86:da:9e:76:86:
cb:30:13:7b:36:f3:fc:e9:53:51:ad:7f:b7:76:46:6c:38:c9:
ef:c4:2a:83:0a:10:25:e1:5c:9e:61:69:eb:06:df:4c:da:b6:
37:9b:5b:59:37:d7:6d:61:f9:16:7b:01:d1:89:16:c2:37:b5:
8a:07:b0:aa:b7:ef:86:2e:e5:f1:9b:a2:bf:b4:4d:5b:09:48:
ca:4f:1b:f9
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICCCIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRTUw
MkRFMkM2MDg2QTY2Mjg0QjgwQ0RCN0I1QUMwQzEyQ0MzRjNDMjAeFw0yNTA5MTMw
MzA0MDdaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDg0QjYzODQ0OUYwQkND
Rjg3NDJFNDkzNERBQThDNzQ3MzczOTE5RjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDF3UXNu9KKdIKcvIMv2W3zbUzc7DSg2DeAIgFfrDPxxFn5uhQt
59adStxxinausmvXunC+PR/skSL5aw8q4q7tL21AMx13odeoMtE+rIJv5A+8wk61
wdFDdTtOpq+JuLrM62e8Vqq14wEWxgXhFEHr/kRBGAyOEfbXvyVCeuRg+5qbn2Pe
8o8Ji1Vk6iaCDM+NeJqqVxESkMvz1E+htcoRRbm56HhmTunsuu+MpkyHk71Eo4gO
Rm8Wpwz5nR06PPipLNigzBki4fGUhXc0xWr3Euq20H6j5V2F3M0ZkWHE3Fj5gO17
VdxeSzUDX6Sr0+LZzs5SdMywYft2tTQFJysBAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUhLY4RJ8LzPh0Lkk02qjHRzc5GfQwHwYDVR0jBBgwFoAU5QLeLGCGpmKEuAzb
e1rAwSzD88IwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjE1
NC81UUxlTEdDR3BtS0V1QXpiZTFyQXdTekQ4OEkuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzVRTGVMR0NHcG1LRXVBemJlMXJBd1N6RDg4SS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzIxNTQvaExZNFJKOEx6UGgw
TGtrMDJxakhSemM1R2ZRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEA3ehmDANBgkqhkiG9w0BAQsFAAOCAQEAVzudqTLwHRD69qS48thSahpKjFOd
2a9wEIcsrG0UWZc92XkBTSPdowTsM+1l2tnfcU8hBzweGzzZc0gt5finbcymW8JE
OYn2gzFR7zzDsVv/ram7Csa44llXHt6EPFsz30sdex81fFin43Cu8DIGN72Fe2Sk
cKnFAtxs0Vtm9WqfCCKOFBqvTWjRqf4li2IyelXch7S8MOTaJjIelq+h1+fuISml
Gazre0RhUtfM9IbannaGyzATezbz/OlTUa1/t3ZGbDjJ78QqgwoQJeFcnmFp6wbf
TNq2N5tbWTfXbWH5FnsB0YkWwje1igewqrfvhi7l8Zuiv7RNWwlIyk8b+Q==
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:15:07 2025 by rpki-client