Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/817/-hutihBOvX_asqLI8j4H0-c4fCQ.roa
File: -hutihBOvX_asqLI8j4H0-c4fCQ.roa (raw, json)
Hash identifier: 9jMeLrBTZKXb6epqoeinQkvpX5pVP8pboe7Asollqko=
Subject key identifier: FA:1B:AD:8A:10:4E:BD:7F:DA:B2:A2:C8:F2:3E:07:D3:E7:38:7C:24
Certificate issuer: /CN=2A711AA7DC60049B0B0D884897E015B1171F37B9
Certificate serial: 21FF
Authority key identifier: 2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/-hutihBOvX_asqLI8j4H0-c4fCQ.roa
Signing time: Sat 13 Sep 2025 03:03:49 +0000
ROA not before: Sat 13 Sep 2025 03:03:49 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 23724
IP address blocks: 2401:3480::/36 maxlen: 36
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8703 (0x21ff)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2A711AA7DC60049B0B0D884897E015B1171F37B9
Validity
Not Before: Sep 13 03:03:49 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=FA1BAD8A104EBD7FDAB2A2C8F23E07D3E7387C24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:86:01:f9:95:df:9a:04:6d:d5:c2:8b:d7:f9:
00:3a:1e:cf:d2:42:bf:1e:cc:f8:62:d6:12:ea:00:
65:21:8c:06:51:2b:59:65:1d:1f:6e:b9:92:86:1b:
7a:3e:bf:d0:27:de:25:51:66:4d:43:5e:41:90:59:
c2:d6:37:7d:3d:a6:95:bc:bf:a2:5f:44:75:06:0b:
22:7f:1b:b1:01:f5:33:6e:04:df:37:d2:91:b4:8f:
6e:87:38:96:85:49:5e:2c:86:b7:04:bb:33:9e:02:
29:45:62:4e:48:aa:3b:53:d9:fe:62:0f:1e:4e:04:
6c:16:89:55:d2:85:04:06:fc:42:45:86:51:c8:73:
9d:63:13:7a:20:f8:90:55:9b:b6:a0:66:1b:61:13:
a6:13:be:d8:59:6f:bf:53:81:f1:0d:12:2a:e2:9b:
11:99:e2:b7:63:99:e1:3a:00:a2:3b:a5:df:51:a8:
5c:1a:7c:2f:14:f4:1e:48:05:1a:29:85:32:1e:34:
f5:af:d3:71:e8:2b:b8:b1:c2:05:39:f7:57:80:9e:
27:7f:76:e0:5c:f2:7b:f0:4a:9b:e4:28:82:a6:d0:
06:2a:14:d6:52:bc:2c:56:46:23:63:01:50:0d:a5:
b3:96:5c:b7:17:50:37:04:86:72:58:a5:d9:f1:75:
40:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:1B:AD:8A:10:4E:BD:7F:DA:B2:A2:C8:F2:3E:07:D3:E7:38:7C:24
X509v3 Authority Key Identifier:
keyid:2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/-hutihBOvX_asqLI8j4H0-c4fCQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2401:3480::/36
Signature Algorithm: sha256WithRSAEncryption
44:00:80:e2:33:a5:cd:ad:5c:ca:05:8f:82:6d:00:6a:16:81:
9a:9d:70:0f:b5:77:72:80:37:fe:d5:85:2e:41:78:51:9c:1d:
2d:31:10:e1:a7:ef:8f:50:7e:12:ce:6c:44:73:7f:e4:b3:24:
7e:6e:c3:29:6b:43:49:39:d3:dc:91:74:23:c2:d3:a8:14:45:
86:09:1c:63:61:c9:a1:e2:90:43:8f:21:f7:eb:19:94:7b:47:
9c:e5:56:bb:8d:0f:98:a8:ce:6f:7f:91:aa:c8:94:6a:b1:b7:
d7:38:44:97:33:e9:54:22:83:5d:c8:60:17:62:50:72:89:db:
1e:ff:5c:7b:08:b6:e5:1b:f3:ea:bf:03:a4:03:9f:e7:7e:b6:
44:44:17:45:ca:76:a6:2b:5e:ab:e3:12:1a:df:64:c7:d7:f1:
85:51:0e:a7:ac:e4:6c:f1:17:b1:48:bb:36:21:f0:93:c4:4f:
9b:56:7b:7a:6c:89:27:1f:00:12:c3:2f:80:85:37:d6:45:1b:
32:18:a4:3e:86:30:24:02:3b:9d:b6:c6:c0:59:c5:4a:8f:42:
5d:10:8b:ea:df:d5:a4:eb:db:bb:2e:73:6e:58:d8:70:b1:8a:
b7:e5:56:d6:a5:42:da:d8:29:90:b1:86:9f:b3:a1:38:42:83:
2d:0e:f6:ef
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICIf8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkE3
MTFBQTdEQzYwMDQ5QjBCMEQ4ODQ4OTdFMDE1QjExNzFGMzdCOTAeFw0yNTA5MTMw
MzAzNDlaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEZBMUJBRDhBMTA0RUJE
N0ZEQUIyQTJDOEYyM0UwN0QzRTczODdDMjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzhgH5ld+aBG3VwovX+QA6Hs/SQr8ezPhi1hLqAGUhjAZRK1ll
HR9uuZKGG3o+v9An3iVRZk1DXkGQWcLWN309ppW8v6JfRHUGCyJ/G7EB9TNuBN83
0pG0j26HOJaFSV4shrcEuzOeAilFYk5IqjtT2f5iDx5OBGwWiVXShQQG/EJFhlHI
c51jE3og+JBVm7agZhthE6YTvthZb79TgfENEirimxGZ4rdjmeE6AKI7pd9RqFwa
fC8U9B5IBRophTIeNPWv03HoK7ixwgU591eAnid/duBc8nvwSpvkKIKm0AYqFNZS
vCxWRiNjAVANpbOWXLcXUDcEhnJYpdnxdUBDAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQU+hutihBOvX/asqLI8j4H0+c4fCQwHwYDVR0jBBgwFoAUKnEap9xgBJsLDYhI
l+AVsRcfN7kwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3
L0tuRWFwOXhnQkpzTERZaElsLUFWc1JjZk43ay5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvS25FYXA5eGdCSnNMRFloSWwtQVZzUmNmTjdrLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3Ly1odXRpaEJPdlhfYXNx
TEk4ajRIMC1jNGZDUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgD
BgQkATSAADANBgkqhkiG9w0BAQsFAAOCAQEARACA4jOlza1cygWPgm0AahaBmp1w
D7V3coA3/tWFLkF4UZwdLTEQ4afvj1B+Es5sRHN/5LMkfm7DKWtDSTnT3JF0I8LT
qBRFhgkcY2HJoeKQQ48h9+sZlHtHnOVWu40PmKjOb3+RqsiUarG31zhElzPpVCKD
XchgF2JQconbHv9cewi25Rvz6r8DpAOf5362REQXRcp2piteq+MSGt9kx9fxhVEO
p6zkbPEXsUi7NiHwk8RPm1Z7emyJJx8AEsMvgIU31kUbMhikPoYwJAI7nbbGwFnF
So9CXRCL6t/VpOvbuy5zbljYcLGKt+VW1qVC2tgpkLGGn7OhOEKDLQ727w==
-----END CERTIFICATE-----
Generated at Thu Oct 23 09:18:20 2025 by rpki-client