Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Xljr934QBMoIg6Un1wrkCO2rFWk.roa
File: Xljr934QBMoIg6Un1wrkCO2rFWk.roa (raw, json)
Hash identifier: 9aLIHbJvS5F7MMCgzhFV65r64gMZD/JH5jh75NKaEaU=
Subject key identifier: 5E:58:EB:F7:7E:10:04:CA:08:83:A5:27:D7:0A:E4:08:ED:AB:15:69
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 25C8
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Xljr934QBMoIg6Un1wrkCO2rFWk.roa
Signing time: Thu 12 Jun 2025 21:09:19 +0000
ROA not before: Thu 12 Jun 2025 21:09:19 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9672 (0x25c8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 21:09:19 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5E58EBF77E1004CA0883A527D70AE408EDAB1569
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:68:ff:97:72:5a:49:ea:21:4d:00:95:f3:18:
75:55:4d:6d:aa:ac:ab:9d:d8:5f:f1:f7:06:35:c8:
b0:1b:b1:19:72:fd:ff:e6:c8:ab:87:61:42:cc:87:
0c:f4:f9:a4:da:5f:5d:b9:21:c1:1a:fc:c6:85:a1:
61:4b:f0:c4:2f:53:d6:17:39:f3:80:f9:dc:8b:3d:
c5:e8:56:ca:49:a0:89:3e:49:88:62:ef:d5:62:45:
47:67:7c:91:90:55:a1:80:30:3a:0b:4e:d4:0e:f5:
9b:81:5a:4d:56:60:ee:44:b5:d1:28:05:df:f7:cf:
57:3f:25:fd:12:83:68:53:49:09:72:0b:18:22:e7:
69:ee:79:ea:c4:bd:4a:b7:18:a1:6a:8b:c2:63:53:
ed:08:c1:c6:1b:a5:78:d2:f8:84:9f:b0:1c:39:53:
d6:e1:75:27:88:ce:97:39:df:be:94:ae:d0:1e:49:
01:dc:b8:39:75:9b:a9:f0:68:4f:85:70:c2:08:5f:
92:78:2b:46:57:fd:a0:33:a9:e4:4f:1e:14:ec:98:
a4:6d:c4:42:39:57:eb:d0:2d:c8:81:75:25:c0:ec:
63:c4:b7:2a:cf:2a:99:46:92:0c:5e:96:59:a3:86:
f0:09:d1:79:66:69:a4:73:59:46:26:c6:9a:81:4f:
5c:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:58:EB:F7:7E:10:04:CA:08:83:A5:27:D7:0A:E4:08:ED:AB:15:69
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Xljr934QBMoIg6Un1wrkCO2rFWk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
1e:a4:61:40:61:8b:e7:b0:de:3c:41:a9:07:2e:de:eb:f5:2b:
59:c1:b7:9d:09:81:eb:15:7a:1b:34:98:67:a6:3b:3c:8a:e7:
af:2f:9b:3b:72:6d:33:88:02:00:70:41:89:2d:9d:79:df:16:
2f:27:79:b9:44:91:64:94:30:d9:3c:c2:63:2f:79:d8:67:5a:
3f:3a:6a:a0:c3:46:b9:23:3a:d3:be:b7:68:1c:6b:87:53:d8:
00:57:28:c0:37:3e:18:ae:6b:ca:ed:d3:0f:9e:1c:02:ae:74:
6f:0d:00:2d:de:a3:29:8d:a0:b4:ab:1a:fe:9b:1e:72:a8:aa:
5e:32:05:cd:1b:8a:c0:ed:a7:02:7f:e5:07:3d:1f:6d:24:5b:
f7:aa:17:5c:72:40:d4:75:e3:4e:f2:f9:ec:2e:13:64:ca:65:
36:e8:da:a1:e8:e5:e4:a7:f7:26:8e:1b:9f:21:51:1b:1d:f7:
41:38:01:47:d4:91:9a:59:21:c8:99:cf:d9:ef:c8:a3:2a:fd:
4d:de:d0:da:25:e2:ed:68:fe:bb:65:c3:61:65:00:9b:72:7b:
2e:82:89:b1:03:d9:f9:78:b9:f3:69:7a:d9:b3:2e:26:10:a0:
48:c6:7f:d9:cd:9e:f7:b8:db:2a:99:9c:2c:6f:9d:d7:c1:16:
af:09:89:55
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJcgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIy
MTA5MTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVFNThFQkY3N0UxMDA0
Q0EwODgzQTUyN0Q3MEFFNDA4RURBQjE1NjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKaP+XclpJ6iFNAJXzGHVVTW2qrKud2F/x9wY1yLAbsRly/f/m
yKuHYULMhwz0+aTaX125IcEa/MaFoWFL8MQvU9YXOfOA+dyLPcXoVspJoIk+SYhi
79ViRUdnfJGQVaGAMDoLTtQO9ZuBWk1WYO5EtdEoBd/3z1c/Jf0Sg2hTSQlyCxgi
52nueerEvUq3GKFqi8JjU+0IwcYbpXjS+ISfsBw5U9bhdSeIzpc5376UrtAeSQHc
uDl1m6nwaE+FcMIIX5J4K0ZX/aAzqeRPHhTsmKRtxEI5V+vQLciBdSXA7GPEtyrP
KplGkgxellmjhvAJ0XlmaaRzWUYmxpqBT1zTAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUXljr934QBMoIg6Un1wrkCO2rFWkwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvWGxqcjkzNFFCTW9J
ZzZVbjF3cmtDTzJyRldrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAB6kYUBhi+ew3jxBqQcu3uv1K1nB
t50JgesVehs0mGemOzyK568vmztybTOIAgBwQYktnXnfFi8neblEkWSUMNk8wmMv
edhnWj86aqDDRrkjOtO+t2gca4dT2ABXKMA3Phiua8rt0w+eHAKudG8NAC3eoymN
oLSrGv6bHnKoql4yBc0bisDtpwJ/5Qc9H20kW/eqF1xyQNR1407y+ewuE2TKZTbo
2qHo5eSn9yaOG58hURsd90E4AUfUkZpZIciZz9nvyKMq/U3e0Nol4u1o/rtlw2Fl
AJtyey6CibED2fl4ufNpetmzLiYQoEjGf9nNnve42yqZnCxvndfBFq8JiVU=
-----END CERTIFICATE-----
Generated at Sun Jun 22 00:49:57 2025 by rpki-client