Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3044/Df3koENClW3v1pRlVqxG_L3HjRg.roa
File: Df3koENClW3v1pRlVqxG_L3HjRg.roa (raw, json)
Hash identifier: qXGLWmVOmlRKbeyYFvG4JmfcXJconcBncGoE3OO12Bc=
Subject key identifier: 0D:FD:E4:A0:43:42:95:6D:EF:D6:94:65:56:AC:46:FC:BD:C7:8D:18
Certificate issuer: /CN=B08B918D2D45B6371ACB9770743553D1BF224708
Certificate serial: 190F
Authority key identifier: B0:8B:91:8D:2D:45:B6:37:1A:CB:97:70:74:35:53:D1:BF:22:47:08
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/sIuRjS1Ftjcay5dwdDVT0b8iRwg.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3044/Df3koENClW3v1pRlVqxG_L3HjRg.roa
Signing time: Thu 04 Jul 2024 08:30:19 +0000
ROA not before: Thu 04 Jul 2024 08:30:19 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 4811
IP address blocks: 14.103.0.0/21 maxlen: 24
14.103.8.0/21 maxlen: 24
14.103.16.0/21 maxlen: 24
14.103.24.0/21 maxlen: 24
14.103.32.0/21 maxlen: 24
14.103.40.0/21 maxlen: 24
14.103.48.0/21 maxlen: 24
14.103.56.0/21 maxlen: 24
14.103.72.0/23 maxlen: 24
14.103.104.0/21 maxlen: 24
118.145.32.0/19 maxlen: 24
180.184.144.0/21 maxlen: 24
180.184.152.0/22 maxlen: 24
180.184.168.0/21 maxlen: 24
180.184.176.0/21 maxlen: 24
180.184.184.0/22 maxlen: 24
Validation: Failed, certificate revoked on Thu 04 Jul 2024 16:49:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6415 (0x190f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=B08B918D2D45B6371ACB9770743553D1BF224708
Validity
Not Before: Jul 4 08:30:19 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0DFDE4A04342956DEFD6946556AC46FCBDC78D18
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:85:35:21:16:ea:ca:bf:a1:1a:b8:e8:5b:f0:
25:f2:b4:ef:a4:4d:70:c4:8e:15:d7:63:7e:30:30:
b1:dc:17:63:91:a5:72:75:c5:59:7a:09:af:b7:e1:
ec:aa:c0:16:18:f8:7c:ae:38:c8:0e:e6:72:35:a4:
8d:07:90:23:c6:c8:cb:63:ff:17:0b:2d:00:39:d4:
96:57:e3:71:ab:f4:4b:83:8f:1b:73:69:8f:1c:26:
48:00:5b:72:ec:bf:48:40:df:92:50:01:a8:83:f1:
cd:92:18:da:58:10:eb:a5:ae:9a:63:27:ff:51:5e:
b0:15:7a:74:9c:84:50:f7:58:05:43:bb:a8:ea:ff:
68:fc:7e:01:d8:57:25:31:8c:39:03:b0:4e:8c:cc:
72:ff:36:ab:05:b2:6a:be:75:e6:3c:82:2d:64:60:
3a:60:bc:be:8c:b8:55:45:5a:86:d9:8b:ef:08:b8:
7e:d2:5f:46:06:5e:07:35:97:6e:90:13:ba:a0:cf:
e3:3b:a7:f7:f2:f0:18:06:31:70:e2:f6:9e:3e:22:
dd:72:a6:6e:0e:c9:4f:8c:c8:5f:7c:d1:3f:fe:93:
71:97:2e:85:4d:4b:fc:d0:e3:7c:8a:58:b7:85:47:
02:c8:0c:66:c3:4e:b6:d5:ba:a9:54:96:82:60:b8:
c1:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:FD:E4:A0:43:42:95:6D:EF:D6:94:65:56:AC:46:FC:BD:C7:8D:18
X509v3 Authority Key Identifier:
keyid:B0:8B:91:8D:2D:45:B6:37:1A:CB:97:70:74:35:53:D1:BF:22:47:08
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3044/sIuRjS1Ftjcay5dwdDVT0b8iRwg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/sIuRjS1Ftjcay5dwdDVT0b8iRwg.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3044/Df3koENClW3v1pRlVqxG_L3HjRg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
14.103.0.0/18
14.103.72.0/23
14.103.104.0/21
118.145.32.0/19
180.184.144.0-180.184.155.255
180.184.168.0-180.184.187.255
Signature Algorithm: sha256WithRSAEncryption
38:c8:10:f4:20:9d:3f:48:a8:b1:4a:aa:ea:fe:ec:44:01:e6:
c1:c2:2c:d1:80:13:41:42:d4:7f:70:02:6d:e4:5a:6a:e9:4d:
c4:97:99:4f:98:0a:28:32:e3:8c:39:6e:1b:54:32:75:e9:f5:
6a:1d:42:b7:ce:4c:b9:c8:1d:56:14:f8:fe:9d:82:68:4d:12:
1b:66:f8:05:e1:33:15:42:e2:1a:8a:6e:57:75:6e:c5:38:42:
1f:46:1b:c3:19:ed:69:71:6f:2b:ef:66:2b:9a:73:5f:93:0c:
80:2c:73:59:ce:c8:be:35:8b:8a:55:c0:46:95:fc:ee:ca:a0:
64:35:77:63:e7:9c:8c:e8:66:7c:5a:59:a3:89:01:a1:50:1f:
3a:91:d9:a6:b9:a9:21:df:ed:2a:22:73:39:d3:d2:ae:2d:fb:
47:e4:4d:85:ef:85:e4:22:55:4f:4e:d2:75:42:2b:18:9f:2a:
dc:86:e8:06:23:7e:5d:ca:57:3d:50:29:f5:fb:e7:fc:b3:97:
5d:6c:27:48:f2:a7:a2:ac:78:24:cf:47:c8:37:33:f5:1e:ea:
64:bf:5a:41:83:0e:46:03:4f:68:c1:b8:1b:4c:cb:05:e9:e0:
c6:1d:56:6c:64:bc:3d:0e:24:33:4b:7e:24:ad:4d:b0:d5:9e:
d0:62:ea:59
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgICGQ8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQjA4
QjkxOEQyRDQ1QjYzNzFBQ0I5NzcwNzQzNTUzRDFCRjIyNDcwODAeFw0yNDA3MDQw
ODMwMTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBERkRFNEEwNDM0Mjk1
NkRFRkQ2OTQ2NTU2QUM0NkZDQkRDNzhEMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKhTUhFurKv6EauOhb8CXytO+kTXDEjhXXY34wMLHcF2ORpXJ1
xVl6Ca+34eyqwBYY+HyuOMgO5nI1pI0HkCPGyMtj/xcLLQA51JZX43Gr9EuDjxtz
aY8cJkgAW3Lsv0hA35JQAaiD8c2SGNpYEOulrppjJ/9RXrAVenSchFD3WAVDu6jq
/2j8fgHYVyUxjDkDsE6MzHL/NqsFsmq+deY8gi1kYDpgvL6MuFVFWobZi+8IuH7S
X0YGXgc1l26QE7qgz+M7p/fy8BgGMXDi9p4+It1ypm4OyU+MyF980T/+k3GXLoVN
S/zQ43yKWLeFRwLIDGbDTrbVuqlUloJguMErAgMBAAGjggIhMIICHTAdBgNVHQ4E
FgQUDf3koENClW3v1pRlVqxG/L3HjRgwHwYDVR0jBBgwFoAUsIuRjS1Ftjcay5dw
dDVT0b8iRwgwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA0
NC9zSXVSalMxRnRqY2F5NWR3ZERWVDBiOGlSd2cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL3NJdVJqUzFGdGpjYXk1ZHdkRFZUMGI4aVJ3Zy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwNDQvRGYza29FTkNsVzN2
MXBSbFZxeEdfTDNIalJnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDBNBggrBgEFBQcBBwEB/wQ+MDwwOgQCAAEw
NAMEBg5nAAMEAQ5nSAMEAw5naAMEBXaRIDAMAwQEtLiQAwQCtLiYMAwDBAO0uKgD
BAK0uLgwDQYJKoZIhvcNAQELBQADggEBADjIEPQgnT9IqLFKqur+7EQB5sHCLNGA
E0FC1H9wAm3kWmrpTcSXmU+YCigy44w5bhtUMnXp9WodQrfOTLnIHVYU+P6dgmhN
Ehtm+AXhMxVC4hqKbld1bsU4Qh9GG8MZ7WlxbyvvZiuac1+TDIAsc1nOyL41i4pV
wEaV/O7KoGQ1d2PnnIzoZnxaWaOJAaFQHzqR2aa5qSHf7SoicznT0q4t+0fkTYXv
heQiVU9O0nVCKxifKtyG6AYjfl3KVz1QKfX75/yzl11sJ0jyp6KseCTPR8g3M/Ue
6mS/WkGDDkYDT2jBuBtMywXp4MYdVmxkvD0OJDNLfiStTbDVntBi6lk=
-----END CERTIFICATE-----
Generated at Thu Jul 4 17:49:27 2024 by rpki-client on console-fra.rpki-client.org