Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/NilxoIxUbuVR_T2evrqWPxADqUo.roa
File: NilxoIxUbuVR_T2evrqWPxADqUo.roa (raw, json)
Hash identifier: KXuyUlazRkdA4q9bHOzdzyD6cIM15/JCsx49EGgdKKQ=
Subject key identifier: 36:29:71:A0:8C:54:6E:E5:51:FD:3D:9E:BE:BA:96:3F:10:03:A9:4A
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C0E
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NilxoIxUbuVR_T2evrqWPxADqUo.roa
Signing time: Mon 26 May 2025 14:08:13 +0000
ROA not before: Mon 26 May 2025 14:08:13 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7182 (0x1c0e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 26 14:08:13 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=362971A08C546EE551FD3D9EBEBA963F1003A94A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:03:fb:c2:81:bb:45:18:45:c4:f9:e0:16:2f:
50:1f:d8:a4:03:5b:ce:49:ff:7c:f0:ab:19:2a:47:
50:bb:5e:e1:3c:39:0d:02:41:fc:82:11:8f:2d:47:
97:f4:83:45:f4:b4:02:9c:c3:f1:2b:a5:49:5b:10:
99:b8:b9:23:eb:bc:4f:1c:b2:aa:60:7e:2a:87:dc:
48:ce:37:48:36:35:ae:5b:19:d2:ef:0b:89:f2:88:
a3:53:1e:8b:0d:29:1d:ec:b9:58:60:ef:0c:f0:57:
f0:8e:7b:3d:ac:a7:f9:ca:81:67:34:8b:02:41:7a:
fc:a0:57:79:93:7d:e9:02:7e:f4:3a:0e:a7:4d:de:
cc:08:d5:60:f6:9e:9d:52:71:ef:bc:8c:c8:14:bd:
55:e2:38:84:fc:ff:88:58:3b:e5:13:0c:33:01:88:
fa:06:6d:aa:11:15:2d:ab:eb:89:eb:f6:31:26:38:
60:c7:f2:dc:d0:05:02:01:74:c2:7f:00:e5:9d:88:
48:24:79:de:3b:f3:55:68:d9:ff:17:3c:8a:93:5c:
16:d5:06:9b:44:a8:4f:c9:c7:b2:53:03:f8:8d:25:
d3:2d:11:27:d7:a3:27:2d:12:4b:45:25:0e:55:8f:
8c:d2:02:13:88:ba:82:74:b6:c4:aa:92:38:ff:5d:
f7:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:29:71:A0:8C:54:6E:E5:51:FD:3D:9E:BE:BA:96:3F:10:03:A9:4A
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NilxoIxUbuVR_T2evrqWPxADqUo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
50:16:14:5e:da:2e:31:63:b1:e8:90:c2:e7:7c:0b:7e:6b:de:
9a:46:f6:a3:39:31:72:2a:38:d8:1b:57:00:b3:b0:6b:f5:6a:
c3:cc:c1:56:73:05:4c:88:7d:32:f4:a8:c7:e2:17:f1:cb:89:
70:0e:c3:0a:94:b8:77:12:ca:68:1f:f2:d8:22:13:a3:c0:9b:
3f:43:0b:27:f4:66:30:59:fc:09:fb:b4:ec:f0:86:28:5d:d4:
65:93:5a:e9:9a:e0:20:82:1b:4e:65:ef:f1:73:0c:3e:04:a9:
9a:9e:3d:64:64:50:57:e3:00:95:26:46:0e:cf:89:8b:59:a5:
ce:5d:e8:0a:81:67:db:47:4b:2c:d1:b1:dd:66:0b:aa:f8:52:
a4:0d:99:13:7c:e9:1f:52:08:c4:82:48:00:2e:fd:25:82:e4:
8d:b4:d5:9b:f5:68:42:26:c2:d3:04:30:0b:28:2f:b6:fc:18:
cc:dd:15:41:02:7f:0b:06:ee:9c:87:5f:4c:ab:02:9f:1f:f2:
5a:d3:2b:a1:7a:6c:19:84:ec:ad:d4:32:d0:36:d2:ec:a5:35:
6e:ff:d7:2e:0b:f6:a1:62:0b:c1:41:cf:b2:7c:d4:18:e4:4a:
63:f7:81:0a:23:ce:cb:02:23:b1:3b:83:04:12:38:50:60:aa:
24:af:de:49
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHA4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MjYx
NDA4MTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM2Mjk3MUEwOEM1NDZF
RTU1MUZEM0Q5RUJFQkE5NjNGMTAwM0E5NEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDA/vCgbtFGEXE+eAWL1Af2KQDW85J/3zwqxkqR1C7XuE8OQ0C
QfyCEY8tR5f0g0X0tAKcw/ErpUlbEJm4uSPrvE8csqpgfiqH3EjON0g2Na5bGdLv
C4nyiKNTHosNKR3suVhg7wzwV/COez2sp/nKgWc0iwJBevygV3mTfekCfvQ6DqdN
3swI1WD2np1Sce+8jMgUvVXiOIT8/4hYO+UTDDMBiPoGbaoRFS2r64nr9jEmOGDH
8tzQBQIBdMJ/AOWdiEgked4781Vo2f8XPIqTXBbVBptEqE/Jx7JTA/iNJdMtESfX
oyctEktFJQ5Vj4zSAhOIuoJ0tsSqkjj/XffbAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUNilxoIxUbuVR/T2evrqWPxADqUowHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTmlseG9JeFVidVZS
X1QyZXZycVdQeEFEcVVvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFAWFF7aLjFjseiQwud8C35r3ppG
9qM5MXIqONgbVwCzsGv1asPMwVZzBUyIfTL0qMfiF/HLiXAOwwqUuHcSymgf8tgi
E6PAmz9DCyf0ZjBZ/An7tOzwhihd1GWTWuma4CCCG05l7/FzDD4EqZqePWRkUFfj
AJUmRg7PiYtZpc5d6AqBZ9tHSyzRsd1mC6r4UqQNmRN86R9SCMSCSAAu/SWC5I20
1Zv1aEImwtMEMAsoL7b8GMzdFUECfwsG7pyHX0yrAp8f8lrTK6F6bBmE7K3UMtA2
0uylNW7/1y4L9qFiC8FBz7J81BjkSmP3gQojzssCI7E7gwQSOFBgqiSv3kk=
-----END CERTIFICATE-----
Generated at Sun Jun 22 11:05:13 2025 by rpki-client