Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/577/4-5rhMDtvYmlAvHxM7Wnph5OW3k.roa
File: 4-5rhMDtvYmlAvHxM7Wnph5OW3k.roa (raw, json)
Hash identifier: hf3diJD6LaxlugZd5z8eoM8WB0/sASztsGx0Vf7VwAQ=
Subject key identifier: E3:EE:6B:84:C0:ED:BD:89:A5:02:F1:F1:33:B5:A7:A6:1E:4E:5B:79
Certificate issuer: /CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Certificate serial: 1ED1
Authority key identifier: 75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/4-5rhMDtvYmlAvHxM7Wnph5OW3k.roa
Signing time: Sat 13 Sep 2025 03:05:31 +0000
ROA not before: Sat 13 Sep 2025 03:05:31 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 24373
IP address blocks: 45.252.40.0/22 maxlen: 24
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7889 (0x1ed1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=75B4714C4F61BEA04A02CF9CF563AE134F479C85
Validity
Not Before: Sep 13 03:05:31 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=E3EE6B84C0EDBD89A502F1F133B5A7A61E4E5B79
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:9b:2d:1a:55:a8:25:f9:ca:a6:c3:b3:2a:b4:
5d:4e:d2:d3:ff:9f:16:43:cc:01:86:9e:15:9e:1e:
57:bc:f3:2c:17:e3:71:e1:78:98:6e:b2:cf:87:91:
06:d5:41:bb:4d:bd:6e:d0:62:af:d9:0d:e3:5b:a4:
68:56:e3:6c:4c:07:1a:b9:1a:8f:c7:e4:fa:6d:0e:
0b:57:7f:1d:1e:2f:81:5f:53:69:c3:ff:ae:d3:13:
2e:97:da:76:77:dd:38:85:a8:0c:d2:62:08:1f:5d:
34:61:a7:51:27:12:f7:1b:ee:06:29:b0:d4:eb:5c:
55:3d:83:90:80:b0:7a:9f:a0:f1:85:5a:57:5c:7f:
05:20:f1:02:35:e3:e2:54:c4:cf:47:2d:fc:14:6a:
fc:0a:47:fd:7f:bd:a0:da:c0:5f:73:08:54:ab:4e:
7a:07:24:f2:a9:a8:4c:7a:0f:fc:f7:4c:bb:a2:ad:
45:ea:81:dc:42:6c:13:da:be:69:22:1e:d7:67:db:
70:1c:fe:fb:e0:7b:ff:80:67:a4:75:4f:77:f0:2b:
5d:69:0f:e0:a4:ea:83:6e:71:6d:c1:d3:87:9b:c5:
35:6f:5d:24:34:f9:06:b3:15:4a:01:00:52:2a:8e:
c3:c5:2d:b5:55:b3:dd:ed:5a:80:16:6e:9e:f7:c0:
42:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:EE:6B:84:C0:ED:BD:89:A5:02:F1:F1:33:B5:A7:A6:1E:4E:5B:79
X509v3 Authority Key Identifier:
keyid:75:B4:71:4C:4F:61:BE:A0:4A:02:CF:9C:F5:63:AE:13:4F:47:9C:85
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/dbRxTE9hvqBKAs-c9WOuE09HnIU.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/dbRxTE9hvqBKAs-c9WOuE09HnIU.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/577/4-5rhMDtvYmlAvHxM7Wnph5OW3k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
45.252.40.0/22
Signature Algorithm: sha256WithRSAEncryption
4a:84:93:8f:0d:8e:9e:5e:d4:0c:d9:5f:c7:5f:2e:df:7d:a7:
46:46:2c:0d:94:99:6b:32:4e:1f:84:83:5e:3d:15:c4:35:92:
bb:8d:77:11:3a:a3:77:05:cd:33:87:db:a4:e8:76:05:5c:73:
fc:47:ba:a4:9d:53:77:96:46:72:9b:82:38:5d:58:a5:d4:31:
de:67:5b:4a:75:99:f6:49:1f:08:09:23:48:b6:35:c8:47:db:
d5:2d:3a:36:97:f1:f9:14:e5:ee:b3:9e:50:58:3d:fa:a1:05:
5d:f9:4f:cd:5d:8b:ff:83:c8:c6:6b:dc:ac:69:3b:23:10:75:
08:01:bc:2a:6a:6d:03:b5:19:3f:b3:3e:ce:dc:03:c6:d2:b4:
51:b9:bc:f5:a1:a3:c4:6f:5d:50:b9:ff:92:54:39:d7:7f:a0:
c1:c2:ac:b1:cd:08:ec:88:50:5a:10:68:10:d2:96:c4:df:b8:
0b:19:2e:74:27:0e:60:c4:01:f4:71:ed:78:1f:94:a5:4b:62:
d9:13:4d:bf:0d:af:ae:4e:db:be:43:dd:da:4a:c1:cd:93:09:
41:68:d4:21:b5:63:28:52:7f:de:fc:f4:84:60:af:07:b2:d8:
43:c3:89:53:f2:06:0f:d2:2a:d1:17:4f:f1:f4:d9:de:12:b2:
d7:62:6f:05
-----BEGIN CERTIFICATE-----
MIIE1TCCA72gAwIBAgICHtEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzVC
NDcxNEM0RjYxQkVBMDRBMDJDRjlDRjU2M0FFMTM0RjQ3OUM4NTAeFw0yNTA5MTMw
MzA1MzFaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEUzRUU2Qjg0QzBFREJE
ODlBNTAyRjFGMTMzQjVBN0E2MUU0RTVCNzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7my0aVagl+cqmw7MqtF1O0tP/nxZDzAGGnhWeHle88ywX43Hh
eJhuss+HkQbVQbtNvW7QYq/ZDeNbpGhW42xMBxq5Go/H5PptDgtXfx0eL4FfU2nD
/67TEy6X2nZ33TiFqAzSYggfXTRhp1EnEvcb7gYpsNTrXFU9g5CAsHqfoPGFWldc
fwUg8QI14+JUxM9HLfwUavwKR/1/vaDawF9zCFSrTnoHJPKpqEx6D/z3TLuirUXq
gdxCbBPavmkiHtdn23Ac/vvge/+AZ6R1T3fwK11pD+Ck6oNucW3B04ebxTVvXSQ0
+QazFUoBAFIqjsPFLbVVs93tWoAWbp73wEIjAgMBAAGjggHxMIIB7TAdBgNVHQ4E
FgQU4+5rhMDtvYmlAvHxM7Wnph5OW3kwHwYDVR0jBBgwFoAUdbRxTE9hvqBKAs+c
9WOuE09HnIUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3
L2RiUnhURTlodnFCS0FzLWM5V091RTA5SG5JVS5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvZGJSeFRFOWh2cUJLQXMtYzlXT3VFMDlIbklVLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNTc3LzQtNXJoTUR0dlltbEF2
SHhNN1ducGg1T1czay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAIt/CgwDQYJKoZIhvcNAQELBQADggEBAEqEk48Njp5e1AzZX8dfLt99p0ZGLA2U
mWsyTh+Eg149FcQ1kruNdxE6o3cFzTOH26TodgVcc/xHuqSdU3eWRnKbgjhdWKXU
Md5nW0p1mfZJHwgJI0i2NchH29UtOjaX8fkU5e6znlBYPfqhBV35T81di/+DyMZr
3KxpOyMQdQgBvCpqbQO1GT+zPs7cA8bStFG5vPWho8RvXVC5/5JUOdd/oMHCrLHN
COyIUFoQaBDSlsTfuAsZLnQnDmDEAfRx7XgflKVLYtkTTb8Nr65O275D3dpKwc2T
CUFo1CG1YyhSf9789IRgrwey2EPDiVPyBg/SKtEXT/H02d4SstdibwU=
-----END CERTIFICATE-----
Generated at Mon Oct 20 19:51:24 2025 by rpki-client