Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/NA0uUPHjraeIjJpsx7lqVpqwsAQ.roa
File: NA0uUPHjraeIjJpsx7lqVpqwsAQ.roa (raw, json)
Hash identifier: nMy6WhLPxyOyzCjSYa2WDuS6JIaYDXDAEjyN/uQPfbY=
Subject key identifier: 34:0D:2E:50:F1:E3:AD:A7:88:8C:9A:6C:C7:B9:6A:56:9A:B0:B0:04
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 26CD
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NA0uUPHjraeIjJpsx7lqVpqwsAQ.roa
Signing time: Sat 14 Jun 2025 16:39:19 +0000
ROA not before: Sat 14 Jun 2025 16:39:19 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9933 (0x26cd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 16:39:19 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=340D2E50F1E3ADA7888C9A6CC7B96A569AB0B004
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:35:87:75:a8:df:1c:26:18:8c:c2:95:a8:70:
c6:3f:96:2e:bd:53:f0:89:ba:41:9b:4e:53:b6:41:
09:9a:64:1b:5f:5c:a2:ee:1c:c8:1a:f5:01:de:db:
ff:40:25:7c:51:df:d2:0a:1e:be:94:53:98:d1:73:
d6:86:de:6b:42:11:d2:e5:f9:f7:cc:73:24:e2:55:
74:62:2a:e0:36:35:50:3c:f1:5b:80:21:f0:66:f5:
b6:03:d0:cc:17:26:8e:cd:64:db:0c:ec:ce:43:15:
d4:2a:21:61:db:d0:09:af:09:13:53:73:29:d4:c0:
52:bb:f4:6f:14:2d:75:60:ad:ea:7d:06:63:09:d1:
f9:1c:e3:1e:a6:53:30:e7:de:11:d9:76:d7:12:e2:
f1:bc:8c:34:2d:6c:bb:83:42:d7:61:6f:70:a7:56:
b6:f2:89:89:95:01:69:0d:a0:df:97:e2:d5:d6:e7:
68:a6:db:2e:4a:86:05:1b:d0:63:bd:94:d6:f7:ec:
25:2c:bf:95:fb:9d:35:f1:54:14:56:da:58:d6:40:
f3:64:9b:dc:c2:5f:d8:df:1b:79:ac:cc:10:db:f9:
90:ad:a9:11:c3:d0:17:74:0f:4e:6e:c1:41:84:c9:
bf:88:62:40:17:ae:02:8b:96:76:84:50:f8:78:19:
ea:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:0D:2E:50:F1:E3:AD:A7:88:8C:9A:6C:C7:B9:6A:56:9A:B0:B0:04
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NA0uUPHjraeIjJpsx7lqVpqwsAQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
1b:e4:a7:be:87:82:b3:ff:ff:8b:8c:e7:d0:2d:93:8e:d3:03:
8e:cd:7f:40:52:6c:29:e6:85:d2:f0:4f:12:02:1d:5e:22:f1:
d7:20:9b:2a:f9:8a:c6:d2:5f:18:ad:f4:b3:e2:84:35:b6:73:
70:90:c5:a8:cd:1f:79:2c:aa:a5:78:22:54:bc:54:5c:d4:df:
a4:fc:af:68:c4:26:63:cc:f4:7c:68:52:30:53:e3:82:70:c0:
91:0b:92:bf:32:21:bf:20:33:71:b0:3c:84:8f:d0:b2:db:0d:
30:6e:2d:a8:de:57:3e:60:37:92:9c:e0:01:e0:77:d4:25:87:
19:83:33:95:56:e3:2d:d1:f6:6e:f0:eb:98:2c:65:05:71:c2:
f2:e8:d8:47:1f:c6:94:b8:f8:ce:9f:93:dc:96:4c:68:0b:13:
3e:55:9e:c7:21:91:a4:9b:e6:7e:be:85:86:40:4e:51:bb:ab:
d5:8a:90:fa:0b:ac:9d:1d:9a:ce:40:cc:e8:c4:cf:6d:5b:be:
e4:38:d5:d0:21:ad:df:50:54:63:18:ae:d1:83:73:c7:38:c1:
c3:03:47:1f:c0:d1:52:51:53:7b:4c:fa:54:ab:db:90:92:b9:
c6:aa:81:e2:b3:5a:d7:6a:0a:ea:cf:42:75:57:76:2a:69:08:
ac:f6:13:40
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJs0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQx
NjM5MTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM0MEQyRTUwRjFFM0FE
QTc4ODhDOUE2Q0M3Qjk2QTU2OUFCMEIwMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4NYd1qN8cJhiMwpWocMY/li69U/CJukGbTlO2QQmaZBtfXKLu
HMga9QHe2/9AJXxR39IKHr6UU5jRc9aG3mtCEdLl+ffMcyTiVXRiKuA2NVA88VuA
IfBm9bYD0MwXJo7NZNsM7M5DFdQqIWHb0AmvCRNTcynUwFK79G8ULXVgrep9BmMJ
0fkc4x6mUzDn3hHZdtcS4vG8jDQtbLuDQtdhb3CnVrbyiYmVAWkNoN+X4tXW52im
2y5KhgUb0GO9lNb37CUsv5X7nTXxVBRW2ljWQPNkm9zCX9jfG3mszBDb+ZCtqRHD
0Bd0D05uwUGEyb+IYkAXrgKLlnaEUPh4Geq5AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUNA0uUPHjraeIjJpsx7lqVpqwsAQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTkEwdVVQSGpyYWVJ
akpwc3g3bHFWcHF3c0FRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABvkp76HgrP//4uM59Atk47TA47N
f0BSbCnmhdLwTxICHV4i8dcgmyr5isbSXxit9LPihDW2c3CQxajNH3ksqqV4IlS8
VFzU36T8r2jEJmPM9HxoUjBT44JwwJELkr8yIb8gM3GwPISP0LLbDTBuLajeVz5g
N5Kc4AHgd9QlhxmDM5VW4y3R9m7w65gsZQVxwvLo2EcfxpS4+M6fk9yWTGgLEz5V
nschkaSb5n6+hYZATlG7q9WKkPoLrJ0dms5AzOjEz21bvuQ41dAhrd9QVGMYrtGD
c8c4wcMDRx/A0VJRU3tM+lSr25CSucaqgeKzWtdqCurPQnVXdippCKz2E0A=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:12:01 2025 by rpki-client