Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/E1HGD0lCqWeg9OLIvvzPSb-Fxf4.roa
File: E1HGD0lCqWeg9OLIvvzPSb-Fxf4.roa (raw, json)
Hash identifier: kHH9Ti29iJBeJd3Pcac6WW9YBsWP/JVZg25WCxBD/9k=
Subject key identifier: 13:51:C6:0F:49:42:A9:67:A0:F4:E2:C8:BE:FC:CF:49:BF:85:C5:FE
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 25A9
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/E1HGD0lCqWeg9OLIvvzPSb-Fxf4.roa
Signing time: Thu 12 Jun 2025 16:09:16 +0000
ROA not before: Thu 12 Jun 2025 16:09:16 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9641 (0x25a9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 16:09:16 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1351C60F4942A967A0F4E2C8BEFCCF49BF85C5FE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:44:97:ad:de:eb:72:09:96:08:11:3d:23:d1:
61:5e:ec:3d:b4:42:c5:48:36:04:e8:ce:f2:0f:5e:
44:24:78:ff:8d:b8:14:91:83:64:9b:74:2f:12:3b:
87:64:1b:d3:6d:30:4d:d7:17:73:9d:35:97:51:88:
77:ae:5d:27:6f:29:a3:18:06:68:d1:9f:93:46:84:
cd:34:2c:35:30:e9:8f:40:46:66:d1:3b:3b:31:09:
1c:0f:6a:c8:c5:09:de:c1:d8:5d:56:0f:50:60:f6:
c8:20:09:e7:aa:a7:be:31:41:b1:f8:f5:8e:75:ef:
f9:92:e0:5d:b6:2c:08:4f:06:d1:3f:35:f5:ad:d3:
83:43:c8:5f:c7:38:23:3f:7e:83:bc:97:98:25:50:
3f:8c:9b:74:b9:5c:88:7e:98:95:6a:6d:30:f1:98:
6b:08:0f:c8:69:fd:76:c1:5b:09:28:22:b8:01:53:
39:59:c2:9d:35:34:23:37:71:4f:19:11:48:27:66:
16:c8:fb:37:1a:fc:06:1c:84:1c:d1:d4:fc:6b:52:
bd:c5:a5:27:86:95:15:9f:37:a3:fc:34:64:14:35:
95:5d:c7:11:6f:4b:35:da:6b:f0:01:c3:62:94:d5:
80:e2:85:9a:4d:88:40:fb:fe:2e:e0:7e:9c:27:a2:
11:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:51:C6:0F:49:42:A9:67:A0:F4:E2:C8:BE:FC:CF:49:BF:85:C5:FE
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/E1HGD0lCqWeg9OLIvvzPSb-Fxf4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
81:f4:e6:76:b6:ce:8c:43:e8:f6:79:f1:d7:81:66:de:72:54:
4f:09:9b:6c:10:60:40:56:bb:12:a0:5f:5a:4d:71:db:61:2f:
78:e0:7d:1d:76:be:07:d4:03:6f:7c:c0:74:0d:c6:ac:d6:be:
cb:72:bf:0a:48:09:4e:d9:ea:ad:67:c0:b3:4a:77:e0:f1:95:
b3:30:7f:57:e7:39:7b:75:fb:e8:34:07:d0:30:c0:1c:91:24:
c2:1f:ec:0f:40:00:25:4b:96:6e:0a:d2:b4:44:43:5c:bb:c7:
a9:90:e5:a3:1f:fc:b5:3a:76:b9:a5:dc:6e:f7:e3:bd:71:e8:
5b:aa:e4:c1:91:6e:d5:7f:75:3a:77:37:e7:d8:ad:00:e1:23:
f8:87:e2:06:6f:7f:c2:db:37:03:f4:0f:36:ed:9e:39:8c:c4:
62:7a:de:bd:b0:ea:b6:42:b1:09:ba:51:2c:e9:37:37:b9:ad:
ed:b8:c1:74:4b:e5:36:a4:c4:f6:a8:2c:4e:0a:cf:d3:55:af:
09:a2:3e:8e:d6:d4:70:1d:da:11:e4:a1:ef:bd:63:3b:97:7d:
5f:a5:6a:6c:38:cd:1c:44:03:69:fb:07:8c:7b:48:d1:7b:09:
52:4c:ae:1d:ff:22:44:1a:9d:f2:6d:d3:00:0c:3f:f2:6e:d3:
f3:e9:10:fd
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJakwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIx
NjA5MTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDEzNTFDNjBGNDk0MkE5
NjdBMEY0RTJDOEJFRkNDRjQ5QkY4NUM1RkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnRJet3utyCZYIET0j0WFe7D20QsVINgTozvIPXkQkeP+NuBSR
g2SbdC8SO4dkG9NtME3XF3OdNZdRiHeuXSdvKaMYBmjRn5NGhM00LDUw6Y9ARmbR
OzsxCRwPasjFCd7B2F1WD1Bg9sggCeeqp74xQbH49Y517/mS4F22LAhPBtE/NfWt
04NDyF/HOCM/foO8l5glUD+Mm3S5XIh+mJVqbTDxmGsID8hp/XbBWwkoIrgBUzlZ
wp01NCM3cU8ZEUgnZhbI+zca/AYchBzR1PxrUr3FpSeGlRWfN6P8NGQUNZVdxxFv
SzXaa/ABw2KU1YDihZpNiED7/i7gfpwnohGtAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUE1HGD0lCqWeg9OLIvvzPSb+Fxf4wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvRTFIR0QwbENxV2Vn
OU9MSXZ2elBTYi1GeGY0LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIH05na2zoxD6PZ58deBZt5yVE8J
m2wQYEBWuxKgX1pNcdthL3jgfR12vgfUA298wHQNxqzWvstyvwpICU7Z6q1nwLNK
d+DxlbMwf1fnOXt1++g0B9AwwByRJMIf7A9AACVLlm4K0rREQ1y7x6mQ5aMf/LU6
drml3G73471x6Fuq5MGRbtV/dTp3N+fYrQDhI/iH4gZvf8LbNwP0DzbtnjmMxGJ6
3r2w6rZCsQm6USzpNze5re24wXRL5TakxPaoLE4Kz9NVrwmiPo7W1HAd2hHkoe+9
YzuXfV+lamw4zRxEA2n7B4x7SNF7CVJMrh3/IkQanfJt0wAMP/Ju0/PpEP0=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:11:54 2025 by rpki-client