Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/620/IcaZcYZurwbyH28jcSMzCSUwqbk.roa
File: IcaZcYZurwbyH28jcSMzCSUwqbk.roa (raw, json)
Hash identifier: K9NtRk+hHHn3omEPZtgAlM4zbBGAYDaQd7r75mL1zQ0=
Subject key identifier: 21:C6:99:71:86:6E:AF:06:F2:1F:6F:23:71:23:33:09:25:30:A9:B9
Certificate issuer: /CN=309C2A943B28DC0858C39B9208A1609C0973E49A
Certificate serial: 023A
Authority key identifier: 30:9C:2A:94:3B:28:DC:08:58:C3:9B:92:08:A1:60:9C:09:73:E4:9A
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/MJwqlDso3AhYw5uSCKFgnAlz5Jo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/IcaZcYZurwbyH28jcSMzCSUwqbk.roa
Signing time: Thu 24 Apr 2025 08:49:07 +0000
ROA not before: Thu 24 Apr 2025 08:49:07 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24413
IP address blocks: 202.46.34.0/24 maxlen: 32
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 570 (0x23a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=309C2A943B28DC0858C39B9208A1609C0973E49A
Validity
Not Before: Apr 24 08:49:07 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=21C69971866EAF06F21F6F23712333092530A9B9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:4d:d4:74:0b:6d:f4:a1:ea:93:1a:37:4e:36:
0b:30:c1:91:7c:ee:14:e0:bc:eb:30:d5:84:2f:8d:
90:58:83:9f:15:0b:ac:9a:28:f3:2f:b5:ca:48:10:
21:8e:9a:4b:af:33:be:a4:05:12:5a:77:1c:01:7c:
a6:52:2e:58:8b:25:46:b7:5a:17:ab:96:0b:49:ef:
bb:3b:47:97:2f:2a:98:5f:b5:e4:64:99:bd:1c:04:
4f:a5:d7:2e:4d:1c:45:ab:6c:81:fd:39:52:b7:2b:
b6:10:48:3c:f0:ea:9c:89:df:f2:35:76:9e:70:c2:
c3:60:34:fc:3e:b3:6e:1b:ba:e0:60:21:b1:ba:70:
1c:82:1e:6b:49:a3:42:62:28:77:2e:48:f9:33:3a:
26:7e:c3:07:35:51:dc:64:73:42:78:52:a8:db:a8:
9f:6d:63:90:9a:3a:b7:71:43:f4:d1:b8:04:ec:41:
70:8b:b4:37:a4:a9:99:7c:a5:6f:78:e0:d1:54:42:
a0:79:5d:d4:62:1b:0c:5f:74:d2:2b:95:b5:c9:ef:
ba:7b:f0:b7:df:22:96:23:68:1f:23:a5:7e:29:5d:
ed:60:b8:49:7d:ba:75:3d:1c:cf:e9:c8:33:9c:4e:
7d:9f:47:4a:09:94:bd:85:43:d0:2b:52:1e:66:55:
7d:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:C6:99:71:86:6E:AF:06:F2:1F:6F:23:71:23:33:09:25:30:A9:B9
X509v3 Authority Key Identifier:
keyid:30:9C:2A:94:3B:28:DC:08:58:C3:9B:92:08:A1:60:9C:09:73:E4:9A
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/MJwqlDso3AhYw5uSCKFgnAlz5Jo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/MJwqlDso3AhYw5uSCKFgnAlz5Jo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/IcaZcYZurwbyH28jcSMzCSUwqbk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
202.46.34.0/24
Signature Algorithm: sha256WithRSAEncryption
19:dd:eb:e7:cb:0a:e4:52:6a:28:b1:03:bb:d2:21:90:aa:b3:
18:75:47:2a:c9:b3:69:d4:26:a1:82:45:17:91:05:2a:26:e6:
1a:43:70:12:3b:4f:1f:8d:71:e1:ca:40:cb:9a:68:8d:cf:82:
73:52:45:40:36:aa:eb:46:89:04:43:26:33:86:21:66:f7:2b:
0a:79:ef:d1:4f:5a:62:f2:35:00:6c:8b:21:ef:af:4d:bf:d8:
62:d6:e5:19:0b:9b:f3:38:93:6b:60:b7:db:d1:2a:07:7d:e8:
de:1a:cd:9a:3a:d1:f2:75:7d:17:4f:45:7b:9a:62:ca:af:2b:
19:19:37:68:e7:df:a7:d5:9f:d4:f3:c9:fb:b7:bb:f2:6f:16:
44:af:47:d2:87:21:2a:67:36:df:0b:a7:df:e6:a4:32:2d:a1:
bf:66:0c:ca:9c:6d:54:1f:d7:dd:93:30:c6:b0:30:66:2c:ab:
1b:85:70:3d:37:9c:67:21:6e:00:8a:87:cc:75:0d:2c:97:94:
a3:36:bb:cf:b9:41:73:e3:4d:02:1e:2d:0b:c6:21:17:e7:ae:
70:a1:13:40:8f:cf:3a:3e:c9:76:94:51:06:a1:30:64:c8:f1:
5b:86:e8:4e:94:96:14:e9:25:83:4f:49:66:63:41:92:74:d9:
68:74:5a:f0
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICAjowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzA5
QzJBOTQzQjI4REMwODU4QzM5QjkyMDhBMTYwOUMwOTczRTQ5QTAeFw0yNTA0MjQw
ODQ5MDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDIxQzY5OTcxODY2RUFG
MDZGMjFGNkYyMzcxMjMzMzA5MjUzMEE5QjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvTdR0C230oeqTGjdONgswwZF87hTgvOsw1YQvjZBYg58VC6ya
KPMvtcpIECGOmkuvM76kBRJadxwBfKZSLliLJUa3WherlgtJ77s7R5cvKphfteRk
mb0cBE+l1y5NHEWrbIH9OVK3K7YQSDzw6pyJ3/I1dp5wwsNgNPw+s24buuBgIbG6
cByCHmtJo0JiKHcuSPkzOiZ+wwc1Udxkc0J4UqjbqJ9tY5CaOrdxQ/TRuATsQXCL
tDekqZl8pW944NFUQqB5XdRiGwxfdNIrlbXJ77p78LffIpYjaB8jpX4pXe1guEl9
unU9HM/pyDOcTn2fR0oJlL2FQ9ArUh5mVX1pAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUIcaZcYZurwbyH28jcSMzCSUwqbkwHwYDVR0jBBgwFoAUMJwqlDso3AhYw5uS
CKFgnAlz5JowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjIw
L01Kd3FsRHNvM0FoWXc1dVNDS0ZnbkFsejVKby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvTUp3cWxEc28zQWhZdzV1U0NLRmduQWx6NUpvLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjIwL0ljYVpjWVp1cndieUgy
OGpjU016Q1NVd3Fiay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADKLiIwDQYJKoZIhvcNAQELBQADggEBABnd6+fLCuRSaiixA7vSIZCqsxh1RyrJ
s2nUJqGCRReRBSom5hpDcBI7Tx+NceHKQMuaaI3PgnNSRUA2qutGiQRDJjOGIWb3
Kwp579FPWmLyNQBsiyHvr02/2GLW5RkLm/M4k2tgt9vRKgd96N4azZo60fJ1fRdP
RXuaYsqvKxkZN2jn36fVn9Tzyfu3u/JvFkSvR9KHISpnNt8Lp9/mpDItob9mDMqc
bVQf192TMMawMGYsqxuFcD03nGchbgCKh8x1DSyXlKM2u8+5QXPjTQIeLQvGIRfn
rnChE0CPzzo+yXaUUQahMGTI8VuG6E6UlhTpJYNPSWZjQZJ02Wh0WvA=
-----END CERTIFICATE-----
Generated at Sat Apr 26 14:37:12 2025 by rpki-client