Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/413/ZzaG_QM8bqBZkgJXnYHZxjaZMfI.roa
File: ZzaG_QM8bqBZkgJXnYHZxjaZMfI.roa (raw, json)
Hash identifier: dYDgsIl65oGGBkPYv+AYxU1ZQqcKJAmatZpivADwAH8=
Subject key identifier: 67:36:86:FD:03:3C:6E:A0:59:92:02:57:9D:81:D9:C6:36:99:31:F2
Certificate issuer: /CN=C65BF57BDC9B5BE7D97E0D65AA4222B1EFAABEAA
Certificate serial: 041E
Authority key identifier: C6:5B:F5:7B:DC:9B:5B:E7:D9:7E:0D:65:AA:42:22:B1:EF:AA:BE:AA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/xlv1e9ybW-fZfg1lqkIise-qvqo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/ZzaG_QM8bqBZkgJXnYHZxjaZMfI.roa
Signing time: Tue 15 Aug 2023 10:29:36 +0000
ROA not before: Tue 15 Aug 2023 10:29:36 +0000
ROA not after: Sat 10 Aug 2024 07:41:13 +0000
asID: 34549
IP address blocks: 123.98.64.0/22 maxlen: 24
123.98.72.0/22 maxlen: 24
123.98.80.0/22 maxlen: 24
123.98.100.0/22 maxlen: 24
210.79.68.0/23 maxlen: 24
210.79.70.0/24 maxlen: 24
210.79.71.0/24 maxlen: 24
210.79.77.0/24 maxlen: 24
210.79.90.0/24 maxlen: 24
210.79.112.0/24 maxlen: 24
210.79.114.0/24 maxlen: 24
211.149.32.0/22 maxlen: 24
211.149.40.0/22 maxlen: 24
211.149.48.0/22 maxlen: 24
211.149.52.0/22 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1054 (0x41e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=C65BF57BDC9B5BE7D97E0D65AA4222B1EFAABEAA
Validity
Not Before: Aug 15 10:29:36 2023 GMT
Not After : Aug 10 07:41:13 2024 GMT
Subject: CN=673686FD033C6EA0599202579D81D9C6369931F2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:06:20:cc:0a:f3:27:c6:e7:e1:80:6a:e7:a8:
5c:db:f0:a0:c9:03:f8:4b:ff:47:0d:d4:51:55:d3:
8d:ec:87:99:71:a0:09:f5:6f:35:98:2e:d0:f6:e2:
cd:13:30:81:e5:f9:98:bf:64:8b:9f:f7:34:c1:9a:
3b:c8:6c:f6:8b:db:af:af:10:33:c7:4e:16:2e:9a:
62:6b:cb:eb:0b:91:6d:d9:f3:ce:17:88:78:b4:b9:
48:97:1f:a4:c2:52:a9:42:63:09:8a:ba:5c:36:8b:
fd:dc:e1:8d:db:2c:08:63:83:d8:17:d9:9d:c4:fc:
f1:71:9d:a9:8d:ae:e9:6d:88:3e:ef:ec:1a:93:e9:
34:f9:0a:d3:a3:48:11:6a:0c:e3:79:7f:fc:45:34:
b8:ce:72:aa:dd:4c:86:02:1b:1a:74:73:d0:7c:9c:
b3:3f:a4:bc:c1:06:fc:5d:f4:8f:94:f2:48:44:ee:
a8:a4:08:26:23:34:f0:c3:cd:c7:23:d0:cc:11:c8:
40:44:3c:6a:d2:be:5e:c2:8a:a0:10:82:98:31:9a:
69:dd:b6:e6:fa:4e:00:b7:89:72:31:3c:1b:dc:cb:
00:d3:79:ee:7d:92:99:bc:ef:d2:ed:e8:fe:29:8b:
0d:e5:f6:51:9b:50:0b:5d:75:0b:7e:29:f1:2f:1b:
4c:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:36:86:FD:03:3C:6E:A0:59:92:02:57:9D:81:D9:C6:36:99:31:F2
X509v3 Authority Key Identifier:
keyid:C6:5B:F5:7B:DC:9B:5B:E7:D9:7E:0D:65:AA:42:22:B1:EF:AA:BE:AA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/xlv1e9ybW-fZfg1lqkIise-qvqo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/xlv1e9ybW-fZfg1lqkIise-qvqo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/413/ZzaG_QM8bqBZkgJXnYHZxjaZMfI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
123.98.64.0/22
123.98.72.0/22
123.98.80.0/22
123.98.100.0/22
210.79.68.0/22
210.79.77.0/24
210.79.90.0/24
210.79.112.0/24
210.79.114.0/24
211.149.32.0/22
211.149.40.0/22
211.149.48.0/21
Signature Algorithm: sha256WithRSAEncryption
78:37:79:9b:53:c0:2f:0f:1a:8a:f9:6b:49:f6:7e:98:6c:e3:
e7:ea:8f:f4:04:bd:93:e8:f6:56:1f:ba:97:19:f7:40:a2:15:
e3:b5:67:39:cb:4f:d7:54:92:3a:7b:9b:13:28:af:ae:f6:28:
55:05:db:92:fe:dd:b0:9c:6c:88:6f:a3:21:6c:9c:98:76:09:
99:e3:d8:76:33:e7:ef:84:46:b5:af:77:49:92:03:74:2c:74:
b8:97:a2:f0:88:e7:77:15:75:b8:4f:6f:8f:f6:be:f0:cf:d0:
6a:52:31:a3:47:df:43:43:5e:ba:a8:e4:a5:04:fa:a4:bc:dc:
72:5f:83:e0:0e:32:30:71:a1:be:ee:b7:1c:ed:94:98:a1:c3:
a4:e3:f7:47:e7:25:0b:08:e8:4c:a4:a7:5b:e2:cc:9f:74:26:
e6:7d:4c:a0:ba:9e:37:b0:b9:b7:18:79:56:b1:2c:be:78:f8:
75:8f:59:fc:9b:93:72:9e:39:a6:ba:da:f3:09:db:6d:ee:ad:
63:94:ce:7a:49:d9:0c:cc:bc:7f:76:57:78:ba:08:26:5f:d6:
f1:83:f3:b1:63:a5:17:1a:9e:81:18:87:ef:21:25:ff:13:a8:
7e:a4:66:6a:04:f2:f5:e8:b1:30:40:37:d3:34:31:f7:b0:75:
ce:28:4e:ad
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgICBB4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQzY1
QkY1N0JEQzlCNUJFN0Q5N0UwRDY1QUE0MjIyQjFFRkFBQkVBQTAeFw0yMzA4MTUx
MDI5MzZaFw0yNDA4MTAwNzQxMTNaMDMxMTAvBgNVBAMTKDY3MzY4NkZEMDMzQzZF
QTA1OTkyMDI1NzlEODFEOUM2MzY5OTMxRjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEBiDMCvMnxufhgGrnqFzb8KDJA/hL/0cN1FFV043sh5lxoAn1
bzWYLtD24s0TMIHl+Zi/ZIuf9zTBmjvIbPaL26+vEDPHThYummJry+sLkW3Z884X
iHi0uUiXH6TCUqlCYwmKulw2i/3c4Y3bLAhjg9gX2Z3E/PFxnamNrultiD7v7BqT
6TT5CtOjSBFqDON5f/xFNLjOcqrdTIYCGxp0c9B8nLM/pLzBBvxd9I+U8khE7qik
CCYjNPDDzccj0MwRyEBEPGrSvl7CiqAQgpgxmmndtub6TgC3iXIxPBvcywDTee59
kpm879Lt6P4piw3l9lGbUAtddQt+KfEvG0zxAgMBAAGjggIzMIICLzAdBgNVHQ4E
FgQUZzaG/QM8bqBZkgJXnYHZxjaZMfIwHwYDVR0jBBgwFoAUxlv1e9ybW+fZfg1l
qkIise+qvqowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEz
L3hsdjFlOXliVy1mWmZnMWxxa0lpc2UtcXZxby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAveGx2MWU5eWJXLWZaZmcxbHFrSWlzZS1xdnFvLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDEzL1p6YUdfUU04YnFCWmtn
SlhuWUhaeGphWk1mSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYQYIKwYBBQUHAQcBAf8EUjBQME4EAgABMEgD
BAJ7YkADBAJ7YkgDBAJ7YlADBAJ7YmQDBALST0QDBADST00DBADST1oDBADST3AD
BADST3IDBALTlSADBALTlSgDBAPTlTAwDQYJKoZIhvcNAQELBQADggEBAHg3eZtT
wC8PGor5a0n2fphs4+fqj/QEvZPo9lYfupcZ90CiFeO1ZznLT9dUkjp7mxMor672
KFUF25L+3bCcbIhvoyFsnJh2CZnj2HYz5++ERrWvd0mSA3QsdLiXovCI53cVdbhP
b4/2vvDP0GpSMaNH30NDXrqo5KUE+qS83HJfg+AOMjBxob7utxztlJihw6Tj90fn
JQsI6Eykp1vizJ90JuZ9TKC6njewubcYeVaxLL54+HWPWfybk3KeOaa62vMJ223u
rWOUznpJ2QzMvH92V3i6CCZf1vGD87FjpRcanoEYh+8hJf8TqH6kZmoE8vXosTBA
N9M0Mfewdc4oTq0=
Generated at Tue Aug 22 02:13:11 2023 by rpki-client on console-fra.rpki-client.org