Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Hy3yP20LLmh3A6dWz1lPTjbD1cw.roa
File: Hy3yP20LLmh3A6dWz1lPTjbD1cw.roa (raw, json)
Hash identifier: AIogDuzw+KKF81feVvDBJ6990MAUrfOLP6quBjAhNLc=
Subject key identifier: 1F:2D:F2:3F:6D:0B:2E:68:77:03:A7:56:CF:59:4F:4E:36:C3:D5:CC
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 24B6
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Hy3yP20LLmh3A6dWz1lPTjbD1cw.roa
Signing time: Tue 10 Jun 2025 23:39:10 +0000
ROA not before: Tue 10 Jun 2025 23:39:10 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9398 (0x24b6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 10 23:39:10 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1F2DF23F6D0B2E687703A756CF594F4E36C3D5CC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:86:e1:02:b2:07:76:c4:5c:95:49:f8:21:83:
c9:b1:9b:74:6e:6a:72:9f:47:be:db:de:f1:bc:a3:
b6:b4:05:de:5d:8d:ca:0a:fc:d4:6d:89:17:99:38:
6a:90:8c:37:58:a6:4d:44:68:98:e2:5f:a9:af:e6:
de:5d:9f:82:b0:c2:cd:a6:77:f4:61:8c:5f:ab:10:
b1:58:58:61:ac:cf:ad:71:a6:a5:c0:cb:8a:39:68:
31:84:a7:b8:85:68:9c:c3:ff:03:9e:85:74:bf:0c:
3c:59:6b:ff:5e:ea:75:5c:8e:1d:de:73:86:02:f9:
61:8c:c8:47:c1:90:16:03:44:a4:72:2f:54:71:74:
c2:b6:7b:d4:90:1b:46:e3:63:0c:8c:d9:5d:16:3e:
9e:ab:d0:97:6c:05:9d:92:4f:e4:c7:39:8c:4f:20:
0e:6b:2f:2e:b7:ae:c5:31:06:cb:15:c0:bd:55:1b:
bb:f8:45:06:8a:52:70:34:9f:e5:66:86:25:b3:a4:
74:ed:a6:80:d1:b2:88:05:f1:e3:79:2e:32:54:f0:
41:6d:9c:e1:aa:96:10:68:f5:c0:f5:f6:51:03:54:
63:57:64:99:9a:52:47:97:d5:fd:d8:92:75:72:70:
16:a3:05:3a:af:5e:c1:ba:78:7c:ef:b2:a6:3d:07:
ad:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:2D:F2:3F:6D:0B:2E:68:77:03:A7:56:CF:59:4F:4E:36:C3:D5:CC
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Hy3yP20LLmh3A6dWz1lPTjbD1cw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
86:6d:f4:4d:9c:ff:bd:84:06:45:29:5c:fd:7d:be:22:06:62:
fc:55:f8:a8:b5:5e:a8:9d:c1:b3:a8:fb:0b:f6:6b:24:4f:6d:
f0:cc:59:b2:46:da:df:a8:c7:a8:99:d1:f4:c4:2d:f5:99:50:
27:02:e0:29:4f:d2:37:cd:a4:07:d1:fb:82:f1:66:81:46:73:
2f:a7:7b:1f:15:78:ac:8c:1f:05:dd:e1:4f:88:ea:73:da:02:
75:4f:a1:66:c6:21:9a:1c:df:9d:58:fb:e3:05:3d:05:69:13:
97:2b:07:d4:cc:2a:4a:4b:54:da:42:06:b2:50:86:c1:2d:d4:
6e:3c:59:c1:47:61:b4:fd:f1:2a:23:d5:51:7b:fc:7a:22:e6:
74:19:8d:a9:6b:6e:bc:b0:4e:62:90:99:b0:b8:17:f1:11:18:
18:cc:3d:2c:09:d6:97:e9:76:b5:99:53:8e:aa:35:40:d0:04:
de:8f:6a:cc:83:41:e3:9c:3d:5a:7a:3d:f2:ee:77:ab:1b:43:
9c:5b:8b:56:73:39:9f:75:cd:9f:2f:29:de:c9:3f:dc:b6:b0:
38:06:7f:93:cb:a2:d2:1c:bd:83:a7:ae:df:3f:35:c4:5a:f4:
4a:61:d5:ad:f6:90:9f:9a:05:af:b4:34:81:0a:16:5a:fa:13:
e2:31:63:47
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJLYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTAy
MzM5MTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDFGMkRGMjNGNkQwQjJF
Njg3NzAzQTc1NkNGNTk0RjRFMzZDM0Q1Q0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDChuECsgd2xFyVSfghg8mxm3RuanKfR77b3vG8o7a0Bd5djcoK
/NRtiReZOGqQjDdYpk1EaJjiX6mv5t5dn4Kwws2md/RhjF+rELFYWGGsz61xpqXA
y4o5aDGEp7iFaJzD/wOehXS/DDxZa/9e6nVcjh3ec4YC+WGMyEfBkBYDRKRyL1Rx
dMK2e9SQG0bjYwyM2V0WPp6r0JdsBZ2ST+THOYxPIA5rLy63rsUxBssVwL1VG7v4
RQaKUnA0n+VmhiWzpHTtpoDRsogF8eN5LjJU8EFtnOGqlhBo9cD19lEDVGNXZJma
UkeX1f3YknVycBajBTqvXsG6eHzvsqY9B63NAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUHy3yP20LLmh3A6dWz1lPTjbD1cwwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvSHkzeVAyMExMbWgz
QTZkV3oxbFBUamJEMWN3LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIZt9E2c/72EBkUpXP19viIGYvxV
+Ki1XqidwbOo+wv2ayRPbfDMWbJG2t+ox6iZ0fTELfWZUCcC4ClP0jfNpAfR+4Lx
ZoFGcy+nex8VeKyMHwXd4U+I6nPaAnVPoWbGIZoc351Y++MFPQVpE5crB9TMKkpL
VNpCBrJQhsEt1G48WcFHYbT98Soj1VF7/Hoi5nQZjalrbrywTmKQmbC4F/ERGBjM
PSwJ1pfpdrWZU46qNUDQBN6PasyDQeOcPVp6PfLud6sbQ5xbi1ZzOZ91zZ8vKd7J
P9y2sDgGf5PLotIcvYOnrt8/NcRa9Eph1a32kJ+aBa+0NIEKFlr6E+IxY0c=
-----END CERTIFICATE-----
Generated at Fri Jun 20 11:32:09 2025 by rpki-client