Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/142/qokihwJdeYt3M1tbUO747RZoNfg.roa
File: qokihwJdeYt3M1tbUO747RZoNfg.roa (raw, json)
Hash identifier: EszXXFugVyLu+4UINfCl3N87aKfP5Uzgjy6Mj3ZFdNk=
Subject key identifier: AA:89:22:87:02:5D:79:8B:77:33:5B:5B:50:EE:F8:ED:16:68:35:F8
Certificate issuer: /CN=D1BD290DA9F968E704BF240911880593E7F5AEC6
Certificate serial: 09
Authority key identifier: D1:BD:29:0D:A9:F9:68:E7:04:BF:24:09:11:88:05:93:E7:F5:AE:C6
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0b0pDan5aOcEvyQJEYgFk-f1rsY.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/142/qokihwJdeYt3M1tbUO747RZoNfg.roa
Signing time: Fri 24 Oct 2025 01:07:00 +0000
ROA not before: Fri 24 Oct 2025 01:07:00 +0000
ROA not after: Fri 23 Oct 2026 09:04:31 +0000
asID: 17962
IP address blocks: 116.76.0.0/15 maxlen: 24
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9 (0x9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D1BD290DA9F968E704BF240911880593E7F5AEC6
Validity
Not Before: Oct 24 01:07:00 2025 GMT
Not After : Oct 23 09:04:31 2026 GMT
Subject: CN=AA892287025D798B77335B5B50EEF8ED166835F8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:5e:07:2e:f8:c5:2c:57:7d:5b:c8:ee:19:03:
88:a9:7f:d4:9c:2f:a4:6a:32:fb:c4:56:d1:38:9b:
1e:be:16:83:19:59:05:a0:60:c0:3b:7c:04:7a:97:
67:ba:9b:e6:1c:c0:97:cf:92:31:4a:24:d3:58:93:
6c:d1:85:d8:90:99:7f:b7:95:3f:d5:1b:a6:49:2e:
0e:7d:5e:51:64:48:62:29:93:e8:ae:00:33:8e:b5:
64:08:a2:de:9a:0c:a0:c2:c8:f8:36:4c:2c:d7:2d:
cd:df:27:03:c7:41:52:26:d7:b6:cf:e8:c8:4e:c1:
26:7a:ff:6a:d0:da:63:95:86:65:92:31:b8:c7:25:
27:6f:9e:7a:6b:ff:77:54:56:c1:b6:2e:42:92:c5:
2d:4d:17:4b:b9:5e:cd:91:f7:7c:b4:c1:ee:25:bd:
81:4f:7d:7b:e4:62:a0:44:01:a2:e1:7b:bf:f6:f3:
bc:6e:44:15:62:db:53:d2:0e:0e:c0:89:9a:1a:34:
7a:be:87:e0:3f:3b:e6:56:d4:ae:49:37:4b:ef:d5:
76:80:48:2d:df:df:74:6a:96:37:7f:79:5e:a1:15:
ef:94:7a:44:4c:6e:49:a8:05:73:f9:dd:fb:cf:26:
f2:3a:e6:f3:40:1f:94:ec:8e:9d:2b:05:08:18:f8:
91:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:89:22:87:02:5D:79:8B:77:33:5B:5B:50:EE:F8:ED:16:68:35:F8
X509v3 Authority Key Identifier:
keyid:D1:BD:29:0D:A9:F9:68:E7:04:BF:24:09:11:88:05:93:E7:F5:AE:C6
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/142/0b0pDan5aOcEvyQJEYgFk-f1rsY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0b0pDan5aOcEvyQJEYgFk-f1rsY.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/142/qokihwJdeYt3M1tbUO747RZoNfg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
116.76.0.0/15
Signature Algorithm: sha256WithRSAEncryption
7d:44:90:b8:d5:ad:0a:cd:1e:dc:d6:60:36:ec:ea:48:54:0c:
68:36:c9:32:36:1a:a9:7a:aa:05:16:5f:cd:3c:91:82:44:07:
3d:02:cf:c6:0e:6e:9e:21:5e:6b:81:0a:48:6f:fb:65:e0:9c:
e1:01:fa:4b:28:7a:74:b1:2f:02:81:d6:12:20:e1:c2:b1:89:
c9:73:cf:96:98:47:d2:23:c5:e7:d2:87:6d:f9:59:44:f0:a4:
a7:46:75:c3:d5:b3:cb:cc:db:31:4f:2d:f8:6c:cb:63:c5:51:
36:40:12:ce:33:95:4d:dc:09:04:ac:62:85:e9:97:6e:65:b8:
bc:e4:ba:de:b6:c1:91:4c:87:5c:24:4a:b4:59:d1:c2:c3:d1:
7b:a8:bb:8b:cb:d4:c9:32:f3:11:d2:06:b9:55:d7:01:14:d7:
29:c7:1a:30:a8:1a:e0:98:fb:21:4a:6c:35:7d:06:23:94:b6:
a4:cd:26:41:0e:a5:7e:43:90:8e:a1:16:c3:cb:8a:e4:de:7a:
8b:70:63:1e:2a:7c:bf:b6:42:af:5f:9b:54:0e:3f:de:8a:18:
8c:83:3d:93:f2:64:7c:8a:dd:e5:7a:24:18:6b:2e:b4:e4:1b:
33:7b:e4:94:2e:e5:33:ce:f5:dd:1d:74:08:4b:7c:b4:7f:d1:
ce:30:38:71
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIBCTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhEMUJE
MjkwREE5Rjk2OEU3MDRCRjI0MDkxMTg4MDU5M0U3RjVBRUM2MB4XDTI1MTAyNDAx
MDcwMFoXDTI2MTAyMzA5MDQzMVowMzExMC8GA1UEAxMoQUE4OTIyODcwMjVENzk4
Qjc3MzM1QjVCNTBFRUY4RUQxNjY4MzVGODCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALNeBy74xSxXfVvI7hkDiKl/1JwvpGoy+8RW0TibHr4WgxlZBaBg
wDt8BHqXZ7qb5hzAl8+SMUok01iTbNGF2JCZf7eVP9UbpkkuDn1eUWRIYimT6K4A
M461ZAii3poMoMLI+DZMLNctzd8nA8dBUibXts/oyE7BJnr/atDaY5WGZZIxuMcl
J2+eemv/d1RWwbYuQpLFLU0XS7lezZH3fLTB7iW9gU99e+RioEQBouF7v/bzvG5E
FWLbU9IODsCJmho0er6H4D875lbUrkk3S+/VdoBILd/fdGqWN395XqEV75R6RExu
SagFc/nd+88m8jrm80AflOyOnSsFCBj4kfMCAwEAAaOCAfAwggHsMB0GA1UdDgQW
BBSqiSKHAl15i3czW1tQ7vjtFmg1+DAfBgNVHSMEGDAWgBTRvSkNqflo5wS/JAkR
iAWT5/WuxjAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFwGA1UdHwRVMFMwUaBP
oE2GS3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNDIv
MGIwcERhbjVhT2NFdnlRSkVZZ0ZrLWYxcnNZLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC8wYjBwRGFuNWFPY0V2eVFKRVlnRmstZjFyc1kuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBnAYIKwYBBQUHAQsEgY8wgYwwVwYIKwYBBQUHMAuGS3JzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNDIvcW9raWh3SmRlWXQzTTF0
YlVPNzQ3UlpvTmZnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNubmlj
LmNuL3JyZHAvbm90aWZ5LnhtbDAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMD
AXRMMA0GCSqGSIb3DQEBCwUAA4IBAQB9RJC41a0KzR7c1mA27OpIVAxoNskyNhqp
eqoFFl/NPJGCRAc9As/GDm6eIV5rgQpIb/tl4JzhAfpLKHp0sS8CgdYSIOHCsYnJ
c8+WmEfSI8Xn0odt+VlE8KSnRnXD1bPLzNsxTy34bMtjxVE2QBLOM5VN3AkErGKF
6ZduZbi85LretsGRTIdcJEq0WdHCw9F7qLuLy9TJMvMR0ga5VdcBFNcpxxowqBrg
mPshSmw1fQYjlLakzSZBDqV+Q5COoRbDy4rk3nqLcGMeKny/tkKvX5tUDj/eihiM
gz2T8mR8it3leiQYay605Bsze+SULuUzzvXdHXQIS3y0f9HOMDhx
-----END CERTIFICATE-----
Generated at Wed Nov 5 16:24:06 2025 by rpki-client