Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/NrCbSMeDmHgL_HpO_6y4BtanLmo.roa
File: NrCbSMeDmHgL_HpO_6y4BtanLmo.roa (raw, json)
Hash identifier: vyP3NHS4zxHHeEpb1A4+vXbmkCCpGLXnwpxUllm2Nwg=
Subject key identifier: 36:B0:9B:48:C7:83:98:78:0B:FC:7A:4E:FF:AC:B8:06:D6:A7:2E:6A
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2432
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NrCbSMeDmHgL_HpO_6y4BtanLmo.roa
Signing time: Tue 10 Jun 2025 01:39:02 +0000
ROA not before: Tue 10 Jun 2025 01:39:02 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9266 (0x2432)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 10 01:39:02 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=36B09B48C78398780BFC7A4EFFACB806D6A72E6A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:53:a5:72:02:5c:d4:70:67:ad:7e:bb:21:5f:
f0:96:fa:e1:21:df:55:e4:6e:f0:b6:fd:47:a3:14:
35:c1:f5:9c:e1:6b:3e:c2:79:0d:18:04:1b:23:6a:
49:d3:f2:59:29:ab:0e:9e:d5:eb:08:2d:f6:dd:40:
02:38:6c:43:f7:fa:30:64:1f:d5:1e:13:b1:48:8c:
27:2a:37:2a:98:1e:26:60:c9:74:13:30:cd:cd:cb:
8c:0f:b6:13:5e:72:b7:68:5b:83:95:87:e4:93:f8:
ae:33:10:a3:e4:37:b9:61:85:0d:79:35:43:e9:a0:
cf:b8:20:ad:06:11:ac:f6:f6:de:00:dd:73:e4:30:
bb:6c:1b:e5:06:a8:6d:09:78:bf:43:8d:4f:6f:53:
ae:63:56:fd:d1:6b:d8:f8:d4:b9:c3:e4:9e:74:0e:
c1:7c:b4:e8:5c:a0:a3:03:03:02:a9:54:8e:e7:d0:
89:50:d9:6b:ae:23:40:b8:54:b7:fe:42:b3:7b:40:
9c:6f:ed:76:9a:ad:12:10:14:ba:da:65:df:48:18:
8c:f8:d7:17:c3:00:b7:e9:11:49:18:1b:1f:e4:2f:
33:47:0c:1a:ae:b9:f1:57:7c:1c:d2:fb:4a:97:42:
dd:07:de:f5:76:cf:67:4a:68:d2:60:4f:64:01:34:
39:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:B0:9B:48:C7:83:98:78:0B:FC:7A:4E:FF:AC:B8:06:D6:A7:2E:6A
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NrCbSMeDmHgL_HpO_6y4BtanLmo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
2f:5d:1a:36:c3:f9:3e:08:e6:ad:aa:b5:1d:d6:58:86:4b:ea:
a6:ce:30:ea:51:a7:4e:c5:b7:96:6f:0f:4f:4b:ef:12:80:e0:
c5:0d:46:b3:b7:61:c4:f8:cb:e7:28:05:9a:30:c6:f5:d9:fa:
6f:9c:3d:3a:6c:f1:50:87:09:3c:d9:53:cb:36:e8:ab:32:8b:
da:2b:da:59:19:37:2b:fa:33:2c:c1:a6:91:1d:93:26:bf:ef:
fa:23:a3:fc:b6:bc:0f:6c:da:e2:b6:39:8c:64:95:84:48:88:
63:57:20:4e:6b:2d:a4:b0:52:ad:c0:f0:b4:ab:e3:77:f1:0e:
9a:e2:e2:bf:76:43:d7:3a:16:d0:55:a0:8f:2b:0c:81:a9:48:
6d:f7:26:50:dd:b0:b3:5c:0e:0f:9c:67:43:ff:7b:25:ac:92:
85:92:a6:e4:e5:e7:b1:51:9a:7d:72:3f:75:22:61:9e:31:98:
ea:7e:14:a0:9b:3a:65:34:c1:ed:1e:d9:42:33:4f:bd:43:01:
16:a5:cd:35:04:03:1e:34:21:5c:77:33:c8:c1:d2:dc:74:c5:
74:24:52:6b:5f:c9:78:b7:73:7a:dc:67:bf:72:b1:25:66:69:
06:7f:4e:0d:20:72:2e:2c:3d:02:d2:27:1c:48:b1:d9:f8:e1:
73:8f:8b:ef
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJDIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTAw
MTM5MDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM2QjA5QjQ4Qzc4Mzk4
NzgwQkZDN0E0RUZGQUNCODA2RDZBNzJFNkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCU6VyAlzUcGetfrshX/CW+uEh31XkbvC2/UejFDXB9Zzhaz7C
eQ0YBBsjaknT8lkpqw6e1esILfbdQAI4bEP3+jBkH9UeE7FIjCcqNyqYHiZgyXQT
MM3Ny4wPthNecrdoW4OVh+ST+K4zEKPkN7lhhQ15NUPpoM+4IK0GEaz29t4A3XPk
MLtsG+UGqG0JeL9DjU9vU65jVv3Ra9j41LnD5J50DsF8tOhcoKMDAwKpVI7n0IlQ
2WuuI0C4VLf+QrN7QJxv7XaarRIQFLraZd9IGIz41xfDALfpEUkYGx/kLzNHDBqu
ufFXfBzS+0qXQt0H3vV2z2dKaNJgT2QBNDl5AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUNrCbSMeDmHgL/HpO/6y4BtanLmowHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTnJDYlNNZURtSGdM
X0hwT182eTRCdGFuTG1vLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAC9dGjbD+T4I5q2qtR3WWIZL6qbO
MOpRp07Ft5ZvD09L7xKA4MUNRrO3YcT4y+coBZowxvXZ+m+cPTps8VCHCTzZU8s2
6Ksyi9or2lkZNyv6MyzBppEdkya/7/ojo/y2vA9s2uK2OYxklYRIiGNXIE5rLaSw
Uq3A8LSr43fxDpri4r92Q9c6FtBVoI8rDIGpSG33JlDdsLNcDg+cZ0P/eyWskoWS
puTl57FRmn1yP3UiYZ4xmOp+FKCbOmU0we0e2UIzT71DARalzTUEAx40IVx3M8jB
0tx0xXQkUmtfyXi3c3rcZ79ysSVmaQZ/Tg0gci4sPQLSJxxIsdn44XOPi+8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 08:50:52 2025 by rpki-client