Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1228/22EffpS7GnnifhXrI4tAbrDDc-g.roa
File: 22EffpS7GnnifhXrI4tAbrDDc-g.roa (raw, json)
Hash identifier: 4E/yKu43inQAr1L9cp/ACPCiEVmbOTFL687c79yRLyA=
Subject key identifier: DB:61:1F:7E:94:BB:1A:79:E2:7E:15:EB:23:8B:40:6E:B0:C3:73:E8
Certificate issuer: /CN=ADD2726DD6FF9F5A459AE5B0A9EE8E7DDFC7F07C
Certificate serial: B9
Authority key identifier: AD:D2:72:6D:D6:FF:9F:5A:45:9A:E5:B0:A9:EE:8E:7D:DF:C7:F0:7C
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/rdJybdb_n1pFmuWwqe6Ofd_H8Hw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1228/22EffpS7GnnifhXrI4tAbrDDc-g.roa
Signing time: Mon 16 Jun 2025 12:19:10 +0000
ROA not before: Mon 16 Jun 2025 12:19:10 +0000
ROA not after: Sat 16 May 2026 10:06:17 +0000
asID: 62468
IP address blocks: 43.254.192.0/22 maxlen: 32
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 185 (0xb9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ADD2726DD6FF9F5A459AE5B0A9EE8E7DDFC7F07C
Validity
Not Before: Jun 16 12:19:10 2025 GMT
Not After : May 16 10:06:17 2026 GMT
Subject: CN=DB611F7E94BB1A79E27E15EB238B406EB0C373E8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:65:cf:62:20:1f:70:0d:16:35:86:16:76:dc:
aa:2f:00:44:bc:77:1a:5c:46:88:b8:92:85:7e:ee:
03:5b:09:c9:10:c8:13:3b:1c:70:d6:42:ca:96:10:
53:7a:47:d8:75:7e:a8:b9:88:d6:49:49:a3:97:cd:
7e:33:e5:d8:15:e8:00:ce:bc:18:f4:64:53:85:52:
da:d9:de:62:68:b5:83:d2:c4:f7:3f:c3:23:cf:9d:
46:c5:c4:6b:d9:45:e9:61:4c:af:d8:fd:6a:52:58:
6f:e4:c2:8d:15:30:b9:90:d5:63:3e:ef:2f:f0:84:
f3:86:3d:8e:85:c2:ae:5a:bd:0d:b5:68:be:48:76:
62:bb:63:2e:97:d7:ab:11:b6:04:dd:9c:17:10:84:
ac:f6:dd:a7:20:67:08:ec:a3:5b:56:6d:8a:0b:a6:
76:4f:04:81:af:f8:33:9f:70:bc:de:be:11:51:ca:
74:49:e0:83:69:de:dc:29:4b:f8:e1:95:2d:69:f3:
13:6b:34:53:11:12:ed:46:23:9b:e5:23:73:7e:34:
bb:47:4a:83:fc:69:37:9e:7f:33:a9:61:19:22:16:
b9:54:de:74:8d:b4:ae:72:54:2f:32:77:1f:22:c3:
4d:e5:c8:37:fb:1f:9c:8b:e3:09:93:64:b1:d3:9f:
ee:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:61:1F:7E:94:BB:1A:79:E2:7E:15:EB:23:8B:40:6E:B0:C3:73:E8
X509v3 Authority Key Identifier:
keyid:AD:D2:72:6D:D6:FF:9F:5A:45:9A:E5:B0:A9:EE:8E:7D:DF:C7:F0:7C
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1228/rdJybdb_n1pFmuWwqe6Ofd_H8Hw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/rdJybdb_n1pFmuWwqe6Ofd_H8Hw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1228/22EffpS7GnnifhXrI4tAbrDDc-g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.254.192.0/22
Signature Algorithm: sha256WithRSAEncryption
20:7a:ac:aa:d1:5a:a9:59:8e:90:e2:c8:0e:1f:50:11:2b:bd:
08:d6:da:66:cc:2e:b2:0f:b0:9b:06:0a:f4:47:63:71:53:58:
89:5e:d4:54:00:ac:fe:ba:22:ef:43:c1:7e:2e:de:76:e4:cf:
0e:c5:b4:87:38:c6:93:b4:bc:7d:7d:79:ac:78:6e:8e:26:c1:
b4:42:52:76:f1:c3:3b:b0:87:36:e8:3a:d8:8f:5f:7d:21:fe:
24:d1:0a:02:85:de:ec:34:4b:13:47:b2:fa:b2:63:27:c2:7c:
18:93:54:25:6a:29:38:d7:50:9e:4a:52:1e:35:27:9e:aa:a5:
c7:4c:85:e4:1c:41:b1:b7:cb:b5:09:4a:24:85:4f:d5:1e:45:
38:a0:3e:c6:92:70:b1:5e:63:39:75:76:7b:4e:a1:5b:57:3a:
77:ae:aa:e3:2e:bb:75:94:6a:b7:b1:46:8e:ff:dd:6d:65:2f:
39:8f:a9:21:fe:9e:08:3c:25:c4:f2:40:ba:60:bd:05:4f:f8:
59:9c:dd:76:6b:c5:23:89:75:a5:22:bf:83:32:02:d2:d7:d2:
c6:0f:b3:61:03:61:92:78:91:d6:47:df:08:b3:bf:a9:33:7c:
09:7a:e3:ab:3b:d1:8c:b0:8b:7a:6d:79:9c:70:ed:88:f4:87:
eb:e7:25:41
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICALkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQURE
MjcyNkRENkZGOUY1QTQ1OUFFNUIwQTlFRThFN0RERkM3RjA3QzAeFw0yNTA2MTYx
MjE5MTBaFw0yNjA1MTYxMDA2MTdaMDMxMTAvBgNVBAMTKERCNjExRjdFOTRCQjFB
NzlFMjdFMTVFQjIzOEI0MDZFQjBDMzczRTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEZc9iIB9wDRY1hhZ23KovAES8dxpcRoi4koV+7gNbCckQyBM7
HHDWQsqWEFN6R9h1fqi5iNZJSaOXzX4z5dgV6ADOvBj0ZFOFUtrZ3mJotYPSxPc/
wyPPnUbFxGvZRelhTK/Y/WpSWG/kwo0VMLmQ1WM+7y/whPOGPY6Fwq5avQ21aL5I
dmK7Yy6X16sRtgTdnBcQhKz23acgZwjso1tWbYoLpnZPBIGv+DOfcLzevhFRynRJ
4INp3twpS/jhlS1p8xNrNFMREu1GI5vlI3N+NLtHSoP8aTeefzOpYRkiFrlU3nSN
tK5yVC8ydx8iw03lyDf7H5yL4wmTZLHTn+6hAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQU22EffpS7GnnifhXrI4tAbrDDc+gwHwYDVR0jBBgwFoAUrdJybdb/n1pFmuWw
qe6Ofd/H8HwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTIy
OC9yZEp5YmRiX24xcEZtdVd3cWU2T2ZkX0g4SHcuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL3JkSnliZGJfbjFwRm11V3dxZTZPZmRfSDhIdy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzEyMjgvMjJFZmZwUzdHbm5p
ZmhYckk0dEFickREYy1nLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAiv+wDANBgkqhkiG9w0BAQsFAAOCAQEAIHqsqtFaqVmOkOLIDh9QESu9CNba
Zswusg+wmwYK9EdjcVNYiV7UVACs/roi70PBfi7eduTPDsW0hzjGk7S8fX15rHhu
jibBtEJSdvHDO7CHNug62I9ffSH+JNEKAoXe7DRLE0ey+rJjJ8J8GJNUJWopONdQ
nkpSHjUnnqqlx0yF5BxBsbfLtQlKJIVP1R5FOKA+xpJwsV5jOXV2e06hW1c6d66q
4y67dZRqt7FGjv/dbWUvOY+pIf6eCDwlxPJAumC9BU/4WZzddmvFI4l1pSK/gzIC
0tfSxg+zYQNhkniR1kffCLO/qTN8CXrjqzvRjLCLem15nHDtiPSH6+clQQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 00:21:09 2025 by rpki-client