Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/NecFh3AKfOynsYUvWqLCkVHupOA.roa
File: NecFh3AKfOynsYUvWqLCkVHupOA.roa (raw, json)
Hash identifier: Da1HxcidEXBTvjntQZFmoWSxJbx5FdZsfeoC7ZV1ymw=
Subject key identifier: 35:E7:05:87:70:0A:7C:EC:A7:B1:85:2F:5A:A2:C2:91:51:EE:A4:E0
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2387
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NecFh3AKfOynsYUvWqLCkVHupOA.roa
Signing time: Sun 08 Jun 2025 21:08:56 +0000
ROA not before: Sun 08 Jun 2025 21:08:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9095 (0x2387)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 8 21:08:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=35E70587700A7CECA7B1852F5AA2C29151EEA4E0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:b7:b4:28:60:a8:70:f5:10:24:9b:a8:c9:a9:
62:77:3e:75:4e:b5:00:cc:f9:e7:9c:c0:eb:00:65:
92:2d:f7:df:db:15:30:55:ee:f7:1d:2f:91:13:33:
5d:6e:f9:44:6e:90:36:0c:14:d4:28:3e:f1:61:00:
30:82:51:73:3f:94:af:e9:60:6e:17:26:d7:6b:5f:
69:aa:00:a5:a6:3f:52:48:7c:c5:25:b3:97:3a:12:
a6:63:a9:2e:47:5a:d0:c8:cd:36:21:9c:bb:c4:e3:
e5:ce:f8:49:b4:e4:ea:f9:a9:e9:d3:1a:2d:6d:c3:
33:d6:8a:26:8f:60:47:28:ad:62:7f:e9:b0:e1:f0:
7d:53:e2:da:a3:fd:5d:e0:47:35:70:c4:fc:ca:61:
72:d1:d1:a9:a4:3e:86:23:53:52:29:92:11:68:77:
9a:a9:1d:ea:10:90:a7:17:fa:8d:c3:33:a9:18:7f:
cc:2b:e6:fa:21:9c:b7:49:0b:5b:7b:f0:92:e4:30:
40:12:8b:d1:8d:f0:67:bc:b8:6a:78:38:be:ab:73:
54:a1:97:4f:a3:ff:a5:9b:f9:f3:8b:43:0d:1b:f4:
96:5a:18:60:1b:af:13:5c:fd:fa:0a:37:f6:34:0f:
fc:fd:7f:17:15:88:a1:2b:a7:9c:6b:ea:78:51:1e:
76:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:E7:05:87:70:0A:7C:EC:A7:B1:85:2F:5A:A2:C2:91:51:EE:A4:E0
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NecFh3AKfOynsYUvWqLCkVHupOA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
57:4b:6e:d5:23:fd:43:4b:00:d3:45:e9:8e:2e:54:23:28:49:
31:c1:ba:f7:be:8b:e6:a3:b1:5c:fd:22:1f:a2:4f:98:53:32:
d8:19:bb:2f:8c:ae:81:59:c7:30:90:31:cb:43:3d:93:58:6b:
57:c1:87:09:d0:7a:61:b5:7b:0b:a6:2b:51:99:eb:5a:2f:75:
58:ff:54:b8:de:68:30:6d:61:fd:0c:ba:5b:c9:cf:ab:2a:95:
47:b9:d2:7c:99:d0:76:97:14:5e:f6:2c:94:98:40:50:0b:da:
d8:bf:c9:3b:3a:49:ff:0d:04:cd:17:47:5e:4d:b2:cb:24:74:
ff:b6:75:4d:06:b8:b0:ea:d9:98:aa:cf:84:f4:ff:86:fc:2e:
e6:25:62:eb:ad:a9:2b:2b:e1:ac:9b:08:5b:a5:f2:09:ee:ad:
72:fa:21:c2:11:bd:53:87:25:06:77:2a:be:ee:86:86:1f:1f:
7a:21:87:d5:91:c6:a8:f0:61:12:1b:e5:82:be:c8:6a:03:fc:
08:1a:bf:e4:5c:dd:a7:54:53:df:99:c8:ee:17:42:c1:96:ce:
81:46:f9:9a:82:60:85:b6:b1:48:05:15:cb:a0:ac:6f:d3:90:
65:ff:12:71:0e:9b:88:13:25:88:ce:c7:c4:9b:ad:e5:5a:66:
91:fa:20:10
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI4cwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDgy
MTA4NTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM1RTcwNTg3NzAwQTdD
RUNBN0IxODUyRjVBQTJDMjkxNTFFRUE0RTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCct7QoYKhw9RAkm6jJqWJ3PnVOtQDM+eecwOsAZZIt99/bFTBV
7vcdL5ETM11u+URukDYMFNQoPvFhADCCUXM/lK/pYG4XJtdrX2mqAKWmP1JIfMUl
s5c6EqZjqS5HWtDIzTYhnLvE4+XO+Em05Or5qenTGi1twzPWiiaPYEcorWJ/6bDh
8H1T4tqj/V3gRzVwxPzKYXLR0amkPoYjU1IpkhFod5qpHeoQkKcX+o3DM6kYf8wr
5vohnLdJC1t78JLkMEASi9GN8Ge8uGp4OL6rc1Shl0+j/6Wb+fOLQw0b9JZaGGAb
rxNc/foKN/Y0D/z9fxcViKErp5xr6nhRHnYJAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUNecFh3AKfOynsYUvWqLCkVHupOAwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTmVjRmgzQUtmT3lu
c1lVdldxTENrVkh1cE9BLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFdLbtUj/UNLANNF6Y4uVCMoSTHB
uve+i+ajsVz9Ih+iT5hTMtgZuy+MroFZxzCQMctDPZNYa1fBhwnQemG1ewumK1GZ
61ovdVj/VLjeaDBtYf0MulvJz6sqlUe50nyZ0HaXFF72LJSYQFAL2ti/yTs6Sf8N
BM0XR15NssskdP+2dU0GuLDq2Ziqz4T0/4b8LuYlYuutqSsr4aybCFul8gnurXL6
IcIRvVOHJQZ3Kr7uhoYfH3ohh9WRxqjwYRIb5YK+yGoD/Agav+Rc3adUU9+ZyO4X
QsGWzoFG+ZqCYIW2sUgFFcugrG/TkGX/EnEOm4gTJYjOx8SbreVaZpH6IBA=
-----END CERTIFICATE-----
Generated at Sat Jun 21 12:50:02 2025 by rpki-client