Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4DU-LJELvAAVgage-9De6WBxyfo.roa
File: 4DU-LJELvAAVgage-9De6WBxyfo.roa (raw, json)
Hash identifier: Cn37iZuJd5YlTecj+msAdD2+d++n3EN1QkDnelO3l5w=
Subject key identifier: E0:35:3E:2C:91:0B:BC:00:15:81:A8:1E:FB:D0:DE:E9:60:71:C9:FA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7F95
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4DU-LJELvAAVgage-9De6WBxyfo.roa
Signing time: Wed 06 Aug 2025 07:33:16 +0000
ROA not before: Wed 06 Aug 2025 07:33:16 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.246.68.0/22 maxlen: 22
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 32661 (0x7f95)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Aug 6 07:33:16 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E0353E2C910BBC001581A81EFBD0DEE96071C9FA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:81:f9:35:7c:50:32:10:6b:eb:2c:4c:76:ff:
7b:7f:0a:2d:97:c9:f8:a3:90:66:0a:47:18:c6:bc:
3c:2d:0b:a0:6b:53:94:92:31:df:43:55:a8:c3:31:
0e:dd:62:4a:4f:7c:26:bd:19:e1:bd:0f:41:5a:af:
d3:6a:25:2b:ec:33:b8:e3:c2:28:01:aa:95:c9:f7:
21:d1:d0:85:82:77:cb:24:1c:ce:b0:3f:47:d6:3d:
b2:4e:32:11:d6:0e:d2:05:a2:b3:df:95:bb:c7:ea:
63:2c:ad:5b:12:65:19:ce:df:32:29:6a:e0:16:b5:
7a:4b:0e:69:c0:9b:c6:c6:48:de:31:6e:ba:b3:95:
ea:ef:ff:07:cd:2e:59:8c:16:64:df:7e:64:0f:f5:
51:28:2d:9f:f1:9f:ac:c7:c4:62:f6:09:ee:8d:aa:
c3:e5:48:af:a7:a7:22:f0:9f:23:85:b0:05:6d:19:
d8:53:5e:4e:c0:27:69:b5:a0:ab:04:d6:44:db:8c:
24:8c:d8:2f:53:e5:d5:41:c3:a6:bf:18:15:29:c3:
41:6f:19:97:5f:d5:0b:6b:66:30:f5:0d:01:5a:72:
85:05:fe:ee:8c:b0:58:19:10:56:3b:0e:e4:91:7c:
2c:9c:1d:25:d5:e7:b9:76:ea:d3:f2:dd:fc:f7:86:
43:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:35:3E:2C:91:0B:BC:00:15:81:A8:1E:FB:D0:DE:E9:60:71:C9:FA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4DU-LJELvAAVgage-9De6WBxyfo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.246.68.0/22
Signature Algorithm: sha256WithRSAEncryption
9f:1e:a0:a3:55:f6:4e:25:c5:22:1e:2b:a9:82:d1:64:51:ec:
50:9d:47:f3:65:77:8a:33:7d:d7:cc:41:03:7a:31:76:41:3c:
4c:97:ef:d3:18:ad:5c:47:9f:ec:5c:37:85:bb:de:ec:35:e8:
14:6d:2c:ed:bd:96:47:09:a9:ba:4f:eb:2c:03:95:4c:ca:f1:
df:1c:96:9e:41:8a:70:7a:f3:f0:cb:ac:8d:13:14:0b:35:58:
74:9b:2e:52:87:1d:55:01:ab:91:a3:d9:a3:18:87:af:da:ec:
aa:ca:f1:e5:6e:43:b0:d5:8b:05:40:41:17:78:36:0d:01:82:
8d:b2:ab:3c:86:e2:5e:b9:2c:41:79:c5:b8:b8:70:6b:be:c7:
47:a5:94:60:58:d8:65:02:bb:c9:dd:df:e5:c5:81:ee:5c:52:
16:ee:be:03:0e:f7:63:cb:10:38:b2:78:8d:78:12:f4:92:b9:
34:0e:fe:b1:26:1d:6b:ce:eb:36:2c:b9:c7:a3:02:d0:85:e5:
b5:4a:f7:44:c8:1c:50:a0:72:05:ce:38:2b:86:1f:c0:94:2c:
58:a3:f2:f2:15:6b:6a:1a:da:ad:56:0b:5e:c8:fe:f9:33:7e:
b6:79:dd:e2:59:63:c5:74:33:05:e2:0a:95:a5:7c:02:5f:52:
41:1e:c3:35
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICf5UwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA4MDYw
NzMzMTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEUwMzUzRTJDOTEwQkJD
MDAxNTgxQTgxRUZCRDBERUU5NjA3MUM5RkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/gfk1fFAyEGvrLEx2/3t/Ci2XyfijkGYKRxjGvDwtC6BrU5SS
Md9DVajDMQ7dYkpPfCa9GeG9D0Far9NqJSvsM7jjwigBqpXJ9yHR0IWCd8skHM6w
P0fWPbJOMhHWDtIForPflbvH6mMsrVsSZRnO3zIpauAWtXpLDmnAm8bGSN4xbrqz
lerv/wfNLlmMFmTffmQP9VEoLZ/xn6zHxGL2Ce6NqsPlSK+npyLwnyOFsAVtGdhT
Xk7AJ2m1oKsE1kTbjCSM2C9T5dVBw6a/GBUpw0FvGZdf1QtrZjD1DQFacoUF/u6M
sFgZEFY7DuSRfCycHSXV57l26tPy3fz3hkMLAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU4DU+LJELvAAVgage+9De6WBxyfowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzREVS1MSkVMdkFBVmdh
Z2UtOURlNldCeHlmby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAIr9kQwDQYJKoZIhvcNAQELBQADggEBAJ8eoKNV9k4lxSIeK6mC0WRR7FCdR/Nl
d4ozfdfMQQN6MXZBPEyX79MYrVxHn+xcN4W73uw16BRtLO29lkcJqbpP6ywDlUzK
8d8clp5BinB68/DLrI0TFAs1WHSbLlKHHVUBq5Gj2aMYh6/a7KrK8eVuQ7DViwVA
QRd4Ng0Bgo2yqzyG4l65LEF5xbi4cGu+x0ellGBY2GUCu8nd3+XFge5cUhbuvgMO
92PLEDiyeI14EvSSuTQO/rEmHWvO6zYsucejAtCF5bVK90TIHFCgcgXOOCuGH8CU
LFij8vIVa2oa2q1WC17I/vkzfrZ53eJZY8V0MwXiCpWlfAJfUkEewzU=
-----END CERTIFICATE-----
Generated at Sun Aug 24 03:39:51 2025 by rpki-client