Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/N20nLW3fytInxVmqrVb40jipj68.roa
File: N20nLW3fytInxVmqrVb40jipj68.roa (raw, json)
Hash identifier: 2viYaT/G0VlnCBcqUpCRZQ2fnHEAsG/fbMopqgbU4y8=
Subject key identifier: 37:6D:27:2D:6D:DF:CA:D2:27:C5:59:AA:AD:56:F8:D2:38:A9:8F:AF
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2346
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/N20nLW3fytInxVmqrVb40jipj68.roa
Signing time: Sun 08 Jun 2025 10:08:57 +0000
ROA not before: Sun 08 Jun 2025 10:08:57 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9030 (0x2346)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 8 10:08:57 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=376D272D6DDFCAD227C559AAAD56F8D238A98FAF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:15:0a:40:c6:06:81:3e:ee:9d:9c:76:1b:39:
3f:6c:bd:c7:c7:14:c2:80:b6:1c:81:7c:59:3f:14:
e7:c7:1c:8a:50:95:d0:75:aa:35:10:a3:03:6c:3e:
52:34:c6:d9:1f:2c:cc:34:4e:4e:38:e9:26:04:3e:
5c:46:c6:47:7a:bd:82:89:65:04:06:d7:ed:c3:ff:
54:2d:59:0b:42:83:5e:a6:c8:f6:a4:d9:34:80:fb:
b2:31:b4:19:e5:a6:d9:41:75:3e:c8:68:4d:5c:0e:
19:d1:3c:ba:f2:05:26:e0:fe:e2:82:c4:ba:ac:ac:
0d:f9:e2:62:31:29:f9:4a:28:ee:a9:ab:b2:d0:c7:
f3:11:58:8c:87:d7:a9:42:45:2d:7a:69:a7:b9:ab:
b3:9c:2b:6d:1f:fc:4f:4b:e7:a8:b9:15:a6:22:c7:
fe:99:34:2b:9c:59:44:79:9a:ea:4d:50:ad:2c:d4:
b5:db:86:13:2c:51:d1:9b:d6:0c:4c:a6:45:09:07:
12:12:7d:ec:13:d4:34:c6:de:ff:32:58:b9:04:df:
8c:d4:63:2c:d6:4b:0b:a9:ca:43:bc:ed:bd:90:16:
f1:56:38:42:82:ac:8c:7e:b4:f7:9d:63:f8:56:47:
62:08:e3:e0:eb:12:76:5d:11:21:8b:e5:77:0f:d9:
88:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:6D:27:2D:6D:DF:CA:D2:27:C5:59:AA:AD:56:F8:D2:38:A9:8F:AF
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/N20nLW3fytInxVmqrVb40jipj68.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
76:b6:08:db:0b:53:b4:97:7c:a6:ce:2e:69:ec:62:10:49:b9:
8b:24:82:42:5d:c0:6f:1b:8e:db:36:a7:b8:09:c4:bb:c1:50:
57:53:f7:e1:31:ed:5c:af:c1:a0:e5:cd:7a:50:b7:f4:07:c9:
60:d9:e8:2a:c5:26:10:d1:23:c3:e0:1a:2d:99:f5:b5:a1:fd:
30:16:8a:86:9b:45:e6:25:c6:e6:5e:49:f8:59:e4:ca:70:b8:
79:a4:82:39:12:6c:32:dc:09:60:8d:1e:52:40:51:99:35:2f:
a8:90:57:df:48:dc:9c:41:d8:c1:68:4f:1a:b9:62:34:cc:2a:
cb:bc:99:12:3b:97:45:72:d2:db:1a:b5:b0:08:1f:a7:bd:fe:
0b:0c:81:80:f1:ef:e1:4b:94:e6:f6:f9:06:84:02:76:40:15:
5a:21:a1:2d:33:74:e3:cf:05:29:c1:fe:96:d3:6f:d2:e2:7c:
91:50:18:55:e3:4c:03:6a:68:d4:6d:f0:c9:d0:dd:2b:fb:b1:
87:a5:58:fb:2b:c6:ab:f5:bb:af:a5:f4:fc:3f:ac:e5:65:6d:
20:3c:84:1e:23:fc:84:c7:5a:3c:ba:01:59:d7:d8:11:3e:13:
de:57:70:13:a6:6b:f9:15:4a:f7:f3:6c:1d:78:6a:6f:5e:86:
de:41:42:3d
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI0YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDgx
MDA4NTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM3NkQyNzJENkRERkNB
RDIyN0M1NTlBQUFENTZGOEQyMzhBOThGQUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOFQpAxgaBPu6dnHYbOT9svcfHFMKAthyBfFk/FOfHHIpQldB1
qjUQowNsPlI0xtkfLMw0Tk446SYEPlxGxkd6vYKJZQQG1+3D/1QtWQtCg16myPak
2TSA+7IxtBnlptlBdT7IaE1cDhnRPLryBSbg/uKCxLqsrA354mIxKflKKO6pq7LQ
x/MRWIyH16lCRS16aae5q7OcK20f/E9L56i5FaYix/6ZNCucWUR5mupNUK0s1LXb
hhMsUdGb1gxMpkUJBxISfewT1DTG3v8yWLkE34zUYyzWSwupykO87b2QFvFWOEKC
rIx+tPedY/hWR2II4+DrEnZdESGL5XcP2YjpAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUN20nLW3fytInxVmqrVb40jipj68wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTjIwbkxXM2Z5dElu
eFZtcXJWYjQwamlwajY4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAHa2CNsLU7SXfKbOLmnsYhBJuYsk
gkJdwG8bjts2p7gJxLvBUFdT9+Ex7VyvwaDlzXpQt/QHyWDZ6CrFJhDRI8PgGi2Z
9bWh/TAWioabReYlxuZeSfhZ5MpwuHmkgjkSbDLcCWCNHlJAUZk1L6iQV99I3JxB
2MFoTxq5YjTMKsu8mRI7l0Vy0tsatbAIH6e9/gsMgYDx7+FLlOb2+QaEAnZAFVoh
oS0zdOPPBSnB/pbTb9LifJFQGFXjTANqaNRt8MnQ3Sv7sYelWPsrxqv1u6+l9Pw/
rOVlbSA8hB4j/ITHWjy6AVnX2BE+E95XcBOma/kVSvfzbB14am9eht5BQj0=
-----END CERTIFICATE-----
Generated at Sat Jun 21 17:00:09 2025 by rpki-client