Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/1LPahkA--6KA__IC7pQLV5NmSkw.roa
File: 1LPahkA--6KA__IC7pQLV5NmSkw.roa (raw, json)
Hash identifier: HlBA5KjSjsoCKU4W+w7oYyocd5XdPk2s+M2tpiFw/f8=
Subject key identifier: D4:B3:DA:86:40:3E:FB:A2:80:FF:F2:02:EE:94:0B:57:93:66:4A:4C
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2682
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/1LPahkA--6KA__IC7pQLV5NmSkw.roa
Signing time: Sat 14 Jun 2025 04:09:18 +0000
ROA not before: Sat 14 Jun 2025 04:09:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9858 (0x2682)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 04:09:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D4B3DA86403EFBA280FFF202EE940B5793664A4C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:fc:bc:97:70:23:70:da:15:82:94:65:85:a5:
0e:f1:54:fd:82:28:05:77:67:54:8c:7f:db:3f:9b:
64:42:55:94:a2:4f:2d:cd:b4:42:39:e4:da:25:25:
06:4d:fb:ac:c0:e3:61:f7:23:c4:39:00:70:50:0b:
c9:91:4c:37:dc:ca:2c:cc:13:8d:a2:7a:63:69:58:
05:48:8d:67:6e:6e:50:43:db:f8:c6:fb:c7:0f:96:
d1:59:87:1f:ce:1a:cb:cc:52:7e:ae:3d:35:4c:62:
d7:c7:80:eb:72:7c:95:15:f5:90:36:6b:83:a2:6d:
ea:c2:b2:b6:75:4e:a6:bf:b8:f8:7c:f8:76:18:1f:
57:fb:c7:51:32:5a:17:ea:6c:80:12:c0:51:6b:ea:
a0:b6:31:36:c1:cf:63:a1:41:40:60:1a:bc:0b:9b:
bc:e8:2f:78:90:cd:56:d2:20:7c:c6:d2:1f:4c:38:
06:4e:ef:93:3b:99:6f:82:d9:17:0d:75:bc:bb:18:
f8:c0:d5:64:3c:70:de:13:90:6d:b4:44:48:3d:11:
c5:a4:44:48:a2:b2:38:e5:02:78:7b:e4:5a:f6:70:
69:c3:5d:dd:5e:c3:c7:27:3f:ad:9f:46:15:2b:8d:
c9:d1:9d:2f:8c:6c:37:30:28:0f:6e:85:38:a7:18:
1c:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:B3:DA:86:40:3E:FB:A2:80:FF:F2:02:EE:94:0B:57:93:66:4A:4C
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/1LPahkA--6KA__IC7pQLV5NmSkw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
14:bf:49:e1:e1:ff:a8:1c:fc:95:fa:b5:00:5a:ef:7f:4c:a6:
f9:42:0d:10:a4:d2:7e:46:ac:e3:f6:0c:1a:84:a2:c4:d3:d4:
b6:f8:5c:55:2a:47:ed:68:56:35:d7:36:fc:77:a2:95:13:6a:
36:e1:86:b1:52:ea:2e:f0:d6:4f:2f:bf:d4:89:1e:7f:11:12:
61:88:99:8b:d0:c7:f4:68:29:db:f1:f3:af:cc:cd:76:33:5a:
af:95:c7:e7:99:73:9e:e0:48:3f:eb:b4:16:fc:e1:00:a0:65:
47:01:d1:d4:f8:c7:10:bd:e9:5d:e1:fd:6c:5d:60:ab:ec:33:
dd:1a:d5:01:5a:e9:e1:d8:cb:71:cc:d2:4d:23:13:98:86:81:
9a:50:46:4d:0a:5b:3f:06:20:f5:22:2e:a6:c7:4f:d2:ca:10:
ad:85:68:9c:19:54:5d:4c:bf:15:6d:d1:13:47:69:a2:40:d7:
5e:43:6a:cf:4f:47:73:e8:bf:41:53:35:73:ab:56:2c:6c:68:
6c:e3:87:aa:80:ba:6a:ac:fa:8b:8d:b9:61:1c:ed:dd:fc:be:
28:f4:b8:d9:37:ac:ef:6d:ee:e2:38:1a:29:4c:4c:45:1e:e7:
4b:d4:51:7e:ac:d0:73:cd:24:1d:87:fc:7f:50:b7:c4:ad:ae:
b0:89:b2:56
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJoIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQw
NDA5MThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ0QjNEQTg2NDAzRUZC
QTI4MEZGRjIwMkVFOTQwQjU3OTM2NjRBNEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD1/LyXcCNw2hWClGWFpQ7xVP2CKAV3Z1SMf9s/m2RCVZSiTy3N
tEI55NolJQZN+6zA42H3I8Q5AHBQC8mRTDfcyizME42iemNpWAVIjWdublBD2/jG
+8cPltFZhx/OGsvMUn6uPTVMYtfHgOtyfJUV9ZA2a4OiberCsrZ1Tqa/uPh8+HYY
H1f7x1EyWhfqbIASwFFr6qC2MTbBz2OhQUBgGrwLm7zoL3iQzVbSIHzG0h9MOAZO
75M7mW+C2RcNdby7GPjA1WQ8cN4TkG20REg9EcWkREiisjjlAnh75Fr2cGnDXd1e
w8cnP62fRhUrjcnRnS+MbDcwKA9uhTinGBynAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU1LPahkA++6KA//IC7pQLV5NmSkwwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMUxQYWhrQS0tNktB
X19JQzdwUUxWNU5tU2t3LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABS/SeHh/6gc/JX6tQBa739MpvlC
DRCk0n5GrOP2DBqEosTT1Lb4XFUqR+1oVjXXNvx3opUTajbhhrFS6i7w1k8vv9SJ
Hn8REmGImYvQx/RoKdvx86/MzXYzWq+Vx+eZc57gSD/rtBb84QCgZUcB0dT4xxC9
6V3h/WxdYKvsM90a1QFa6eHYy3HM0k0jE5iGgZpQRk0KWz8GIPUiLqbHT9LKEK2F
aJwZVF1MvxVt0RNHaaJA115Das9PR3Pov0FTNXOrVixsaGzjh6qAumqs+ouNuWEc
7d38vij0uNk3rO9t7uI4GilMTEUe50vUUX6s0HPNJB2H/H9Qt8StrrCJslY=
-----END CERTIFICATE-----
Generated at Sun Jun 15 09:26:22 2025 by rpki-client