Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/NXHhtfphjPoCNCaA2KiVIYdcquU.roa
File: NXHhtfphjPoCNCaA2KiVIYdcquU.roa (raw, json)
Hash identifier: URwMdPkrmnWwgHl78HHWu31fWVXbsNwKwC58qaMepkk=
Subject key identifier: 35:71:E1:B5:FA:61:8C:FA:02:34:26:80:D8:A8:95:21:87:5C:AA:E5
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 21C9
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NXHhtfphjPoCNCaA2KiVIYdcquU.roa
Signing time: Thu 05 Jun 2025 18:38:47 +0000
ROA not before: Thu 05 Jun 2025 18:38:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8649 (0x21c9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 18:38:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3571E1B5FA618CFA02342680D8A89521875CAAE5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:35:e5:cf:c5:86:f1:ec:4a:92:6c:ab:46:7a:
27:5a:45:b4:c7:88:99:53:91:18:bf:f0:9a:20:af:
6f:b7:40:e5:b5:b3:8a:83:1b:7e:6d:68:c6:ef:62:
32:8b:4d:36:19:a5:9d:44:57:5e:68:7e:4f:5c:36:
f2:05:db:52:cb:a6:02:db:ba:67:29:bf:1f:10:7d:
cd:b4:20:fd:4a:ce:e7:f8:11:a1:a0:e3:ac:a5:32:
68:5d:44:89:a6:11:2c:c4:c6:c0:e1:77:7c:d1:12:
a8:d6:46:fd:b8:e9:b8:c4:39:30:d2:4c:6d:93:6b:
1c:49:bd:96:e4:eb:c2:4d:15:c8:79:45:24:64:b3:
e8:af:cd:c6:91:5e:dc:60:af:83:1c:8f:e8:5b:da:
98:01:f7:5a:73:04:bc:04:3e:d3:f3:f6:64:01:06:
95:bf:96:08:6d:18:b8:70:1a:f9:d1:68:92:a5:7e:
78:e0:ce:97:75:28:6f:94:bb:3f:10:f3:e8:50:f9:
0b:c1:e5:fa:79:71:ec:90:f0:71:ec:2a:45:85:62:
ed:96:0e:ec:63:04:93:20:4c:04:2b:14:b9:f4:81:
62:7b:ce:1a:28:09:48:fd:55:69:3e:0c:1f:7c:d0:
5e:35:fe:11:43:f9:62:54:ca:1f:19:a3:00:6c:9d:
d7:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:71:E1:B5:FA:61:8C:FA:02:34:26:80:D8:A8:95:21:87:5C:AA:E5
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NXHhtfphjPoCNCaA2KiVIYdcquU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
bd:33:e0:01:a4:57:83:da:16:19:d2:8c:ce:38:c7:b3:e0:45:
73:08:52:ae:dd:8a:14:23:bb:43:15:4d:e6:2c:91:17:06:d9:
0c:a6:b6:04:1f:16:7c:cb:72:47:ee:f4:84:c1:ff:0a:65:74:
d0:b2:86:00:b8:d8:43:a3:02:37:d8:d4:f5:a0:c4:46:66:91:
80:e2:ea:86:81:29:84:de:bb:0d:35:81:f8:10:15:4a:29:51:
d2:5a:c5:ac:9b:04:d9:e8:fb:95:7f:ab:e2:37:65:b5:ec:a9:
da:0b:04:7b:9a:97:a9:84:06:44:9d:93:c2:fb:92:25:81:e9:
79:6b:85:ed:07:8d:a3:60:31:82:21:44:2a:24:ce:39:da:54:
9f:6f:94:89:db:53:7b:ab:ab:9c:6f:7a:67:7a:d8:c5:97:55:
94:c8:4f:f6:e0:48:96:81:d6:08:da:c8:7e:65:11:5e:8f:85:
99:60:63:88:56:61:02:cd:54:a8:0a:e5:78:19:60:be:dd:d9:
98:64:aa:6f:86:56:eb:61:af:0a:fd:e7:fa:39:1b:1a:33:e0:
b6:4e:61:4e:b4:ea:a1:5f:e3:21:f7:0c:44:62:56:8e:9f:d8:
f7:cc:b4:23:fe:b4:25:f9:96:72:92:b2:4f:9a:8a:11:1f:51:
6d:c2:c2:61
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIckwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUx
ODM4NDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM1NzFFMUI1RkE2MThD
RkEwMjM0MjY4MEQ4QTg5NTIxODc1Q0FBRTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9NeXPxYbx7EqSbKtGeidaRbTHiJlTkRi/8Jogr2+3QOW1s4qD
G35taMbvYjKLTTYZpZ1EV15ofk9cNvIF21LLpgLbumcpvx8Qfc20IP1Kzuf4EaGg
46ylMmhdRImmESzExsDhd3zREqjWRv246bjEOTDSTG2TaxxJvZbk68JNFch5RSRk
s+ivzcaRXtxgr4Mcj+hb2pgB91pzBLwEPtPz9mQBBpW/lghtGLhwGvnRaJKlfnjg
zpd1KG+Uuz8Q8+hQ+QvB5fp5ceyQ8HHsKkWFYu2WDuxjBJMgTAQrFLn0gWJ7zhoo
CUj9VWk+DB980F41/hFD+WJUyh8ZowBsnddxAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUNXHhtfphjPoCNCaA2KiVIYdcquUwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTlhIaHRmcGhqUG9D
TkNhQTJLaVZJWWRjcXVVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAL0z4AGkV4PaFhnSjM44x7PgRXMI
Uq7dihQju0MVTeYskRcG2QymtgQfFnzLckfu9ITB/wpldNCyhgC42EOjAjfY1PWg
xEZmkYDi6oaBKYTeuw01gfgQFUopUdJaxaybBNno+5V/q+I3ZbXsqdoLBHual6mE
BkSdk8L7kiWB6Xlrhe0HjaNgMYIhRCokzjnaVJ9vlInbU3urq5xvemd62MWXVZTI
T/bgSJaB1gjayH5lEV6PhZlgY4hWYQLNVKgK5XgZYL7d2Zhkqm+GVuthrwr95/o5
Gxoz4LZOYU606qFf4yH3DERiVo6f2PfMtCP+tCX5lnKSsk+aihEfUW3CwmE=
-----END CERTIFICATE-----
Generated at Sat Jun 21 17:30:53 2025 by rpki-client