Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/NjNmjFgjJPWQpigbwwwRce5YQYY.roa
File: NjNmjFgjJPWQpigbwwwRce5YQYY.roa (raw, json)
Hash identifier: LC3wkiw9DZhXolqcEwI+7XooavAWtUt1lw0DuNDpzw4=
Subject key identifier: 36:33:66:8C:58:23:24:F5:90:A6:28:1B:C3:0C:11:71:EE:58:41:86
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2388
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NjNmjFgjJPWQpigbwwwRce5YQYY.roa
Signing time: Sun 08 Jun 2025 21:08:56 +0000
ROA not before: Sun 08 Jun 2025 21:08:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9096 (0x2388)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 8 21:08:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3633668C582324F590A6281BC30C1171EE584186
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:90:c0:03:1e:8f:4b:d7:9f:26:33:7f:10:30:
f0:65:d0:81:ad:c5:da:ef:5f:1b:52:56:0a:7e:1f:
fe:75:93:71:20:fb:80:79:da:99:9a:89:7c:b0:da:
ea:80:85:92:11:b2:f2:d2:7e:74:79:16:ff:6c:93:
59:33:dd:52:90:44:5f:af:06:c1:f6:66:0d:41:cb:
c1:62:7e:8a:3e:85:27:c7:2a:29:99:6b:76:86:30:
72:d0:22:d4:de:8c:93:07:4b:65:33:aa:59:83:9d:
a9:e8:d2:e4:db:ce:f1:cf:de:b2:aa:1d:ad:97:66:
16:98:fe:2a:20:d8:55:56:43:2d:48:5f:9f:ed:d0:
6b:b0:cc:1a:53:2a:eb:5a:fd:59:5a:a3:3a:47:01:
21:c9:b4:a1:57:c9:d7:25:04:b7:4e:1a:91:5b:f2:
4f:cc:fe:3e:cc:e3:c2:49:aa:e8:67:1b:7d:4b:1a:
40:d2:db:bf:a6:6d:d4:c7:82:ba:61:5b:02:23:54:
0c:a6:93:1e:ca:6d:3a:cb:b4:cb:68:48:3f:53:1f:
dd:60:68:e2:76:06:13:3c:c4:a3:76:a5:33:70:5e:
16:7a:0c:b9:cb:5f:5b:d7:f3:b0:4d:4d:ab:48:c5:
b8:2f:09:94:d8:1a:76:84:cd:ce:9b:09:d5:81:3c:
a8:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:33:66:8C:58:23:24:F5:90:A6:28:1B:C3:0C:11:71:EE:58:41:86
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NjNmjFgjJPWQpigbwwwRce5YQYY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
bc:c4:39:99:6b:76:3f:24:2a:66:8e:e8:30:b8:c2:27:f7:ba:
92:73:bb:d3:91:28:4c:52:14:db:2e:25:8a:db:da:90:7b:83:
e9:21:51:a4:f3:e4:a0:dc:c7:a9:c9:79:da:cc:7d:53:1e:36:
c9:51:e3:b9:e1:45:08:41:cc:f1:17:cc:fc:67:94:97:e8:66:
f6:8e:84:bc:bf:96:ae:3e:0b:6b:21:b6:81:d6:16:ef:88:ce:
a4:e9:fb:9e:36:d0:a4:fa:92:d8:63:66:2b:eb:b0:f8:7a:5d:
c8:24:ce:93:60:30:d0:ec:5a:ed:59:28:2e:8d:97:41:ff:0e:
34:e3:45:d6:16:45:c3:e5:fd:b3:bb:e9:fe:90:a2:61:f3:e6:
eb:6c:b0:84:b7:5f:b3:2e:98:c2:2a:e9:a8:ff:a0:fd:38:0b:
57:2a:73:9b:8b:43:e9:3b:d5:c1:7e:d8:01:c1:57:d0:7f:b7:
44:63:86:59:05:72:da:cf:c8:7f:7f:1f:d4:61:7f:bc:94:9f:
db:7b:80:e7:ff:63:07:d0:bc:78:61:c7:0a:38:8f:71:88:0b:
47:b5:36:be:de:f4:92:3f:a1:a4:3d:f2:00:d9:6f:6e:48:ba:
4c:06:55:08:90:0a:f0:74:bd:51:b3:15:be:18:3b:ff:a9:a7:
38:62:d1:99
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI4gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDgy
MTA4NTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM2MzM2NjhDNTgyMzI0
RjU5MEE2MjgxQkMzMEMxMTcxRUU1ODQxODYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzkMADHo9L158mM38QMPBl0IGtxdrvXxtSVgp+H/51k3Eg+4B5
2pmaiXyw2uqAhZIRsvLSfnR5Fv9sk1kz3VKQRF+vBsH2Zg1By8Fifoo+hSfHKimZ
a3aGMHLQItTejJMHS2UzqlmDnano0uTbzvHP3rKqHa2XZhaY/iog2FVWQy1IX5/t
0GuwzBpTKuta/VlaozpHASHJtKFXydclBLdOGpFb8k/M/j7M48JJquhnG31LGkDS
27+mbdTHgrphWwIjVAymkx7KbTrLtMtoSD9TH91gaOJ2BhM8xKN2pTNwXhZ6DLnL
X1vX87BNTatIxbgvCZTYGnaEzc6bCdWBPKjxAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUNjNmjFgjJPWQpigbwwwRce5YQYYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTmpObWpGZ2pKUFdR
cGlnYnd3d1JjZTVZUVlZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALzEOZlrdj8kKmaO6DC4wif3upJz
u9ORKExSFNsuJYrb2pB7g+khUaTz5KDcx6nJedrMfVMeNslR47nhRQhBzPEXzPxn
lJfoZvaOhLy/lq4+C2shtoHWFu+IzqTp+5420KT6kthjZivrsPh6XcgkzpNgMNDs
Wu1ZKC6Nl0H/DjTjRdYWRcPl/bO76f6QomHz5utssIS3X7MumMIq6aj/oP04C1cq
c5uLQ+k71cF+2AHBV9B/t0RjhlkFctrPyH9/H9Rhf7yUn9t7gOf/YwfQvHhhxwo4
j3GIC0e1Nr7e9JI/oaQ98gDZb25IukwGVQiQCvB0vVGzFb4YO/+ppzhi0Zk=
-----END CERTIFICATE-----
Generated at Sat Jun 21 06:45:00 2025 by rpki-client