Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/620/QacLlaf5jJEla-uQpBJed10p91o.roa
File: QacLlaf5jJEla-uQpBJed10p91o.roa (raw, json)
Hash identifier: NIgCMCHpzrVzr1bSwZBSrPWp5vwZBnWgUIGKUt4870s=
Subject key identifier: 41:A7:0B:95:A7:F9:8C:91:25:6B:EB:90:A4:12:5E:77:5D:29:F7:5A
Certificate issuer: /CN=309C2A943B28DC0858C39B9208A1609C0973E49A
Certificate serial: 04
Authority key identifier: 30:9C:2A:94:3B:28:DC:08:58:C3:9B:92:08:A1:60:9C:09:73:E4:9A
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/MJwqlDso3AhYw5uSCKFgnAlz5Jo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/QacLlaf5jJEla-uQpBJed10p91o.roa
Signing time: Mon 13 Jan 2025 01:41:49 +0000
ROA not before: Mon 13 Jan 2025 01:41:49 +0000
ROA not after: Tue 13 Jan 2026 01:35:26 +0000
asID: 142132
IP address blocks: 114.28.206.0/24 maxlen: 32
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=309C2A943B28DC0858C39B9208A1609C0973E49A
Validity
Not Before: Jan 13 01:41:49 2025 GMT
Not After : Jan 13 01:35:26 2026 GMT
Subject: CN=41A70B95A7F98C91256BEB90A4125E775D29F75A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:81:14:73:3f:ca:3b:fe:bb:a5:8c:66:33:37:
31:c6:73:cb:a1:43:b0:91:f9:75:48:1d:ff:dd:5b:
05:4f:f0:d5:b5:40:aa:b4:5b:3e:4a:73:43:90:9b:
2c:9d:40:ee:97:c0:51:a2:36:b3:7c:93:fa:9c:82:
18:0a:26:c3:63:11:7f:07:d0:26:d6:b8:75:1b:7a:
08:92:ee:a5:57:59:d6:37:0f:25:6d:fa:42:06:c5:
4e:53:03:e3:bb:b8:79:00:a7:cb:a7:62:de:40:76:
7c:a2:46:f4:be:35:67:c1:e7:3c:3b:75:9b:9b:73:
4d:e9:82:b3:98:3c:9d:a7:74:b2:66:ef:ab:d8:bf:
2e:84:e3:99:27:06:34:26:64:94:15:da:0d:c5:bc:
8f:30:ca:f2:a9:d3:be:5d:16:9c:6b:a4:17:73:f8:
dc:6d:b4:21:c4:80:31:c3:ba:55:e0:3e:f6:90:86:
4d:20:53:6c:27:04:9a:67:24:5d:87:86:f1:8a:b5:
48:d3:89:e6:a9:1d:8b:85:90:a4:66:82:41:8c:6d:
a3:bb:de:61:e5:78:5c:3f:57:bb:c4:db:b9:f4:00:
ad:72:e3:79:c6:c3:68:7f:37:23:61:a0:b0:2e:09:
3c:f3:f5:2b:b3:b8:70:08:77:cd:45:97:60:8f:96:
8a:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:A7:0B:95:A7:F9:8C:91:25:6B:EB:90:A4:12:5E:77:5D:29:F7:5A
X509v3 Authority Key Identifier:
keyid:30:9C:2A:94:3B:28:DC:08:58:C3:9B:92:08:A1:60:9C:09:73:E4:9A
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/MJwqlDso3AhYw5uSCKFgnAlz5Jo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/MJwqlDso3AhYw5uSCKFgnAlz5Jo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/QacLlaf5jJEla-uQpBJed10p91o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
114.28.206.0/24
Signature Algorithm: sha256WithRSAEncryption
5c:75:89:fc:7c:ec:22:84:55:b3:bd:8f:1c:e1:8e:25:42:1f:
e4:c6:96:b9:fe:80:53:4a:a2:51:46:ae:d6:ce:0f:ca:b8:0e:
30:9b:ed:1d:5a:08:ec:f0:ff:2b:b3:13:31:f2:4a:ce:fa:3a:
6d:34:f5:5e:89:4b:f9:b5:ef:7a:5a:d3:12:1e:e9:66:72:87:
e4:14:2e:6b:0a:48:60:21:d6:d8:b2:6d:88:2c:e6:16:98:c0:
a7:1c:6a:e7:51:08:8f:c8:64:38:53:cb:04:1b:af:9b:80:19:
28:a0:1f:3a:26:73:70:a9:e9:29:e6:4e:a1:28:87:b9:3e:86:
f2:0b:48:8d:83:7d:1d:4d:29:27:79:d5:6a:90:b9:cc:e2:bf:
7f:e0:54:42:83:a2:f5:67:52:2d:47:86:a5:06:06:26:96:92:
ff:ac:22:ba:8a:ba:6c:f7:b3:29:c8:5e:d9:52:ae:fb:1c:23:
cd:60:c7:32:6c:af:2a:53:b4:98:07:72:48:8d:4d:8b:c3:94:
e0:1a:5a:06:a9:65:4d:f0:cf:44:55:80:ac:99:a1:a4:10:ea:
79:4c:ac:69:bb:c3:6a:e3:2b:18:2c:48:ff:99:4f:59:51:4e:
32:39:b8:cf:a6:4e:1b:59:3a:38:10:aa:09:d2:0e:80:32:94:
a3:22:c3:37
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgIBBDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygzMDlD
MkE5NDNCMjhEQzA4NThDMzlCOTIwOEExNjA5QzA5NzNFNDlBMB4XDTI1MDExMzAx
NDE0OVoXDTI2MDExMzAxMzUyNlowMzExMC8GA1UEAxMoNDFBNzBCOTVBN0Y5OEM5
MTI1NkJFQjkwQTQxMjVFNzc1RDI5Rjc1QTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMKBFHM/yjv+u6WMZjM3McZzy6FDsJH5dUgd/91bBU/w1bVAqrRb
PkpzQ5CbLJ1A7pfAUaI2s3yT+pyCGAomw2MRfwfQJta4dRt6CJLupVdZ1jcPJW36
QgbFTlMD47u4eQCny6di3kB2fKJG9L41Z8HnPDt1m5tzTemCs5g8nad0smbvq9i/
LoTjmScGNCZklBXaDcW8jzDK8qnTvl0WnGukF3P43G20IcSAMcO6VeA+9pCGTSBT
bCcEmmckXYeG8Yq1SNOJ5qkdi4WQpGaCQYxto7veYeV4XD9Xu8TbufQArXLjecbD
aH83I2GgsC4JPPP1K7O4cAh3zUWXYI+WitECAwEAAaOCAfEwggHtMB0GA1UdDgQW
BBRBpwuVp/mMkSVr65CkEl53XSn3WjAfBgNVHSMEGDAWgBQwnCqUOyjcCFjDm5II
oWCcCXPkmjAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFwGA1UdHwRVMFMwUaBP
oE2GS3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC82MjAv
TUp3cWxEc28zQWhZdzV1U0NLRmduQWx6NUpvLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9NSndxbERzbzNBaFl3NXVTQ0tGZ25BbHo1Sm8uY2VyMA4GA1UdDwEB/wQE
AwIHgDCBnAYIKwYBBQUHAQsEgY8wgYwwVwYIKwYBBQUHMAuGS3JzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC82MjAvUWFjTGxhZjVqSkVsYS11
UXBCSmVkMTBwOTFvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNubmlj
LmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgME
AHIczjANBgkqhkiG9w0BAQsFAAOCAQEAXHWJ/HzsIoRVs72PHOGOJUIf5MaWuf6A
U0qiUUau1s4PyrgOMJvtHVoI7PD/K7MTMfJKzvo6bTT1XolL+bXvelrTEh7pZnKH
5BQuawpIYCHW2LJtiCzmFpjApxxq51EIj8hkOFPLBBuvm4AZKKAfOiZzcKnpKeZO
oSiHuT6G8gtIjYN9HU0pJ3nVapC5zOK/f+BUQoOi9WdSLUeGpQYGJpaS/6wiuoq6
bPezKche2VKu+xwjzWDHMmyvKlO0mAdySI1Ni8OU4BpaBqllTfDPRFWArJmhpBDq
eUysabvDauMrGCxI/5lPWVFOMjm4z6ZOG1k6OBCqCdIOgDKUoyLDNw==
-----END CERTIFICATE-----
Generated at Wed Apr 23 13:18:09 2025 by rpki-client