Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/LotXdbsqwZ6h_0ztN-PfAg-8-kc.roa
File: LotXdbsqwZ6h_0ztN-PfAg-8-kc.roa (raw, json)
Hash identifier: KHsU2vppkQ5BqvYpydQJ3/pvAHYtVZw0kQ4oF3Brr4k=
Subject key identifier: 2E:8B:57:75:BB:2A:C1:9E:A1:FF:4C:ED:37:E3:DF:02:0F:BC:FA:47
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2607
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/LotXdbsqwZ6h_0ztN-PfAg-8-kc.roa
Signing time: Fri 13 Jun 2025 07:39:14 +0000
ROA not before: Fri 13 Jun 2025 07:39:14 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9735 (0x2607)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 07:39:14 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2E8B5775BB2AC19EA1FF4CED37E3DF020FBCFA47
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:9a:ef:a5:16:50:48:65:72:2c:d2:a1:3f:38:
54:6b:55:ac:80:97:72:ce:6f:50:67:d5:d6:d2:e9:
b1:b8:16:c0:9c:c0:ae:5e:1f:0e:41:33:82:57:ad:
66:4c:28:9e:4c:c5:59:ef:6b:05:eb:f6:84:ef:26:
63:a6:40:4b:94:55:5b:de:bb:d5:df:84:ff:11:62:
ab:76:7d:bb:ed:cd:8d:b9:2c:2d:64:08:ab:5e:12:
2e:fe:95:53:b2:1a:dc:94:82:e6:03:58:fd:8a:52:
4e:81:d3:a0:97:41:fa:3d:39:6c:95:a7:85:dc:6f:
8d:46:14:3c:74:bd:02:ad:08:73:7b:27:e0:ec:5f:
75:b3:cc:8a:c6:d0:27:f5:22:e9:fc:0b:29:ac:25:
fb:11:e1:1a:7a:ac:50:d0:7f:8d:c3:f7:14:99:9d:
80:a4:03:5a:b1:6d:2b:56:f5:c0:dd:94:b1:6d:ea:
0f:2f:b0:af:4a:53:78:b8:2f:46:e4:7f:f5:21:21:
4d:00:97:6e:a2:b9:30:97:a3:87:eb:73:e2:1e:31:
df:b7:36:72:a7:a8:76:6a:1f:5b:65:71:87:c9:3d:
30:ea:d6:54:b8:e8:c7:f2:c1:16:b3:19:ba:a4:82:
3c:31:94:f4:b8:cb:9f:f0:05:2c:c6:91:eb:58:ce:
43:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:8B:57:75:BB:2A:C1:9E:A1:FF:4C:ED:37:E3:DF:02:0F:BC:FA:47
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/LotXdbsqwZ6h_0ztN-PfAg-8-kc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
66:7c:53:84:47:9f:0c:f8:4e:d8:d9:18:08:4c:dd:85:6e:c7:
cd:4a:ef:d5:38:7f:59:a6:f3:a4:4e:6d:c3:0c:3d:a7:db:f6:
38:66:15:75:5e:7e:73:ba:a2:19:81:f1:53:06:72:a4:ea:12:
4f:5d:c3:84:9d:5b:d8:a4:20:83:fe:0e:ba:76:3f:69:1d:cd:
37:3a:1e:e4:0f:d1:fd:83:b5:77:31:44:f6:b1:e3:c2:1a:3e:
24:66:66:dc:8c:5c:cd:ed:37:23:49:59:3a:21:db:b1:fc:d5:
22:16:df:f8:29:2b:43:9d:f9:11:c4:b0:a0:95:cc:19:91:a4:
b4:8b:c8:0c:e0:ec:51:a9:80:0f:9a:47:1d:eb:47:35:17:5c:
7c:34:ac:04:6a:22:64:20:c1:24:b5:de:bd:48:c2:80:d9:b8:
1b:2d:d2:53:05:14:63:ef:1f:4d:96:5b:f4:65:17:7a:10:96:
55:ff:64:76:c2:ba:f1:13:82:d6:30:cf:a9:33:29:5c:9d:5c:
cb:4c:7c:63:3a:f7:7b:39:40:1e:5f:1a:a7:a8:8c:59:b4:55:
e8:82:72:ec:af:f2:fc:68:9e:87:b7:fc:64:48:8c:f1:d3:67:
6e:84:7b:49:3f:52:dc:0f:7b:8a:4c:4b:43:fe:91:e2:50:d7:
21:48:12:03
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJgcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMw
NzM5MTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDJFOEI1Nzc1QkIyQUMx
OUVBMUZGNENFRDM3RTNERjAyMEZCQ0ZBNDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7mu+lFlBIZXIs0qE/OFRrVayAl3LOb1Bn1dbS6bG4FsCcwK5e
Hw5BM4JXrWZMKJ5MxVnvawXr9oTvJmOmQEuUVVveu9XfhP8RYqt2fbvtzY25LC1k
CKteEi7+lVOyGtyUguYDWP2KUk6B06CXQfo9OWyVp4Xcb41GFDx0vQKtCHN7J+Ds
X3WzzIrG0Cf1Iun8CymsJfsR4Rp6rFDQf43D9xSZnYCkA1qxbStW9cDdlLFt6g8v
sK9KU3i4L0bkf/UhIU0Al26iuTCXo4frc+IeMd+3NnKnqHZqH1tlcYfJPTDq1lS4
6MfywRazGbqkgjwxlPS4y5/wBSzGketYzkOxAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQULotXdbsqwZ6h/0ztN+PfAg+8+kcwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTG90WGRic3F3WjZo
XzB6dE4tUGZBZy04LWtjLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGZ8U4RHnwz4TtjZGAhM3YVux81K
79U4f1mm86RObcMMPafb9jhmFXVefnO6ohmB8VMGcqTqEk9dw4SdW9ikIIP+Drp2
P2kdzTc6HuQP0f2DtXcxRPax48IaPiRmZtyMXM3tNyNJWToh27H81SIW3/gpK0Od
+RHEsKCVzBmRpLSLyAzg7FGpgA+aRx3rRzUXXHw0rARqImQgwSS13r1IwoDZuBst
0lMFFGPvH02WW/RlF3oQllX/ZHbCuvETgtYwz6kzKVydXMtMfGM693s5QB5fGqeo
jFm0VeiCcuyv8vxonoe3/GRIjPHTZ26Ee0k/UtwPe4pMS0P+keJQ1yFIEgM=
-----END CERTIFICATE-----
Generated at Fri Jun 20 19:12:33 2025 by rpki-client