Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/620/aEe2GkDaP6kox7b_J_z_XP8AchM.roa
File: aEe2GkDaP6kox7b_J_z_XP8AchM.roa (raw, json)
Hash identifier: rncCmlS9oou3VZ4UZKH4eOm4/2bMHsLnCKWwkUAFwVA=
Subject key identifier: 68:47:B6:1A:40:DA:3F:A9:28:C7:B6:FF:27:FC:FF:5C:FF:00:72:13
Certificate issuer: /CN=309C2A943B28DC0858C39B9208A1609C0973E49A
Certificate serial: 0199
Authority key identifier: 30:9C:2A:94:3B:28:DC:08:58:C3:9B:92:08:A1:60:9C:09:73:E4:9A
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/MJwqlDso3AhYw5uSCKFgnAlz5Jo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/aEe2GkDaP6kox7b_J_z_XP8AchM.roa
Signing time: Mon 31 Mar 2025 05:49:20 +0000
ROA not before: Mon 31 Mar 2025 05:49:20 +0000
ROA not after: Tue 13 Jan 2026 01:35:26 +0000
asID: 24413
IP address blocks: 114.28.196.0/24 maxlen: 32
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 409 (0x199)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=309C2A943B28DC0858C39B9208A1609C0973E49A
Validity
Not Before: Mar 31 05:49:20 2025 GMT
Not After : Jan 13 01:35:26 2026 GMT
Subject: CN=6847B61A40DA3FA928C7B6FF27FCFF5CFF007213
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:7f:91:6c:0e:b1:d8:d2:4d:31:2c:a2:58:ec:
09:41:cd:05:f5:86:40:d2:e4:ca:5e:c7:e0:ed:4e:
e0:42:f1:a9:2a:fc:e4:27:fe:ed:17:07:48:d1:cc:
97:e0:e0:cf:fd:10:60:59:89:18:6b:36:88:75:bb:
21:64:6c:9a:2e:76:08:c0:35:2c:1d:a7:57:08:d5:
87:30:20:a1:80:99:3e:17:8d:2c:53:56:75:b9:9d:
fe:13:e3:71:26:24:c2:75:86:fe:a5:ee:bd:03:74:
f3:0b:79:0e:83:43:1a:a4:53:5e:82:92:22:b9:68:
0d:06:05:86:d9:97:41:79:90:e3:ff:6c:fb:5f:86:
96:8f:35:0a:cf:80:44:a1:32:6c:01:5b:ef:db:59:
8f:32:9e:5b:f0:2b:fa:d2:a2:0d:a7:58:a2:b6:2e:
47:dc:4d:b8:0e:d2:7e:ca:85:bb:d0:eb:4e:1f:40:
7a:cf:f2:de:63:b5:ed:10:1a:52:e5:3e:47:4e:e0:
e2:79:9b:8f:ee:ef:7d:d5:47:d0:c2:67:3e:4b:76:
fd:f1:32:f4:c6:af:8e:a3:70:8a:33:1d:dc:55:2b:
57:ab:43:bb:dc:92:a0:fe:34:4b:72:2d:0e:dd:97:
3d:6a:e5:fd:52:43:78:9f:de:6b:e5:c7:b8:57:32:
08:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:47:B6:1A:40:DA:3F:A9:28:C7:B6:FF:27:FC:FF:5C:FF:00:72:13
X509v3 Authority Key Identifier:
keyid:30:9C:2A:94:3B:28:DC:08:58:C3:9B:92:08:A1:60:9C:09:73:E4:9A
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/MJwqlDso3AhYw5uSCKFgnAlz5Jo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/MJwqlDso3AhYw5uSCKFgnAlz5Jo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/aEe2GkDaP6kox7b_J_z_XP8AchM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
114.28.196.0/24
Signature Algorithm: sha256WithRSAEncryption
af:52:ad:5d:0c:52:d8:f3:ff:fb:23:de:91:72:67:1c:c4:26:
d3:1d:97:dc:6b:15:70:03:16:f0:62:0f:af:35:88:bf:3e:ce:
29:a4:3e:84:af:81:1c:42:2a:e0:10:3c:fe:62:dd:33:45:21:
15:f5:b3:ca:94:4d:a6:87:9d:6b:26:80:b3:e5:53:de:2d:d0:
43:8b:23:63:46:a1:45:ff:a9:18:e7:a1:77:2a:af:3c:8f:0e:
13:e0:23:c5:69:2c:93:3c:9c:0c:94:30:8d:c8:58:33:59:3f:
b8:c6:9e:36:fb:5f:2e:dc:e9:ad:48:ca:7b:a6:32:1d:12:a8:
04:ee:b6:10:0d:85:28:48:17:d6:50:c6:2a:ad:97:94:2d:67:
dc:c8:3e:6c:77:36:69:61:ec:31:9b:11:66:77:3e:00:f8:87:
53:5a:da:ae:99:8a:fc:44:2e:01:bf:0f:b3:01:74:da:80:43:
88:e4:ba:12:9b:0f:9d:58:ab:34:f0:31:55:c5:36:1d:ba:18:
91:46:61:5a:93:eb:a5:87:3b:63:ba:86:af:95:79:83:c1:57:
4b:93:8b:99:8d:ee:94:28:c0:d0:42:e7:52:e2:68:db:eb:33:
27:9f:ee:27:7a:0f:2b:01:e1:45:47:1c:82:2e:ee:ee:5c:e9:
d0:f8:81:65
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICAZkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzA5
QzJBOTQzQjI4REMwODU4QzM5QjkyMDhBMTYwOUMwOTczRTQ5QTAeFw0yNTAzMzEw
NTQ5MjBaFw0yNjAxMTMwMTM1MjZaMDMxMTAvBgNVBAMTKDY4NDdCNjFBNDBEQTNG
QTkyOEM3QjZGRjI3RkNGRjVDRkYwMDcyMTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzf5FsDrHY0k0xLKJY7AlBzQX1hkDS5Mpex+DtTuBC8akq/OQn
/u0XB0jRzJfg4M/9EGBZiRhrNoh1uyFkbJoudgjANSwdp1cI1YcwIKGAmT4XjSxT
VnW5nf4T43EmJMJ1hv6l7r0DdPMLeQ6DQxqkU16CkiK5aA0GBYbZl0F5kOP/bPtf
hpaPNQrPgEShMmwBW+/bWY8ynlvwK/rSog2nWKK2LkfcTbgO0n7KhbvQ604fQHrP
8t5jte0QGlLlPkdO4OJ5m4/u733VR9DCZz5Ldv3xMvTGr46jcIozHdxVK1erQ7vc
kqD+NEtyLQ7dlz1q5f1SQ3if3mvlx7hXMghHAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUaEe2GkDaP6kox7b/J/z/XP8AchMwHwYDVR0jBBgwFoAUMJwqlDso3AhYw5uS
CKFgnAlz5JowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjIw
L01Kd3FsRHNvM0FoWXc1dVNDS0ZnbkFsejVKby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvTUp3cWxEc28zQWhZdzV1U0NLRmduQWx6NUpvLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjIwL2FFZTJHa0RhUDZrb3g3
Yl9KX3pfWFA4QWNoTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAByHMQwDQYJKoZIhvcNAQELBQADggEBAK9SrV0MUtjz//sj3pFyZxzEJtMdl9xr
FXADFvBiD681iL8+zimkPoSvgRxCKuAQPP5i3TNFIRX1s8qUTaaHnWsmgLPlU94t
0EOLI2NGoUX/qRjnoXcqrzyPDhPgI8VpLJM8nAyUMI3IWDNZP7jGnjb7Xy7c6a1I
ynumMh0SqATuthANhShIF9ZQxiqtl5QtZ9zIPmx3Nmlh7DGbEWZ3PgD4h1Na2q6Z
ivxELgG/D7MBdNqAQ4jkuhKbD51YqzTwMVXFNh26GJFGYVqT66WHO2O6hq+VeYPB
V0uTi5mN7pQowNBC51LiaNvrMyef7id6DysB4UVHHIIu7u5c6dD4gWU=
-----END CERTIFICATE-----
Generated at Wed Apr 23 13:18:09 2025 by rpki-client