Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/5lZ2C4T6j5T8BKGj8A2HodbNOMQ.roa
File: 5lZ2C4T6j5T8BKGj8A2HodbNOMQ.roa (raw, json)
Hash identifier: PB7I0eQ2UPi2SFX8x4vD/Wsm++R1FbvCpP2K6cW6MZI=
Subject key identifier: E6:56:76:0B:84:FA:8F:94:FC:04:A1:A3:F0:0D:87:A1:D6:CD:38:C4
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 21BF
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/5lZ2C4T6j5T8BKGj8A2HodbNOMQ.roa
Signing time: Thu 05 Jun 2025 17:08:47 +0000
ROA not before: Thu 05 Jun 2025 17:08:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8639 (0x21bf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 17:08:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E656760B84FA8F94FC04A1A3F00D87A1D6CD38C4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:10:f8:8a:8a:78:a7:b7:55:f9:0a:bb:05:2e:
f2:93:25:a2:34:59:97:7a:b4:98:82:4e:94:f4:9a:
d1:1a:f2:9a:88:fe:80:8d:f4:eb:37:d4:ed:50:3a:
3e:ef:7f:3d:f1:2e:ec:29:96:6a:61:a6:dd:ff:23:
20:d5:66:84:cb:8f:35:1c:6d:96:d7:88:60:e9:7c:
48:82:5c:43:eb:15:15:9c:16:e2:2a:f6:e8:d0:6b:
45:ae:36:e8:68:4f:ae:86:64:57:22:d6:1d:b0:50:
51:e2:ac:db:34:c0:1f:34:1d:29:06:09:94:12:d5:
41:5b:32:72:b7:fc:65:53:5c:f3:c6:10:7e:82:e9:
59:cc:65:50:ad:01:ed:9f:2f:72:67:81:6d:9c:73:
14:67:bb:13:24:69:5c:46:4c:97:a2:a3:f1:09:15:
75:bc:3e:5d:62:fc:cf:98:57:bc:2c:c3:cc:9b:91:
64:b5:ca:b1:b4:05:44:ab:57:9a:98:28:5e:a7:ae:
73:c4:5d:98:8a:c3:04:cf:be:13:9a:30:1a:89:35:
f3:9c:4b:ca:d5:42:57:1d:ff:a0:ac:2e:b6:2a:73:
54:6c:5c:bb:24:ae:85:2d:f0:0c:5d:e2:d8:6f:06:
2b:55:88:81:25:6f:02:ee:61:7f:ff:b5:77:eb:a6:
9c:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:56:76:0B:84:FA:8F:94:FC:04:A1:A3:F0:0D:87:A1:D6:CD:38:C4
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/5lZ2C4T6j5T8BKGj8A2HodbNOMQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
70:05:90:87:5a:17:84:b4:43:09:92:f8:e2:ad:2c:4e:b1:0a:
45:18:5e:9f:d0:34:fe:e6:47:25:ea:b9:b8:24:ce:c1:59:ee:
5b:19:fe:79:ec:8a:d6:cb:5e:40:84:34:f3:6d:38:63:fc:e8:
2c:5d:41:6c:df:ab:12:d0:97:8c:03:e8:aa:fe:99:4f:20:9c:
ae:74:e5:8a:75:2a:be:3e:d1:e5:69:bf:7d:74:0f:d8:b0:71:
5c:6e:89:13:0b:ad:0a:a3:6b:34:64:c6:9b:a1:ee:30:af:c0:
df:50:d5:2b:a9:be:4a:01:42:af:cf:bc:0e:63:96:79:80:e0:
f2:aa:a6:d8:73:0e:cc:a4:14:4b:d6:b4:98:e6:1c:54:68:e6:
76:3a:18:0f:53:67:1f:a1:5d:5f:b7:99:ff:ab:bc:e9:28:2c:
c2:05:39:a8:c8:70:5c:ba:31:55:9a:d6:95:b0:08:18:a5:73:
ba:74:1d:23:18:3b:8f:5f:ed:2c:94:74:4a:75:b9:03:e7:a9:
a4:26:5b:52:07:69:4a:a3:f7:77:06:54:6b:39:9d:1c:99:94:
db:a5:a7:8f:52:79:e0:ed:7a:9c:f4:ed:f0:c9:84:02:6f:72:
3b:a3:cf:af:64:d8:9e:25:36:bb:e5:6b:04:13:f9:3e:ba:e5:
d9:95:0e:40
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIb8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUx
NzA4NDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEU2NTY3NjBCODRGQThG
OTRGQzA0QTFBM0YwMEQ4N0ExRDZDRDM4QzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDqEPiKinint1X5CrsFLvKTJaI0WZd6tJiCTpT0mtEa8pqI/oCN
9Os31O1QOj7vfz3xLuwplmphpt3/IyDVZoTLjzUcbZbXiGDpfEiCXEPrFRWcFuIq
9ujQa0WuNuhoT66GZFci1h2wUFHirNs0wB80HSkGCZQS1UFbMnK3/GVTXPPGEH6C
6VnMZVCtAe2fL3JngW2ccxRnuxMkaVxGTJeio/EJFXW8Pl1i/M+YV7wsw8ybkWS1
yrG0BUSrV5qYKF6nrnPEXZiKwwTPvhOaMBqJNfOcS8rVQlcd/6CsLrYqc1RsXLsk
roUt8Axd4thvBitViIElbwLuYX//tXfrppwVAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU5lZ2C4T6j5T8BKGj8A2HodbNOMQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNWxaMkM0VDZqNVQ4
QktHajhBMkhvZGJOT01RLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAHAFkIdaF4S0QwmS+OKtLE6xCkUY
Xp/QNP7mRyXqubgkzsFZ7lsZ/nnsitbLXkCENPNtOGP86CxdQWzfqxLQl4wD6Kr+
mU8gnK505Yp1Kr4+0eVpv310D9iwcVxuiRMLrQqjazRkxpuh7jCvwN9Q1SupvkoB
Qq/PvA5jlnmA4PKqpthzDsykFEvWtJjmHFRo5nY6GA9TZx+hXV+3mf+rvOkoLMIF
OajIcFy6MVWa1pWwCBilc7p0HSMYO49f7SyUdEp1uQPnqaQmW1IHaUqj93cGVGs5
nRyZlNulp49SeeDtepz07fDJhAJvcjujz69k2J4lNrvlawQT+T665dmVDkA=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:20:54 2025 by rpki-client