Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/316/r2nQqMymjiC2gSBu-2kt7xCpCIQ.roa
File: r2nQqMymjiC2gSBu-2kt7xCpCIQ.roa (raw, json)
Hash identifier: P4N2ytu7UWbbGRKXtm/v0m545uUYCYPV/RFZvWosyvo=
Subject key identifier: AF:69:D0:A8:CC:A6:8E:20:B6:81:20:6E:FB:69:2D:EF:10:A9:08:84
Certificate issuer: /CN=4BC6A9B58BBEEAD50DDD48F844782C8294A18B39
Certificate serial: 1954
Authority key identifier: 4B:C6:A9:B5:8B:BE:EA:D5:0D:DD:48:F8:44:78:2C:82:94:A1:8B:39
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/S8aptYu-6tUN3Uj4RHgsgpShizk.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/316/r2nQqMymjiC2gSBu-2kt7xCpCIQ.roa
Signing time: Sat 13 Sep 2025 03:06:14 +0000
ROA not before: Sat 13 Sep 2025 03:06:14 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 38378
IP address blocks: 103.92.88.0/22 maxlen: 24
119.40.64.0/20 maxlen: 24
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6484 (0x1954)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4BC6A9B58BBEEAD50DDD48F844782C8294A18B39
Validity
Not Before: Sep 13 03:06:14 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=AF69D0A8CCA68E20B681206EFB692DEF10A90884
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:38:34:91:e4:e9:33:d3:c2:f6:a1:e6:55:49:
48:96:de:cb:a9:66:a6:9f:44:6c:df:2c:35:a8:ca:
12:02:b7:d6:40:35:dc:c0:6b:35:ed:50:9c:c2:d4:
de:bc:eb:a5:3e:0c:b2:91:e0:6b:b3:f0:7d:a7:d5:
d0:af:d8:9c:0f:0e:52:2a:d9:42:12:97:42:63:af:
85:45:5a:fe:92:5f:7a:91:a9:5f:0c:5a:eb:bb:03:
78:08:b6:9d:ca:de:9a:6b:42:93:9b:25:5c:fa:9f:
78:43:ff:52:dc:94:a9:13:02:ff:a4:97:10:0a:9c:
45:31:fe:4d:96:33:06:37:96:76:4e:78:58:c8:3c:
7c:76:15:3f:89:89:bd:45:1f:f2:6f:67:4a:43:fe:
5e:c0:ca:b6:0a:0d:a4:cf:60:12:46:a3:c8:31:0a:
ea:67:ba:4d:a6:98:70:3a:ab:d8:9b:74:c7:42:2c:
f3:9d:5c:49:88:83:22:a3:d6:b1:3d:cf:0a:e6:c2:
7b:fd:21:a1:80:0d:fc:35:65:97:6d:f7:de:f0:cf:
56:64:e2:5d:c4:17:6e:12:1e:83:a4:d1:9d:65:d9:
f7:99:e1:63:0f:ad:ab:c6:01:17:e2:60:30:64:a1:
cb:bc:d3:8f:4a:2c:4a:af:ba:54:6b:fe:60:16:b7:
44:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:69:D0:A8:CC:A6:8E:20:B6:81:20:6E:FB:69:2D:EF:10:A9:08:84
X509v3 Authority Key Identifier:
keyid:4B:C6:A9:B5:8B:BE:EA:D5:0D:DD:48:F8:44:78:2C:82:94:A1:8B:39
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/316/S8aptYu-6tUN3Uj4RHgsgpShizk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/S8aptYu-6tUN3Uj4RHgsgpShizk.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/316/r2nQqMymjiC2gSBu-2kt7xCpCIQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
103.92.88.0/22
119.40.64.0/20
Signature Algorithm: sha256WithRSAEncryption
4c:12:68:b1:c5:d3:1a:8e:c5:cb:55:33:29:47:92:ee:6e:69:
de:dd:7a:bb:51:93:1e:bc:e8:93:61:44:51:e8:33:c9:5b:b5:
ee:0c:cf:51:ef:a8:83:80:c2:2e:f6:b3:da:2d:7a:52:43:67:
97:3e:37:24:42:61:c2:b7:ce:15:e9:ef:d7:45:4c:be:8e:b7:
ac:13:39:7d:3c:89:44:bf:bb:61:36:4e:b3:58:0e:0b:a0:1f:
88:ef:bd:60:df:5c:15:10:95:e6:2c:ca:6f:04:92:84:bb:80:
e4:28:3d:b5:1e:92:c7:a7:84:fc:aa:eb:7e:f7:55:05:00:dc:
75:2e:9c:52:a2:a4:b8:ed:a2:e3:90:43:bc:16:d0:ba:73:af:
12:28:ae:c4:53:e6:bb:6a:79:c5:cf:ad:d8:a9:16:1c:40:f0:
25:94:75:51:49:6e:18:2a:1b:96:d9:a7:8d:92:78:b1:d7:c5:
4d:c6:36:ef:94:39:ed:ce:15:64:ba:dc:f8:9c:16:b1:68:85:
d4:5a:01:2a:1c:35:8a:3f:4b:12:71:dd:a7:9f:7c:8e:b8:e3:
b3:f0:07:83:0a:98:ef:36:11:8d:69:97:68:57:82:da:a1:94:
f8:dc:5e:b4:48:a9:7e:10:1b:5e:2e:63:2b:94:04:8a:96:8b:
1c:ff:2a:0c
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICGVQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNEJD
NkE5QjU4QkJFRUFENTBEREQ0OEY4NDQ3ODJDODI5NEExOEIzOTAeFw0yNTA5MTMw
MzA2MTRaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEFGNjlEMEE4Q0NBNjhF
MjBCNjgxMjA2RUZCNjkyREVGMTBBOTA4ODQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCODSR5Okz08L2oeZVSUiW3supZqafRGzfLDWoyhICt9ZANdzA
azXtUJzC1N6866U+DLKR4Guz8H2n1dCv2JwPDlIq2UISl0Jjr4VFWv6SX3qRqV8M
Wuu7A3gItp3K3pprQpObJVz6n3hD/1LclKkTAv+klxAKnEUx/k2WMwY3lnZOeFjI
PHx2FT+Jib1FH/JvZ0pD/l7AyrYKDaTPYBJGo8gxCupnuk2mmHA6q9ibdMdCLPOd
XEmIgyKj1rE9zwrmwnv9IaGADfw1ZZdt997wz1Zk4l3EF24SHoOk0Z1l2feZ4WMP
ravGARfiYDBkocu8049KLEqvulRr/mAWt0R7AgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUr2nQqMymjiC2gSBu+2kt7xCpCIQwHwYDVR0jBBgwFoAUS8aptYu+6tUN3Uj4
RHgsgpShizkwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzE2
L1M4YXB0WXUtNnRVTjNVajRSSGdzZ3BTaGl6ay5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvUzhhcHRZdS02dFVOM1VqNFJIZ3NncFNoaXprLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzE2L3IyblFxTXltamlDMmdT
QnUtMmt0N3hDcENJUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwD
BAJnXFgDBAR3KEAwDQYJKoZIhvcNAQELBQADggEBAEwSaLHF0xqOxctVMylHku5u
ad7dertRkx686JNhRFHoM8lbte4Mz1HvqIOAwi72s9otelJDZ5c+NyRCYcK3zhXp
79dFTL6Ot6wTOX08iUS/u2E2TrNYDgugH4jvvWDfXBUQleYsym8EkoS7gOQoPbUe
ksenhPyq6373VQUA3HUunFKipLjtouOQQ7wW0LpzrxIorsRT5rtqecXPrdipFhxA
8CWUdVFJbhgqG5bZp42SeLHXxU3GNu+UOe3OFWS63PicFrFohdRaASocNYo/SxJx
3aeffI6447PwB4MKmO82EY1pl2hXgtqhlPjcXrRIqX4QG14uYyuUBIqWixz/Kgw=
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:28:51 2025 by rpki-client