Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/1EeT3sNTTBVZN4VlWEK1ZX4aHp0.roa
File: 1EeT3sNTTBVZN4VlWEK1ZX4aHp0.roa (raw, json)
Hash identifier: pDMu2CnPLS4LDN8+hl9v/ML8Y4ro6B2gKCdTs+HX/7E=
Subject key identifier: D4:47:93:DE:C3:53:4C:15:59:37:85:65:58:42:B5:65:7E:1A:1E:9D
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2144
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/1EeT3sNTTBVZN4VlWEK1ZX4aHp0.roa
Signing time: Wed 04 Jun 2025 20:38:43 +0000
ROA not before: Wed 04 Jun 2025 20:38:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8516 (0x2144)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 20:38:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D44793DEC3534C15593785655842B5657E1A1E9D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:9f:0c:85:7d:05:96:b0:f4:d6:76:47:f8:e9:
1e:c6:70:dc:70:1f:c8:b7:0a:9c:f4:38:dd:64:91:
a4:44:30:54:9a:c5:9f:9e:a1:ef:c6:6d:1c:52:d2:
c2:a3:da:d7:e9:83:c5:b4:e0:d4:23:ff:9f:e5:cd:
11:52:b0:0c:4d:be:e6:8b:e1:f1:90:56:a6:10:9b:
f2:5a:e2:3a:05:f7:91:63:b6:17:ac:7c:76:62:8a:
8d:c5:33:95:e0:43:df:df:23:1b:ea:dd:89:99:91:
cd:58:e5:fc:79:b1:14:63:74:48:d0:02:9a:8c:59:
6e:5f:67:b9:76:06:e9:57:9f:93:f6:7b:db:a3:51:
38:df:92:64:ff:de:d3:90:7f:ce:45:4f:d8:c3:9a:
d5:a0:fe:ad:9a:56:e2:37:11:43:26:c0:71:0a:49:
06:8b:40:54:10:de:23:f0:f5:77:72:91:03:41:f6:
91:44:88:6b:bc:59:a5:58:d8:49:3a:21:12:0b:3f:
44:37:b9:ca:33:6f:b9:6c:f7:23:c0:a8:1f:f3:ae:
bb:e6:c1:6f:57:2e:a1:b9:6e:25:92:0e:f0:23:87:
f4:c8:00:d4:38:03:87:85:17:65:ab:35:c1:15:1f:
6d:09:c9:1c:a3:89:85:27:32:00:98:86:87:60:11:
a9:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:47:93:DE:C3:53:4C:15:59:37:85:65:58:42:B5:65:7E:1A:1E:9D
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/1EeT3sNTTBVZN4VlWEK1ZX4aHp0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
3a:62:ae:2a:77:77:62:a5:37:a2:67:b9:89:5a:99:03:7c:55:
21:cc:92:26:f6:2d:26:f1:0d:8d:a4:7b:1d:f3:08:2b:d3:3b:
07:07:bc:36:e8:88:1b:f3:01:4e:a1:df:a2:4d:14:9b:f7:9e:
ee:0c:74:ec:d5:6d:2f:8e:5e:10:09:5d:07:1e:e3:6b:f8:cf:
ca:87:7f:8f:33:21:15:ef:32:60:23:a3:e0:43:f8:46:97:34:
05:93:3f:3f:3c:0c:df:67:92:cf:6a:67:1d:0e:2f:2e:58:07:
2a:2b:6e:71:a5:85:04:7e:87:86:68:96:a6:96:62:9a:c5:09:
cf:44:89:78:04:57:c1:1a:3a:c4:cf:b7:6c:68:1f:ab:1a:89:
20:99:c0:bf:05:cc:09:72:8f:50:98:29:0f:8f:ca:3a:47:0d:
f4:39:27:fe:bb:95:0d:73:ca:67:fc:18:30:95:a6:d3:e0:0d:
43:a5:e8:9d:c6:a0:ec:2f:4e:ac:b4:b1:70:a3:fc:c1:0b:3f:
bd:9b:2b:af:96:e4:03:b9:36:db:7e:a1:fd:0b:ea:16:f0:4f:
c6:4d:1f:a0:83:53:ac:9c:04:ec:3e:0b:8d:51:11:48:a9:cd:
6c:31:01:f6:22:7d:b1:05:9a:08:d7:dd:8b:19:60:73:e7:9d:
30:65:18:3e
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIUQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQy
MDM4NDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ0NDc5M0RFQzM1MzRD
MTU1OTM3ODU2NTU4NDJCNTY1N0UxQTFFOUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCWnwyFfQWWsPTWdkf46R7GcNxwH8i3Cpz0ON1kkaREMFSaxZ+e
oe/GbRxS0sKj2tfpg8W04NQj/5/lzRFSsAxNvuaL4fGQVqYQm/Ja4joF95Fjthes
fHZiio3FM5XgQ9/fIxvq3YmZkc1Y5fx5sRRjdEjQApqMWW5fZ7l2BulXn5P2e9uj
UTjfkmT/3tOQf85FT9jDmtWg/q2aVuI3EUMmwHEKSQaLQFQQ3iPw9XdykQNB9pFE
iGu8WaVY2Ek6IRILP0Q3ucozb7ls9yPAqB/zrrvmwW9XLqG5biWSDvAjh/TIANQ4
A4eFF2WrNcEVH20JyRyjiYUnMgCYhodgEal5AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU1EeT3sNTTBVZN4VlWEK1ZX4aHp0wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMUVlVDNzTlRUQlZa
TjRWbFdFSzFaWDRhSHAwLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBADpirip3d2KlN6JnuYlamQN8VSHM
kib2LSbxDY2kex3zCCvTOwcHvDboiBvzAU6h36JNFJv3nu4MdOzVbS+OXhAJXQce
42v4z8qHf48zIRXvMmAjo+BD+EaXNAWTPz88DN9nks9qZx0OLy5YByorbnGlhQR+
h4ZolqaWYprFCc9EiXgEV8EaOsTPt2xoH6saiSCZwL8FzAlyj1CYKQ+PyjpHDfQ5
J/67lQ1zymf8GDCVptPgDUOl6J3GoOwvTqy0sXCj/MELP72bK6+W5AO5Ntt+of0L
6hbwT8ZNH6CDU6ycBOw+C41REUipzWwxAfYifbEFmgjX3YsZYHPnnTBlGD4=
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:51:37 2025 by rpki-client