Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3044/skOiHUAuStOibgWnXkZPTQHXwic.roa
File: skOiHUAuStOibgWnXkZPTQHXwic.roa (raw, json)
Hash identifier: vJsU9qOA+657IL4UeFtUAFdZjOKe/Zjb56ZpbdWiXoc=
Subject key identifier: B2:43:A2:1D:40:2E:4A:D3:A2:6E:05:A7:5E:46:4F:4D:01:D7:C2:27
Certificate issuer: /CN=B08B918D2D45B6371ACB9770743553D1BF224708
Certificate serial: 21DC
Authority key identifier: B0:8B:91:8D:2D:45:B6:37:1A:CB:97:70:74:35:53:D1:BF:22:47:08
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/sIuRjS1Ftjcay5dwdDVT0b8iRwg.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3044/skOiHUAuStOibgWnXkZPTQHXwic.roa
Signing time: Sat 13 Sep 2025 03:09:03 +0000
ROA not before: Sat 13 Sep 2025 03:09:03 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 4811
IP address blocks: 14.103.88.0/21 maxlen: 24
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8668 (0x21dc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=B08B918D2D45B6371ACB9770743553D1BF224708
Validity
Not Before: Sep 13 03:09:03 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=B243A21D402E4AD3A26E05A75E464F4D01D7C227
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:49:18:7c:2a:56:a5:80:fd:ca:aa:7f:f0:ca:
f2:59:bd:4c:77:4a:bb:74:59:29:89:37:60:57:49:
9a:ca:1a:ef:f2:63:0d:44:4e:09:cf:9d:ea:ed:d2:
63:80:8f:ab:c9:0a:ed:35:fd:e4:50:0d:33:4d:87:
f5:bd:67:d5:22:cc:9a:31:63:f0:05:e0:c8:a8:6f:
5b:af:17:47:a8:24:17:e7:e6:31:e0:c4:aa:06:6e:
b4:34:ee:6d:f3:96:65:b8:40:f8:5d:39:76:21:16:
b9:21:b5:48:fd:36:4b:f9:82:5d:e7:6b:c6:6d:1b:
16:70:39:12:b1:0d:e3:b2:ba:16:3c:30:59:16:9a:
c3:cc:42:78:74:50:c5:26:ae:2a:41:45:60:ec:85:
0a:e5:67:91:0a:fb:37:df:55:ef:0c:98:15:c7:6f:
6c:c5:48:b7:73:86:52:67:33:15:95:39:fe:e1:5f:
93:ad:77:83:b7:c8:69:e7:d8:2d:4c:f0:31:45:ee:
3c:08:9b:12:d0:01:25:30:5f:2a:3b:44:8e:33:13:
19:2c:1c:28:72:29:19:b0:57:62:66:b5:1a:42:d3:
ba:eb:cc:57:38:43:48:bc:cd:94:37:59:1e:e3:9a:
95:04:63:19:55:65:0d:1f:3a:68:0c:5b:26:1b:08:
a5:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:43:A2:1D:40:2E:4A:D3:A2:6E:05:A7:5E:46:4F:4D:01:D7:C2:27
X509v3 Authority Key Identifier:
keyid:B0:8B:91:8D:2D:45:B6:37:1A:CB:97:70:74:35:53:D1:BF:22:47:08
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3044/sIuRjS1Ftjcay5dwdDVT0b8iRwg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/sIuRjS1Ftjcay5dwdDVT0b8iRwg.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3044/skOiHUAuStOibgWnXkZPTQHXwic.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
14.103.88.0/21
Signature Algorithm: sha256WithRSAEncryption
58:b6:1d:96:b7:c9:75:1b:2f:14:3e:dc:bf:8e:4e:ac:f6:f0:
44:e9:0c:95:02:22:6a:9b:e5:09:35:c9:45:02:74:71:d6:b8:
4d:82:44:2c:61:e5:5b:1d:ea:eb:1e:56:68:5c:b7:7a:11:83:
2d:57:f5:f3:a4:f6:e3:6f:60:5f:8a:0a:43:b6:40:88:03:f3:
1c:b4:bf:2a:6a:28:29:f8:fc:c7:b5:6d:9e:a5:c5:4d:37:da:
6b:62:4c:32:62:28:9e:7f:60:2c:01:07:b9:a6:1a:f0:19:0c:
46:72:5e:2a:07:88:0a:7c:60:e0:4e:9d:27:7a:b1:fb:9c:64:
60:6f:f6:46:be:8c:52:c8:ba:18:91:22:fc:d1:63:c6:3f:ce:
77:75:31:08:df:ed:75:f9:5b:bd:eb:53:24:92:a2:f1:a8:84:
e6:bd:ad:d5:73:9c:ed:a9:f7:55:39:a9:97:57:c1:f6:12:32:
36:5f:2a:8d:ed:1d:59:27:73:fc:d5:79:df:ae:2c:fb:54:5f:
16:54:1f:bf:0c:44:c0:f2:19:0c:d8:52:a0:3e:32:27:1e:eb:
49:a9:82:7c:26:b9:0e:01:ab:b8:cd:f1:6e:1f:b2:ac:5d:29:
e9:b2:58:b8:56:18:43:ae:fc:05:53:00:e8:ef:e8:12:f9:89:
d5:e2:90:e7
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICIdwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQjA4
QjkxOEQyRDQ1QjYzNzFBQ0I5NzcwNzQzNTUzRDFCRjIyNDcwODAeFw0yNTA5MTMw
MzA5MDNaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEIyNDNBMjFENDAyRTRB
RDNBMjZFMDVBNzVFNDY0RjREMDFEN0MyMjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHSRh8KlalgP3Kqn/wyvJZvUx3Srt0WSmJN2BXSZrKGu/yYw1E
TgnPnert0mOAj6vJCu01/eRQDTNNh/W9Z9UizJoxY/AF4Miob1uvF0eoJBfn5jHg
xKoGbrQ07m3zlmW4QPhdOXYhFrkhtUj9Nkv5gl3na8ZtGxZwORKxDeOyuhY8MFkW
msPMQnh0UMUmripBRWDshQrlZ5EK+zffVe8MmBXHb2zFSLdzhlJnMxWVOf7hX5Ot
d4O3yGnn2C1M8DFF7jwImxLQASUwXyo7RI4zExksHChyKRmwV2JmtRpC07rrzFc4
Q0i8zZQ3WR7jmpUEYxlVZQ0fOmgMWyYbCKXDAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUskOiHUAuStOibgWnXkZPTQHXwicwHwYDVR0jBBgwFoAUsIuRjS1Ftjcay5dw
dDVT0b8iRwgwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA0
NC9zSXVSalMxRnRqY2F5NWR3ZERWVDBiOGlSd2cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL3NJdVJqUzFGdGpjYXk1ZHdkRFZUMGI4aVJ3Zy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwNDQvc2tPaUhVQXVTdE9p
YmdXblhrWlBUUUhYd2ljLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAw5nWDANBgkqhkiG9w0BAQsFAAOCAQEAWLYdlrfJdRsvFD7cv45OrPbwROkM
lQIiapvlCTXJRQJ0cda4TYJELGHlWx3q6x5WaFy3ehGDLVf186T2429gX4oKQ7ZA
iAPzHLS/KmooKfj8x7VtnqXFTTfaa2JMMmIonn9gLAEHuaYa8BkMRnJeKgeICnxg
4E6dJ3qx+5xkYG/2Rr6MUsi6GJEi/NFjxj/Od3UxCN/tdflbvetTJJKi8aiE5r2t
1XOc7an3VTmpl1fB9hIyNl8qje0dWSdz/NV5364s+1RfFlQfvwxEwPIZDNhSoD4y
Jx7rSamCfCa5DgGruM3xbh+yrF0p6bJYuFYYQ678BVMA6O/oEvmJ1eKQ5w==
-----END CERTIFICATE-----
Generated at Thu Oct 23 09:34:00 2025 by rpki-client