Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/LhNmNJqbIoONz8JubrbbER45ZhM.roa
File: LhNmNJqbIoONz8JubrbbER45ZhM.roa (raw, json)
Hash identifier: E39ND5rydKKM7Djl5g5ypOHUyAN1uWiM+vFb77BjB9I=
Subject key identifier: 2E:13:66:34:9A:9B:22:83:8D:CF:C2:6E:6E:B6:DB:11:1E:39:66:13
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 24E6
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/LhNmNJqbIoONz8JubrbbER45ZhM.roa
Signing time: Wed 11 Jun 2025 07:39:09 +0000
ROA not before: Wed 11 Jun 2025 07:39:09 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9446 (0x24e6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 11 07:39:09 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2E1366349A9B22838DCFC26E6EB6DB111E396613
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:b5:9a:93:16:24:67:bf:6d:ec:f6:3c:05:ab:
0a:07:d0:d1:e2:44:1a:19:e8:dc:7f:03:e3:3e:4d:
d4:20:09:f1:bb:bc:2c:a0:ad:fd:7e:ea:53:07:fe:
23:48:7e:10:b3:94:d7:aa:e7:77:00:3b:fd:a9:fd:
10:dc:ad:65:f7:d2:4e:de:b4:ab:f2:f5:e4:de:76:
3b:aa:d5:81:c3:5c:fd:37:a6:56:f7:76:cd:f9:d1:
34:0d:e7:a6:37:94:88:3e:c3:d2:52:55:7d:e9:cf:
8b:5e:22:31:ff:2b:27:08:18:2b:44:a0:0c:bd:a3:
81:da:9e:0b:6f:a2:0f:a9:c6:10:28:c0:a2:97:15:
f6:d9:f0:e2:56:33:3f:c6:40:7f:5c:6a:2f:c9:2d:
79:13:c5:8c:64:ab:6d:7c:43:8b:29:7d:47:36:6a:
2d:6c:9a:af:5c:2c:09:a4:c8:94:0e:e9:82:fd:13:
9f:0a:51:53:77:26:00:28:9b:83:87:ce:d2:44:aa:
08:c5:f4:11:15:22:df:3b:2c:59:22:a6:11:7b:1d:
c9:c6:d3:4c:50:af:9b:89:e0:0d:f8:cb:5b:c2:fd:
c6:c5:32:8d:da:ba:e4:60:cf:06:80:a2:73:41:53:
a6:ee:aa:6f:57:88:24:fc:d4:9d:85:ba:8a:da:21:
b4:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:13:66:34:9A:9B:22:83:8D:CF:C2:6E:6E:B6:DB:11:1E:39:66:13
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/LhNmNJqbIoONz8JubrbbER45ZhM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b8:22:92:f7:7f:34:c6:d6:07:0a:fa:a5:5b:35:70:45:a4:c6:
d8:61:0d:66:33:fa:0f:87:be:6d:8e:b3:5a:4f:79:57:61:d5:
d2:ce:c5:6b:be:fd:be:d7:38:49:ab:bb:06:db:e2:c4:4a:68:
9b:65:95:b1:e2:26:d9:ed:5f:df:6e:1d:6c:dd:c1:6f:d8:7a:
60:aa:ce:3b:4b:20:72:a7:6a:cb:c9:c6:05:a8:5e:df:1f:ab:
01:d6:a2:eb:46:af:a1:3c:06:c4:b0:7a:7b:e2:1a:4f:00:df:
71:de:ab:62:65:54:e4:a4:08:75:c5:ed:e2:0d:a1:1b:52:26:
00:9b:1c:f8:52:0e:fa:b6:c8:09:13:7f:8e:cd:95:15:8b:d6:
69:1a:4c:9b:32:e3:35:ef:04:29:0b:2c:c6:80:64:4e:44:50:
28:da:46:ce:74:57:5d:80:6f:ec:1f:3a:ba:f7:f4:54:0d:6a:
0d:5c:71:82:35:f3:da:f5:18:25:0b:83:ec:1b:43:1e:f1:a7:
80:64:18:d8:f8:49:1c:ab:91:50:13:d6:2e:5a:d1:47:0a:d6:
26:f1:50:5f:70:cf:5f:83:87:fd:58:7c:2c:01:a5:3e:f6:70:
a8:c4:0c:f0:7a:1e:6d:e1:89:ce:4b:ee:5f:94:21:07:65:4d:
f4:1c:d5:80
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJOYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTEw
NzM5MDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDJFMTM2NjM0OUE5QjIy
ODM4RENGQzI2RTZFQjZEQjExMUUzOTY2MTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJtZqTFiRnv23s9jwFqwoH0NHiRBoZ6Nx/A+M+TdQgCfG7vCyg
rf1+6lMH/iNIfhCzlNeq53cAO/2p/RDcrWX30k7etKvy9eTedjuq1YHDXP03plb3
ds350TQN56Y3lIg+w9JSVX3pz4teIjH/KycIGCtEoAy9o4Hangtvog+pxhAowKKX
FfbZ8OJWMz/GQH9cai/JLXkTxYxkq218Q4spfUc2ai1smq9cLAmkyJQO6YL9E58K
UVN3JgAom4OHztJEqgjF9BEVIt87LFkiphF7HcnG00xQr5uJ4A34y1vC/cbFMo3a
uuRgzwaAonNBU6buqm9XiCT81J2FuoraIbTNAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQULhNmNJqbIoONz8JubrbbER45ZhMwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTGhObU5KcWJJb09O
ejhKdWJyYmJFUjQ1WmhNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALgikvd/NMbWBwr6pVs1cEWkxthh
DWYz+g+Hvm2Os1pPeVdh1dLOxWu+/b7XOEmruwbb4sRKaJtllbHiJtntX99uHWzd
wW/YemCqzjtLIHKnasvJxgWoXt8fqwHWoutGr6E8BsSwenviGk8A33Heq2JlVOSk
CHXF7eINoRtSJgCbHPhSDvq2yAkTf47NlRWL1mkaTJsy4zXvBCkLLMaAZE5EUCja
Rs50V12Ab+wfOrr39FQNag1ccYI189r1GCULg+wbQx7xp4BkGNj4SRyrkVAT1i5a
0UcK1ibxUF9wz1+Dh/1YfCwBpT72cKjEDPB6Hm3hic5L7l+UIQdlTfQc1YA=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:55:16 2025 by rpki-client