Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/413/W8T-QNIKlrwWStz6woOD0rq2E2E.roa
File: W8T-QNIKlrwWStz6woOD0rq2E2E.roa (raw, json)
Hash identifier: rungYCZZzMThIR+lUWhlXlm/nXpC3/71fTTNA+B0w7M=
Subject key identifier: 5B:C4:FE:40:D2:0A:96:BC:16:4A:DC:FA:C2:83:83:D2:BA:B6:13:61
Certificate issuer: /CN=C65BF57BDC9B5BE7D97E0D65AA4222B1EFAABEAA
Certificate serial: 04D3
Authority key identifier: C6:5B:F5:7B:DC:9B:5B:E7:D9:7E:0D:65:AA:42:22:B1:EF:AA:BE:AA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/xlv1e9ybW-fZfg1lqkIise-qvqo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/W8T-QNIKlrwWStz6woOD0rq2E2E.roa
Signing time: Tue 12 Sep 2023 10:40:34 +0000
ROA not before: Tue 12 Sep 2023 10:40:33 +0000
ROA not after: Sat 10 Aug 2024 07:41:13 +0000
asID: 34549
IP address blocks: 123.98.64.0/22 maxlen: 24
123.98.72.0/22 maxlen: 24
123.98.80.0/22 maxlen: 24
123.98.100.0/22 maxlen: 24
210.79.68.0/23 maxlen: 24
210.79.70.0/24 maxlen: 24
210.79.71.0/24 maxlen: 24
210.79.77.0/24 maxlen: 24
210.79.89.0/24 maxlen: 24
210.79.90.0/24 maxlen: 24
210.79.91.0/24 maxlen: 24
210.79.101.0/24 maxlen: 24
210.79.112.0/24 maxlen: 24
210.79.114.0/24 maxlen: 24
210.79.115.0/24 maxlen: 24
211.149.32.0/22 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1235 (0x4d3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=C65BF57BDC9B5BE7D97E0D65AA4222B1EFAABEAA
Validity
Not Before: Sep 12 10:40:33 2023 GMT
Not After : Aug 10 07:41:13 2024 GMT
Subject: CN=5BC4FE40D20A96BC164ADCFAC28383D2BAB61361
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:ca:45:79:90:03:a5:14:a4:fb:89:a7:aa:ab:
4a:63:cc:1c:3c:cb:9c:93:e0:85:0d:1b:a2:f1:76:
ab:8e:e0:78:53:9d:4c:f4:4a:b5:97:90:86:54:65:
b1:fb:a1:a5:17:22:b4:50:ed:dd:25:03:cf:4f:f5:
2d:b6:9c:8e:f0:64:2f:e3:57:f3:b4:d1:96:c8:b6:
c1:58:c1:25:40:65:3b:e9:75:6b:b5:1a:75:fe:2e:
cb:ca:92:b4:d5:96:df:49:dd:5a:dd:0c:2f:a9:47:
3c:22:6e:c3:73:bc:49:dc:51:dd:b4:53:70:76:ab:
ce:83:b2:a9:f2:e0:18:f6:67:05:3a:84:4c:6a:bb:
83:95:9f:d3:d4:45:70:b6:05:89:9b:1c:5f:d9:99:
b9:d6:fd:e5:a4:be:fc:3b:58:f4:3a:75:cf:6c:ad:
ba:12:3c:0a:39:ea:57:2c:d5:af:a4:6b:74:a1:3a:
13:05:a6:29:aa:c3:24:5c:5a:52:e8:76:07:2a:81:
ac:9b:7c:2f:b8:95:6f:2d:ca:51:c8:65:32:a0:6a:
6b:c1:fc:a4:e5:71:c6:04:c5:85:df:c0:94:2b:37:
da:33:da:ed:7f:45:47:44:08:dc:46:b0:ec:e1:96:
b1:10:e3:e8:34:fc:b1:c3:c0:e7:1d:a5:b9:da:c4:
9a:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:C4:FE:40:D2:0A:96:BC:16:4A:DC:FA:C2:83:83:D2:BA:B6:13:61
X509v3 Authority Key Identifier:
keyid:C6:5B:F5:7B:DC:9B:5B:E7:D9:7E:0D:65:AA:42:22:B1:EF:AA:BE:AA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/xlv1e9ybW-fZfg1lqkIise-qvqo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/xlv1e9ybW-fZfg1lqkIise-qvqo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/W8T-QNIKlrwWStz6woOD0rq2E2E.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
123.98.64.0/22
123.98.72.0/22
123.98.80.0/22
123.98.100.0/22
210.79.68.0/22
210.79.77.0/24
210.79.89.0-210.79.91.255
210.79.101.0/24
210.79.112.0/24
210.79.114.0/23
211.149.32.0/22
Signature Algorithm: sha256WithRSAEncryption
44:2e:ec:fb:c0:f2:b2:a6:63:80:1d:8a:c8:fe:2b:04:f9:c5:
cd:d7:72:94:6f:43:39:cf:a5:b0:3e:52:65:68:d6:29:3d:fe:
06:06:d7:25:f5:d0:1b:83:a9:6f:6a:eb:90:55:74:20:64:cf:
6a:0d:1e:9e:69:2c:69:92:d2:01:a8:1f:e3:9b:9d:7a:f2:29:
e6:19:a9:35:d4:69:be:4b:20:63:25:48:3e:7f:c3:14:f1:59:
e6:5c:89:34:7f:ca:8e:08:21:11:a0:08:3c:2f:3c:cb:ca:ab:
71:ea:da:a4:1a:5b:00:f2:f6:2a:78:ac:5e:52:02:b8:e1:7f:
74:cf:25:0d:21:bb:c1:7a:da:18:0c:a4:0e:db:97:c4:e2:db:
be:f9:89:4f:2d:26:2d:88:aa:32:6c:46:b0:01:c4:d3:12:ed:
d4:5f:70:c4:06:86:c3:ec:f3:e5:42:93:fe:30:9e:53:9a:cf:
6d:6f:72:22:45:96:59:8f:ff:ba:f7:5f:93:9a:11:20:90:6e:
c0:01:c7:0c:7b:b8:7f:dd:43:e7:07:ea:98:ac:22:4b:d6:a9:
05:c4:17:6f:bb:2d:8b:44:c4:b0:88:7c:6b:8f:f7:cf:29:91:
be:14:f8:5f:e2:2a:0a:ff:bb:0c:67:13:ce:91:cf:41:09:1b:
40:6d:c8:38
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgICBNMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQzY1
QkY1N0JEQzlCNUJFN0Q5N0UwRDY1QUE0MjIyQjFFRkFBQkVBQTAeFw0yMzA5MTIx
MDQwMzNaFw0yNDA4MTAwNzQxMTNaMDMxMTAvBgNVBAMTKDVCQzRGRTQwRDIwQTk2
QkMxNjRBRENGQUMyODM4M0QyQkFCNjEzNjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5ykV5kAOlFKT7iaeqq0pjzBw8y5yT4IUNG6LxdquO4HhTnUz0
SrWXkIZUZbH7oaUXIrRQ7d0lA89P9S22nI7wZC/jV/O00ZbItsFYwSVAZTvpdWu1
GnX+LsvKkrTVlt9J3VrdDC+pRzwibsNzvEncUd20U3B2q86Dsqny4Bj2ZwU6hExq
u4OVn9PURXC2BYmbHF/ZmbnW/eWkvvw7WPQ6dc9srboSPAo56lcs1a+ka3ShOhMF
pimqwyRcWlLodgcqgaybfC+4lW8tylHIZTKgamvB/KTlccYExYXfwJQrN9oz2u1/
RUdECNxGsOzhlrEQ4+g0/LHDwOcdpbnaxJoxAgMBAAGjggI1MIICMTAdBgNVHQ4E
FgQUW8T+QNIKlrwWStz6woOD0rq2E2EwHwYDVR0jBBgwFoAUxlv1e9ybW+fZfg1l
qkIise+qvqowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEz
L3hsdjFlOXliVy1mWmZnMWxxa0lpc2UtcXZxby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAveGx2MWU5eWJXLWZaZmcxbHFrSWlzZS1xdnFvLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEzL1c4VC1RTklLbHJ3V1N0
ejZ3b09EMHJxMkUyRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYwYIKwYBBQUHAQcBAf8EVDBSMFAEAgABMEoD
BAJ7YkADBAJ7YkgDBAJ7YlADBAJ7YmQDBALST0QDBADST00wDAMEANJPWQMEAtJP
WAMEANJPZQMEANJPcAMEAdJPcgMEAtOVIDANBgkqhkiG9w0BAQsFAAOCAQEARC7s
+8DysqZjgB2KyP4rBPnFzddylG9DOc+lsD5SZWjWKT3+BgbXJfXQG4Opb2rrkFV0
IGTPag0enmksaZLSAagf45udevIp5hmpNdRpvksgYyVIPn/DFPFZ5lyJNH/Kjggh
EaAIPC88y8qrcerapBpbAPL2KnisXlICuOF/dM8lDSG7wXraGAykDtuXxOLbvvmJ
Ty0mLYiqMmxGsAHE0xLt1F9wxAaGw+zz5UKT/jCeU5rPbW9yIkWWWY//uvdfk5oR
IJBuwAHHDHu4f91D5wfqmKwiS9apBcQXb7sti0TEsIh8a4/3zymRvhT4X+IqCv+7
DGcTzpHPQQkbQG3IOA==
Generated at Mon Sep 18 04:13:50 2023 by rpki-client on console-fra.rpki-client.org