Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1411/DffEhWDmtaCM1jB83bMXufAe7RY.roa
File: DffEhWDmtaCM1jB83bMXufAe7RY.roa (raw, json)
Hash identifier: EaeMnZx98h6poSMXtPKZEXSKjhjfEAKtvcN7nICbHWY=
Subject key identifier: 0D:F7:C4:85:60:E6:B5:A0:8C:D6:30:7C:DD:B3:17:B9:F0:1E:ED:16
Certificate issuer: /CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Certificate serial: 235C
Authority key identifier: 49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/DffEhWDmtaCM1jB83bMXufAe7RY.roa
Signing time: Thu 26 Jun 2025 08:40:55 +0000
ROA not before: Thu 26 Jun 2025 08:40:55 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 834
IP address blocks: 223.29.255.0/24 maxlen: 24
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9052 (0x235c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4911CB6D544B3B6905532964C8E1A472BDCBC267
Validity
Not Before: Jun 26 08:40:55 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0DF7C48560E6B5A08CD6307CDDB317B9F01EED16
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:da:98:fc:4f:24:f9:39:0c:25:82:b9:0b:c1:
ea:23:0a:e8:96:93:32:0e:3a:ed:2d:46:52:06:cc:
7d:11:50:0f:8d:d7:e8:45:33:94:58:89:81:36:ed:
4b:c6:55:11:bf:0e:f4:53:dc:6f:11:a2:f4:de:64:
b7:48:de:e1:97:88:30:c0:eb:1d:08:15:78:24:7e:
d0:4f:b0:2a:a6:cb:46:05:0e:7d:a3:96:98:50:f5:
4b:07:f6:3d:2b:e3:f6:dd:c5:16:fc:99:ec:e9:ab:
62:92:90:13:1d:3d:a4:3f:e5:d8:a4:c2:48:70:1c:
a3:ed:11:c6:d4:60:5e:23:ce:dc:57:db:27:71:52:
17:65:fc:c0:cf:b9:2b:a2:8e:37:74:00:85:ca:56:
23:25:da:3a:65:75:f4:ec:4b:61:ec:59:64:65:cd:
f5:7e:42:3f:a5:1a:7e:73:0e:31:f2:85:eb:0e:6c:
01:b1:aa:69:39:1b:69:ad:6b:36:ec:92:35:82:a1:
32:56:24:ee:09:6a:53:51:b5:67:9e:c6:20:03:25:
6e:b1:e6:bd:f4:2f:6f:13:d8:96:42:66:c0:67:95:
c2:03:a9:93:28:79:ba:15:84:12:4f:d0:43:2e:9c:
6d:df:01:f2:c5:4e:12:6f:bd:27:cf:f6:ad:9f:4b:
de:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:F7:C4:85:60:E6:B5:A0:8C:D6:30:7C:DD:B3:17:B9:F0:1E:ED:16
X509v3 Authority Key Identifier:
keyid:49:11:CB:6D:54:4B:3B:69:05:53:29:64:C8:E1:A4:72:BD:CB:C2:67
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/SRHLbVRLO2kFUylkyOGkcr3Lwmc.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/SRHLbVRLO2kFUylkyOGkcr3Lwmc.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1411/DffEhWDmtaCM1jB83bMXufAe7RY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
223.29.255.0/24
Signature Algorithm: sha256WithRSAEncryption
ce:24:74:2a:af:e2:49:ff:5e:c7:bd:d8:7a:34:e2:3e:5f:5d:
2b:eb:00:3e:e5:56:44:aa:01:d5:37:10:91:3c:8e:2b:98:f1:
01:eb:73:c8:18:56:ce:15:58:af:f2:9f:74:8e:31:5c:08:65:
ce:1d:39:37:ea:32:07:ee:16:70:06:6d:ce:21:42:a6:dd:ad:
63:bf:93:72:0d:eb:7d:5a:23:7c:47:86:4b:0a:7b:3e:7c:ca:
5d:d7:16:a3:c0:4e:c9:70:0d:9c:59:0d:dd:df:b3:6b:f9:7a:
62:67:3c:ab:bb:01:ba:fa:6b:4b:a3:86:2a:77:46:1c:bc:47:
d8:53:37:c8:c9:ad:c4:3d:10:44:b2:e8:09:3d:cd:0d:b4:12:
32:78:0c:c9:22:97:b6:72:a4:45:a6:fb:39:32:ff:f1:09:5d:
6b:98:cc:ee:b6:91:bf:1d:ce:8d:1a:25:e0:d7:4b:72:3d:b9:
2a:c6:44:bf:87:fc:0e:9c:a5:ba:fd:b0:88:43:17:37:fd:cf:
06:a2:80:83:1a:66:11:a5:67:25:91:71:30:43:2f:3f:dd:45:
df:78:a7:6e:b1:98:18:09:71:bf:a3:19:ec:98:1f:af:ce:be:
5d:72:29:8f:ad:d1:69:e6:56:c0:80:90:3e:61:60:2e:0f:bb:
e9:62:c2:b8
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICI1wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDkx
MUNCNkQ1NDRCM0I2OTA1NTMyOTY0QzhFMUE0NzJCRENCQzI2NzAeFw0yNTA2MjYw
ODQwNTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBERjdDNDg1NjBFNkI1
QTA4Q0Q2MzA3Q0REQjMxN0I5RjAxRUVEMTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDW2pj8TyT5OQwlgrkLweojCuiWkzIOOu0tRlIGzH0RUA+N1+hF
M5RYiYE27UvGVRG/DvRT3G8RovTeZLdI3uGXiDDA6x0IFXgkftBPsCqmy0YFDn2j
lphQ9UsH9j0r4/bdxRb8mezpq2KSkBMdPaQ/5dikwkhwHKPtEcbUYF4jztxX2ydx
Uhdl/MDPuSuijjd0AIXKViMl2jpldfTsS2HsWWRlzfV+Qj+lGn5zDjHyhesObAGx
qmk5G2mtazbskjWCoTJWJO4JalNRtWeexiADJW6x5r30L28T2JZCZsBnlcIDqZMo
eboVhBJP0EMunG3fAfLFThJvvSfP9q2fS97NAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUDffEhWDmtaCM1jB83bMXufAe7RYwHwYDVR0jBBgwFoAUSRHLbVRLO2kFUylk
yOGkcr3LwmcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTQx
MS9TUkhMYlZSTE8ya0ZVeWxreU9Ha2NyM0x3bWMuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1NSSExiVlJMTzJrRlV5bGt5T0drY3IzTHdtYy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE0MTEvRGZmRWhXRG10YUNN
MWpCODNiTVh1ZkFlN1JZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAN8d/zANBgkqhkiG9w0BAQsFAAOCAQEAziR0Kq/iSf9ex73YejTiPl9dK+sA
PuVWRKoB1TcQkTyOK5jxAetzyBhWzhVYr/KfdI4xXAhlzh05N+oyB+4WcAZtziFC
pt2tY7+Tcg3rfVojfEeGSwp7PnzKXdcWo8BOyXANnFkN3d+za/l6Ymc8q7sBuvpr
S6OGKndGHLxH2FM3yMmtxD0QRLLoCT3NDbQSMngMySKXtnKkRab7OTL/8Qlda5jM
7raRvx3OjRol4NdLcj25KsZEv4f8Dpyluv2wiEMXN/3PBqKAgxpmEaVnJZFxMEMv
P91F33inbrGYGAlxv6MZ7Jgfr86+XXIpj63RaeZWwICQPmFgLg+76WLCuA==
-----END CERTIFICATE-----
Generated at Sat Jul 5 21:31:18 2025 by rpki-client