Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/142/hk-GaKzX-rSm-1ZO90rVE1C6s1c.roa
File: hk-GaKzX-rSm-1ZO90rVE1C6s1c.roa (raw, json)
Hash identifier: 7dMwegM6Euywana5YIFr0K4L/Vi+oLhHF0JAqBNvNyw=
Subject key identifier: 86:4F:86:68:AC:D7:FA:B4:A6:FB:56:4E:F7:4A:D5:13:50:BA:B3:57
Certificate issuer: /CN=D1BD290DA9F968E704BF240911880593E7F5AEC6
Certificate serial: 12
Authority key identifier: D1:BD:29:0D:A9:F9:68:E7:04:BF:24:09:11:88:05:93:E7:F5:AE:C6
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0b0pDan5aOcEvyQJEYgFk-f1rsY.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/142/hk-GaKzX-rSm-1ZO90rVE1C6s1c.roa
Signing time: Fri 24 Oct 2025 01:07:03 +0000
ROA not before: Fri 24 Oct 2025 01:07:03 +0000
ROA not after: Fri 23 Oct 2026 09:04:31 +0000
asID: 17962
IP address blocks: 2400:ee00::/32 maxlen: 64
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18 (0x12)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D1BD290DA9F968E704BF240911880593E7F5AEC6
Validity
Not Before: Oct 24 01:07:03 2025 GMT
Not After : Oct 23 09:04:31 2026 GMT
Subject: CN=864F8668ACD7FAB4A6FB564EF74AD51350BAB357
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:80:89:60:5b:42:6f:81:92:e4:c5:bc:bd:eb:
cd:cd:9e:66:bc:21:85:a7:b8:21:c2:5f:fe:25:73:
75:53:fa:ec:cd:48:22:ae:3f:15:20:b6:75:eb:2a:
7d:b1:1c:6f:ec:1e:db:77:88:a9:f0:0e:b9:67:ea:
59:a2:ea:e3:3d:7d:48:d0:9b:ca:7a:d8:5d:7d:98:
bf:50:c2:a4:1f:66:03:e1:8b:51:93:58:07:f3:a9:
1e:2b:c7:12:7e:7d:d9:5c:32:0d:6e:57:ba:3e:7e:
b7:2d:07:4d:07:a9:21:83:ec:4d:6a:58:65:ef:90:
44:2b:3f:36:10:86:6c:98:22:cf:f2:a5:4f:02:37:
9a:89:31:9e:af:ea:d0:dd:02:5e:7c:72:95:81:ce:
10:30:d7:8b:7a:59:10:37:cf:11:e6:5d:ef:2c:eb:
ca:65:b0:13:d9:b5:fe:6e:a8:1a:9b:d1:0a:b7:56:
6a:22:53:0a:65:90:6b:1c:5b:1a:44:4f:bc:5c:83:
ec:09:47:12:27:b3:89:f1:3b:3f:4e:b4:4d:7a:37:
8e:d3:84:e9:b2:5c:2c:58:c3:75:a8:b5:b6:b8:20:
39:9a:86:af:4a:bf:87:39:ab:52:fa:25:ec:93:32:
f9:ff:87:dc:7e:4b:b9:34:2e:f1:c7:85:92:e3:15:
80:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:4F:86:68:AC:D7:FA:B4:A6:FB:56:4E:F7:4A:D5:13:50:BA:B3:57
X509v3 Authority Key Identifier:
keyid:D1:BD:29:0D:A9:F9:68:E7:04:BF:24:09:11:88:05:93:E7:F5:AE:C6
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/142/0b0pDan5aOcEvyQJEYgFk-f1rsY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0b0pDan5aOcEvyQJEYgFk-f1rsY.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/142/hk-GaKzX-rSm-1ZO90rVE1C6s1c.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2400:ee00::/32
Signature Algorithm: sha256WithRSAEncryption
12:d2:ae:64:98:c3:70:10:c1:86:9c:79:f1:fa:f6:3e:7b:72:
b1:79:10:29:52:82:3f:0b:99:f5:5e:2b:a3:c2:6a:c3:be:23:
8c:02:f6:70:2b:fd:a4:62:c5:35:19:65:cb:de:1f:22:40:e2:
99:2e:c5:2c:33:60:91:d2:83:33:69:b4:66:a4:80:51:6d:ee:
ec:c4:a1:f1:22:75:b3:77:a7:03:d2:fb:df:53:d3:a4:4a:91:
af:17:77:05:2f:5d:e9:c7:e0:ba:36:db:a1:9b:cc:7d:53:33:
ab:c3:88:46:65:e0:2e:9f:a1:44:b0:60:15:44:2e:7d:63:ba:
10:7b:6d:64:5f:fe:59:a3:a3:08:5d:16:45:a1:39:b7:6f:3a:
91:68:e3:f4:24:c0:b3:6a:12:88:df:82:6c:56:c0:cd:38:95:
a3:18:b7:ad:f9:9f:94:6f:3a:54:45:08:41:2e:10:0b:fa:18:
42:16:10:64:01:67:04:f3:2f:12:b8:50:37:95:94:ee:17:aa:
d2:ed:51:9a:07:9e:d3:9a:8b:e2:89:d9:2b:7a:40:0d:55:71:
a7:cc:98:8d:81:87:90:4d:e5:cb:a6:2d:d4:41:77:c5:7f:4b:
88:be:39:52:24:92:cb:f0:3a:b6:10:cf:e8:6a:f0:e5:77:62:
d0:37:f3:59
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgIBEjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhEMUJE
MjkwREE5Rjk2OEU3MDRCRjI0MDkxMTg4MDU5M0U3RjVBRUM2MB4XDTI1MTAyNDAx
MDcwM1oXDTI2MTAyMzA5MDQzMVowMzExMC8GA1UEAxMoODY0Rjg2NjhBQ0Q3RkFC
NEE2RkI1NjRFRjc0QUQ1MTM1MEJBQjM1NzCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALCAiWBbQm+BkuTFvL3rzc2eZrwhhae4IcJf/iVzdVP67M1IIq4/
FSC2desqfbEcb+we23eIqfAOuWfqWaLq4z19SNCbynrYXX2Yv1DCpB9mA+GLUZNY
B/OpHivHEn592VwyDW5Xuj5+ty0HTQepIYPsTWpYZe+QRCs/NhCGbJgiz/KlTwI3
mokxnq/q0N0CXnxylYHOEDDXi3pZEDfPEeZd7yzrymWwE9m1/m6oGpvRCrdWaiJT
CmWQaxxbGkRPvFyD7AlHEiezifE7P060TXo3jtOE6bJcLFjDdai1trggOZqGr0q/
hzmrUvol7JMy+f+H3H5LuTQu8ceFkuMVgC8CAwEAAaOCAfIwggHuMB0GA1UdDgQW
BBSGT4ZorNf6tKb7Vk73StUTULqzVzAfBgNVHSMEGDAWgBTRvSkNqflo5wS/JAkR
iAWT5/WuxjAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFwGA1UdHwRVMFMwUaBP
oE2GS3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNDIv
MGIwcERhbjVhT2NFdnlRSkVZZ0ZrLWYxcnNZLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC8wYjBwRGFuNWFPY0V2eVFKRVlnRmstZjFyc1kuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBnAYIKwYBBQUHAQsEgY8wgYwwVwYIKwYBBQUHMAuGS3JzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNDIvaGstR2FLelgtclNtLTFa
TzkwclZFMUM2czFjLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNubmlj
LmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMF
ACQA7gAwDQYJKoZIhvcNAQELBQADggEBABLSrmSYw3AQwYacefH69j57crF5EClS
gj8LmfVeK6PCasO+I4wC9nAr/aRixTUZZcveHyJA4pkuxSwzYJHSgzNptGakgFFt
7uzEofEidbN3pwPS+99T06RKka8XdwUvXenH4Lo226GbzH1TM6vDiEZl4C6foUSw
YBVELn1juhB7bWRf/lmjowhdFkWhObdvOpFo4/QkwLNqEojfgmxWwM04laMYt635
n5RvOlRFCEEuEAv6GEIWEGQBZwTzLxK4UDeVlO4XqtLtUZoHntOai+KJ2St6QA1V
cafMmI2Bh5BN5cumLdRBd8V/S4i+OVIkksvwOrYQz+hq8OV3YtA381k=
-----END CERTIFICATE-----
Generated at Wed Nov 5 16:25:21 2025 by rpki-client