Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/413/8-lFZ8iT2wMgT86qAwIOh60YsB0.roa
File: 8-lFZ8iT2wMgT86qAwIOh60YsB0.roa (raw, json)
Hash identifier: nM/ZuDDLjXiQuYqJWbE3fVPOWLqP7IpOkeIekpWi12Y=
Subject key identifier: F3:E9:45:67:C8:93:DB:03:20:4F:CE:AA:03:02:0E:87:AD:18:B0:1D
Certificate issuer: /CN=C65BF57BDC9B5BE7D97E0D65AA4222B1EFAABEAA
Certificate serial: 04F3
Authority key identifier: C6:5B:F5:7B:DC:9B:5B:E7:D9:7E:0D:65:AA:42:22:B1:EF:AA:BE:AA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/xlv1e9ybW-fZfg1lqkIise-qvqo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/8-lFZ8iT2wMgT86qAwIOh60YsB0.roa
Signing time: Mon 18 Sep 2023 03:38:44 +0000
ROA not before: Mon 18 Sep 2023 03:38:44 +0000
ROA not after: Sat 10 Aug 2024 07:41:13 +0000
asID: 34549
IP address blocks: 123.98.64.0/22 maxlen: 24
123.98.72.0/22 maxlen: 24
123.98.80.0/22 maxlen: 24
123.98.100.0/22 maxlen: 24
210.79.68.0/23 maxlen: 24
210.79.77.0/24 maxlen: 24
210.79.89.0/24 maxlen: 24
210.79.90.0/24 maxlen: 24
210.79.91.0/24 maxlen: 24
210.79.101.0/24 maxlen: 24
210.79.112.0/24 maxlen: 24
210.79.114.0/24 maxlen: 24
210.79.115.0/24 maxlen: 24
211.149.32.0/22 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1267 (0x4f3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=C65BF57BDC9B5BE7D97E0D65AA4222B1EFAABEAA
Validity
Not Before: Sep 18 03:38:44 2023 GMT
Not After : Aug 10 07:41:13 2024 GMT
Subject: CN=F3E94567C893DB03204FCEAA03020E87AD18B01D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:0d:b0:65:95:32:c1:f7:7f:11:96:10:d2:6d:
8c:ee:96:be:f1:71:84:d9:8b:4f:f6:41:7c:a5:bd:
8d:e2:7e:e7:d1:1b:04:60:ed:be:4c:74:a3:6f:af:
c4:4f:c9:3a:e8:5b:b7:dd:ce:68:85:17:8b:60:ce:
79:c8:95:1a:92:9c:8e:c0:52:59:83:a6:39:0f:17:
93:d1:6f:65:48:ae:ed:db:73:0b:b0:c2:54:23:48:
b0:20:83:69:80:e7:0b:78:19:79:70:66:a7:3d:f4:
6c:a6:ba:9d:e7:2d:a0:75:cf:14:27:5e:d1:c9:6d:
86:bc:1d:2e:a4:3d:14:26:6e:9e:c6:8e:45:a2:91:
5e:ad:05:00:61:74:c9:48:ae:1d:d4:aa:2d:c4:bb:
77:60:5a:76:cb:af:82:a8:46:4e:56:5c:c8:2b:af:
22:78:14:5c:35:bf:ed:d6:2f:dc:f1:34:a0:6e:77:
61:61:11:8d:78:20:30:5a:c0:f6:6b:5b:e9:db:80:
c7:3f:98:43:94:bd:7e:74:d4:e4:e3:31:06:75:24:
fe:41:3b:c4:8c:89:18:75:71:a6:7e:cd:09:e7:59:
32:12:5e:10:45:46:73:24:b4:40:ae:de:c7:7f:29:
1f:83:82:8f:97:81:55:18:7c:b0:d0:f0:51:52:d4:
65:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:E9:45:67:C8:93:DB:03:20:4F:CE:AA:03:02:0E:87:AD:18:B0:1D
X509v3 Authority Key Identifier:
keyid:C6:5B:F5:7B:DC:9B:5B:E7:D9:7E:0D:65:AA:42:22:B1:EF:AA:BE:AA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/xlv1e9ybW-fZfg1lqkIise-qvqo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/xlv1e9ybW-fZfg1lqkIise-qvqo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/8-lFZ8iT2wMgT86qAwIOh60YsB0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
123.98.64.0/22
123.98.72.0/22
123.98.80.0/22
123.98.100.0/22
210.79.68.0/23
210.79.77.0/24
210.79.89.0-210.79.91.255
210.79.101.0/24
210.79.112.0/24
210.79.114.0/23
211.149.32.0/22
Signature Algorithm: sha256WithRSAEncryption
a6:61:5e:93:fe:9b:53:4d:b0:77:7d:92:e0:59:ca:3a:cc:a1:
c0:fd:31:2f:65:09:98:b4:b5:51:f9:9f:ab:32:05:68:12:5c:
aa:53:d4:fa:8c:84:da:52:8b:7a:4d:9e:7e:00:3e:cf:f5:e2:
a5:86:ff:93:a9:d4:10:e5:9e:7f:1a:81:f9:37:01:f6:69:61:
b9:ad:b9:9a:da:18:28:54:a3:26:56:b3:13:88:e7:1d:b4:05:
8e:75:d2:5f:65:1d:1b:ff:9a:e4:68:0c:05:c8:46:82:ec:5f:
21:03:0c:72:36:8a:de:51:e1:31:09:37:c3:82:b1:db:25:c6:
4f:de:0f:0f:0d:96:f8:0e:c0:ff:4b:bd:79:79:d0:45:eb:f3:
b1:e4:2b:89:e5:d8:bf:20:c7:61:67:ce:4b:7b:33:cc:f4:7b:
69:76:77:a1:0d:83:1a:7d:76:fc:22:c6:83:4e:5e:df:fd:12:
d6:9f:52:9a:80:7b:04:c9:7d:70:81:26:c3:69:d9:35:a0:f0:
f3:80:1b:f3:58:d2:12:01:c4:67:d1:b8:0b:e1:35:d9:37:fd:
b5:ba:ed:8f:2d:12:b7:0c:56:aa:e5:f8:66:c7:b6:89:6b:37:
35:da:63:4f:d1:6e:37:d9:59:f5:36:2d:7b:d5:01:e1:1e:9f:
ad:d4:f3:9f
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgICBPMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQzY1
QkY1N0JEQzlCNUJFN0Q5N0UwRDY1QUE0MjIyQjFFRkFBQkVBQTAeFw0yMzA5MTgw
MzM4NDRaFw0yNDA4MTAwNzQxMTNaMDMxMTAvBgNVBAMTKEYzRTk0NTY3Qzg5M0RC
MDMyMDRGQ0VBQTAzMDIwRTg3QUQxOEIwMUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8DbBllTLB938RlhDSbYzulr7xcYTZi0/2QXylvY3ifufRGwRg
7b5MdKNvr8RPyTroW7fdzmiFF4tgznnIlRqSnI7AUlmDpjkPF5PRb2VIru3bcwuw
wlQjSLAgg2mA5wt4GXlwZqc99Gymup3nLaB1zxQnXtHJbYa8HS6kPRQmbp7GjkWi
kV6tBQBhdMlIrh3Uqi3Eu3dgWnbLr4KoRk5WXMgrryJ4FFw1v+3WL9zxNKBud2Fh
EY14IDBawPZrW+nbgMc/mEOUvX501OTjMQZ1JP5BO8SMiRh1caZ+zQnnWTISXhBF
RnMktECu3sd/KR+Dgo+XgVUYfLDQ8FFS1GWDAgMBAAGjggI1MIICMTAdBgNVHQ4E
FgQU8+lFZ8iT2wMgT86qAwIOh60YsB0wHwYDVR0jBBgwFoAUxlv1e9ybW+fZfg1l
qkIise+qvqowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEz
L3hsdjFlOXliVy1mWmZnMWxxa0lpc2UtcXZxby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAveGx2MWU5eWJXLWZaZmcxbHFrSWlzZS1xdnFvLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEzLzgtbEZaOGlUMndNZ1Q4
NnFBd0lPaDYwWXNCMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYwYIKwYBBQUHAQcBAf8EVDBSMFAEAgABMEoD
BAJ7YkADBAJ7YkgDBAJ7YlADBAJ7YmQDBAHST0QDBADST00wDAMEANJPWQMEAtJP
WAMEANJPZQMEANJPcAMEAdJPcgMEAtOVIDANBgkqhkiG9w0BAQsFAAOCAQEApmFe
k/6bU02wd32S4FnKOsyhwP0xL2UJmLS1UfmfqzIFaBJcqlPU+oyE2lKLek2efgA+
z/XipYb/k6nUEOWefxqB+TcB9mlhua25mtoYKFSjJlazE4jnHbQFjnXSX2UdG/+a
5GgMBchGguxfIQMMcjaK3lHhMQk3w4Kx2yXGT94PDw2W+A7A/0u9eXnQRevzseQr
ieXYvyDHYWfOS3szzPR7aXZ3oQ2DGn12/CLGg05e3/0S1p9SmoB7BMl9cIEmw2nZ
NaDw84Ab81jSEgHEZ9G4C+E12Tf9tbrtjy0StwxWquX4Zse2iWs3NdpjT9FuN9lZ
9TYte9UB4R6frdTznw==
-----END CERTIFICATE-----
Generated at Mon Sep 25 10:44:04 2023 by rpki-client on console-fra.rpki-client.org