Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2620/oFE6Pwkp5UYGiDC0OkEdOued210.roa
File: oFE6Pwkp5UYGiDC0OkEdOued210.roa (raw, json)
Hash identifier: pWVt9CQ2Wq0fcGrFfARvLYglIKWgGpBglgeMpoAB+ro=
Subject key identifier: A0:51:3A:3F:09:29:E5:46:06:88:30:B4:3A:41:1D:3A:E7:9D:DB:5D
Certificate issuer: /CN=CDEF7111DE98BD756D92B34D394DA2D39EFF9B8E
Certificate serial: 04
Authority key identifier: CD:EF:71:11:DE:98:BD:75:6D:92:B3:4D:39:4D:A2:D3:9E:FF:9B:8E
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/ze9xEd6YvXVtkrNNOU2i057_m44.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/oFE6Pwkp5UYGiDC0OkEdOued210.roa
Signing time: Wed 01 Jun 2022 07:07:47 +0000
ROA not before: Wed 01 Jun 2022 07:07:47 +0000
ROA not after: Thu 01 Jun 2023 06:58:54 +0000
asID: 58593
IP address blocks: 42.159.0.0/16 maxlen: 24
42.159.0.0/18 maxlen: 24
42.159.64.0/18 maxlen: 24
42.159.128.0/18 maxlen: 24
42.159.128.0/24 maxlen: 24
42.159.192.0/18 maxlen: 24
103.9.8.0/22 maxlen: 24
103.9.8.0/23 maxlen: 24
103.9.8.0/24 maxlen: 24
103.9.10.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=CDEF7111DE98BD756D92B34D394DA2D39EFF9B8E
Validity
Not Before: Jun 1 07:07:47 2022 GMT
Not After : Jun 1 06:58:54 2023 GMT
Subject: CN=A0513A3F0929E546068830B43A411D3AE79DDB5D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:5c:f3:4b:49:a1:0f:5c:61:ba:b9:82:25:69:
9b:83:7d:30:27:27:1b:e9:11:3d:8f:cf:95:1f:5a:
5a:50:1e:5c:67:e8:80:62:b5:53:ee:2a:ab:f9:f6:
1f:10:07:69:03:be:2f:c3:12:f1:ae:28:3e:ef:db:
ad:7e:bd:22:37:1d:b8:a3:1d:5a:7b:74:db:c9:a0:
ff:6f:69:f1:c4:ba:0b:a7:92:f6:e2:9f:33:2e:1d:
f8:9f:a1:a2:1f:a1:f3:88:93:25:55:73:a0:85:32:
a1:69:18:ff:ff:b5:95:0d:22:12:25:98:92:4f:4d:
19:da:2f:0e:e3:88:5f:98:b7:f7:e8:9c:d3:73:3d:
2a:46:c7:fc:16:8a:e5:eb:51:1a:80:ae:be:a0:39:
dd:7a:ae:7b:1d:9e:e4:51:d3:c1:b8:fa:81:fc:2d:
59:cd:f6:5f:c8:01:b5:a3:71:0b:fd:fd:6a:cc:a9:
06:f9:f4:e5:5d:07:40:72:11:58:3a:da:fa:1a:32:
f5:aa:9a:48:2d:6c:91:1c:fc:f5:06:65:1d:2a:d7:
1a:23:4c:6e:7d:a4:b3:42:f4:dc:76:6e:c4:0c:81:
6d:a8:5a:f5:9f:f2:00:29:57:28:f2:93:3b:ce:3f:
f7:9a:81:0f:c9:e8:b4:b0:05:c3:96:b4:f0:cc:b7:
41:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:51:3A:3F:09:29:E5:46:06:88:30:B4:3A:41:1D:3A:E7:9D:DB:5D
X509v3 Authority Key Identifier:
keyid:CD:EF:71:11:DE:98:BD:75:6D:92:B3:4D:39:4D:A2:D3:9E:FF:9B:8E
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/ze9xEd6YvXVtkrNNOU2i057_m44.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/ze9xEd6YvXVtkrNNOU2i057_m44.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/oFE6Pwkp5UYGiDC0OkEdOued210.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
42.159.0.0/16
103.9.8.0/22
Signature Algorithm: sha256WithRSAEncryption
65:ad:45:3d:2d:51:46:e6:73:b8:95:af:36:60:3e:2f:78:13:
61:13:ef:67:43:39:5c:1f:32:fc:bf:03:2a:1d:54:de:47:c9:
fc:74:22:ea:62:bc:67:ee:d9:90:9b:93:3b:c1:45:be:1e:93:
17:d3:88:de:cb:17:16:da:4e:7e:9c:5f:4c:da:9f:0c:b3:02:
7b:7b:b6:94:e1:2e:03:e9:60:ce:95:ed:81:1d:9d:6b:92:ca:
21:09:1f:b4:c5:1e:05:87:a8:70:24:93:58:09:a3:65:05:a2:
82:db:bb:ea:46:db:9b:87:87:db:24:18:83:17:04:b8:d9:a4:
37:61:cb:d2:10:44:d4:37:23:68:1e:35:fe:53:e5:37:52:cc:
d1:b6:c4:48:1b:03:4e:91:2e:ff:e1:2b:7a:8e:e9:a8:db:b1:
c9:e8:65:29:39:e4:4f:25:4d:2c:02:84:6c:22:f7:b5:96:6e:
7c:0a:47:67:8b:4b:17:8a:39:27:70:fb:6a:c6:c9:c3:b6:e1:
d5:30:a0:1e:af:fc:a8:b0:97:ac:63:d8:61:72:ec:69:6c:50:
a8:2c:ac:2f:9d:c6:9a:2f:32:72:c9:0b:b6:fa:aa:8f:a7:a6:
27:a8:d1:1f:c6:a1:7b:ba:c1:d1:94:d5:74:61:1b:d2:85:ce:
9f:b0:38:ba
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhDREVG
NzExMURFOThCRDc1NkQ5MkIzNEQzOTREQTJEMzlFRkY5QjhFMB4XDTIyMDYwMTA3
MDc0N1oXDTIzMDYwMTA2NTg1NFowMzExMC8GA1UEAxMoQTA1MTNBM0YwOTI5RTU0
NjA2ODgzMEI0M0E0MTFEM0FFNzlEREI1RDCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAONc80tJoQ9cYbq5giVpm4N9MCcnG+kRPY/PlR9aWlAeXGfogGK1
U+4qq/n2HxAHaQO+L8MS8a4oPu/brX69IjcduKMdWnt028mg/29p8cS6C6eS9uKf
My4d+J+hoh+h84iTJVVzoIUyoWkY//+1lQ0iEiWYkk9NGdovDuOIX5i39+ic03M9
KkbH/BaK5etRGoCuvqA53Xquex2e5FHTwbj6gfwtWc32X8gBtaNxC/39asypBvn0
5V0HQHIRWDra+hoy9aqaSC1skRz89QZlHSrXGiNMbn2ks0L03HZuxAyBbaha9Z/y
AClXKPKTO84/95qBD8notLAFw5a08My3QVsCAwEAAaOCAfgwggH0MB0GA1UdDgQW
BBSgUTo/CSnlRgaIMLQ6QR06553bXTAfBgNVHSMEGDAWgBTN73ER3pi9dW2Ss005
TaLTnv+bjjAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMF0GA1UdHwRWMFQwUqBQ
oE6GTHJzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8yNjIw
L3plOXhFZDZZdlhWdGtyTk5PVTJpMDU3X200NC5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvemU5eEVkNll2WFZ0a3JOTk9VMmkwNTdfbTQ0LmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZ0GCCsGAQUFBwELBIGQMIGNMFgGCCsGAQUFBzALhkxyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjYyMC9vRkU2UHdrcDVVWUdp
REMwT2tFZE91ZWQyMTAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25u
aWMuY24vcnJkcC9ub3RpZnkueG1sMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATAL
AwMAKp8DBAJnCQgwDQYJKoZIhvcNAQELBQADggEBAGWtRT0tUUbmc7iVrzZgPi94
E2ET72dDOVwfMvy/AyodVN5Hyfx0IupivGfu2ZCbkzvBRb4ekxfTiN7LFxbaTn6c
X0zanwyzAnt7tpThLgPpYM6V7YEdnWuSyiEJH7TFHgWHqHAkk1gJo2UFooLbu+pG
25uHh9skGIMXBLjZpDdhy9IQRNQ3I2geNf5T5TdSzNG2xEgbA06RLv/hK3qO6ajb
scnoZSk55E8lTSwChGwi97WWbnwKR2eLSxeKOSdw+2rGycO24dUwoB6v/Kiwl6xj
2GFy7GlsUKgsrC+dxpovMnLJC7b6qo+npieo0R/GoXu6wdGU1XRhG9KFzp+wOLo=
-----END CERTIFICATE-----
Generated at Fri Apr 4 18:33:43 2025 by rpki-client