Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Hnti5NKUrPKqjUTzPnpErP2D9F4.roa
File: Hnti5NKUrPKqjUTzPnpErP2D9F4.roa (raw, json)
Hash identifier: 81JN8Hmp743RxH/vWIWhJqQiy7mrhSzox9QuCIvjldY=
Subject key identifier: 1E:7B:62:E4:D2:94:AC:F2:AA:8D:44:F3:3E:7A:44:AC:FD:83:F4:5E
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2570
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Hnti5NKUrPKqjUTzPnpErP2D9F4.roa
Signing time: Thu 12 Jun 2025 06:39:12 +0000
ROA not before: Thu 12 Jun 2025 06:39:12 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9584 (0x2570)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 06:39:12 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1E7B62E4D294ACF2AA8D44F33E7A44ACFD83F45E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:b5:2d:23:86:ce:62:1a:c7:e6:32:29:68:70:
6c:fe:0b:e4:33:5d:3c:31:c5:fe:83:eb:09:d6:1c:
b5:48:51:12:f6:ec:6f:f0:c9:61:ac:ca:9f:5d:2a:
88:36:a5:b5:68:b3:53:ad:e1:f4:4d:72:75:ff:33:
1d:ed:30:1e:94:98:8a:c5:84:9e:23:ec:f3:6f:21:
ba:64:41:41:03:d2:1c:66:71:ac:2c:c8:62:9e:1a:
ac:ff:24:a7:44:43:62:9e:e1:37:23:01:34:85:41:
28:cc:10:48:34:a4:b7:fd:ab:f2:8b:e0:e5:b2:ae:
31:05:5e:0b:8a:eb:ba:a4:aa:fc:87:cf:ed:7d:ca:
b7:90:fe:1c:ad:65:4c:b5:61:fd:dc:c3:bc:03:97:
53:11:8e:62:ee:a8:72:c3:b8:7a:f7:28:f5:63:62:
6b:d0:cd:97:05:8f:c2:35:59:63:ca:ca:6a:1a:67:
be:92:68:8c:9c:86:3f:3b:7d:87:3e:e3:51:64:b5:
2a:23:68:3b:dc:6c:fc:9e:a0:8e:3f:bb:9c:c4:0a:
c0:6a:f6:be:38:51:59:2f:76:cb:0b:6f:17:ee:14:
e6:64:c3:3c:e9:73:ee:4c:7b:c4:1e:f2:aa:60:f8:
70:de:6d:b8:67:91:f9:e9:18:c9:75:41:7f:04:42:
fc:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:7B:62:E4:D2:94:AC:F2:AA:8D:44:F3:3E:7A:44:AC:FD:83:F4:5E
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Hnti5NKUrPKqjUTzPnpErP2D9F4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
5a:44:7a:b1:02:40:92:39:c0:45:be:49:98:dd:cf:ab:3f:75:
eb:48:b9:d8:87:e2:4d:e8:f4:07:aa:5a:76:35:61:85:fe:09:
ef:e3:96:1b:d1:05:11:b8:dc:0c:7b:f2:be:99:7d:4a:38:ac:
bb:42:1c:86:33:0a:43:d9:2a:20:23:2d:60:03:2f:57:97:c2:
c7:e2:ed:d4:3f:2f:c5:69:c5:31:07:d3:58:d6:e7:e5:16:a0:
2c:ca:6a:68:77:2d:fa:28:5e:b8:79:40:a0:fb:a8:ac:f9:f3:
4a:db:00:dd:25:bb:0e:5a:6d:7a:07:ca:ca:38:00:b3:72:51:
59:6c:2d:51:46:c7:c8:20:b9:5b:a1:49:ee:38:0b:5b:2b:e6:
3f:44:b8:c6:52:02:63:ae:e4:03:09:f8:8c:1e:eb:05:85:81:
c5:a6:56:27:9c:38:32:37:20:82:ee:ec:4a:e9:ab:b4:6d:0e:
1c:f3:d6:8e:f4:92:1e:21:a2:22:6c:bf:b2:c9:16:9d:8d:45:
52:15:65:77:c7:d4:49:5e:3d:18:65:18:33:d2:18:99:5f:53:
d5:00:45:d0:62:de:25:bc:67:27:3c:c3:89:d5:c0:39:72:ac:
da:f8:d9:20:1d:b6:56:7f:f9:15:7e:7d:b9:a3:5c:61:eb:35:
e5:34:80:11
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJXAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIw
NjM5MTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDFFN0I2MkU0RDI5NEFD
RjJBQThENDRGMzNFN0E0NEFDRkQ4M0Y0NUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQtS0jhs5iGsfmMilocGz+C+QzXTwxxf6D6wnWHLVIURL27G/w
yWGsyp9dKog2pbVos1Ot4fRNcnX/Mx3tMB6UmIrFhJ4j7PNvIbpkQUED0hxmcaws
yGKeGqz/JKdEQ2Ke4TcjATSFQSjMEEg0pLf9q/KL4OWyrjEFXguK67qkqvyHz+19
yreQ/hytZUy1Yf3cw7wDl1MRjmLuqHLDuHr3KPVjYmvQzZcFj8I1WWPKymoaZ76S
aIychj87fYc+41FktSojaDvcbPyeoI4/u5zECsBq9r44UVkvdssLbxfuFOZkwzzp
c+5Me8Qe8qpg+HDebbhnkfnpGMl1QX8EQvyHAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUHnti5NKUrPKqjUTzPnpErP2D9F4wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvSG50aTVOS1VyUEtx
alVUelBucEVyUDJEOUY0LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFpEerECQJI5wEW+SZjdz6s/detI
udiH4k3o9AeqWnY1YYX+Ce/jlhvRBRG43Ax78r6ZfUo4rLtCHIYzCkPZKiAjLWAD
L1eXwsfi7dQ/L8VpxTEH01jW5+UWoCzKamh3LfooXrh5QKD7qKz580rbAN0luw5a
bXoHyso4ALNyUVlsLVFGx8gguVuhSe44C1sr5j9EuMZSAmOu5AMJ+Iwe6wWFgcWm
ViecODI3IILu7Erpq7RtDhzz1o70kh4hoiJsv7LJFp2NRVIVZXfH1ElePRhlGDPS
GJlfU9UARdBi3iW8Zyc8w4nVwDlyrNr42SAdtlZ/+RV+fbmjXGHrNeU0gBE=
-----END CERTIFICATE-----
Generated at Sat Jun 21 11:26:47 2025 by rpki-client