Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3095/NDt9_Zy5xFmNFH8DWWCQrHH-AF0.roa
File: NDt9_Zy5xFmNFH8DWWCQrHH-AF0.roa (raw, json)
Hash identifier: FjYOpNGlHchQ1H5lVdER0sT7OhXYwZRVxoySSzp2x6o=
Subject key identifier: 34:3B:7D:FD:9C:B9:C4:59:8D:14:7F:03:59:60:90:AC:71:FE:00:5D
Certificate issuer: /CN=CB16707EAF0BDFD1326AFD9BDEC6AFFA6E63BA98
Certificate serial: 0CC8
Authority key identifier: CB:16:70:7E:AF:0B:DF:D1:32:6A:FD:9B:DE:C6:AF:FA:6E:63:BA:98
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/yxZwfq8L39Eyav2b3sav-m5jupg.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3095/NDt9_Zy5xFmNFH8DWWCQrHH-AF0.roa
Signing time: Wed 09 Jul 2025 11:23:20 +0000
ROA not before: Wed 09 Jul 2025 11:23:20 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4134
IP address blocks: 202.46.224.0/20 maxlen: 24
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3272 (0xcc8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=CB16707EAF0BDFD1326AFD9BDEC6AFFA6E63BA98
Validity
Not Before: Jul 9 11:23:20 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=343B7DFD9CB9C4598D147F03596090AC71FE005D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f6:8a:68:23:b4:7e:ca:27:2a:b3:bd:5c:d8:80:
c3:c3:37:34:8c:8e:85:6b:c4:e2:8d:86:54:94:ef:
26:31:c5:57:76:2c:41:c2:27:c0:23:f2:de:4c:90:
0d:b1:e4:c9:d9:50:30:50:ca:b4:45:81:f8:30:8d:
69:22:d2:58:57:73:ba:5f:21:3c:5c:41:ca:14:26:
6f:02:78:af:40:fb:8d:cc:0b:11:7f:fe:02:c4:21:
e2:2b:12:c7:d9:73:ed:19:33:73:58:45:df:5d:e4:
49:3f:95:e5:2a:a1:94:ed:14:9f:75:5e:51:82:0a:
e5:6e:62:f6:54:ea:a4:c9:9a:1a:ee:6b:18:e8:41:
fd:e1:32:0e:65:77:ec:7e:d4:45:1b:50:66:56:45:
90:00:30:9d:5c:7a:08:97:71:dd:07:70:fc:f5:df:
c6:c8:1b:d3:ba:92:1c:7c:3c:15:00:d2:a7:c0:52:
b8:6f:4e:2c:61:0e:97:30:f4:68:f4:41:95:94:a0:
00:4a:de:b5:d4:d9:a2:94:11:0e:fc:59:33:3d:63:
61:43:bc:d4:19:57:ba:8d:cb:72:49:5e:2a:19:c6:
8f:ee:b3:07:3e:66:e7:33:29:0d:e4:08:2a:a3:dc:
9d:9f:37:5a:ce:fc:bc:fe:58:1b:d6:ab:b2:a1:70:
d6:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:3B:7D:FD:9C:B9:C4:59:8D:14:7F:03:59:60:90:AC:71:FE:00:5D
X509v3 Authority Key Identifier:
keyid:CB:16:70:7E:AF:0B:DF:D1:32:6A:FD:9B:DE:C6:AF:FA:6E:63:BA:98
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3095/yxZwfq8L39Eyav2b3sav-m5jupg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/yxZwfq8L39Eyav2b3sav-m5jupg.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3095/NDt9_Zy5xFmNFH8DWWCQrHH-AF0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
202.46.224.0/20
Signature Algorithm: sha256WithRSAEncryption
6b:7a:a5:3c:87:12:09:a1:af:1b:09:00:b3:08:38:89:54:be:
b6:1a:84:91:fd:20:92:ae:4c:ec:ca:48:45:02:a2:20:93:0f:
de:b3:30:d4:7a:4d:72:ca:04:5f:22:72:1a:84:83:82:9e:e1:
81:5b:51:dd:88:3c:08:ae:5a:16:6b:72:3f:67:6b:78:16:2d:
02:d6:30:8f:82:c7:2a:e8:dc:22:a2:b1:81:40:09:b7:a7:8a:
d4:ae:57:a2:2e:60:70:96:a7:13:f5:45:0a:b9:a5:ec:ec:67:
e2:9c:76:ac:a0:95:85:2f:34:57:79:2f:0b:34:bd:b3:52:bb:
eb:6c:02:67:c3:a0:7d:90:76:f0:07:a4:b3:83:c5:32:d7:d6:
eb:a4:c5:47:df:68:cb:7b:3b:6d:51:fd:c8:dc:65:fb:09:c6:
f8:3b:83:32:5b:12:24:49:36:1a:c4:1b:67:3b:c6:15:07:9d:
12:bc:e8:4e:ae:d4:14:01:c1:2c:ec:b5:9c:b5:8d:8c:84:dd:
86:37:d9:50:80:22:b7:ce:ab:10:3b:24:65:1c:ac:c3:bc:2e:
5f:2d:fc:f8:b6:5d:13:ea:b4:a2:0d:18:4b:44:85:c3:f0:fb:
30:69:b2:06:18:c3:7b:bb:f8:df:c6:6d:27:c5:85:9c:c4:41:
6c:2a:29:36
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICDMgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQ0Ix
NjcwN0VBRjBCREZEMTMyNkFGRDlCREVDNkFGRkE2RTYzQkE5ODAeFw0yNTA3MDkx
MTIzMjBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM0M0I3REZEOUNCOUM0
NTk4RDE0N0YwMzU5NjA5MEFDNzFGRTAwNUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD2imgjtH7KJyqzvVzYgMPDNzSMjoVrxOKNhlSU7yYxxVd2LEHC
J8Aj8t5MkA2x5MnZUDBQyrRFgfgwjWki0lhXc7pfITxcQcoUJm8CeK9A+43MCxF/
/gLEIeIrEsfZc+0ZM3NYRd9d5Ek/leUqoZTtFJ91XlGCCuVuYvZU6qTJmhruaxjo
Qf3hMg5ld+x+1EUbUGZWRZAAMJ1cegiXcd0HcPz138bIG9O6khx8PBUA0qfAUrhv
TixhDpcw9Gj0QZWUoABK3rXU2aKUEQ78WTM9Y2FDvNQZV7qNy3JJXioZxo/uswc+
ZuczKQ3kCCqj3J2fN1rO/Lz+WBvWq7KhcNZHAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUNDt9/Zy5xFmNFH8DWWCQrHH+AF0wHwYDVR0jBBgwFoAUyxZwfq8L39Eyav2b
3sav+m5jupgwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
NS95eFp3ZnE4TDM5RXlhdjJiM3Nhdi1tNWp1cGcuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL3l4WndmcThMMzlFeWF2MmIzc2F2LW01anVwZy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTUvTkR0OV9aeTV4Rm1O
Rkg4RFdXQ1FySEgtQUYwLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEBMou4DANBgkqhkiG9w0BAQsFAAOCAQEAa3qlPIcSCaGvGwkAswg4iVS+thqE
kf0gkq5M7MpIRQKiIJMP3rMw1HpNcsoEXyJyGoSDgp7hgVtR3Yg8CK5aFmtyP2dr
eBYtAtYwj4LHKujcIqKxgUAJt6eK1K5Xoi5gcJanE/VFCrml7Oxn4px2rKCVhS80
V3kvCzS9s1K762wCZ8OgfZB28Aeks4PFMtfW66TFR99oy3s7bVH9yNxl+wnG+DuD
MlsSJEk2GsQbZzvGFQedErzoTq7UFAHBLOy1nLWNjITdhjfZUIAit86rEDskZRys
w7wuXy38+LZdE+q0og0YS0SFw/D7MGmyBhjDe7v438ZtJ8WFnMRBbCopNg==
-----END CERTIFICATE-----
Generated at Thu Oct 23 09:27:53 2025 by rpki-client