Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/2kzCKBK_XaONKGjrjJG0tFK1x1g.roa
File: 2kzCKBK_XaONKGjrjJG0tFK1x1g.roa (raw, json)
Hash identifier: UgTeVU5z+eii7kbCmy/DliHh4J+2w8ISm24zV9VLRCc=
Subject key identifier: DA:4C:C2:28:12:BF:5D:A3:8D:28:68:EB:8C:91:B4:B4:52:B5:C7:58
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2588
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/2kzCKBK_XaONKGjrjJG0tFK1x1g.roa
Signing time: Thu 12 Jun 2025 10:39:15 +0000
ROA not before: Thu 12 Jun 2025 10:39:15 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9608 (0x2588)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 10:39:15 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DA4CC22812BF5DA38D2868EB8C91B4B452B5C758
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:1d:df:87:a6:f1:45:a7:6d:20:e7:aa:5d:16:
27:b3:19:c8:6e:44:f6:75:c4:7a:9d:92:25:e7:af:
96:83:e3:c6:5c:7d:29:38:79:e0:42:39:3e:94:7b:
b1:72:75:62:55:42:04:58:35:f2:eb:36:f9:5a:38:
7a:c5:ec:63:40:63:83:0e:e0:3d:64:7c:e2:49:1e:
13:36:98:56:49:14:0a:f1:22:ea:a7:05:fb:e3:00:
0e:a9:3b:79:c0:9a:f4:63:c7:7f:bd:7e:91:83:bb:
e4:e7:72:39:19:55:5a:e5:b2:a2:f7:73:53:a7:0a:
1e:a8:ab:0b:fa:fe:7e:b6:54:3d:56:b1:90:c9:ed:
19:1d:67:ef:47:09:71:4e:fd:76:1d:56:66:94:ca:
ca:5e:66:fc:53:1a:83:1b:70:17:bf:7d:a7:23:d8:
c5:6a:04:63:89:38:e3:77:d4:49:29:0a:64:b8:e2:
a7:11:33:6e:51:ff:13:8b:72:3f:04:b5:21:c8:6d:
9e:48:57:a4:bc:95:15:3a:4d:76:91:87:ee:e2:ae:
17:39:70:4e:57:d7:67:7b:27:b7:e4:53:e3:4f:6d:
4d:7c:03:1a:27:04:bd:0c:46:95:cf:f1:84:33:86:
ed:e1:7b:c6:6c:0c:16:33:80:4d:6a:d6:78:eb:d4:
1f:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:4C:C2:28:12:BF:5D:A3:8D:28:68:EB:8C:91:B4:B4:52:B5:C7:58
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/2kzCKBK_XaONKGjrjJG0tFK1x1g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
2e:4e:6e:83:c9:9f:c3:b9:d9:ca:5d:cd:88:01:99:9b:8b:d2:
bf:c6:87:5f:7a:d2:9e:78:19:de:e6:49:d4:71:92:2f:dc:1c:
d3:d2:fa:1d:ff:1f:16:78:7e:1a:58:21:db:a4:d2:a1:82:c2:
80:19:c9:d8:68:85:8a:3a:35:a0:8b:92:a0:65:1f:cd:08:90:
8b:27:66:f0:ba:30:ea:a8:12:a7:18:b5:12:a7:1a:b8:ba:8a:
a1:c9:14:5b:f6:f8:70:54:df:68:bf:a5:b7:e2:23:6b:aa:a8:
8a:a2:fb:eb:c1:06:4a:74:69:34:0a:0f:8e:bb:5c:be:76:42:
c3:35:0a:0f:3d:1f:58:cd:d4:19:50:64:66:82:b7:63:8a:de:
64:22:ee:86:6d:e0:b3:f6:ca:ea:fc:9b:6e:dc:78:4e:90:6e:
38:28:c1:48:18:e7:3e:03:3a:b5:02:d6:e5:5b:aa:6b:70:8b:
22:bc:0f:ec:56:68:f7:41:c9:2b:f2:a2:d4:8a:75:1c:57:e9:
78:89:78:e6:cb:2f:f6:14:bd:00:2a:27:62:3c:8e:88:dd:0f:
54:0f:f7:6a:57:c7:3d:27:77:50:19:75:18:b3:5f:3d:22:b0:
53:b6:f0:aa:d1:47:fa:16:a5:f2:ef:d0:0d:eb:1e:61:75:de:
c7:c5:6e:76
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJYgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIx
MDM5MTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERBNENDMjI4MTJCRjVE
QTM4RDI4NjhFQjhDOTFCNEI0NTJCNUM3NTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDeHd+HpvFFp20g56pdFiezGchuRPZ1xHqdkiXnr5aD48ZcfSk4
eeBCOT6Ue7FydWJVQgRYNfLrNvlaOHrF7GNAY4MO4D1kfOJJHhM2mFZJFArxIuqn
BfvjAA6pO3nAmvRjx3+9fpGDu+TncjkZVVrlsqL3c1OnCh6oqwv6/n62VD1WsZDJ
7RkdZ+9HCXFO/XYdVmaUyspeZvxTGoMbcBe/facj2MVqBGOJOON31EkpCmS44qcR
M25R/xOLcj8EtSHIbZ5IV6S8lRU6TXaRh+7irhc5cE5X12d7J7fkU+NPbU18Axon
BL0MRpXP8YQzhu3he8ZsDBYzgE1q1njr1B+rAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU2kzCKBK/XaONKGjrjJG0tFK1x1gwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMmt6Q0tCS19YYU9O
S0dqcmpKRzB0RksxeDFnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAC5OboPJn8O52cpdzYgBmZuL0r/G
h1960p54Gd7mSdRxki/cHNPS+h3/HxZ4fhpYIduk0qGCwoAZydhohYo6NaCLkqBl
H80IkIsnZvC6MOqoEqcYtRKnGri6iqHJFFv2+HBU32i/pbfiI2uqqIqi++vBBkp0
aTQKD467XL52QsM1Cg89H1jN1BlQZGaCt2OK3mQi7oZt4LP2yur8m27ceE6Qbjgo
wUgY5z4DOrUC1uVbqmtwiyK8D+xWaPdBySvyotSKdRxX6XiJeObLL/YUvQAqJ2I8
jojdD1QP92pXxz0nd1AZdRizXz0isFO28KrRR/oWpfLv0A3rHmF13sfFbnY=
-----END CERTIFICATE-----
Generated at Sat Jun 21 21:19:16 2025 by rpki-client