Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1082/cbKUR4BQHdrUir8bbKDhSJs8Mvw.roa
File: cbKUR4BQHdrUir8bbKDhSJs8Mvw.roa (raw, json)
Hash identifier: xi3EzrF8AJJluHP7mpwsm0sUqDojImmwuHEyhBXFSF8=
Subject key identifier: 71:B2:94:47:80:50:1D:DA:D4:8A:BF:1B:6C:A0:E1:48:9B:3C:32:FC
Certificate issuer: /CN=03C2468111EA1C54EF8B3CCDEFAE516C309A6EC8
Certificate serial: 17D0
Authority key identifier: 03:C2:46:81:11:EA:1C:54:EF:8B:3C:CD:EF:AE:51:6C:30:9A:6E:C8
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/A8JGgRHqHFTvizzN765RbDCabsg.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1082/cbKUR4BQHdrUir8bbKDhSJs8Mvw.roa
Signing time: Tue 14 Oct 2025 03:16:49 +0000
ROA not before: Tue 14 Oct 2025 03:16:49 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 134765
IP address blocks: 43.228.76.0/22 maxlen: 22
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6096 (0x17d0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=03C2468111EA1C54EF8B3CCDEFAE516C309A6EC8
Validity
Not Before: Oct 14 03:16:49 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=71B2944780501DDAD48ABF1B6CA0E1489B3C32FC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:eb:3e:c6:d0:5b:76:41:ab:c8:1d:7f:24:fc:
a4:ad:b1:29:01:24:e7:c3:0a:13:08:82:3d:6d:1a:
b2:15:69:9f:56:09:a9:61:60:cc:cc:15:9d:91:97:
15:41:ea:3d:9f:da:df:e1:df:e3:02:5f:24:91:ee:
58:26:49:36:14:1f:ec:b7:0e:5a:39:db:0d:95:95:
c2:ca:a9:29:3f:65:90:94:8d:6b:fb:2d:49:7e:4e:
07:59:7e:7d:34:37:4f:ad:03:82:83:82:54:3b:82:
40:9e:3e:e3:28:01:7f:31:69:dc:04:89:21:b4:38:
5c:87:94:bb:f2:97:be:3e:e6:aa:d7:b7:f1:c2:db:
c1:e5:1f:5d:84:c1:3b:47:8b:f7:e9:32:ac:ac:38:
c0:33:5b:55:44:63:37:eb:87:7f:a8:ca:b9:19:68:
2a:50:6b:49:28:52:5c:47:d2:0f:ce:13:2f:4f:41:
51:d8:99:12:be:ee:57:3b:d9:24:89:40:e4:54:74:
c6:f7:4c:ef:09:5c:70:71:53:c7:3a:a8:03:2c:8e:
81:df:12:73:d5:f0:3d:0a:82:26:90:fa:5f:93:ea:
dc:56:32:a9:42:36:21:e6:60:a1:1a:58:15:3b:5c:
f5:df:e2:32:7a:88:3c:8f:af:06:8f:aa:66:77:09:
aa:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:B2:94:47:80:50:1D:DA:D4:8A:BF:1B:6C:A0:E1:48:9B:3C:32:FC
X509v3 Authority Key Identifier:
keyid:03:C2:46:81:11:EA:1C:54:EF:8B:3C:CD:EF:AE:51:6C:30:9A:6E:C8
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1082/A8JGgRHqHFTvizzN765RbDCabsg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/A8JGgRHqHFTvizzN765RbDCabsg.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1082/cbKUR4BQHdrUir8bbKDhSJs8Mvw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.228.76.0/22
Signature Algorithm: sha256WithRSAEncryption
ad:f0:fe:c0:8f:63:80:4a:cc:1f:7a:75:04:1b:b8:f7:fa:53:
c8:02:be:94:09:a2:dc:c7:5f:31:09:d7:b6:f1:11:8a:05:ec:
99:44:82:ad:f7:1d:6f:3b:2f:64:55:13:c2:3e:f2:6e:05:cf:
a5:69:ca:a3:d0:04:72:d4:49:2d:ca:3b:d6:ea:9a:49:6f:0f:
da:af:8a:d5:1b:17:56:62:72:6e:d0:41:fc:89:79:e6:6b:cd:
bb:fd:82:4f:f2:06:49:e0:1d:30:71:c8:6a:0d:6f:9c:f1:b4:
43:0a:2a:34:74:94:71:72:e5:a3:27:f1:aa:cc:25:65:85:82:
c6:0a:52:62:e9:f7:94:19:1f:26:06:2a:e8:81:2c:37:62:16:
0e:1f:51:2d:52:91:cb:c2:f6:ce:19:6d:7e:e9:29:a8:50:a1:
52:18:8a:01:62:d6:36:5f:62:5b:bb:41:39:3a:cb:f9:32:5f:
a9:58:2e:e1:4b:59:7f:15:1f:51:2a:b0:f0:27:34:2e:cb:a7:
a1:e2:de:b8:71:b3:eb:d9:75:a2:8e:d8:09:1a:f0:8e:48:75:
20:8b:76:29:ea:aa:86:52:bb:38:b6:ee:3f:ef:e2:03:31:28:
76:d7:41:4e:87:0a:b7:3a:c8:b4:03:19:6e:df:0a:64:65:6e:
5e:ef:ea:15
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICF9AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMDND
MjQ2ODExMUVBMUM1NEVGOEIzQ0NERUZBRTUxNkMzMDlBNkVDODAeFw0yNTEwMTQw
MzE2NDlaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDcxQjI5NDQ3ODA1MDFE
REFENDhBQkYxQjZDQTBFMTQ4OUIzQzMyRkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDh6z7G0Ft2QavIHX8k/KStsSkBJOfDChMIgj1tGrIVaZ9WCalh
YMzMFZ2RlxVB6j2f2t/h3+MCXySR7lgmSTYUH+y3Dlo52w2VlcLKqSk/ZZCUjWv7
LUl+TgdZfn00N0+tA4KDglQ7gkCePuMoAX8xadwEiSG0OFyHlLvyl74+5qrXt/HC
28HlH12EwTtHi/fpMqysOMAzW1VEYzfrh3+oyrkZaCpQa0koUlxH0g/OEy9PQVHY
mRK+7lc72SSJQORUdMb3TO8JXHBxU8c6qAMsjoHfEnPV8D0KgiaQ+l+T6txWMqlC
NiHmYKEaWBU7XPXf4jJ6iDyPrwaPqmZ3CarlAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUcbKUR4BQHdrUir8bbKDhSJs8MvwwHwYDVR0jBBgwFoAUA8JGgRHqHFTvizzN
765RbDCabsgwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTA4
Mi9BOEpHZ1JIcUhGVHZpenpONzY1UmJEQ2Fic2cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL0E4SkdnUkhxSEZUdml6ek43NjVSYkRDYWJzZy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzEwODIvY2JLVVI0QlFIZHJV
aXI4YmJLRGhTSnM4TXZ3LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAivkTDANBgkqhkiG9w0BAQsFAAOCAQEArfD+wI9jgErMH3p1BBu49/pTyAK+
lAmi3MdfMQnXtvERigXsmUSCrfcdbzsvZFUTwj7ybgXPpWnKo9AEctRJLco71uqa
SW8P2q+K1RsXVmJybtBB/Il55mvNu/2CT/IGSeAdMHHIag1vnPG0QwoqNHSUcXLl
oyfxqswlZYWCxgpSYun3lBkfJgYq6IEsN2IWDh9RLVKRy8L2zhltfukpqFChUhiK
AWLWNl9iW7tBOTrL+TJfqVgu4UtZfxUfUSqw8Cc0LsunoeLeuHGz69l1oo7YCRrw
jkh1IIt2KeqqhlK7OLbuP+/iAzEodtdBTocKtzrItAMZbt8KZGVuXu/qFQ==
-----END CERTIFICATE-----
Generated at Wed Nov 5 16:25:38 2025 by rpki-client