Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2620/xK9-dRATStboaAiAVMfiHInetMM.roa
File: xK9-dRATStboaAiAVMfiHInetMM.roa (raw, json)
Hash identifier: VqPFQTtmov464vdIkDYFgZ9C2DCrP2NG21RgJhljRCg=
Subject key identifier: C4:AF:7E:75:10:13:4A:D6:E8:68:08:80:54:C7:E2:1C:89:DE:B4:C3
Certificate issuer: /CN=21DC875965C2BA61D1DACBB48DEE140554AA5AEF
Certificate serial: 06E0
Authority key identifier: 21:DC:87:59:65:C2:BA:61:D1:DA:CB:B4:8D:EE:14:05:54:AA:5A:EF
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IdyHWWXCumHR2su0je4UBVSqWu8.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/xK9-dRATStboaAiAVMfiHInetMM.roa
Signing time: Thu 18 May 2023 07:24:00 +0000
ROA not before: Thu 18 May 2023 07:24:00 +0000
ROA not after: Wed 27 Mar 2024 01:13:10 +0000
asID: 58593
IP address blocks: 40.72.0.0/15 maxlen: 32
40.72.0.0/16 maxlen: 32
40.72.0.0/17 maxlen: 32
40.72.128.0/17 maxlen: 32
40.72.254.0/24 maxlen: 32
40.72.255.0/24 maxlen: 32
40.73.0.0/17 maxlen: 32
40.73.99.0/24 maxlen: 32
40.73.128.0/17 maxlen: 32
40.125.128.0/17 maxlen: 32
40.126.64.0/18 maxlen: 32
52.130.0.0/20 maxlen: 32
52.130.16.0/20 maxlen: 32
52.130.32.0/19 maxlen: 32
52.130.64.0/19 maxlen: 32
52.130.96.0/20 maxlen: 32
52.130.112.0/20 maxlen: 32
52.130.128.0/18 maxlen: 32
52.130.192.0/18 maxlen: 32
52.131.0.0/17 maxlen: 32
52.131.128.0/17 maxlen: 32
139.217.0.0/16 maxlen: 32
139.217.0.0/17 maxlen: 32
139.217.128.0/17 maxlen: 32
139.219.0.0/16 maxlen: 32
139.219.0.0/17 maxlen: 32
139.219.128.0/17 maxlen: 32
159.27.0.0/16 maxlen: 32
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1760 (0x6e0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21DC875965C2BA61D1DACBB48DEE140554AA5AEF
Validity
Not Before: May 18 07:24:00 2023 GMT
Not After : Mar 27 01:13:10 2024 GMT
Subject: CN=C4AF7E7510134AD6E868088054C7E21C89DEB4C3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:b2:05:dc:db:38:a4:0d:72:ec:bc:74:98:07:
73:0d:94:26:0e:95:bc:9f:37:7c:cb:0c:dc:9a:a5:
cd:b5:cc:8b:b7:10:b6:76:19:0e:5f:7d:f8:03:d8:
7d:d4:f9:37:18:c6:48:a6:65:86:80:a4:cf:74:f1:
43:ab:81:c1:7f:e0:b4:81:f6:b2:62:43:b2:16:95:
74:77:07:e9:8b:c1:01:98:2f:ea:7e:21:83:11:de:
b6:25:32:66:d5:20:57:d7:77:f6:89:43:6f:2c:6b:
25:2e:0b:bc:b8:88:36:db:68:a0:69:eb:36:5c:35:
0e:85:9b:39:de:1c:ab:45:bb:4b:48:32:f9:e8:c0:
33:cc:e5:d0:92:bd:85:41:fe:d8:6e:6e:24:34:98:
30:58:af:9c:18:48:fa:96:86:8b:55:54:72:3e:db:
af:f0:fa:e8:13:7d:ff:90:97:aa:16:ab:b7:9f:f8:
8c:cd:10:03:a6:a3:5c:37:3e:05:0f:7c:da:df:bd:
6c:35:9b:eb:36:0e:69:4b:7a:fe:d3:10:3e:11:5a:
c8:16:ca:25:ce:3d:a9:9f:17:37:39:4c:b8:ed:77:
2b:8b:d1:20:29:d7:e0:ad:b4:63:0c:56:4c:e6:e8:
cd:0f:32:7a:57:37:c0:1a:66:41:c6:ed:b5:d8:e1:
ef:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:AF:7E:75:10:13:4A:D6:E8:68:08:80:54:C7:E2:1C:89:DE:B4:C3
X509v3 Authority Key Identifier:
keyid:21:DC:87:59:65:C2:BA:61:D1:DA:CB:B4:8D:EE:14:05:54:AA:5A:EF
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/IdyHWWXCumHR2su0je4UBVSqWu8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/IdyHWWXCumHR2su0je4UBVSqWu8.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2620/xK9-dRATStboaAiAVMfiHInetMM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
40.72.0.0/15
40.125.128.0/17
40.126.64.0/18
52.130.0.0/15
139.217.0.0/16
139.219.0.0/16
159.27.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7d:b1:8b:50:b3:ce:f4:09:78:08:77:60:66:be:c3:19:4e:37:
62:40:b5:80:28:02:1a:4d:48:92:66:a5:52:c2:56:a5:87:c2:
4d:31:81:bd:3d:1d:92:4c:d2:85:27:1e:e8:04:c3:ba:c1:29:
3c:86:8f:66:29:33:0b:24:c4:57:07:41:44:ef:77:67:dc:f7:
d0:b8:32:24:c0:5f:96:e3:a8:31:8f:b6:0f:ac:f7:13:bf:73:
e6:61:92:a1:c5:bf:1f:41:43:17:76:f3:32:3e:0b:07:cb:19:
a0:22:fe:01:67:11:c2:cf:fc:a5:40:db:a9:9d:7a:26:a1:8b:
d3:0f:1b:b8:21:c2:0c:2d:0d:66:e2:3f:b6:50:d0:00:76:2e:
88:fa:3b:ad:0a:4a:2c:09:dd:27:19:3e:05:73:e6:ce:bf:1b:
7b:63:79:c7:3e:65:07:21:58:3a:b1:c4:d2:6a:44:3d:8d:e5:
cf:5d:10:b5:13:0a:b9:e6:78:0c:f4:eb:03:13:95:c4:6a:52:
00:7f:ff:d4:08:82:44:70:b4:b8:05:b6:a7:8c:0b:18:d6:ec:
a2:fc:ed:ab:2c:c9:0f:58:be:b5:88:49:15:dc:b0:80:84:0f:
5d:7e:1c:16:bd:cc:4f:93:b5:99:1e:79:a7:b3:97:d1:f9:93:
24:6e:4c:58
-----BEGIN CERTIFICATE-----
MIIE9jCCA96gAwIBAgICBuAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMjFE
Qzg3NTk2NUMyQkE2MUQxREFDQkI0OERFRTE0MDU1NEFBNUFFRjAeFw0yMzA1MTgw
NzI0MDBaFw0yNDAzMjcwMTEzMTBaMDMxMTAvBgNVBAMTKEM0QUY3RTc1MTAxMzRB
RDZFODY4MDg4MDU0QzdFMjFDODlERUI0QzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8sgXc2zikDXLsvHSYB3MNlCYOlbyfN3zLDNyapc21zIu3ELZ2
GQ5fffgD2H3U+TcYxkimZYaApM908UOrgcF/4LSB9rJiQ7IWlXR3B+mLwQGYL+p+
IYMR3rYlMmbVIFfXd/aJQ28sayUuC7y4iDbbaKBp6zZcNQ6FmzneHKtFu0tIMvno
wDPM5dCSvYVB/thubiQ0mDBYr5wYSPqWhotVVHI+26/w+ugTff+Ql6oWq7ef+IzN
EAOmo1w3PgUPfNrfvWw1m+s2DmlLev7TED4RWsgWyiXOPamfFzc5TLjtdyuL0SAp
1+CttGMMVkzm6M0PMnpXN8AaZkHG7bXY4e9LAgMBAAGjggISMIICDjAdBgNVHQ4E
FgQUxK9+dRATStboaAiAVMfiHInetMMwHwYDVR0jBBgwFoAUIdyHWWXCumHR2su0
je4UBVSqWu8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjYy
MC9JZHlIV1dYQ3VtSFIyc3UwamU0VUJWU3FXdTguY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL0lkeUhXV1hDdW1IUjJzdTBqZTRVQlZTcVd1OC5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI2MjAveEs5LWRSQVRTdGJv
YUFpQVZNZmlISW5ldE1NLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDA+BggrBgEFBQcBBwEB/wQvMC0wKwQCAAEw
JQMDAShIAwQHKH2AAwQGKH5AAwMBNIIDAwCL2QMDAIvbAwMAnxswDQYJKoZIhvcN
AQELBQADggEBAH2xi1CzzvQJeAh3YGa+wxlON2JAtYAoAhpNSJJmpVLCVqWHwk0x
gb09HZJM0oUnHugEw7rBKTyGj2YpMwskxFcHQUTvd2fc99C4MiTAX5bjqDGPtg+s
9xO/c+ZhkqHFvx9BQxd28zI+CwfLGaAi/gFnEcLP/KVA26mdeiahi9MPG7ghwgwt
DWbiP7ZQ0AB2Loj6O60KSiwJ3ScZPgVz5s6/G3tjecc+ZQchWDqxxNJqRD2N5c9d
ELUTCrnmeAz06wMTlcRqUgB//9QIgkRwtLgFtqeMCxjW7KL87assyQ9YvrWISRXc
sICED11+HBa9zE+TtZkeeaezl9H5kyRuTFg=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:15 2023 by rpki-client on console-ams.rpki-client.org