Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/620/KaWNUh_TG8Mk6sJVwRnXPmiEp0g.roa
File: KaWNUh_TG8Mk6sJVwRnXPmiEp0g.roa (raw, json)
Hash identifier: Qafk9mMby1vgCNhomBv1/D3xlTQb7JRe+cNcpklkkiU=
Subject key identifier: 29:A5:8D:52:1F:D3:1B:C3:24:EA:C2:55:C1:19:D7:3E:68:84:A7:48
Certificate issuer: /CN=309C2A943B28DC0858C39B9208A1609C0973E49A
Certificate serial: A9
Authority key identifier: 30:9C:2A:94:3B:28:DC:08:58:C3:9B:92:08:A1:60:9C:09:73:E4:9A
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/MJwqlDso3AhYw5uSCKFgnAlz5Jo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/KaWNUh_TG8Mk6sJVwRnXPmiEp0g.roa
Signing time: Thu 13 Feb 2025 06:11:37 +0000
ROA not before: Thu 13 Feb 2025 06:11:37 +0000
ROA not after: Tue 13 Jan 2026 01:35:26 +0000
asID: 142132
IP address blocks: 114.28.210.0/24 maxlen: 32
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 169 (0xa9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=309C2A943B28DC0858C39B9208A1609C0973E49A
Validity
Not Before: Feb 13 06:11:37 2025 GMT
Not After : Jan 13 01:35:26 2026 GMT
Subject: CN=29A58D521FD31BC324EAC255C119D73E6884A748
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:17:f1:e3:08:d2:76:92:a7:d0:f0:84:84:30:
47:d3:b7:63:a8:34:bc:5f:91:9c:ea:b8:44:e9:c8:
28:c2:23:05:ef:a7:c8:9c:79:61:01:e6:da:87:09:
4c:69:41:58:01:d7:e3:a3:48:40:9d:bc:41:0e:9c:
52:5d:5d:c8:4f:04:57:0c:0d:e1:8c:1a:40:20:dd:
ed:e3:89:ab:0c:26:0f:5d:9e:ad:4c:41:8b:4f:e7:
8f:d3:af:78:66:89:ab:62:de:28:f2:80:29:61:d5:
96:4c:7c:93:58:49:61:7f:b2:a5:49:53:4a:fb:b1:
88:3b:65:18:d1:91:90:d5:70:84:b5:be:d5:93:b3:
b0:6b:13:5b:34:54:a7:88:76:d2:b9:d8:9e:b4:58:
55:34:d2:b4:be:9e:51:5c:fb:a1:0b:64:ee:01:79:
bd:52:fb:6b:40:12:bc:72:b2:08:3d:ba:68:f1:40:
23:ba:62:77:b3:dd:3a:56:26:4e:fa:3c:4d:71:03:
aa:37:e4:14:5b:75:9c:14:69:2c:37:08:f5:52:f5:
01:3e:27:13:9b:45:8d:50:ad:54:91:e9:5c:f3:0e:
5b:41:78:e7:d4:1a:60:7e:91:3f:0b:f5:23:64:40:
9c:b6:72:d9:45:69:d2:86:3b:1b:7e:7c:9e:42:ff:
e7:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:A5:8D:52:1F:D3:1B:C3:24:EA:C2:55:C1:19:D7:3E:68:84:A7:48
X509v3 Authority Key Identifier:
keyid:30:9C:2A:94:3B:28:DC:08:58:C3:9B:92:08:A1:60:9C:09:73:E4:9A
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/MJwqlDso3AhYw5uSCKFgnAlz5Jo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/MJwqlDso3AhYw5uSCKFgnAlz5Jo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/KaWNUh_TG8Mk6sJVwRnXPmiEp0g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
114.28.210.0/24
Signature Algorithm: sha256WithRSAEncryption
cf:06:49:0e:f6:82:cd:0b:5c:4a:9b:23:04:10:21:a0:03:41:
2c:e8:d3:9e:44:21:d4:32:10:0c:b8:ea:7b:3d:79:3b:d1:6a:
00:80:d4:e9:02:00:fc:ad:09:ff:80:00:68:17:0e:a4:7c:25:
f0:99:fb:c4:2d:d0:2c:e5:c2:ea:93:13:80:e8:99:ea:36:de:
88:00:d4:d3:b0:4d:a1:95:3d:16:b8:bd:32:e5:9e:80:fc:b6:
5f:c3:c3:67:20:02:17:84:b3:5e:52:a8:5f:30:9c:0e:49:11:
2e:06:2a:94:bb:28:a5:72:80:82:6c:ed:9f:c4:ea:e2:9f:4a:
5c:bf:cf:5e:1d:5d:83:90:0e:a2:4d:7e:60:f4:9a:26:b7:75:
eb:1a:40:a0:ad:63:ec:3a:29:1a:02:c6:d5:c3:ea:61:38:b8:
78:5b:59:c9:05:1e:08:d5:16:5b:de:72:83:3e:0e:8b:de:41:
27:3d:bd:86:8e:91:cd:ae:40:db:d5:c3:68:2a:88:a4:ac:b1:
c9:d1:31:e6:b9:87:19:0a:e7:aa:e3:a3:80:d0:62:d5:f7:67:
d4:64:10:fe:82:a1:04:3c:f0:9c:06:d5:f1:a4:36:9e:30:61:
3c:3c:c1:4d:13:3e:11:d7:4a:2a:4e:98:9b:20:2f:20:ff:7c:
dc:b1:b9:d1
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICAKkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzA5
QzJBOTQzQjI4REMwODU4QzM5QjkyMDhBMTYwOUMwOTczRTQ5QTAeFw0yNTAyMTMw
NjExMzdaFw0yNjAxMTMwMTM1MjZaMDMxMTAvBgNVBAMTKDI5QTU4RDUyMUZEMzFC
QzMyNEVBQzI1NUMxMTlENzNFNjg4NEE3NDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDoF/HjCNJ2kqfQ8ISEMEfTt2OoNLxfkZzquETpyCjCIwXvp8ic
eWEB5tqHCUxpQVgB1+OjSECdvEEOnFJdXchPBFcMDeGMGkAg3e3jiasMJg9dnq1M
QYtP54/Tr3hmiati3ijygClh1ZZMfJNYSWF/sqVJU0r7sYg7ZRjRkZDVcIS1vtWT
s7BrE1s0VKeIdtK52J60WFU00rS+nlFc+6ELZO4Beb1S+2tAErxysgg9umjxQCO6
Ynez3TpWJk76PE1xA6o35BRbdZwUaSw3CPVS9QE+JxObRY1QrVSR6VzzDltBeOfU
GmB+kT8L9SNkQJy2ctlFadKGOxt+fJ5C/+cJAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUKaWNUh/TG8Mk6sJVwRnXPmiEp0gwHwYDVR0jBBgwFoAUMJwqlDso3AhYw5uS
CKFgnAlz5JowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjIw
L01Kd3FsRHNvM0FoWXc1dVNDS0ZnbkFsejVKby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvTUp3cWxEc28zQWhZdzV1U0NLRmduQWx6NUpvLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjIwL0thV05VaF9URzhNazZz
SlZ3Um5YUG1pRXAwZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAByHNIwDQYJKoZIhvcNAQELBQADggEBAM8GSQ72gs0LXEqbIwQQIaADQSzo055E
IdQyEAy46ns9eTvRagCA1OkCAPytCf+AAGgXDqR8JfCZ+8Qt0CzlwuqTE4Domeo2
3ogA1NOwTaGVPRa4vTLlnoD8tl/Dw2cgAheEs15SqF8wnA5JES4GKpS7KKVygIJs
7Z/E6uKfSly/z14dXYOQDqJNfmD0mia3desaQKCtY+w6KRoCxtXD6mE4uHhbWckF
HgjVFlvecoM+DoveQSc9vYaOkc2uQNvVw2gqiKSsscnRMea5hxkK56rjo4DQYtX3
Z9RkEP6CoQQ88JwG1fGkNp4wYTw8wU0TPhHXSipOmJsgLyD/fNyxudE=
-----END CERTIFICATE-----
Generated at Sat Apr 26 14:37:09 2025 by rpki-client