Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Razojhz0lVlJpEdVtPiear5dQLI.roa
File: Razojhz0lVlJpEdVtPiear5dQLI.roa (raw, json)
Hash identifier: RzEFyybXJJTCNGa6kmkb9/O3y2kbA9WfPw2TwGtaC0c=
Subject key identifier: 45:AC:E8:8E:1C:F4:95:59:49:A4:47:55:B4:F8:9E:6A:BE:5D:40:B2
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 20B4
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Razojhz0lVlJpEdVtPiear5dQLI.roa
Signing time: Tue 03 Jun 2025 20:38:38 +0000
ROA not before: Tue 03 Jun 2025 20:38:38 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8372 (0x20b4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 20:38:38 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=45ACE88E1CF4955949A44755B4F89E6ABE5D40B2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:c9:5d:dd:03:8b:20:13:14:b0:47:71:9b:6e:
a1:2c:61:7a:13:37:58:ab:d9:53:1d:a7:4f:a2:7f:
3a:d5:7b:b4:fa:39:1d:68:9e:65:24:82:4d:2a:a8:
fa:ad:0f:3b:ee:06:f6:95:3b:24:89:ff:82:17:38:
96:d5:44:03:00:96:01:c8:46:2e:5f:a0:bf:f9:86:
f0:f4:ef:4c:2a:18:a4:ae:cf:ea:08:f1:03:71:94:
43:2d:99:03:08:07:3d:42:51:d1:4b:b4:c7:d0:a8:
b5:a4:61:f9:a9:95:97:d9:32:ff:ae:2f:59:d3:eb:
48:6d:22:b4:7c:b8:1d:27:7e:4d:12:70:b6:0f:09:
e3:10:6e:bf:be:f2:14:cb:3f:f5:df:81:18:74:ea:
de:f8:a4:c8:c1:e5:cb:86:4b:5c:88:56:1d:82:df:
65:bf:16:cb:49:0f:99:49:34:1b:1b:27:9b:8a:98:
c3:31:b5:16:c6:a0:05:aa:ad:dc:fd:ea:1b:61:0c:
77:ec:34:72:59:52:12:96:32:78:e6:2d:7f:f8:04:
f5:1a:49:c3:f4:b4:4f:bc:bf:96:9d:35:6c:f1:3b:
2d:57:ab:5e:8d:bf:24:24:ea:35:e7:38:4c:79:15:
31:ee:3a:3e:48:42:85:4e:cc:ca:3d:4b:98:07:3a:
c8:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:AC:E8:8E:1C:F4:95:59:49:A4:47:55:B4:F8:9E:6A:BE:5D:40:B2
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Razojhz0lVlJpEdVtPiear5dQLI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
5c:64:9f:75:94:69:b0:3d:81:79:2b:a3:29:8d:45:e9:7c:dc:
23:5e:4f:7c:a1:8d:81:7b:0e:7b:6c:2b:cc:ff:26:94:fe:05:
e5:a6:cd:70:fe:a1:db:c6:54:95:83:b8:75:c2:9a:57:1e:60:
bb:2a:8c:10:03:c7:a2:95:dc:ac:32:dc:3a:d2:82:5d:1d:a1:
2c:47:07:1f:7b:68:45:d8:f1:c2:cd:18:f7:f8:8e:18:bb:35:
7e:48:70:9f:b8:c6:72:e2:82:16:1c:f0:a4:6e:47:56:97:3e:
ed:3e:40:63:40:75:8e:15:45:d3:9b:d8:e6:4f:1d:69:a8:c5:
20:73:1d:78:6f:fc:ec:6f:94:8c:c6:0c:57:2d:ba:8e:31:47:
af:2c:ab:1f:94:17:66:8f:4e:25:57:96:32:69:3f:db:18:90:
17:48:dd:32:4a:63:c0:02:23:a6:1b:da:bd:95:c4:03:44:bc:
13:c2:20:37:02:de:d2:b6:1b:69:5e:4f:3b:c0:cc:a9:49:5c:
23:4b:df:17:3d:48:87:26:57:f2:c0:f1:71:b0:b6:a7:1f:f7:
b8:fb:50:69:80:3c:01:ae:23:37:e9:a8:d0:cd:7a:3d:5c:89:
d4:41:45:20:c9:64:83:a9:bb:a8:ba:02:71:44:1c:91:68:c3:
4d:22:b6:3f
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICILQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMy
MDM4MzhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQ1QUNFODhFMUNGNDk1
NTk0OUE0NDc1NUI0Rjg5RTZBQkU1RDQwQjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGyV3dA4sgExSwR3GbbqEsYXoTN1ir2VMdp0+ifzrVe7T6OR1o
nmUkgk0qqPqtDzvuBvaVOySJ/4IXOJbVRAMAlgHIRi5foL/5hvD070wqGKSuz+oI
8QNxlEMtmQMIBz1CUdFLtMfQqLWkYfmplZfZMv+uL1nT60htIrR8uB0nfk0ScLYP
CeMQbr++8hTLP/XfgRh06t74pMjB5cuGS1yIVh2C32W/FstJD5lJNBsbJ5uKmMMx
tRbGoAWqrdz96hthDHfsNHJZUhKWMnjmLX/4BPUaScP0tE+8v5adNWzxOy1Xq16N
vyQk6jXnOEx5FTHuOj5IQoVOzMo9S5gHOshFAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQURazojhz0lVlJpEdVtPiear5dQLIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvUmF6b2poejBsVmxK
cEVkVnRQaWVhcjVkUUxJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFxkn3WUabA9gXkroymNRel83CNe
T3yhjYF7DntsK8z/JpT+BeWmzXD+odvGVJWDuHXCmlceYLsqjBADx6KV3Kwy3DrS
gl0doSxHBx97aEXY8cLNGPf4jhi7NX5IcJ+4xnLighYc8KRuR1aXPu0+QGNAdY4V
RdOb2OZPHWmoxSBzHXhv/OxvlIzGDFctuo4xR68sqx+UF2aPTiVXljJpP9sYkBdI
3TJKY8ACI6Yb2r2VxANEvBPCIDcC3tK2G2leTzvAzKlJXCNL3xc9SIcmV/LA8XGw
tqcf97j7UGmAPAGuIzfpqNDNej1cidRBRSDJZIOpu6i6AnFEHJFow00itj8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:34:31 2025 by rpki-client