Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Hl0EY-KO3p5Mhr5mMBBrqTra10E.roa
File: Hl0EY-KO3p5Mhr5mMBBrqTra10E.roa (raw, json)
Hash identifier: RS1c/SFkqcbmKUuhMzJVtFrvQ7vW7FoF+OM+JzmgSDs=
Subject key identifier: 1E:5D:04:63:E2:8E:DE:9E:4C:86:BE:66:30:10:6B:A9:3A:DA:D7:41
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 236C
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Hl0EY-KO3p5Mhr5mMBBrqTra10E.roa
Signing time: Sun 08 Jun 2025 16:39:00 +0000
ROA not before: Sun 08 Jun 2025 16:39:00 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9068 (0x236c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 8 16:39:00 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1E5D0463E28EDE9E4C86BE6630106BA93ADAD741
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:4d:9b:e9:41:36:63:4b:6f:1e:05:35:5c:80:
93:8d:8b:cf:73:b1:02:d2:39:a9:87:fa:8c:78:33:
60:17:99:39:4c:69:52:50:db:11:23:e7:8b:65:e3:
fc:d1:4e:d8:48:57:ad:43:00:8b:2f:e3:fd:40:06:
77:2d:c1:ac:83:07:26:26:7c:63:e6:63:ba:54:6c:
8a:63:c4:60:54:f9:3a:74:23:0a:6a:91:6a:dd:9a:
7c:b4:ab:cd:e6:22:76:f6:bf:57:50:d3:0e:2d:87:
b6:3b:33:8f:d9:5e:21:cf:23:46:34:08:4c:a9:eb:
d3:51:20:0f:61:cd:32:b4:00:8c:e3:ac:09:2c:ec:
39:c0:45:8b:1a:4b:32:02:4f:f2:16:8b:cb:ad:96:
ee:6c:79:e3:c7:b3:80:64:ee:09:36:b1:ad:27:27:
60:01:7c:3b:6b:0f:ec:2d:47:df:f4:9e:25:32:2d:
d1:41:20:e5:58:bb:b6:34:d6:1c:fd:bd:c3:07:01:
0d:65:be:52:a9:81:ed:4b:11:a8:c5:bb:a9:38:aa:
29:6f:4a:56:10:9d:f9:68:a0:1f:2d:fe:35:78:07:
74:90:b7:19:39:94:7f:a8:ea:e8:c0:2b:66:4d:86:
c9:96:4f:f0:05:c9:45:b5:ec:90:d7:d2:85:86:b3:
5f:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:5D:04:63:E2:8E:DE:9E:4C:86:BE:66:30:10:6B:A9:3A:DA:D7:41
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Hl0EY-KO3p5Mhr5mMBBrqTra10E.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
24:ed:87:9b:80:00:4b:89:3c:5c:99:a7:6b:b2:cb:78:45:c4:
6d:fb:78:04:a3:8d:72:30:ca:84:a1:3a:1b:42:ef:eb:8e:78:
fd:98:86:64:4e:b2:60:97:84:18:83:72:e2:36:b8:e2:84:b8:
ee:6f:2d:a8:56:52:19:fa:f4:20:25:33:c3:d2:ef:59:97:ce:
c9:e2:69:85:f1:ef:98:9d:bc:7c:39:ab:56:a4:00:e8:7f:0e:
a4:2a:01:61:c7:9b:86:60:8a:ef:e4:3e:24:15:87:a9:19:73:
26:06:85:9b:b5:01:f9:90:4f:8f:a3:1f:8d:ae:cf:4d:de:c1:
24:4a:df:e7:64:1a:9b:ee:13:20:c1:27:ae:d0:82:57:5c:96:
01:9c:f1:88:c4:2a:4a:5a:69:9e:5f:d2:2f:c3:85:08:d9:71:
4b:35:86:69:dd:f9:c4:57:74:4d:2c:5c:0d:78:8d:bf:f0:ee:
f1:bd:96:ee:b7:94:05:e3:08:3a:c6:83:d8:2c:3a:c3:ca:de:
8e:3c:54:6a:8f:a1:8d:33:09:5c:cf:1e:91:9e:35:7a:dc:e3:
d6:6f:54:2b:54:4c:55:b5:43:ba:49:e7:e6:10:e5:79:9b:ac:
a1:33:c4:02:3c:3b:8a:2c:b6:78:8f:d8:c6:c0:cb:eb:4f:f5:
cc:54:49:a9
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI2wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDgx
NjM5MDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDFFNUQwNDYzRTI4RURF
OUU0Qzg2QkU2NjMwMTA2QkE5M0FEQUQ3NDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpTZvpQTZjS28eBTVcgJONi89zsQLSOamH+ox4M2AXmTlMaVJQ
2xEj54tl4/zRTthIV61DAIsv4/1ABnctwayDByYmfGPmY7pUbIpjxGBU+Tp0Iwpq
kWrdmny0q83mInb2v1dQ0w4th7Y7M4/ZXiHPI0Y0CEyp69NRIA9hzTK0AIzjrAks
7DnARYsaSzICT/IWi8utlu5seePHs4Bk7gk2sa0nJ2ABfDtrD+wtR9/0niUyLdFB
IOVYu7Y01hz9vcMHAQ1lvlKpge1LEajFu6k4qilvSlYQnflooB8t/jV4B3SQtxk5
lH+o6ujAK2ZNhsmWT/AFyUW17JDX0oWGs1/bAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUHl0EY+KO3p5Mhr5mMBBrqTra10EwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvSGwwRVktS08zcDVN
aHI1bU1CQnJxVHJhMTBFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBACTth5uAAEuJPFyZp2uyy3hFxG37
eASjjXIwyoShOhtC7+uOeP2YhmROsmCXhBiDcuI2uOKEuO5vLahWUhn69CAlM8PS
71mXzsniaYXx75idvHw5q1akAOh/DqQqAWHHm4Zgiu/kPiQVh6kZcyYGhZu1AfmQ
T4+jH42uz03ewSRK3+dkGpvuEyDBJ67QgldclgGc8YjEKkpaaZ5f0i/DhQjZcUs1
hmnd+cRXdE0sXA14jb/w7vG9lu63lAXjCDrGg9gsOsPK3o48VGqPoY0zCVzPHpGe
NXrc49ZvVCtUTFW1Q7pJ5+YQ5XmbrKEzxAI8O4ostniP2MbAy+tP9cxUSak=
-----END CERTIFICATE-----
Generated at Sun Jun 22 15:11:11 2025 by rpki-client