Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/l5IjVJZ8Z--5oVZGJ-ME-hnludo.roa
File: l5IjVJZ8Z--5oVZGJ-ME-hnludo.roa (raw, json)
Hash identifier: +1QJRmq3os7RiDLNjQT31hteKem/NjZTrcDgX0GUVk4=
Subject key identifier: 97:92:23:54:96:7C:67:EF:B9:A1:56:46:27:E3:04:FA:19:E5:B9:DA
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 26EA
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/l5IjVJZ8Z--5oVZGJ-ME-hnludo.roa
Signing time: Sat 14 Jun 2025 21:39:33 +0000
ROA not before: Sat 14 Jun 2025 21:39:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9962 (0x26ea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 21:39:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=97922354967C67EFB9A1564627E304FA19E5B9DA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:29:c4:ab:2c:fc:a0:06:71:9e:75:ac:8a:ae:
77:92:e5:ce:37:8b:f1:a6:93:8b:9c:e5:65:41:69:
dc:58:9d:ee:f7:2e:90:65:38:86:25:63:8a:21:b6:
44:0f:0e:7e:09:67:1f:1c:b5:e2:3e:44:14:64:df:
df:1b:dd:97:db:3d:a0:c3:41:96:af:ef:39:9e:cd:
28:77:f2:9f:7f:ff:97:92:7f:ea:ef:b2:1a:95:3e:
92:a8:ac:bd:2b:4a:75:87:2a:68:c6:98:98:41:bf:
f7:31:5f:8b:f1:20:79:04:19:1d:55:ae:2a:15:6c:
a1:e6:14:8d:4f:d3:e0:6c:51:6e:8d:fc:12:0b:b1:
de:a5:5b:03:62:46:c0:70:32:85:5a:75:64:ce:0d:
e2:2a:92:b9:60:52:1e:46:9f:af:e2:36:e2:de:1b:
13:b8:f4:fb:76:52:5b:6c:24:a3:a2:5a:47:18:35:
7c:e1:60:dd:a7:41:d2:0a:33:52:64:cf:95:ee:94:
eb:c2:bf:b6:7b:3b:ba:57:db:bf:26:91:f9:b3:34:
59:24:cb:5d:d1:2e:f1:2b:f1:e8:f9:7b:9d:c5:8d:
ae:d2:8f:97:58:72:ff:e7:5e:40:1f:80:28:68:4c:
3f:4f:f9:f5:56:de:52:4b:f4:3e:93:45:71:84:2e:
a2:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:92:23:54:96:7C:67:EF:B9:A1:56:46:27:E3:04:FA:19:E5:B9:DA
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/l5IjVJZ8Z--5oVZGJ-ME-hnludo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
92:cd:95:4e:a2:4c:cd:6c:13:d7:9c:a9:2d:72:df:94:a8:32:
67:92:7b:5d:16:6d:83:cb:28:c7:e7:a1:80:22:b7:20:b4:0a:
9d:80:13:56:59:2f:57:f5:0c:5e:3b:35:33:cf:bf:0a:5f:12:
08:b9:f1:d5:58:76:44:90:1e:26:fe:c3:5d:03:b8:5b:9e:bc:
71:b8:52:02:dd:98:a9:06:39:49:66:e1:7e:97:9c:5d:5f:02:
79:e2:79:2c:ee:5a:2f:cb:b0:70:02:56:ed:95:e4:a3:d6:a1:
e6:bf:70:b3:42:2e:ee:24:6b:45:b8:fb:af:8a:a5:f8:5f:a7:
37:00:97:24:17:4e:8b:e5:95:fe:54:ac:27:2b:69:ee:3a:08:
6d:71:7c:ee:d7:39:e9:a4:c9:d5:75:58:0c:68:73:98:00:1c:
ca:a3:1c:3d:e4:e1:a2:04:a3:c6:ca:b1:0f:fa:49:fc:f1:4f:
d9:64:37:6f:0d:11:39:32:a5:d2:76:9b:97:01:7e:bd:7a:c0:
24:ef:3f:ff:55:96:b9:15:66:cb:96:ea:a1:47:aa:13:dc:aa:
f7:24:8f:23:3e:3e:57:25:a4:6a:f4:d7:30:38:96:1b:cf:90:
5d:2f:aa:76:71:2b:40:18:5c:a1:6a:22:7a:83:88:2b:21:bd:
f8:48:aa:a3
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJuowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQy
MTM5MzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk3OTIyMzU0OTY3QzY3
RUZCOUExNTY0NjI3RTMwNEZBMTlFNUI5REEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHKcSrLPygBnGedayKrneS5c43i/Gmk4uc5WVBadxYne73LpBl
OIYlY4ohtkQPDn4JZx8cteI+RBRk398b3ZfbPaDDQZav7zmezSh38p9//5eSf+rv
shqVPpKorL0rSnWHKmjGmJhBv/cxX4vxIHkEGR1VrioVbKHmFI1P0+BsUW6N/BIL
sd6lWwNiRsBwMoVadWTODeIqkrlgUh5Gn6/iNuLeGxO49Pt2UltsJKOiWkcYNXzh
YN2nQdIKM1Jkz5XulOvCv7Z7O7pX278mkfmzNFkky13RLvEr8ej5e53Fja7Sj5dY
cv/nXkAfgChoTD9P+fVW3lJL9D6TRXGELqI9AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUl5IjVJZ8Z++5oVZGJ+ME+hnludowHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvbDVJalZKWjhaLS01
b1ZaR0otTUUtaG5sdWRvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJLNlU6iTM1sE9ecqS1y35SoMmeS
e10WbYPLKMfnoYAityC0Cp2AE1ZZL1f1DF47NTPPvwpfEgi58dVYdkSQHib+w10D
uFuevHG4UgLdmKkGOUlm4X6XnF1fAnnieSzuWi/LsHACVu2V5KPWoea/cLNCLu4k
a0W4+6+KpfhfpzcAlyQXTovllf5UrCcrae46CG1xfO7XOemkydV1WAxoc5gAHMqj
HD3k4aIEo8bKsQ/6SfzxT9lkN28NETkypdJ2m5cBfr16wCTvP/9VlrkVZsuW6qFH
qhPcqvckjyM+PlclpGr01zA4lhvPkF0vqnZxK0AYXKFqInqDiCshvfhIqqM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:31:26 2025 by rpki-client