Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/620/ZV-9aaDrSePueGbfAb5U19hIRlo.roa
File: ZV-9aaDrSePueGbfAb5U19hIRlo.roa (raw, json)
Hash identifier: cColCtlqChZqwj6Bhh9HRTPN0nK6S3A1VxfEaPBxgQo=
Subject key identifier: 65:5F:BD:69:A0:EB:49:E3:EE:78:66:DF:01:BE:54:D7:D8:48:46:5A
Certificate issuer: /CN=309C2A943B28DC0858C39B9208A1609C0973E49A
Certificate serial: 01A5
Authority key identifier: 30:9C:2A:94:3B:28:DC:08:58:C3:9B:92:08:A1:60:9C:09:73:E4:9A
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/MJwqlDso3AhYw5uSCKFgnAlz5Jo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/ZV-9aaDrSePueGbfAb5U19hIRlo.roa
Signing time: Mon 31 Mar 2025 16:24:01 +0000
ROA not before: Mon 31 Mar 2025 16:24:01 +0000
ROA not after: Tue 13 Jan 2026 01:35:26 +0000
asID: 142132
IP address blocks: 114.28.196.0/24 maxlen: 32
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 421 (0x1a5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=309C2A943B28DC0858C39B9208A1609C0973E49A
Validity
Not Before: Mar 31 16:24:01 2025 GMT
Not After : Jan 13 01:35:26 2026 GMT
Subject: CN=655FBD69A0EB49E3EE7866DF01BE54D7D848465A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:18:73:e7:c5:7e:a4:1f:0a:eb:de:de:9a:09:
e4:e0:6b:db:54:c2:1c:c8:d7:fe:37:ad:c3:45:96:
3b:6c:3d:3f:18:30:f2:2e:53:a7:7e:c6:42:97:2a:
7b:22:a0:e6:3d:a1:39:63:dc:21:b5:7f:a3:2b:10:
da:8b:fc:01:fe:9c:e9:8b:1c:8a:bc:a5:69:66:fe:
f6:48:f7:4e:f0:f4:0d:ed:d4:aa:1b:9f:27:4a:bc:
5d:cc:5e:09:8e:f5:b6:9d:fc:36:50:f7:55:83:64:
47:1c:48:ac:57:7f:95:b6:19:42:7d:b8:bc:3d:8b:
b3:ee:5f:a8:2c:e5:f2:91:54:2a:ca:38:3a:8e:b2:
5b:c3:9c:1b:c1:fd:40:66:15:86:e4:10:f2:aa:01:
28:1d:95:86:e0:ad:65:4b:3d:1d:20:d5:26:e2:48:
7a:cb:6e:fa:dd:b9:82:de:7d:11:60:a2:82:83:a4:
cd:8b:ef:1a:f2:58:51:e5:36:e5:18:36:5e:78:a0:
11:a9:ae:ac:8a:38:02:17:0a:f1:9f:fc:d5:b1:7c:
a6:c2:9b:93:7a:cd:7a:2f:d9:9a:82:48:cf:46:ab:
f1:bc:65:c2:17:87:9b:85:00:6a:e1:e4:8f:96:a8:
37:28:22:72:78:06:63:19:94:69:8b:34:3e:bb:f2:
f4:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:5F:BD:69:A0:EB:49:E3:EE:78:66:DF:01:BE:54:D7:D8:48:46:5A
X509v3 Authority Key Identifier:
keyid:30:9C:2A:94:3B:28:DC:08:58:C3:9B:92:08:A1:60:9C:09:73:E4:9A
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/MJwqlDso3AhYw5uSCKFgnAlz5Jo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/MJwqlDso3AhYw5uSCKFgnAlz5Jo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/620/ZV-9aaDrSePueGbfAb5U19hIRlo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
114.28.196.0/24
Signature Algorithm: sha256WithRSAEncryption
95:f3:af:0e:99:26:09:22:9d:f8:a5:44:03:96:bb:b3:59:98:
54:45:23:1c:6e:5d:cd:14:5d:ea:c8:26:a3:04:7e:f3:8b:83:
1f:bc:ba:ef:3b:1b:4a:7a:92:be:69:13:75:1e:2d:5d:3d:ab:
5f:a7:f1:bc:ee:88:c2:e5:7e:75:6d:86:81:ae:bc:c8:7f:68:
9e:01:a1:ac:a3:31:20:7c:28:8a:ac:b7:31:c5:5c:3c:61:17:
9f:55:80:c7:47:e8:4f:c8:3d:a2:01:a1:b9:3d:09:1e:81:d2:
9c:bf:f4:0c:15:eb:13:ef:50:1c:b5:82:ca:e2:79:82:5d:43:
69:3a:f8:1c:20:e9:35:b3:df:f7:8d:dc:86:be:7e:5c:3a:3e:
fe:95:c5:d1:ef:5b:4e:01:73:37:b5:1d:17:32:8b:43:04:42:
83:cf:1c:10:39:3c:6a:6f:42:c5:69:a1:b2:21:f1:00:81:58:
2d:b9:ca:1a:71:0d:2a:c1:1f:d3:7e:f4:42:62:fc:88:3f:bc:
c2:d0:8e:3d:7c:6b:3c:f9:99:02:48:a2:54:15:9b:47:37:1b:
0f:81:d5:b2:52:8f:ce:42:c9:cf:b2:80:c4:ee:be:03:ee:33:
de:23:ad:ee:e0:86:02:8d:4c:76:d2:70:7c:94:11:22:4d:ff:
4e:55:46:ce
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICAaUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzA5
QzJBOTQzQjI4REMwODU4QzM5QjkyMDhBMTYwOUMwOTczRTQ5QTAeFw0yNTAzMzEx
NjI0MDFaFw0yNjAxMTMwMTM1MjZaMDMxMTAvBgNVBAMTKDY1NUZCRDY5QTBFQjQ5
RTNFRTc4NjZERjAxQkU1NEQ3RDg0ODQ2NUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGGHPnxX6kHwrr3t6aCeTga9tUwhzI1/43rcNFljtsPT8YMPIu
U6d+xkKXKnsioOY9oTlj3CG1f6MrENqL/AH+nOmLHIq8pWlm/vZI907w9A3t1Kob
nydKvF3MXgmO9bad/DZQ91WDZEccSKxXf5W2GUJ9uLw9i7PuX6gs5fKRVCrKODqO
slvDnBvB/UBmFYbkEPKqASgdlYbgrWVLPR0g1SbiSHrLbvrduYLefRFgooKDpM2L
7xryWFHlNuUYNl54oBGprqyKOAIXCvGf/NWxfKbCm5N6zXov2ZqCSM9Gq/G8ZcIX
h5uFAGrh5I+WqDcoInJ4BmMZlGmLND678vRJAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQUZV+9aaDrSePueGbfAb5U19hIRlowHwYDVR0jBBgwFoAUMJwqlDso3AhYw5uS
CKFgnAlz5JowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjIw
L01Kd3FsRHNvM0FoWXc1dVNDS0ZnbkFsejVKby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvTUp3cWxEc28zQWhZdzV1U0NLRmduQWx6NUpvLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjIwL1pWLTlhYURyU2VQdWVH
YmZBYjVVMTloSVJsby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAByHMQwDQYJKoZIhvcNAQELBQADggEBAJXzrw6ZJgkinfilRAOWu7NZmFRFIxxu
Xc0UXerIJqMEfvOLgx+8uu87G0p6kr5pE3UeLV09q1+n8bzuiMLlfnVthoGuvMh/
aJ4BoayjMSB8KIqstzHFXDxhF59VgMdH6E/IPaIBobk9CR6B0py/9AwV6xPvUBy1
gsrieYJdQ2k6+Bwg6TWz3/eN3Ia+flw6Pv6VxdHvW04Bcze1HRcyi0MEQoPPHBA5
PGpvQsVpobIh8QCBWC25yhpxDSrBH9N+9EJi/Ig/vMLQjj18azz5mQJIolQVm0c3
Gw+B1bJSj85Cyc+ygMTuvgPuM94jre7ghgKNTHbScHyUESJN/05VRs4=
-----END CERTIFICATE-----
Generated at Sat Apr 26 14:36:56 2025 by rpki-client