Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1232/l2qJiOLvcbUQIUkEMPX0NE-YGfk.roa
File: l2qJiOLvcbUQIUkEMPX0NE-YGfk.roa (raw, json)
Hash identifier: MK9pfCrMvTzCxFC1SknRX67JRQhGAPM+ILbAmyjrlFE=
Subject key identifier: 97:6A:89:88:E2:EF:71:B5:10:21:49:04:30:F5:F4:34:4F:98:19:F9
Certificate issuer: /CN=F1989B406901ADF8810B9DCDC4E0FC9E7E85EEB4
Certificate serial: 41
Authority key identifier: F1:98:9B:40:69:01:AD:F8:81:0B:9D:CD:C4:E0:FC:9E:7E:85:EE:B4
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/l2qJiOLvcbUQIUkEMPX0NE-YGfk.roa
Signing time: Fri 22 Aug 2025 06:30:22 +0000
ROA not before: Fri 22 Aug 2025 06:30:22 +0000
ROA not after: Thu 20 Aug 2026 07:49:18 +0000
asID: 63583
IP address blocks: 2402:7d80::/48 maxlen: 48
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 65 (0x41)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=F1989B406901ADF8810B9DCDC4E0FC9E7E85EEB4
Validity
Not Before: Aug 22 06:30:22 2025 GMT
Not After : Aug 20 07:49:18 2026 GMT
Subject: CN=976A8988E2EF71B51021490430F5F4344F9819F9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:e3:52:ac:e5:4a:73:62:6c:0f:b2:53:90:b3:
e8:66:7e:0e:75:50:6c:b8:a5:02:5e:34:13:40:31:
b5:69:38:a9:8a:11:9a:05:7b:8f:75:38:1e:dd:a9:
2a:cc:9e:cb:fd:c9:c3:2a:e2:70:11:60:e5:77:54:
3d:5e:0e:fa:db:4f:61:f6:63:77:ae:83:8d:0f:0b:
79:ba:07:c9:93:7b:b7:74:ec:ea:6b:95:48:fc:b8:
87:41:2b:a1:2e:ef:0e:6d:5b:5c:f3:4c:b9:60:a1:
d7:37:bf:34:ac:96:8e:56:c6:72:a5:76:24:37:d2:
4b:9b:68:18:39:d7:b2:2b:a4:8f:f4:ef:c8:c5:7d:
3a:c6:df:25:61:4e:3c:05:71:06:bf:2b:a5:09:5f:
95:d1:45:ae:b0:a3:02:3f:7b:8b:70:49:b3:53:66:
84:49:62:18:7a:ba:04:92:bc:44:77:79:16:e9:1e:
ed:33:88:e3:34:8a:7d:ee:cf:ba:cf:b3:10:c4:44:
11:3c:b4:2d:19:7c:60:9c:7b:63:c9:4b:85:ad:6c:
27:41:ee:8f:4c:36:41:2d:cb:4e:46:be:29:73:dd:
ed:d7:5b:3d:47:df:b3:4a:34:22:2e:f1:c7:e3:64:
32:ec:b5:2c:eb:42:7d:8d:28:d5:4d:a7:d9:21:60:
43:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:6A:89:88:E2:EF:71:B5:10:21:49:04:30:F5:F4:34:4F:98:19:F9
X509v3 Authority Key Identifier:
keyid:F1:98:9B:40:69:01:AD:F8:81:0B:9D:CD:C4:E0:FC:9E:7E:85:EE:B4
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/8ZibQGkBrfiBC53NxOD8nn6F7rQ.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/8ZibQGkBrfiBC53NxOD8nn6F7rQ.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1232/l2qJiOLvcbUQIUkEMPX0NE-YGfk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2402:7d80::/48
Signature Algorithm: sha256WithRSAEncryption
67:8f:30:1c:2c:83:99:13:7f:48:43:cb:ee:5f:79:16:9a:09:
61:06:5d:21:14:2a:b5:66:39:33:8d:7b:c2:63:98:19:50:86:
09:32:13:0f:24:81:4c:c8:aa:cd:f1:80:c4:2e:fa:ad:dd:23:
73:a6:80:a5:97:73:d7:17:e7:fd:2f:c8:0e:53:22:3e:61:7f:
a5:d2:e6:dd:96:c6:a0:58:cb:f7:fe:f3:84:c8:17:ae:78:94:
88:5c:54:1e:21:3a:27:e6:9c:d1:00:be:aa:1e:05:66:be:f4:
5b:71:f9:e3:fe:28:a4:97:5a:30:17:1d:67:ce:e8:48:3e:6f:
56:5f:7a:ea:93:0c:06:09:68:1e:ed:60:f6:3f:b2:0a:a8:be:
08:36:2d:9d:cf:cc:7e:7c:97:c6:f9:d1:0a:9a:f8:49:c0:8e:
38:51:fd:32:96:ee:d5:e6:50:c1:3f:1c:11:cf:2d:72:bb:f6:
18:31:ce:13:11:a7:0e:c8:e2:66:8b:2a:f7:e6:cd:7a:83:24:
bb:01:01:8c:81:f8:ab:41:cd:5a:ff:58:77:85:ae:60:19:00:
42:0c:1c:06:af:35:ec:88:5c:be:4b:04:5e:6b:2c:2f:07:b4:
a1:3a:45:c8:90:70:a6:60:be:e2:92:38:7b:f2:78:1f:c4:a1:
6d:5e:b7:c0
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIBQTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhGMTk4
OUI0MDY5MDFBREY4ODEwQjlEQ0RDNEUwRkM5RTdFODVFRUI0MB4XDTI1MDgyMjA2
MzAyMloXDTI2MDgyMDA3NDkxOFowMzExMC8GA1UEAxMoOTc2QTg5ODhFMkVGNzFC
NTEwMjE0OTA0MzBGNUY0MzQ0Rjk4MTlGOTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALTjUqzlSnNibA+yU5Cz6GZ+DnVQbLilAl40E0AxtWk4qYoRmgV7
j3U4Ht2pKsyey/3JwyricBFg5XdUPV4O+ttPYfZjd66DjQ8LeboHyZN7t3Ts6muV
SPy4h0EroS7vDm1bXPNMuWCh1ze/NKyWjlbGcqV2JDfSS5toGDnXsiukj/TvyMV9
OsbfJWFOPAVxBr8rpQlfldFFrrCjAj97i3BJs1NmhEliGHq6BJK8RHd5Fuke7TOI
4zSKfe7Pus+zEMREETy0LRl8YJx7Y8lLha1sJ0Huj0w2QS3LTka+KXPd7ddbPUff
s0o0Ii7xx+NkMuy1LOtCfY0o1U2n2SFgQz0CAwEAAaOCAfYwggHyMB0GA1UdDgQW
BBSXaomI4u9xtRAhSQQw9fQ0T5gZ+TAfBgNVHSMEGDAWgBTxmJtAaQGt+IELnc3E
4PyefoXutDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMF0GA1UdHwRWMFQwUqBQ
oE6GTHJzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xMjMy
LzhaaWJRR2tCcmZpQkM1M054T0Q4bm42RjdyUS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvOFppYlFHa0JyZmlCQzUzTnhPRDhubjZGN3JRLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZ0GCCsGAQUFBwELBIGQMIGNMFgGCCsGAQUFBzALhkxyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTIzMi9sMnFKaU9MdmNiVVFJ
VWtFTVBYME5FLVlHZmsucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25u
aWMuY24vcnJkcC9ub3RpZnkueG1sMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJ
AwcAJAJ9gAAAMA0GCSqGSIb3DQEBCwUAA4IBAQBnjzAcLIOZE39IQ8vuX3kWmglh
Bl0hFCq1ZjkzjXvCY5gZUIYJMhMPJIFMyKrN8YDELvqt3SNzpoCll3PXF+f9L8gO
UyI+YX+l0ubdlsagWMv3/vOEyBeueJSIXFQeITon5pzRAL6qHgVmvvRbcfnj/iik
l1owFx1nzuhIPm9WX3rqkwwGCWge7WD2P7IKqL4INi2dz8x+fJfG+dEKmvhJwI44
Uf0ylu7V5lDBPxwRzy1yu/YYMc4TEacOyOJmiyr35s16gyS7AQGMgfirQc1a/1h3
ha5gGQBCDBwGrzXsiFy+SwReaywvB7ShOkXIkHCmYL7ikjh78ngfxKFtXrfA
-----END CERTIFICATE-----
Generated at Sun Aug 24 04:48:27 2025 by rpki-client