Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/NLyYHTaJ-jFTm4h1THpVxvAXTxU.roa
File: NLyYHTaJ-jFTm4h1THpVxvAXTxU.roa (raw, json)
Hash identifier: G7QbKIezSBBcwpr+J37JcAF4qXc9okAv7PYFrFM+5ds=
Subject key identifier: 34:BC:98:1D:36:89:FA:31:53:9B:88:75:4C:7A:55:C6:F0:17:4F:15
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 21E4
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NLyYHTaJ-jFTm4h1THpVxvAXTxU.roa
Signing time: Thu 05 Jun 2025 23:08:46 +0000
ROA not before: Thu 05 Jun 2025 23:08:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8676 (0x21e4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 23:08:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=34BC981D3689FA31539B88754C7A55C6F0174F15
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:49:ff:69:80:d3:66:bf:af:15:23:c4:42:59:
a9:32:67:47:ec:9f:06:82:5f:9e:13:74:73:34:16:
9b:ac:24:b9:61:70:91:1f:8d:4f:88:f6:ab:42:37:
94:c1:73:52:56:0c:1a:55:2e:cc:b4:7a:56:05:3c:
b9:49:ce:d5:cb:37:0d:92:51:15:a9:c2:1a:fd:13:
c0:0a:8a:4d:22:92:7e:ee:90:26:85:e4:b9:9e:4b:
c8:07:e3:32:10:92:dc:b2:2d:da:7a:f2:88:a2:78:
1f:58:78:11:8f:bb:c0:30:d8:fc:72:07:11:73:dc:
aa:54:0c:e3:bc:37:dc:e7:a3:fa:26:d9:eb:45:10:
f6:1c:07:78:8e:59:17:3a:5a:a5:9f:ad:3d:cf:62:
92:82:90:fe:cf:25:81:75:b5:81:06:2f:9f:f9:d1:
92:38:aa:21:3d:73:55:cd:d7:1e:c5:6e:54:d0:fe:
1c:c6:21:79:a5:75:82:29:bb:f0:80:ff:15:11:5b:
f4:2a:c8:15:27:37:74:85:4f:32:fc:96:f8:4a:77:
14:1a:ca:bd:2f:93:8d:d8:38:65:18:ef:65:bf:63:
75:97:2e:8c:ce:15:16:2c:a4:68:18:26:ac:5e:7f:
6d:53:1e:1f:a5:83:7e:33:6c:0e:dd:bf:c1:8c:c7:
4a:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:BC:98:1D:36:89:FA:31:53:9B:88:75:4C:7A:55:C6:F0:17:4F:15
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NLyYHTaJ-jFTm4h1THpVxvAXTxU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
03:7c:66:23:6a:2a:ec:5d:ec:83:06:6d:8a:70:6d:c4:83:06:
ad:e6:90:db:91:f8:ba:54:51:3e:17:5d:e0:d8:f5:0b:81:4a:
ba:95:17:8a:3f:a7:07:0d:ac:af:00:7e:47:34:01:63:9b:b9:
ae:67:e4:9e:ab:e2:53:f5:9b:36:27:76:6f:3a:e7:89:f4:c0:
f2:a9:8d:f4:e0:5b:8c:e1:b0:06:1d:5d:bd:ed:b2:69:76:20:
b9:06:44:f7:19:59:fa:03:74:60:52:3f:68:86:54:7c:46:92:
d6:6b:31:ca:0d:65:d2:e8:b9:21:bd:af:cd:78:f3:d6:c0:aa:
94:4c:4f:36:37:d1:2b:a4:74:33:1d:66:bf:07:f2:96:99:d6:
44:39:46:3a:5a:64:3f:d9:1c:b8:96:be:a1:42:1e:84:a9:f6:
1a:8c:70:20:27:c5:4c:ca:88:4c:e1:34:6c:98:a6:3f:b5:f5:
0b:6d:4e:2a:c9:1a:33:8d:fa:6e:ad:e9:63:c0:84:dd:80:57:
41:0e:96:0c:39:de:56:f3:46:26:e8:ef:f5:f7:51:cb:05:88:
c9:c6:db:eb:4e:1b:39:00:7a:86:da:58:15:31:74:9d:28:a2:
06:0c:ca:f7:38:53:60:36:a8:5c:99:6a:2b:6f:24:1d:f6:67:
a6:b8:3c:86
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIeQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUy
MzA4NDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM0QkM5ODFEMzY4OUZB
MzE1MzlCODg3NTRDN0E1NUM2RjAxNzRGMTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4Sf9pgNNmv68VI8RCWakyZ0fsnwaCX54TdHM0FpusJLlhcJEf
jU+I9qtCN5TBc1JWDBpVLsy0elYFPLlJztXLNw2SURWpwhr9E8AKik0ikn7ukCaF
5LmeS8gH4zIQktyyLdp68oiieB9YeBGPu8Aw2PxyBxFz3KpUDOO8N9zno/om2etF
EPYcB3iOWRc6WqWfrT3PYpKCkP7PJYF1tYEGL5/50ZI4qiE9c1XN1x7FblTQ/hzG
IXmldYIpu/CA/xURW/QqyBUnN3SFTzL8lvhKdxQayr0vk43YOGUY72W/Y3WXLozO
FRYspGgYJqxef21THh+lg34zbA7dv8GMx0rNAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUNLyYHTaJ+jFTm4h1THpVxvAXTxUwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTkx5WUhUYUotakZU
bTRoMVRIcFZ4dkFYVHhVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAAN8ZiNqKuxd7IMGbYpwbcSDBq3m
kNuR+LpUUT4XXeDY9QuBSrqVF4o/pwcNrK8Afkc0AWObua5n5J6r4lP1mzYndm86
54n0wPKpjfTgW4zhsAYdXb3tsml2ILkGRPcZWfoDdGBSP2iGVHxGktZrMcoNZdLo
uSG9r81489bAqpRMTzY30SukdDMdZr8H8paZ1kQ5RjpaZD/ZHLiWvqFCHoSp9hqM
cCAnxUzKiEzhNGyYpj+19QttTirJGjON+m6t6WPAhN2AV0EOlgw53lbzRibo7/X3
UcsFiMnG2+tOGzkAeobaWBUxdJ0oogYMyvc4U2A2qFyZaitvJB32Z6a4PIY=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:21:34 2025 by rpki-client