Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2898/zndiDCfoVzgxP-R3Oy9u0SfbSkA.roa
File: zndiDCfoVzgxP-R3Oy9u0SfbSkA.roa (raw, json)
Hash identifier: TwsL2eJrwe5D2HIYTlY6JevlROw5vXxZYHmIvVV/5/Y=
Subject key identifier: CE:77:62:0C:27:E8:57:38:31:3F:E4:77:3B:2F:6E:D1:27:DB:4A:40
Certificate issuer: /CN=2F39D6C238893451A06EB34C52D77ABC18906BE0
Certificate serial: 2068
Authority key identifier: 2F:39:D6:C2:38:89:34:51:A0:6E:B3:4C:52:D7:7A:BC:18:90:6B:E0
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LznWwjiJNFGgbrNMUtd6vBiQa-A.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2898/zndiDCfoVzgxP-R3Oy9u0SfbSkA.roa
Signing time: Sat 13 Sep 2025 03:10:16 +0000
ROA not before: Sat 13 Sep 2025 03:10:16 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 139091
IP address blocks: 103.140.14.0/23 maxlen: 32
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8296 (0x2068)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2F39D6C238893451A06EB34C52D77ABC18906BE0
Validity
Not Before: Sep 13 03:10:16 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=CE77620C27E85738313FE4773B2F6ED127DB4A40
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:ee:c6:66:70:bb:ff:cd:37:ca:86:e8:0e:db:
d3:e6:17:53:34:08:2d:82:85:c7:b1:94:59:07:47:
c8:b9:0e:a9:09:be:9d:40:c3:da:01:53:26:f5:6c:
7f:6a:21:eb:ce:b7:6e:cc:e9:cf:49:3e:89:75:15:
47:94:a1:69:2d:9e:ca:01:4b:ca:bc:fd:76:15:23:
74:ee:0c:bc:58:07:a8:04:d2:79:07:46:e7:78:7a:
56:45:79:28:77:1b:61:30:66:7e:b4:01:1c:f9:69:
05:84:9a:d8:8f:88:b3:f2:14:ad:93:2f:7c:d7:a0:
85:40:31:d6:3f:09:36:50:6d:2b:4b:f0:9b:a7:96:
26:4b:c1:c1:53:b3:dc:60:b4:4b:68:10:2b:99:8c:
c1:a1:8a:47:e2:58:5d:a2:44:2b:ac:3a:fc:65:69:
3f:06:f2:6b:87:2c:fe:5e:a6:8b:72:52:1a:e6:9b:
46:d8:c9:fe:a9:e5:04:c3:64:4c:b5:4b:06:9a:0f:
6e:1e:b2:a3:57:e7:eb:78:52:dc:e5:c5:15:b3:17:
a7:79:82:04:92:89:93:fd:fc:12:12:50:1a:4d:a3:
30:ce:ad:f9:20:69:82:2c:b4:7f:d8:e9:08:41:2f:
f9:41:6f:64:6a:38:6c:10:88:c2:20:5f:a8:e3:05:
9c:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:77:62:0C:27:E8:57:38:31:3F:E4:77:3B:2F:6E:D1:27:DB:4A:40
X509v3 Authority Key Identifier:
keyid:2F:39:D6:C2:38:89:34:51:A0:6E:B3:4C:52:D7:7A:BC:18:90:6B:E0
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2898/LznWwjiJNFGgbrNMUtd6vBiQa-A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LznWwjiJNFGgbrNMUtd6vBiQa-A.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2898/zndiDCfoVzgxP-R3Oy9u0SfbSkA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
103.140.14.0/23
Signature Algorithm: sha256WithRSAEncryption
5d:3c:e3:1e:ba:85:ee:d3:b1:c8:82:26:ec:e8:49:d3:73:b1:
54:a6:f6:6a:64:52:82:25:93:1e:47:d5:b2:8a:88:86:8c:b4:
3b:11:3b:2b:de:69:e7:34:89:2c:aa:8c:f3:39:93:e0:3f:09:
9a:8b:14:85:c2:13:d5:04:fa:50:4b:e2:85:c3:df:73:3c:89:
6a:d3:dd:ff:44:a5:73:94:3f:c0:74:d9:be:04:8b:53:a6:f3:
63:5b:52:dd:26:93:96:e9:e7:8f:6a:b3:e6:54:30:80:12:fe:
6d:22:e0:5e:13:bc:2a:37:6e:93:be:03:d9:71:af:da:89:1c:
6e:6f:c0:95:9c:0d:99:df:a0:1d:92:4f:89:68:02:16:30:e2:
17:9b:84:62:5f:60:7a:8a:13:a5:79:8b:1c:b2:5b:88:3b:71:
60:bf:a5:e4:36:18:ef:e6:43:7b:46:66:4d:17:8c:ae:c2:ff:
77:89:e6:90:b8:66:c3:ce:13:ee:4a:1c:9d:0a:09:7b:f7:48:
42:68:9a:b1:33:8c:ab:2a:72:a8:b3:2f:23:f2:38:2b:a4:23:
9d:f6:33:95:93:8b:36:55:43:be:b0:6d:fc:90:63:5d:a2:66:
15:4e:ad:29:f9:75:73:22:b3:e9:27:79:60:0d:34:d2:04:15:
68:f0:d0:ce
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICIGgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkYz
OUQ2QzIzODg5MzQ1MUEwNkVCMzRDNTJENzdBQkMxODkwNkJFMDAeFw0yNTA5MTMw
MzEwMTZaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKENFNzc2MjBDMjdFODU3
MzgzMTNGRTQ3NzNCMkY2RUQxMjdEQjRBNDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDZ7sZmcLv/zTfKhugO29PmF1M0CC2ChcexlFkHR8i5DqkJvp1A
w9oBUyb1bH9qIevOt27M6c9JPol1FUeUoWktnsoBS8q8/XYVI3TuDLxYB6gE0nkH
Rud4elZFeSh3G2EwZn60ARz5aQWEmtiPiLPyFK2TL3zXoIVAMdY/CTZQbStL8Jun
liZLwcFTs9xgtEtoECuZjMGhikfiWF2iRCusOvxlaT8G8muHLP5epotyUhrmm0bY
yf6p5QTDZEy1SwaaD24esqNX5+t4UtzlxRWzF6d5ggSSiZP9/BISUBpNozDOrfkg
aYIstH/Y6QhBL/lBb2RqOGwQiMIgX6jjBZyvAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUzndiDCfoVzgxP+R3Oy9u0SfbSkAwHwYDVR0jBBgwFoAULznWwjiJNFGgbrNM
Utd6vBiQa+AwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjg5
OC9Mem5Xd2ppSk5GR2dick5NVXRkNnZCaVFhLUEuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL0x6bld3amlKTkZHZ2JyTk1VdGQ2dkJpUWEtQS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzI4OTgvem5kaURDZm9Wemd4
UC1SM095OXUwU2ZiU2tBLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAWeMDjANBgkqhkiG9w0BAQsFAAOCAQEAXTzjHrqF7tOxyIIm7OhJ03OxVKb2
amRSgiWTHkfVsoqIhoy0OxE7K95p5zSJLKqM8zmT4D8JmosUhcIT1QT6UEvihcPf
czyJatPd/0Slc5Q/wHTZvgSLU6bzY1tS3SaTlunnj2qz5lQwgBL+bSLgXhO8Kjdu
k74D2XGv2okcbm/AlZwNmd+gHZJPiWgCFjDiF5uEYl9geooTpXmLHLJbiDtxYL+l
5DYY7+ZDe0ZmTReMrsL/d4nmkLhmw84T7kocnQoJe/dIQmiasTOMqypyqLMvI/I4
K6QjnfYzlZOLNlVDvrBt/JBjXaJmFU6tKfl1cyKz6Sd5YA000gQVaPDQzg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:28:05 2025 by rpki-client