Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2789/h_8IDYjXQYEVeDqtIisDjvwzBe8.roa
File: h_8IDYjXQYEVeDqtIisDjvwzBe8.roa (raw, json)
Hash identifier: 0fLzHTo7bkIJSkOlZk3sVXzsaWT/arBgec7m86urnq8=
Subject key identifier: 87:FF:08:0D:88:D7:41:81:15:78:3A:AD:22:2B:03:8E:FC:33:05:EF
Certificate issuer: /CN=4CA066A30C16C597B493A6107AD0160D8BD00926
Certificate serial: 012C
Authority key identifier: 4C:A0:66:A3:0C:16:C5:97:B4:93:A6:10:7A:D0:16:0D:8B:D0:09:26
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/TKBmowwWxZe0k6YQetAWDYvQCSY.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2789/h_8IDYjXQYEVeDqtIisDjvwzBe8.roa
Signing time: Fri 31 Oct 2025 08:56:06 +0000
ROA not before: Fri 31 Oct 2025 08:56:06 +0000
ROA not after: Fri 23 Oct 2026 03:01:03 +0000
asID: 0
IP address blocks: 103.120.52.0/22 maxlen: 22
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 300 (0x12c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4CA066A30C16C597B493A6107AD0160D8BD00926
Validity
Not Before: Oct 31 08:56:06 2025 GMT
Not After : Oct 23 03:01:03 2026 GMT
Subject: CN=87FF080D88D7418115783AAD222B038EFC3305EF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:69:a0:c8:05:45:4e:ab:45:dd:ed:99:4b:28:
41:c7:4a:13:4d:8d:51:d5:c2:ff:52:9d:05:87:05:
7e:78:71:0e:d6:73:7a:b5:6d:95:61:88:6d:7b:00:
12:c6:44:61:16:a5:32:cf:99:dc:c5:4a:74:b0:32:
62:e9:06:eb:79:b8:d2:0c:d7:f6:0a:0c:37:02:7d:
a1:69:16:40:c5:10:45:be:ff:e5:70:67:8b:0a:b8:
b6:b5:9b:c2:38:c5:25:13:e8:77:fd:73:98:da:9e:
fb:69:f3:75:de:21:48:76:b6:7a:d6:a9:ff:ef:30:
04:7f:34:18:f5:fa:44:f7:76:81:ba:fd:bc:c3:80:
35:6a:5a:5e:06:19:23:95:f9:23:5b:e2:04:46:8b:
cb:54:f3:7c:dd:15:95:3f:47:92:43:f5:0e:6f:e4:
14:a4:9e:ff:57:88:2a:cf:3f:4a:69:5b:88:69:0a:
db:35:98:17:34:80:7d:40:03:2b:41:57:ef:7f:af:
eb:7a:1e:15:fc:c4:23:43:94:ff:64:28:d7:e3:a2:
b0:bd:e7:35:f5:06:b9:9a:4d:2e:37:a6:d2:51:17:
45:07:57:71:88:e0:4d:1c:eb:09:b1:6f:93:df:76:
29:13:87:d4:2f:7d:50:1d:e0:6f:22:b4:9c:e6:ec:
4e:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:FF:08:0D:88:D7:41:81:15:78:3A:AD:22:2B:03:8E:FC:33:05:EF
X509v3 Authority Key Identifier:
keyid:4C:A0:66:A3:0C:16:C5:97:B4:93:A6:10:7A:D0:16:0D:8B:D0:09:26
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2789/TKBmowwWxZe0k6YQetAWDYvQCSY.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/TKBmowwWxZe0k6YQetAWDYvQCSY.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2789/h_8IDYjXQYEVeDqtIisDjvwzBe8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
103.120.52.0/22
Signature Algorithm: sha256WithRSAEncryption
a9:0e:48:86:7c:bb:46:cd:6f:b4:67:ab:27:3d:79:dd:71:5e:
d4:fa:63:2d:ac:b6:1c:39:f7:7c:c9:96:ae:4e:72:fe:1b:16:
3a:40:2c:8d:48:6c:a3:e2:93:7a:23:ec:f7:a8:c2:d8:01:5a:
0c:17:ca:5c:82:12:8f:b8:fe:63:13:96:d5:e1:79:c1:ec:40:
66:5e:63:47:e7:06:a0:a3:05:69:4b:a8:9e:4f:0b:31:62:f1:
56:19:98:a5:95:a9:a3:7c:bd:3f:09:d7:ec:57:1d:3e:a5:4a:
11:a6:1c:ab:d8:3a:55:6a:d0:c9:1d:f6:1a:bf:57:8f:0d:48:
b3:0a:67:ae:e3:1b:c0:f4:e1:a4:78:38:e4:51:1c:cb:ea:e5:
66:23:4a:21:20:9e:78:a6:40:dc:86:ff:a4:1a:5f:5d:66:12:
90:a1:a1:21:8a:30:6c:2c:ef:1d:65:89:b8:2b:d9:4d:7b:86:
99:1e:b4:40:44:be:e6:c6:0c:60:02:0c:d7:85:40:c7:7b:5b:
de:1c:37:a1:2c:3c:de:64:4f:9e:d9:b6:5b:61:a3:38:1a:46:
c7:f6:bf:30:68:89:bd:c5:90:0b:64:9a:c0:03:ed:6d:2e:b8:
83:76:02:27:2d:dc:00:4b:dd:4e:46:4d:2c:44:5f:e8:ef:b7:
9b:d5:df:3c
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICASwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNENB
MDY2QTMwQzE2QzU5N0I0OTNBNjEwN0FEMDE2MEQ4QkQwMDkyNjAeFw0yNTEwMzEw
ODU2MDZaFw0yNjEwMjMwMzAxMDNaMDMxMTAvBgNVBAMTKDg3RkYwODBEODhENzQx
ODExNTc4M0FBRDIyMkIwMzhFRkMzMzA1RUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJaaDIBUVOq0Xd7ZlLKEHHShNNjVHVwv9SnQWHBX54cQ7Wc3q1
bZVhiG17ABLGRGEWpTLPmdzFSnSwMmLpBut5uNIM1/YKDDcCfaFpFkDFEEW+/+Vw
Z4sKuLa1m8I4xSUT6Hf9c5janvtp83XeIUh2tnrWqf/vMAR/NBj1+kT3doG6/bzD
gDVqWl4GGSOV+SNb4gRGi8tU83zdFZU/R5JD9Q5v5BSknv9XiCrPP0ppW4hpCts1
mBc0gH1AAytBV+9/r+t6HhX8xCNDlP9kKNfjorC95zX1BrmaTS43ptJRF0UHV3GI
4E0c6wmxb5PfdikTh9QvfVAd4G8itJzm7E4LAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUh/8IDYjXQYEVeDqtIisDjvwzBe8wHwYDVR0jBBgwFoAUTKBmowwWxZe0k6YQ
etAWDYvQCSYwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjc4
OS9US0Jtb3d3V3haZTBrNllRZXRBV0RZdlFDU1kuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL1RLQm1vd3dXeFplMGs2WVFldEFXRFl2UUNTWS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI3ODkvaF84SURZalhRWUVW
ZURxdElpc0Rqdnd6QmU4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAmd4NDANBgkqhkiG9w0BAQsFAAOCAQEAqQ5Ihny7Rs1vtGerJz153XFe1Ppj
Lay2HDn3fMmWrk5y/hsWOkAsjUhso+KTeiPs96jC2AFaDBfKXIISj7j+YxOW1eF5
wexAZl5jR+cGoKMFaUuonk8LMWLxVhmYpZWpo3y9PwnX7FcdPqVKEaYcq9g6VWrQ
yR32Gr9Xjw1IswpnruMbwPThpHg45FEcy+rlZiNKISCeeKZA3Ib/pBpfXWYSkKGh
IYowbCzvHWWJuCvZTXuGmR60QES+5sYMYAIM14VAx3tb3hw3oSw83mRPntm2W2Gj
OBpGx/a/MGiJvcWQC2SawAPtbS64g3YCJy3cAEvdTkZNLERf6O+3m9XfPA==
-----END CERTIFICATE-----
Generated at Wed Nov 5 04:24:08 2025 by rpki-client