Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2411/qhmYe5kKex0rrqDH9ozQxDERun4.roa
File: qhmYe5kKex0rrqDH9ozQxDERun4.roa (raw, json)
Hash identifier: f/rKewlfJYMh484wFI5/RwDYm/Uv/x9i2ZR4r3iFEAI=
Subject key identifier: AA:19:98:7B:99:0A:7B:1D:2B:AE:A0:C7:F6:8C:D0:C4:31:11:BA:7E
Certificate issuer: /CN=1F552F6E8AC2F97E1447BFAC810059695E2B32A9
Certificate serial: 2E
Authority key identifier: 1F:55:2F:6E:8A:C2:F9:7E:14:47:BF:AC:81:00:59:69:5E:2B:32:A9
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/H1UvborC-X4UR7-sgQBZaV4rMqk.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2411/qhmYe5kKex0rrqDH9ozQxDERun4.roa
Signing time: Mon 18 Aug 2025 01:57:57 +0000
ROA not before: Mon 18 Aug 2025 01:57:57 +0000
ROA not after: Sun 16 Aug 2026 01:52:01 +0000
asID: 137690
IP address blocks: 202.189.20.0/22 maxlen: 32
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 46 (0x2e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1F552F6E8AC2F97E1447BFAC810059695E2B32A9
Validity
Not Before: Aug 18 01:57:57 2025 GMT
Not After : Aug 16 01:52:01 2026 GMT
Subject: CN=AA19987B990A7B1D2BAEA0C7F68CD0C43111BA7E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:e7:2b:86:5e:bc:b3:93:6c:27:32:4a:b9:89:
79:79:39:df:c7:a6:2e:cf:bf:93:76:45:09:17:9e:
e4:f4:10:38:e2:a8:ee:10:05:d3:11:3e:9e:1f:5b:
51:e2:91:d0:5a:9a:81:9b:c6:7b:d6:49:0a:78:6a:
30:10:50:3a:01:8f:2b:ca:f5:f6:f5:6b:03:6c:54:
f0:e6:29:ad:4f:c9:3d:b1:a8:93:d8:84:82:bf:67:
76:b2:89:d0:05:ee:b9:c1:cf:12:eb:21:f3:56:93:
21:9e:3f:78:cb:d6:ef:52:85:14:93:15:63:cf:29:
60:e4:60:e1:10:2a:bb:a9:ab:55:0a:3c:86:33:cd:
5c:7f:89:f3:c1:14:39:c2:2e:82:8f:41:d4:d0:80:
3e:f3:e3:19:9f:c8:37:55:06:7c:9a:42:69:9e:68:
87:59:86:7b:f8:b3:06:33:97:9b:74:97:ce:48:71:
7e:90:c6:32:cd:1a:96:8b:b3:6a:46:0d:53:3c:2b:
d9:b7:4b:de:07:1a:4c:4a:36:02:f2:6a:54:ff:c2:
66:5e:f4:96:8a:c5:a3:77:be:11:9e:20:32:c9:7d:
41:37:e9:02:4f:84:de:b8:12:61:d7:95:6c:12:5c:
87:fb:bb:d6:9a:a4:49:94:2f:cc:ce:1f:11:56:82:
db:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:19:98:7B:99:0A:7B:1D:2B:AE:A0:C7:F6:8C:D0:C4:31:11:BA:7E
X509v3 Authority Key Identifier:
keyid:1F:55:2F:6E:8A:C2:F9:7E:14:47:BF:AC:81:00:59:69:5E:2B:32:A9
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2411/H1UvborC-X4UR7-sgQBZaV4rMqk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/H1UvborC-X4UR7-sgQBZaV4rMqk.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2411/qhmYe5kKex0rrqDH9ozQxDERun4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
202.189.20.0/22
Signature Algorithm: sha256WithRSAEncryption
47:ae:32:95:d8:0a:bf:11:cd:80:a4:10:98:a6:16:24:26:df:
8c:f6:38:6f:77:5d:b6:6b:90:83:c2:06:2b:b6:0d:31:d4:37:
f7:f9:cf:3e:f0:4a:7a:5f:2b:7b:2b:af:2c:da:91:e0:7d:8c:
0f:9f:7e:91:cd:84:3a:49:ef:b5:60:ae:a4:56:d6:ba:a9:6f:
33:67:0f:96:4c:86:15:cc:09:56:32:61:f6:63:ab:37:6a:32:
da:a6:59:54:82:9e:45:66:49:35:b4:2b:62:0b:e3:28:a4:de:
7b:fe:cd:6f:ec:d1:15:35:9a:fb:11:ef:1a:64:d7:a3:12:07:
73:65:44:a3:51:b9:7b:fb:79:1a:fe:a9:07:91:47:7c:6f:b0:
0f:24:a8:05:35:54:ba:74:da:ab:b0:d8:96:30:2c:fb:28:0c:
35:87:57:3b:c0:be:52:48:c4:7c:83:0d:50:5c:0d:c0:17:a7:
d2:ef:0d:0a:77:70:7c:3d:28:13:33:d9:77:be:88:d0:9b:f9:
64:8f:6e:c4:8e:8a:47:e0:11:ef:46:47:27:df:e9:cf:60:49:
fa:4f:0c:2a:d4:9e:67:95:58:f8:4d:05:71:ee:78:67:d7:32:
2e:e6:55:5a:6d:0d:9f:c4:33:af:3f:f9:37:0e:38:3d:64:ed:
d6:b0:49:c4
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgIBLjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygxRjU1
MkY2RThBQzJGOTdFMTQ0N0JGQUM4MTAwNTk2OTVFMkIzMkE5MB4XDTI1MDgxODAx
NTc1N1oXDTI2MDgxNjAxNTIwMVowMzExMC8GA1UEAxMoQUExOTk4N0I5OTBBN0Ix
RDJCQUVBMEM3RjY4Q0QwQzQzMTExQkE3RTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALrnK4ZevLOTbCcySrmJeXk538emLs+/k3ZFCRee5PQQOOKo7hAF
0xE+nh9bUeKR0FqagZvGe9ZJCnhqMBBQOgGPK8r19vVrA2xU8OYprU/JPbGok9iE
gr9ndrKJ0AXuucHPEush81aTIZ4/eMvW71KFFJMVY88pYORg4RAqu6mrVQo8hjPN
XH+J88EUOcIugo9B1NCAPvPjGZ/IN1UGfJpCaZ5oh1mGe/izBjOXm3SXzkhxfpDG
Ms0alouzakYNUzwr2bdL3gcaTEo2AvJqVP/CZl70lorFo3e+EZ4gMsl9QTfpAk+E
3rgSYdeVbBJch/u71pqkSZQvzM4fEVaC22sCAwEAAaOCAfMwggHvMB0GA1UdDgQW
BBSqGZh7mQp7HSuuoMf2jNDEMRG6fjAfBgNVHSMEGDAWgBQfVS9uisL5fhRHv6yB
AFlpXisyqTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMF0GA1UdHwRWMFQwUqBQ
oE6GTHJzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8yNDEx
L0gxVXZib3JDLVg0VVI3LXNnUUJaYVY0ck1xay5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvSDFVdmJvckMtWDRVUjctc2dRQlphVjRyTXFrLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZ0GCCsGAQUFBwELBIGQMIGNMFgGCCsGAQUFBzALhkxyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjQxMS9xaG1ZZTVrS2V4MHJy
cURIOW96UXhERVJ1bjQucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25u
aWMuY24vcnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQCyr0UMA0GCSqGSIb3DQEBCwUAA4IBAQBHrjKV2Aq/Ec2ApBCYphYkJt+M9jhv
d122a5CDwgYrtg0x1Df3+c8+8Ep6Xyt7K68s2pHgfYwPn36RzYQ6Se+1YK6kVta6
qW8zZw+WTIYVzAlWMmH2Y6s3ajLapllUgp5FZkk1tCtiC+MopN57/s1v7NEVNZr7
Ee8aZNejEgdzZUSjUbl7+3ka/qkHkUd8b7APJKgFNVS6dNqrsNiWMCz7KAw1h1c7
wL5SSMR8gw1QXA3AF6fS7w0Kd3B8PSgTM9l3vojQm/lkj27EjopH4BHvRkcn3+nP
YEn6Twwq1J5nlVj4TQVx7nhn1zIu5lVabQ2fxDOvP/k3Djg9ZO3WsEnE
-----END CERTIFICATE-----
Generated at Sun Aug 24 03:40:01 2025 by rpki-client