Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/N-looTzIayCvjUXpyI5ELkoldoU.roa
File: N-looTzIayCvjUXpyI5ELkoldoU.roa (raw, json)
Hash identifier: Tn0HyiBvnuow5dFmTgynTM5gCfS7+81K8wjialjMroU=
Subject key identifier: 37:E9:68:A1:3C:C8:6B:20:AF:8D:45:E9:C8:8E:44:2E:4A:25:76:85
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 24F8
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/N-looTzIayCvjUXpyI5ELkoldoU.roa
Signing time: Wed 11 Jun 2025 10:39:11 +0000
ROA not before: Wed 11 Jun 2025 10:39:11 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9464 (0x24f8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 11 10:39:11 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=37E968A13CC86B20AF8D45E9C88E442E4A257685
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:54:2f:6a:d3:23:94:e8:c8:8e:1e:d5:eb:aa:
9c:68:93:45:77:da:84:2a:8a:8f:b8:2b:1a:17:99:
63:f8:a8:98:65:03:ee:4f:71:39:31:8a:b6:56:5f:
6a:11:e9:f7:0d:f9:9e:43:c1:ec:a1:14:a9:7e:ba:
7d:3b:08:8d:53:9c:90:80:f0:f4:61:83:57:e3:82:
38:75:5d:bb:fe:53:f5:d3:03:6a:2d:ba:65:3e:d9:
f7:48:02:7f:41:53:28:11:24:b1:cd:2e:07:7f:64:
fd:82:66:bf:99:83:bf:b4:e0:64:58:06:2b:bf:a0:
4a:f5:38:a9:30:52:44:b0:c3:2b:d8:a3:0c:96:f8:
34:ae:d7:43:20:d4:7b:82:34:ac:74:48:87:67:02:
c3:22:c4:9f:3e:41:e6:41:3b:98:57:ca:1e:7c:f3:
4f:ab:d6:9c:d1:f0:31:55:e3:77:19:b6:a1:c6:dd:
06:db:ea:8e:db:7d:f4:51:78:aa:19:f6:4e:f7:55:
d8:98:f8:29:9a:2f:4b:01:1c:5f:f0:3f:9e:ad:e5:
58:a8:25:7e:a9:ee:8a:7e:93:1b:da:e3:98:34:21:
ab:d0:59:af:38:f4:5f:59:ec:71:c2:9e:8b:a3:2a:
a6:ff:15:46:bf:35:c6:f8:cb:82:80:e3:33:fc:ef:
51:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:E9:68:A1:3C:C8:6B:20:AF:8D:45:E9:C8:8E:44:2E:4A:25:76:85
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/N-looTzIayCvjUXpyI5ELkoldoU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
ae:27:58:27:0b:ab:a3:ce:5f:16:da:08:f6:d7:b0:a1:d3:06:
91:28:45:d9:90:a1:f1:16:73:26:f0:34:6f:81:f1:88:be:81:
39:68:49:01:08:79:ba:47:60:37:37:9b:74:0d:d6:b1:b9:34:
37:f9:e7:72:92:a1:af:f9:fe:b2:33:f4:b3:84:1a:96:be:dd:
07:14:d0:1b:32:48:f7:4c:8b:0a:fd:a4:9e:e4:3f:2a:88:56:
c2:e9:81:b0:0d:41:16:9f:14:f7:ca:00:17:1f:57:13:34:e2:
27:60:47:ff:10:de:cf:e1:e8:1b:d3:b8:ae:98:e9:86:b7:8c:
9f:97:46:16:d7:5f:b1:62:99:8c:ec:c3:97:a1:75:d3:d5:19:
31:2f:e4:f0:04:95:2e:05:75:98:40:6c:de:a2:7c:d9:27:5b:
a4:6e:a7:ca:af:24:ba:0a:38:b7:66:ba:ed:de:e9:70:2c:77:
fa:ff:db:08:da:ab:5a:69:0c:ce:12:f1:22:9d:5b:c3:e5:73:
ea:87:a9:07:ae:56:fc:9e:87:22:d8:58:85:15:69:fa:6a:9d:
5d:36:27:e3:18:be:d7:f2:f5:1b:88:4a:7a:f3:97:df:08:e3:
2b:ee:a9:3a:da:97:d1:06:17:00:99:18:2c:7e:0f:db:90:cc:
8d:a5:b8:9b
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJPgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTEx
MDM5MTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM3RTk2OEExM0NDODZC
MjBBRjhENDVFOUM4OEU0NDJFNEEyNTc2ODUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJVC9q0yOU6MiOHtXrqpxok0V32oQqio+4KxoXmWP4qJhlA+5P
cTkxirZWX2oR6fcN+Z5DweyhFKl+un07CI1TnJCA8PRhg1fjgjh1Xbv+U/XTA2ot
umU+2fdIAn9BUygRJLHNLgd/ZP2CZr+Zg7+04GRYBiu/oEr1OKkwUkSwwyvYowyW
+DSu10Mg1HuCNKx0SIdnAsMixJ8+QeZBO5hXyh5880+r1pzR8DFV43cZtqHG3Qbb
6o7bffRReKoZ9k73VdiY+CmaL0sBHF/wP56t5VioJX6p7op+kxva45g0IavQWa84
9F9Z7HHCnoujKqb/FUa/Ncb4y4KA4zP871HXAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUN+looTzIayCvjUXpyI5ELkoldoUwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTi1sb29UeklheUN2
alVYcHlJNUVMa29sZG9VLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAK4nWCcLq6POXxbaCPbXsKHTBpEo
RdmQofEWcybwNG+B8Yi+gTloSQEIebpHYDc3m3QN1rG5NDf553KSoa/5/rIz9LOE
Gpa+3QcU0BsySPdMiwr9pJ7kPyqIVsLpgbANQRafFPfKABcfVxM04idgR/8Q3s/h
6BvTuK6Y6Ya3jJ+XRhbXX7FimYzsw5ehddPVGTEv5PAElS4FdZhAbN6ifNknW6Ru
p8qvJLoKOLdmuu3e6XAsd/r/2wjaq1ppDM4S8SKdW8Plc+qHqQeuVvyehyLYWIUV
afpqnV02J+MYvtfy9RuISnrzl98I4yvuqTral9EGFwCZGCx+D9uQzI2luJs=
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:30:26 2025 by rpki-client