Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Kzzn53Gf6UZekPaIBlynN7hpmvk.roa
File: Kzzn53Gf6UZekPaIBlynN7hpmvk.roa (raw, json)
Hash identifier: NECH7mF37uMQzDpDyXSbnmqzfKyAyAYxp5SKIxLWKBA=
Subject key identifier: 2B:3C:E7:E7:71:9F:E9:46:5E:90:F6:88:06:5C:A7:37:B8:69:9A:F9
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 24A5
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Kzzn53Gf6UZekPaIBlynN7hpmvk.roa
Signing time: Tue 10 Jun 2025 20:39:08 +0000
ROA not before: Tue 10 Jun 2025 20:39:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9381 (0x24a5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 10 20:39:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2B3CE7E7719FE9465E90F688065CA737B8699AF9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:9f:d3:10:92:04:59:95:da:70:a8:29:76:ad:
ff:f9:66:64:dc:5d:60:15:c8:84:fa:7c:85:ae:ae:
7b:7c:ad:b7:b8:b9:1a:33:39:fe:d1:d8:ed:50:da:
8c:63:d9:f8:ee:a7:84:60:fc:25:7d:c1:41:4f:2f:
59:6e:6b:fe:4a:cd:d5:2d:a3:0a:4c:77:0b:77:11:
77:c8:6d:5c:d1:bb:2a:4e:76:26:e3:ac:26:13:78:
69:3a:42:55:88:78:bd:8f:54:6a:90:9a:d7:c7:21:
a7:26:2a:6d:63:0d:ee:99:76:40:54:e8:0f:9a:64:
f5:dc:bf:cb:d8:fd:25:81:a0:12:1e:95:36:96:78:
e7:7d:73:43:87:38:bd:8d:dd:64:b5:ed:c5:32:f5:
43:e1:ac:c2:c1:39:26:8b:59:0e:5d:77:34:68:d3:
3b:53:7e:65:0d:54:fb:ca:72:59:d8:23:30:37:09:
ad:f1:f3:dc:47:a4:5b:2e:5a:9f:0f:93:b5:63:d1:
3d:04:d2:09:f4:4a:9e:88:82:ca:52:d1:f2:8f:97:
cb:55:b4:06:79:a2:ef:79:6a:8f:db:99:72:2b:29:
2b:14:34:38:0d:5c:49:64:82:e3:48:70:32:57:3f:
53:c7:37:73:62:f0:1c:4c:e7:e9:60:4e:c0:4c:c1:
7f:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:3C:E7:E7:71:9F:E9:46:5E:90:F6:88:06:5C:A7:37:B8:69:9A:F9
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Kzzn53Gf6UZekPaIBlynN7hpmvk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
67:9d:48:7d:32:e5:1e:2c:72:98:74:5a:84:50:c8:d4:73:01:
86:41:f8:50:41:e6:19:cc:72:c3:9c:33:b5:f3:4c:43:7f:f8:
f7:c4:f9:c3:a6:75:4a:8d:c7:46:61:47:d2:ac:e6:8e:16:fe:
d8:af:88:80:a1:b1:cd:2e:db:9b:27:e1:c7:0d:75:5f:3e:89:
bd:97:1d:8a:2e:32:46:95:bb:11:12:e6:95:12:75:75:80:93:
3d:58:16:2a:6e:c6:96:77:1e:b0:3a:f5:38:7a:94:f9:b6:bd:
30:b7:6d:98:a5:2c:1c:82:bf:dd:c6:2e:42:43:28:87:22:f8:
94:d0:89:c1:d8:da:d4:10:e5:70:15:a5:1a:bf:ba:f4:97:b1:
5e:46:92:b8:54:a7:d0:0c:bc:71:b5:2e:12:c9:fd:8f:2e:9e:
94:96:b6:5a:b1:f6:53:ca:f5:34:dc:57:97:68:ff:ae:c0:98:
61:91:de:c1:28:ea:a3:a8:ad:9d:08:e0:53:be:87:1a:13:f9:
38:f7:09:02:aa:22:fa:ab:16:70:a9:2d:da:aa:7d:fb:02:26:
6f:d9:2e:8a:92:9c:b8:53:87:94:57:15:de:40:53:64:88:87:
e3:ed:0f:b1:da:ff:52:73:b3:e0:b9:c6:35:2b:3b:c1:6b:db:
69:9c:20:b0
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJKUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTAy
MDM5MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDJCM0NFN0U3NzE5RkU5
NDY1RTkwRjY4ODA2NUNBNzM3Qjg2OTlBRjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCSn9MQkgRZldpwqCl2rf/5ZmTcXWAVyIT6fIWurnt8rbe4uRoz
Of7R2O1Q2oxj2fjup4Rg/CV9wUFPL1lua/5KzdUtowpMdwt3EXfIbVzRuypOdibj
rCYTeGk6QlWIeL2PVGqQmtfHIacmKm1jDe6ZdkBU6A+aZPXcv8vY/SWBoBIelTaW
eOd9c0OHOL2N3WS17cUy9UPhrMLBOSaLWQ5ddzRo0ztTfmUNVPvKclnYIzA3Ca3x
89xHpFsuWp8Pk7Vj0T0E0gn0Sp6IgspS0fKPl8tVtAZ5ou95ao/bmXIrKSsUNDgN
XElkguNIcDJXP1PHN3Ni8BxM5+lgTsBMwX+LAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUKzzn53Gf6UZekPaIBlynN7hpmvkwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvS3p6bjUzR2Y2VVpl
a1BhSUJseW5ON2hwbXZrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGedSH0y5R4scph0WoRQyNRzAYZB
+FBB5hnMcsOcM7XzTEN/+PfE+cOmdUqNx0ZhR9Ks5o4W/tiviIChsc0u25sn4ccN
dV8+ib2XHYouMkaVuxES5pUSdXWAkz1YFipuxpZ3HrA69Th6lPm2vTC3bZilLByC
v93GLkJDKIci+JTQicHY2tQQ5XAVpRq/uvSXsV5GkrhUp9AMvHG1LhLJ/Y8unpSW
tlqx9lPK9TTcV5do/67AmGGR3sEo6qOorZ0I4FO+hxoT+Tj3CQKqIvqrFnCpLdqq
ffsCJm/ZLoqSnLhTh5RXFd5AU2SIh+PtD7Ha/1Jzs+C5xjUrO8Fr22mcILA=
-----END CERTIFICATE-----
Generated at Sun Jun 22 14:49:24 2025 by rpki-client