Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/577/-y2aDfAo3NX1NLbDdVLTdNfICZw.roa
File: -y2aDfAo3NX1NLbDdVLTdNfICZw.roa (raw, json)
Hash identifier: rqHPoAglnaOL6wBM33NgmXCHgaLo7rz0uH96ca/t4/o=
Subject key identifier: FB:2D:9A:0D:F0:28:DC:D5:F5:34:B6:C3:75:52:D3:74:D7:C8:09:9C
Certificate issuer: /CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Certificate serial: 1EB1
Authority key identifier: 75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/-y2aDfAo3NX1NLbDdVLTdNfICZw.roa
Signing time: Sat 13 Sep 2025 03:05:23 +0000
ROA not before: Sat 13 Sep 2025 03:05:23 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 24373
IP address blocks: 45.252.12.0/22 maxlen: 24
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7857 (0x1eb1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Validity
Not Before: Sep 13 03:05:23 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=FB2D9A0DF028DCD5F534B6C37552D374D7C8099C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:8e:4e:e7:8e:2d:28:85:fd:aa:87:2e:a8:ac:
c5:91:1e:81:78:4f:7e:01:af:b9:fa:fb:1f:e2:86:
df:01:26:81:22:03:98:63:2d:25:75:10:69:11:99:
97:bb:93:2b:93:4d:c4:8b:c1:98:a3:b8:d1:ef:3e:
c4:61:e7:44:d7:8e:3d:16:99:08:c7:b1:7a:90:07:
32:df:1d:32:bf:9d:6d:7f:38:e1:86:1d:9e:3c:af:
e2:31:3f:ac:48:65:0d:98:e1:f5:7a:9d:76:bb:5b:
a7:e9:f3:0f:e2:9c:fe:f3:5d:5b:64:b9:54:88:62:
2a:e6:c6:23:52:fa:fe:e9:3f:15:4a:9e:25:b6:8b:
ab:c2:df:6c:45:f2:24:35:4c:34:95:90:d8:ee:60:
48:b0:e0:99:d2:09:e9:5e:1a:54:31:75:ef:ad:3a:
82:c7:ac:37:f5:39:a7:85:f0:e8:a7:cb:a2:43:ff:
0f:11:3c:7f:e6:f7:ed:bc:c7:03:2f:d2:71:ad:22:
17:a8:49:15:1b:5c:81:2d:7f:95:24:93:42:ea:5a:
cd:e2:f3:93:1c:dc:40:2d:cc:0c:fb:63:21:82:da:
ae:0a:33:5a:07:8f:d9:9d:1c:de:ac:2e:3d:d2:ad:
0c:9b:66:67:ab:83:b5:ea:ba:ac:ee:06:9a:f2:28:
84:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:2D:9A:0D:F0:28:DC:D5:F5:34:B6:C3:75:52:D3:74:D7:C8:09:9C
X509v3 Authority Key Identifier:
keyid:75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/-y2aDfAo3NX1NLbDdVLTdNfICZw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
45.252.12.0/22
Signature Algorithm: sha256WithRSAEncryption
71:4a:03:ab:89:ab:5f:61:f8:09:c8:a5:60:2f:74:08:9b:ed:
7e:40:31:67:f2:d8:b1:08:10:61:0f:74:c3:ff:d0:b7:78:94:
20:90:31:26:60:8b:d6:eb:db:27:75:ff:ab:dd:e1:4d:e9:c5:
b1:09:82:78:19:c3:30:d1:b7:10:73:26:a7:00:5d:84:f6:4e:
9e:20:24:0c:45:a3:8b:6d:53:f9:88:89:75:21:f7:61:08:d6:
98:57:34:c9:4b:ef:96:a3:31:b0:19:83:24:e2:35:d2:7a:87:
ae:ba:b2:b8:a0:31:7c:92:f5:b6:57:1c:06:9c:01:b7:94:ff:
a2:a2:9c:71:8f:2b:1f:d3:96:fa:be:13:3d:d3:85:70:0c:eb:
63:33:0c:83:2f:f8:37:05:47:b3:95:d0:68:3e:64:c3:3a:7c:
49:b8:de:85:ec:60:29:86:48:0c:01:d2:8a:60:5b:4a:34:13:
60:f2:65:36:dc:7e:a8:82:57:64:fa:61:1d:48:19:b8:ef:89:
44:85:0b:cf:4b:1c:c8:3d:26:d8:b1:6c:23:94:b5:24:76:bc:
1f:1f:5e:56:37:36:98:a3:1c:28:18:9b:cb:c7:a3:e1:c0:0a:
bc:1f:82:cf:b6:6b:59:6d:36:75:77:e1:b6:14:52:d0:66:81:
a5:cb:9c:1a
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICHrEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzVC
NDcxNEM0RjYxQkVBMDRBMDJDRjlDRjU2M0FFMTM0RjQ3OUM4NTAeFw0yNTA5MTMw
MzA1MjNaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEZCMkQ5QTBERjAyOERD
RDVGNTM0QjZDMzc1NTJEMzc0RDdDODA5OUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3jk7nji0ohf2qhy6orMWRHoF4T34Br7n6+x/iht8BJoEiA5hj
LSV1EGkRmZe7kyuTTcSLwZijuNHvPsRh50TXjj0WmQjHsXqQBzLfHTK/nW1/OOGG
HZ48r+IxP6xIZQ2Y4fV6nXa7W6fp8w/inP7zXVtkuVSIYirmxiNS+v7pPxVKniW2
i6vC32xF8iQ1TDSVkNjuYEiw4JnSCeleGlQxde+tOoLHrDf1OaeF8Oiny6JD/w8R
PH/m9+28xwMv0nGtIheoSRUbXIEtf5Ukk0LqWs3i85Mc3EAtzAz7YyGC2q4KM1oH
j9mdHN6sLj3SrQybZmerg7XquqzuBpryKISLAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU+y2aDfAo3NX1NLbDdVLTdNfICZwwHwYDVR0jBBgwFoAUdbRxTE9hvqBKAs+c
9WOuE09HnIUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3
L2RiUnhURTlodnFCS0FzLWM5V091RTA5SG5JVS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZGJSeFRFOWh2cUJLQXMtYzlXT3VFMDlIbklVLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3Ly15MmFEZkFvM05YMU5M
YkRkVkxUZE5mSUNady5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAIt/AwwDQYJKoZIhvcNAQELBQADggEBAHFKA6uJq19h+AnIpWAvdAib7X5AMWfy
2LEIEGEPdMP/0Ld4lCCQMSZgi9br2yd1/6vd4U3pxbEJgngZwzDRtxBzJqcAXYT2
Tp4gJAxFo4ttU/mIiXUh92EI1phXNMlL75ajMbAZgyTiNdJ6h666srigMXyS9bZX
HAacAbeU/6KinHGPKx/Tlvq+Ez3ThXAM62MzDIMv+DcFR7OV0Gg+ZMM6fEm43oXs
YCmGSAwB0opgW0o0E2DyZTbcfqiCV2T6YR1IGbjviUSFC89LHMg9JtixbCOUtSR2
vB8fXlY3NpijHCgYm8vHo+HACrwfgs+2a1ltNnV34bYUUtBmgaXLnBo=
-----END CERTIFICATE-----
Generated at Mon Oct 20 19:51:12 2025 by rpki-client