Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/l2_xMDjP-aDGY1K9wugHTOG8tNA.roa
File: l2_xMDjP-aDGY1K9wugHTOG8tNA.roa (raw, json)
Hash identifier: oQplZ/qQZxSQ6ejMJ2ahksk9ViQiwuSHPAM6zrbU6bQ=
Subject key identifier: 97:6F:F1:30:38:CF:F9:A0:C6:63:52:BD:C2:E8:07:4C:E1:BC:B4:D0
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2118
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/l2_xMDjP-aDGY1K9wugHTOG8tNA.roa
Signing time: Wed 04 Jun 2025 13:08:42 +0000
ROA not before: Wed 04 Jun 2025 13:08:42 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8472 (0x2118)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 13:08:42 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=976FF13038CFF9A0C66352BDC2E8074CE1BCB4D0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:2f:75:e9:ed:74:de:f3:0d:5c:3d:f8:d1:54:
27:18:26:ce:28:d7:99:f5:94:00:29:99:8b:32:80:
e9:cd:e8:67:84:8a:ed:26:8a:08:87:91:6a:48:f0:
d1:0f:72:05:9b:e8:be:20:e0:14:f8:02:ff:68:4f:
3c:b7:09:85:a7:ac:3a:e4:b4:72:9e:2c:bc:87:68:
51:5b:b1:bc:f2:34:25:72:9c:81:f1:55:e9:39:ea:
f3:3f:62:46:f2:eb:89:6d:ce:37:af:12:8c:cf:88:
53:c7:90:2b:8d:ee:8b:b6:d2:a5:bd:77:fd:28:0d:
f0:0e:29:2b:55:78:de:a5:3c:9e:b9:a3:e7:74:df:
2c:d9:d2:98:9a:04:4e:6e:f4:6e:a1:bb:41:eb:60:
11:fe:2e:a9:94:3a:2c:02:1e:b2:6d:a1:9d:f6:27:
0e:4c:77:49:ee:41:29:37:7f:ff:30:a1:da:89:c5:
ab:79:c5:db:3f:7b:07:ae:71:80:09:6c:7f:19:42:
cd:f6:5c:7c:45:c4:8a:97:38:9d:99:cf:ca:c4:94:
92:44:f6:74:ea:b5:48:25:12:82:df:56:76:95:fb:
46:33:d0:7b:be:3d:c7:05:ee:ef:ab:8c:02:60:10:
a7:cc:96:6d:cf:64:17:5b:19:a0:14:7e:11:b8:03:
07:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:6F:F1:30:38:CF:F9:A0:C6:63:52:BD:C2:E8:07:4C:E1:BC:B4:D0
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/l2_xMDjP-aDGY1K9wugHTOG8tNA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
a7:0f:23:b9:4b:ac:59:8b:ec:8f:c0:43:7d:a6:17:0a:8c:f2:
df:99:10:f5:1f:86:7b:31:ec:14:e8:89:0d:87:b6:30:c9:00:
26:c6:52:02:7b:84:e8:48:3b:ca:f2:a6:e2:22:7f:16:2d:d6:
94:e9:29:a6:ae:64:81:b2:52:4d:39:33:96:aa:55:83:82:d0:
26:59:b1:48:32:4b:43:b8:f8:d6:9c:98:c9:14:0a:91:4e:51:
d9:1f:a4:fb:b0:a4:ec:c9:b0:6c:37:c1:f2:86:dc:75:1d:c2:
ee:28:89:b3:31:15:56:f0:71:3a:66:c5:a4:e3:09:cf:0c:f9:
88:37:d3:9f:70:16:b4:28:dc:04:95:2a:c7:fd:b5:c4:43:c6:
3e:5f:f2:ea:60:94:55:19:5c:0b:e4:61:79:be:8d:04:4c:f8:
4a:7c:6a:83:e0:7e:b5:27:54:cd:3c:15:e9:46:9d:29:68:75:
f3:19:90:73:da:fc:d8:07:60:c6:20:d8:6f:59:06:ec:89:5e:
fa:35:6f:16:ca:c0:b6:4d:22:0b:82:45:b9:80:2d:1f:b0:4f:
de:6d:d6:91:61:b0:7f:65:fe:c9:e9:c8:80:87:57:75:a3:be:
b9:d7:6d:f9:e1:de:93:79:84:91:82:97:ac:d4:52:4e:e4:77:
60:6e:1d:b0
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIRgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQx
MzA4NDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk3NkZGMTMwMzhDRkY5
QTBDNjYzNTJCREMyRTgwNzRDRTFCQ0I0RDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDmL3Xp7XTe8w1cPfjRVCcYJs4o15n1lAApmYsygOnN6GeEiu0m
igiHkWpI8NEPcgWb6L4g4BT4Av9oTzy3CYWnrDrktHKeLLyHaFFbsbzyNCVynIHx
Vek56vM/Ykby64ltzjevEozPiFPHkCuN7ou20qW9d/0oDfAOKStVeN6lPJ65o+d0
3yzZ0piaBE5u9G6hu0HrYBH+LqmUOiwCHrJtoZ32Jw5Md0nuQSk3f/8wodqJxat5
xds/eweucYAJbH8ZQs32XHxFxIqXOJ2Zz8rElJJE9nTqtUglEoLfVnaV+0Yz0Hu+
PccF7u+rjAJgEKfMlm3PZBdbGaAUfhG4Awd9AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUl2/xMDjP+aDGY1K9wugHTOG8tNAwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvbDJfeE1EalAtYURH
WTFLOXd1Z0hUT0c4dE5BLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKcPI7lLrFmL7I/AQ32mFwqM8t+Z
EPUfhnsx7BToiQ2HtjDJACbGUgJ7hOhIO8rypuIifxYt1pTpKaauZIGyUk05M5aq
VYOC0CZZsUgyS0O4+NacmMkUCpFOUdkfpPuwpOzJsGw3wfKG3HUdwu4oibMxFVbw
cTpmxaTjCc8M+Yg3059wFrQo3ASVKsf9tcRDxj5f8upglFUZXAvkYXm+jQRM+Ep8
aoPgfrUnVM08FelGnSlodfMZkHPa/NgHYMYg2G9ZBuyJXvo1bxbKwLZNIguCRbmA
LR+wT95t1pFhsH9l/snpyICHV3WjvrnXbfnh3pN5hJGCl6zUUk7kd2BuHbA=
-----END CERTIFICATE-----
Generated at Fri Jun 20 19:24:25 2025 by rpki-client